Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Fix KASSERT(solocked(sb->sb_so)) failure in sba...

details:   https://anonhg.NetBSD.org/src/rev/8ba34a38b8ac
branches:  trunk
changeset: 825960:8ba34a38b8ac
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Tue Aug 08 10:41:33 2017 +0000

description:
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf

If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.

Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.

Reported by knakahara@
Tested by knakahara@ and ozaki-r@

diffstat:

 sys/netipsec/keysock.c |  26 ++++++++++++++++++++++----
 1 files changed, 22 insertions(+), 4 deletions(-)

diffs (54 lines):

diff -r b0aeccfa44bf -r 8ba34a38b8ac sys/netipsec/keysock.c
--- a/sys/netipsec/keysock.c    Tue Aug 08 09:34:59 2017 +0000
+++ b/sys/netipsec/keysock.c    Tue Aug 08 10:41:33 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: keysock.c,v 1.59 2017/07/27 09:53:57 ozaki-r Exp $     */
+/*     $NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $     */
 /*     $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $    */
 /*     $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $        */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.59 2017/07/27 09:53:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $");
 
 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
 
@@ -300,8 +300,8 @@
 }
 
 /* so can be NULL if target != KEY_SENDUP_ONE */
-int
-key_sendup_mbuf(struct socket *so, struct mbuf *m,
+static int
+_key_sendup_mbuf(struct socket *so, struct mbuf *m,
                int target/*, sbprio */)
 {
        struct mbuf *n;
@@ -433,6 +433,24 @@
        return error;
 }
 
+int
+key_sendup_mbuf(struct socket *so, struct mbuf *m,
+               int target/*, sbprio */)
+{
+       int error;
+
+       if (so == NULL)
+               mutex_enter(key_so_mtx);
+       else
+               KASSERT(solocked(so));
+
+       error = _key_sendup_mbuf(so, m, target);
+
+       if (so == NULL)
+               mutex_exit(key_so_mtx);
+       return error;
+}
+
 static int
 key_attach(struct socket *so, int proto)
 {
Home | Main Index | Thread Index | Old Index