Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net wg: mbuf m_freem audit.



details:   https://anonhg.NetBSD.org/src/rev/e9e28fa3b66a
branches:  trunk
changeset: 943347:e9e28fa3b66a
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Aug 31 20:24:19 2020 +0000

description:
wg: mbuf m_freem audit.

1. wg_handle_msg_data frees m but the other wg_handle_msg_* just take
   a pointer to the mbuf content and not m itself, so free m in those
   cases.

2. Can't trivially prove that the pcq is empty by the time
   wg_destroy_peer runs pcq_destroy, so let's explicitly purge it
   just in case.

3. If wg_send_udp isn't doing udp_send or udp6_output, it still has
   to free m in the !INET6 error branch for IPv6 packets.

4. After rumpuser_wg_send_peer or rumpuser_wg_send_user, we still
   need to free the mbuf.

diffstat:

 sys/net/if_wg.c |  20 +++++++++++++++-----
 1 files changed, 15 insertions(+), 5 deletions(-)

diffs (71 lines):

diff -r 6c892bc9f4d6 -r e9e28fa3b66a sys/net/if_wg.c
--- a/sys/net/if_wg.c   Mon Aug 31 20:23:56 2020 +0000
+++ b/sys/net/if_wg.c   Mon Aug 31 20:24:19 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_wg.c,v 1.37 2020/08/31 20:23:56 riastradh Exp $     */
+/*     $NetBSD: if_wg.c,v 1.38 2020/08/31 20:24:19 riastradh Exp $     */
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota%gmail.com@localhost>
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.37 2020/08/31 20:23:56 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.38 2020/08/31 20:24:19 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -2683,11 +2683,13 @@
                break;
        case WG_MSG_TYPE_DATA:
                wg_handle_msg_data(wg, m, src);
-               break;
+               /* wg_handle_msg_data frees m for us */
+               return;
        default:
-               /* wg_validate_msg_header should already reject this case */
-               break;
+               panic("invalid message type: %d", wgm->wgm_type);
        }
+
+       m_freem(m);
 }
 
 static void
@@ -3313,6 +3315,9 @@
        }
        rw_exit(wg->wg_rwlock);
 
+       /* Purge pending packets.  */
+       wg_purge_pending_packets(wgp);
+
        /* Halt all packet processing and timeouts.  */
        softint_disestablish(wgp->wgp_si);
        callout_halt(&wgp->wgp_rekey_timer, NULL);
@@ -3704,6 +3709,7 @@
                error = udp6_output(sotoin6pcb(so), m, wgsatosin6(wgsa),
                    NULL, curlwp);
 #else
+               m_freem(m);
                error = EPROTONOSUPPORT;
 #endif
        }
@@ -4653,6 +4659,8 @@
 
        wg_put_sa(wgp, wgsa, &psref);
 
+       m_freem(m);
+
        return error;
 }
 
@@ -4692,6 +4700,8 @@
 
        /* Send decrypted packets to users via a tun. */
        rumpuser_wg_send_user(wg->wg_user, iov, 2);
+
+       m_freem(m);
 }
 
 static int



Home | Main Index | Thread Index | Old Index