Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net Fix tun(4) kevent locking



details:   https://anonhg.NetBSD.org/src/rev/66323c339d5b
branches:  trunk
changeset: 363673:66323c339d5b
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Mon Aug 06 03:58:59 2018 +0000

description:
Fix tun(4) kevent locking

filt_tunread gets called in two contexts:

- by calls to selnotify in if_tun.c (or knote, as the case may be,
  but not here), in which case tp->tun_lock is held; and

- by internal logic in kevent, in which tp->tun_lock is not held.

The standard convention to discriminate between these two cases is by
setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or
knote; then in filt_*:

        if (hint & NOTE_SUBMIT)
                KASSERT(mutex_owned(&tp->tun_lock));
        else
                mutex_enter(&tp->tun_lock);
        ...
        if (hint & NOTE_SUBMIT)
                KASSERT(mutex_owned(&tp->tun_lock));
        else
                mutex_exit(&tp->tun_lock);

Pointed out by and patch from riastradh@
Tested by ozaki-r@ (only the former path)

diffstat:

 sys/net/if_tun.c |  29 ++++++++++++++++++-----------
 1 files changed, 18 insertions(+), 11 deletions(-)

diffs (84 lines):

diff -r fba5dbb1029a -r 66323c339d5b sys/net/if_tun.c
--- a/sys/net/if_tun.c  Mon Aug 06 00:30:33 2018 +0000
+++ b/sys/net/if_tun.c  Mon Aug 06 03:58:59 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $     */
+/*     $NetBSD: if_tun.c,v 1.146 2018/08/06 03:58:59 ozaki-r Exp $     */
 
 /*
  * Copyright (c) 1988, Julian Onions <jpo%cs.nott.ac.uk@localhost>
@@ -19,7 +19,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.146 2018/08/06 03:58:59 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -288,7 +288,7 @@
                tp->tun_flags &= ~TUN_RWAIT;
                cv_broadcast(&tp->tun_cv);
        }
-       selnotify(&tp->tun_rsel, 0, 0);
+       selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
 
        mutex_exit(&tp->tun_lock);
 
@@ -381,7 +381,7 @@
        tp->tun_flags &= ~TUN_OPEN;
 
        tp->tun_pgid = 0;
-       selnotify(&tp->tun_rsel, 0, 0);
+       selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
 
        TUNDEBUG ("%s: closed\n", ifp->if_xname);
        mutex_exit(&tp->tun_lock);
@@ -625,7 +625,7 @@
        if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid)
                softint_schedule(tp->tun_isih);
 
-       selnotify(&tp->tun_rsel, 0, 0);
+       selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
 
        mutex_exit(&tp->tun_lock);
 out:
@@ -996,7 +996,7 @@
                if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid)
                        softint_schedule(tp->tun_osih);
 
-               selnotify(&tp->tun_rsel, 0, 0);
+               selnotify(&tp->tun_rsel, 0, NOTE_SUBMIT);
        }
        mutex_exit(&tp->tun_lock);
 }
@@ -1057,17 +1057,24 @@
        struct tun_softc *tp = kn->kn_hook;
        struct ifnet *ifp = &tp->tun_if;
        struct mbuf *m;
+       int ready;
 
-       KASSERT(mutex_owned(&tp->tun_lock));
+       if (hint & NOTE_SUBMIT)
+               KASSERT(mutex_owned(&tp->tun_lock));
+       else
+               mutex_enter(&tp->tun_lock);
 
        IF_POLL(&ifp->if_snd, m);
-       if (m == NULL)
-               return 0;
-
+       ready = (m != NULL);
        for (kn->kn_data = 0; m != NULL; m = m->m_next)
                kn->kn_data += m->m_len;
 
-       return 1;
+       if (hint & NOTE_SUBMIT)
+               KASSERT(mutex_owned(&tp->tun_lock));
+       else
+               mutex_exit(&tp->tun_lock);
+
+       return ready;
 }
 
 static const struct filterops tunread_filtops = {



Home | Main Index | Thread Index | Old Index