Up to [cvs.NetBSD.org] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: netbsd-8-2-RELEASE
Revision 1.139.2.4 / (download) - annotate - [select for diffs], Wed Aug 15 12:07:30 2018 UTC (5 years, 7 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1
Changes since 1.139.2.3: +18 -14
lines
Diff to previous 1.139.2.3 (colored) to branchpoint 1.139 (colored)
Pull up following revision(s) (requested by ozaki-r in ticket #974): sys/net/if_tun.c: revision 1.145 sys/net/if_tun.c: revision 1.146 tun: fix locking against myself filt_tunread is called with tun_lock held from tun_output (via tun_output => selnotify => knote), so we must not take tun_lock in filt_tunread. The bug is triggered only if a tun is used through kqueue. Found by k-goda@IIJ Fix tun(4) kevent locking filt_tunread gets called in two contexts: - by calls to selnotify in if_tun.c (or knote, as the case may be, but not here), in which case tp->tun_lock is held; and - by internal logic in kevent, in which tp->tun_lock is not held. The standard convention to discriminate between these two cases is by setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or knote; then in filt_*: if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(&tp->tun_lock)); else mutex_enter(&tp->tun_lock); ... if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(&tp->tun_lock)); else mutex_exit(&tp->tun_lock); Pointed out by and patch from riastradh@ Tested by ozaki-r@ (only the former path)