[src/trunk]: src/sys/net tun(4): Fix bug introduced in previous locking change.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/net tun(4): Fix bug introduced in previous locking change.
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Tue, 15 Mar 2022 03:03:51 +0000

details:   https://anonhg.NetBSD.org/src/rev/5381114b5cb4
branches:  trunk
changeset: 363908:5381114b5cb4
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Tue Mar 15 00:05:17 2022 +0000

description:
tun(4): Fix bug introduced in previous locking change.

Now that tun_lock runs at IPL_NONE, taking it does not have the side
effect of disabling preemption, but pktq_enqueue assumes the caller
has disabled preemption so it can safely schedule a softint.

This isn't a problem in most physical network drivers because the
pktq_enqueue call happens from within the driver's softint context
anyway.  But tun(4) is special -- here, the pktq_enqueue is triggered
by a userland write to the device, which is in thread context.  So
let's just disable preemption in tunwrite.

Reported-by: syzbot+21c2cb300f1ec2162b35%syzkaller.appspotmail.com@localhost

diffstat:

 sys/net/if_tun.c |  6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diffs (34 lines):

diff -r 60aed67fa2cd -r 5381114b5cb4 sys/net/if_tun.c
--- a/sys/net/if_tun.c  Mon Mar 14 22:15:51 2022 +0000
+++ b/sys/net/if_tun.c  Tue Mar 15 00:05:17 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_tun.c,v 1.171 2022/03/13 21:42:39 riastradh Exp $   */
+/*     $NetBSD: if_tun.c,v 1.172 2022/03/15 00:05:17 riastradh Exp $   */
 
 /*
  * Copyright (c) 1988, Julian Onions <jpo%cs.nott.ac.uk@localhost>
@@ -19,7 +19,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.171 2022/03/13 21:42:39 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.172 2022/03/15 00:05:17 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -987,6 +987,7 @@
                error = ENXIO;
                goto out;
        }
+       kpreempt_disable();
        if (__predict_false(!pktq_enqueue(pktq, top, 0))) {
                if_statinc(ifp, if_collisions);
                mutex_exit(&tp->tun_lock);
@@ -994,6 +995,7 @@
                m_freem(top);
                goto out0;
        }
+       kpreempt_enable();
        if_statadd2(ifp, if_ipackets, 1, if_ibytes, tlen);
 out:
        mutex_exit(&tp->tun_lock);

Prev by Date: [src/trunk]: src/sys/dev/ata Avoid an unaccounted extra channel freeze, if a ...
Next by Date: [src/netbsd-9]: src/usr.sbin/puffs/mount_9p Pull up following revision(s) (re...
Previous by Thread: [src/trunk]: src/sys/dev/ata Avoid an unaccounted extra channel freeze, if a ...
Next by Thread: [src/netbsd-9]: src/usr.sbin/puffs/mount_9p Pull up following revision(s) (re...
Indexes:

Home | Main Index | Thread Index | Old Index