Module Name: src
Committed By: ozaki-r
Date: Mon Aug 6 03:58:59 UTC 2018
Modified Files:
src/sys/net: if_tun.c
Log Message:
Fix tun(4) kevent locking
filt_tunread gets called in two contexts:
- by calls to selnotify in if_tun.c (or knote, as the case may be,
but not here), in which case tp->tun_lock is held; and
- by internal logic in kevent, in which tp->tun_lock is not held.
The standard convention to discriminate between these two cases is by
setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or
knote; then in filt_*:
if (hint & NOTE_SUBMIT)
KASSERT(mutex_owned(&tp->tun_lock));
else
mutex_enter(&tp->tun_lock);
...
if (hint & NOTE_SUBMIT)
KASSERT(mutex_owned(&tp->tun_lock));
else
mutex_exit(&tp->tun_lock);
Pointed out by and patch from riastradh@
Tested by ozaki-r@ (only the former path)
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_tun.c
diff -u src/sys/net/if_tun.c:1.145 src/sys/net/if_tun.c:1.146
--- src/sys/net/if_tun.c:1.145 Fri Aug 3 09:54:40 2018
+++ src/sys/net/if_tun.c Mon Aug 6 03:58:59 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $ */
+/* $NetBSD: if_tun.c,v 1.146 2018/08/06 03:58:59 ozaki-r Exp $ */
/*
* Copyright (c) 1988, Julian Onions <j...@cs.nott.ac.uk>
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.146 2018/08/06 03:58:59 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -288,7 +288,7 @@ tun_clone_destroy(struct ifnet *ifp)
tp->tun_flags &= ~TUN_RWAIT;
cv_broadcast(&tp->tun_cv);
}
- selnotify(&tp->tun_rsel, 0, 0);
+ selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
mutex_exit(&tp->tun_lock);
@@ -381,7 +381,7 @@ tunclose(dev_t dev, int flag, int mode,
tp->tun_flags &= ~TUN_OPEN;
tp->tun_pgid = 0;
- selnotify(&tp->tun_rsel, 0, 0);
+ selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
TUNDEBUG ("%s: closed\n", ifp->if_xname);
mutex_exit(&tp->tun_lock);
@@ -625,7 +625,7 @@ tun_output(struct ifnet *ifp, struct mbu
if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid)
softint_schedule(tp->tun_isih);
- selnotify(&tp->tun_rsel, 0, 0);
+ selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
mutex_exit(&tp->tun_lock);
out:
@@ -996,7 +996,7 @@ tunstart(struct ifnet *ifp)
if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid)
softint_schedule(tp->tun_osih);
- selnotify(&tp->tun_rsel, 0, 0);
+ selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
}
mutex_exit(&tp->tun_lock);
}
@@ -1057,17 +1057,24 @@ filt_tunread(struct knote *kn, long hint
struct tun_softc *tp = kn->kn_hook;
struct ifnet *ifp = &tp->tun_if;
struct mbuf *m;
+ int ready;
- KASSERT(mutex_owned(&tp->tun_lock));
+ if (hint & NOTE_SUBMIT)
+ KASSERT(mutex_owned(&tp->tun_lock));
+ else
+ mutex_enter(&tp->tun_lock);
IF_POLL(&ifp->if_snd, m);
- if (m == NULL)
- return 0;
-
+ ready = (m != NULL);
for (kn->kn_data = 0; m != NULL; m = m->m_next)
kn->kn_data += m->m_len;
- return 1;
+ if (hint & NOTE_SUBMIT)
+ KASSERT(mutex_owned(&tp->tun_lock));
+ else
+ mutex_exit(&tp->tun_lock);
+
+ return ready;
}
static const struct filterops tunread_filtops = {
