[src/trunk]: src/sys/net route: run workqueue kthreads with KERNEL_LOCK unles...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/net route: run workqueue kthreads with KERNEL_LOCK unles...
From: ozaki-r <ozaki-r%NetBSD.org@localhost>
Date: Mon, 05 Jun 2023 07:20:56 +0000

details:   https://anonhg.NetBSD.org/src/rev/8bab06481437
branches:  trunk
changeset: 376220:8bab06481437
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Mon Jun 05 03:51:45 2023 +0000

description:
route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE

Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.

diffstat:

 sys/net/route.c |  10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diffs (51 lines):

diff -r 94ced2f660e4 -r 8bab06481437 sys/net/route.c
--- a/sys/net/route.c   Mon Jun 05 03:44:47 2023 +0000
+++ b/sys/net/route.c   Mon Jun 05 03:51:45 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: route.c,v 1.236 2022/12/22 13:54:57 riastradh Exp $    */
+/*     $NetBSD: route.c,v 1.237 2023/06/05 03:51:45 ozaki-r Exp $      */
 
 /*-
  * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.236 2022/12/22 13:54:57 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.237 2023/06/05 03:51:45 ozaki-r Exp $");
 
 #include <sys/param.h>
 #ifdef RTFLUSH_DEBUG
@@ -229,12 +229,14 @@ static krwlock_t          rt_lock __cacheline_al
 #define RT_UNLOCK()            rw_exit(&rt_lock)
 #define RT_WLOCKED()           rw_write_held(&rt_lock)
 #define        RT_ASSERT_WLOCK()       KASSERT(rw_write_held(&rt_lock))
+#define RT_WQ_FLAGS            WQ_MPSAFE
 #else
 #define RT_RLOCK()             do {} while (0)
 #define RT_WLOCK()             do {} while (0)
 #define RT_UNLOCK()            do {} while (0)
 #define RT_WLOCKED()           true
 #define        RT_ASSERT_WLOCK()       do {} while (0)
+#define RT_WQ_FLAGS            0
 #endif
 
 static uint64_t rtcache_generation;
@@ -477,7 +479,7 @@ rt_init(void)
        rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET);
 
        error = workqueue_create(&rt_free_global.wq, "rt_free",
-           rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
+           rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
        if (error)
                panic("%s: workqueue_create failed (%d)\n", __func__, error);
 
@@ -1822,7 +1824,7 @@ rt_timer_init(void)
        LIST_INIT(&rttimer_queue_head);
        callout_init(&rt_timer_ch, CALLOUT_MPSAFE);
        error = workqueue_create(&rt_timer_wq, "rt_timer",
-           rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
+           rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
        if (error)
                panic("%s: workqueue_create failed (%d)\n", __func__, error);
        callout_reset(&rt_timer_ch, hz, rt_timer_timer, NULL);

Prev by Date: [src/trunk]: src/sys/dev/usb - Fix clearing of EINT and other transient flags.
Next by Date: [src/trunk]: src/usr.bin/indent indent: let the output routines keep track of...
Previous by Thread: [src/trunk]: src/sys/dev/usb - Fix clearing of EINT and other transient flags.
Next by Thread: [src/trunk]: src/usr.bin/indent indent: let the output routines keep track of...
Indexes:

Home | Main Index | Thread Index | Old Index