Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.61 retrieving revision 1.74 diff -u -p -r1.61 -r1.74 --- src/sys/netinet6/mld6.c 2014/11/12 03:24:25 1.61 +++ src/sys/netinet6/mld6.c 2016/08/01 03:15:31 1.74 @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.61 2014/11/12 03:24:25 ozaki-r Exp $ */ +/* $NetBSD: mld6.c,v 1.74 2016/08/01 03:15:31 ozaki-r Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,9 +102,11 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.61 2014/11/12 03:24:25 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.74 2016/08/01 03:15:31 ozaki-r Exp $"); +#ifdef _KERNEL_OPT #include "opt_inet.h" +#endif #include #include @@ -188,6 +190,7 @@ mld_init(void) ip6_opts.ip6po_hbh = hbh; /* We will specify the hoplimit by a multicast option. */ ip6_opts.ip6po_hlim = -1; + ip6_opts.ip6po_prefer_tempaddr = IP6PO_TEMPADDR_NOTPREFER; } static void @@ -333,16 +336,18 @@ mld_input(struct mbuf *m, int off) { struct ip6_hdr *ip6; struct mld_hdr *mldh; - struct ifnet *ifp = m->m_pkthdr.rcvif; + struct ifnet *ifp; struct in6_multi *in6m = NULL; struct in6_addr mld_addr, all_in6; struct in6_ifaddr *ia; u_long timer = 0; /* timer value in the MLD query header */ + int s; + ifp = m_get_rcvif(m, &s); IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); if (mldh == NULL) { ICMP6_STATINC(ICMP6_STAT_TOOSHORT); - return; + goto out_nodrop; } /* source address validation */ @@ -372,8 +377,7 @@ mld_input(struct mbuf *m, int off) "mld_input: src %s is not link-local (grp=%s)\n", ip6_sprintf(&ip6->ip6_src), ip6_sprintf(&mldh->mld_addr)); #endif - m_freem(m); - return; + goto out; } /* @@ -382,8 +386,7 @@ mld_input(struct mbuf *m, int off) mld_addr = mldh->mld_addr; if (in6_setscope(&mld_addr, ifp, NULL)) { /* XXX: this should not happen! */ - m_free(m); - return; + goto out; } /* @@ -399,7 +402,9 @@ mld_input(struct mbuf *m, int off) * if we sent the last report. */ switch (mldh->mld_type) { - case MLD_LISTENER_QUERY: + case MLD_LISTENER_QUERY: { + struct psref psref; + if (ifp->if_flags & IFF_LOOPBACK) break; @@ -425,10 +430,14 @@ mld_input(struct mbuf *m, int off) */ timer = ntohs(mldh->mld_maxdelay); - IFP_TO_IA6(ifp, ia); + ia = in6_get_ia_from_ifp_psref(ifp, &psref); if (ia == NULL) break; + /* The following operations may sleep */ + m_put_rcvif(ifp, &s); + ifp = NULL; + LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) { if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < @@ -454,7 +463,9 @@ mld_input(struct mbuf *m, int off) mld_starttimer(in6m); } } + ia6_release(ia, &psref); break; + } case MLD_LISTENER_REPORT: /* @@ -494,7 +505,10 @@ mld_input(struct mbuf *m, int off) break; } +out: m_freem(m); +out_nodrop: + m_put_rcvif(ifp, &s); } static void @@ -508,6 +522,8 @@ mld_sendpkt(struct in6_multi *in6m, int struct in6_ifaddr *ia = NULL; struct ifnet *ifp = in6m->in6m_ifp; int ignflags; + struct psref psref; + int bound; /* * At first, find a link local address on the outgoing interface @@ -516,20 +532,31 @@ mld_sendpkt(struct in6_multi *in6m, int * the case where we first join a link-local address. */ ignflags = (IN6_IFF_NOTREADY|IN6_IFF_ANYCAST) & ~IN6_IFF_TENTATIVE; - if ((ia = in6ifa_ifpforlinklocal(ifp, ignflags)) == NULL) + bound = curlwp_bind(); + ia = in6ifa_ifpforlinklocal_psref(ifp, ignflags, &psref); + if (ia == NULL) { + curlwp_bindx(bound); return; - if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) + } + if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) { + ia6_release(ia, &psref); ia = NULL; + } /* Allocate two mbufs to store IPv6 header and MLD header */ mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type); - if (mldh == NULL) + if (mldh == NULL) { + ia6_release(ia, &psref); + curlwp_bindx(bound); return; + } /* fill src/dst here */ ip6 = mtod(mh, struct ip6_hdr *); ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any; ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; + ia6_release(ia, &psref); + curlwp_bindx(bound); mldh->mld_addr = in6m->in6m_addr; in6_clearscope(&mldh->mld_addr); /* XXX */ @@ -538,7 +565,7 @@ mld_sendpkt(struct in6_multi *in6m, int /* construct multicast option */ memset(&im6o, 0, sizeof(im6o)); - im6o.im6o_multicast_ifp = ifp; + im6o.im6o_multicast_if_index = if_get_index(ifp); im6o.im6o_multicast_hlim = 1; /* @@ -591,7 +618,7 @@ mld_allocbuf(struct mbuf **mh, int len, (*mh)->m_next = md; md->m_next = NULL; - (*mh)->m_pkthdr.rcvif = NULL; + m_reset_rcvif((*mh)); (*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + len; (*mh)->m_len = sizeof(struct ip6_hdr); MH_ALIGN(*mh, sizeof(struct ip6_hdr)); @@ -639,6 +666,7 @@ in6_addmulti(struct in6_addr *maddr6, st */ in6m->in6m_refcount++; } else { + int _s; /* * New address; allocate a new multicast record * and link it into the interface's multicast list. @@ -655,8 +683,14 @@ in6_addmulti(struct in6_addr *maddr6, st in6m->in6m_ifp = ifp; in6m->in6m_refcount = 1; in6m->in6m_timer = IN6M_TIMER_UNDEF; - IFP_TO_IA6(ifp, ia); + callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE); + callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m); + + _s = pserialize_read_enter(); + ia = in6_get_ia_from_ifp(ifp); if (ia == NULL) { + pserialize_read_exit(_s); + callout_destroy(&in6m->in6m_timer_ch); free(in6m, M_IPMADDR); splx(s); *errorp = EADDRNOTAVAIL; /* appropriate? */ @@ -664,7 +698,9 @@ in6_addmulti(struct in6_addr *maddr6, st } in6m->in6m_ia = ia; ifaref(&ia->ia_ifa); /* gain a reference */ + /* FIXME NOMPSAFE: need to lock */ LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); + pserialize_read_exit(_s); /* * Ask the network driver to update its multicast reception @@ -673,6 +709,7 @@ in6_addmulti(struct in6_addr *maddr6, st sockaddr_in6_init(&sin6, maddr6, 0, 0, 0); *errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa(&sin6)); if (*errorp) { + callout_destroy(&in6m->in6m_timer_ch); LIST_REMOVE(in6m, in6m_entry); free(in6m, M_IPMADDR); ifafree(&ia->ia_ifa); @@ -680,8 +717,6 @@ in6_addmulti(struct in6_addr *maddr6, st return (NULL); } - callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE); - callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m); in6m->in6m_timer = timer; if (in6m->in6m_timer > 0) { in6m->in6m_state = MLD_REPORTPENDING; @@ -714,6 +749,8 @@ in6_delmulti(struct in6_multi *in6m) mld_stoptimer(in6m); if (--in6m->in6m_refcount == 0) { + int _s; + /* * No remaining claims to this record; let MLD6 know * that we are leaving the multicast group. @@ -733,13 +770,15 @@ in6_delmulti(struct in6_multi *in6m) * Delete all references of this multicasting group from * the membership arrays */ - for (ia = in6_ifaddr; ia; ia = ia->ia_next) { + _s = pserialize_read_enter(); + IN6_ADDRLIST_READER_FOREACH(ia) { struct in6_multi_mship *imm; LIST_FOREACH(imm, &ia->ia6_memberships, i6mm_chain) { if (imm->i6mm_maddr == in6m) imm->i6mm_maddr = NULL; } } + pserialize_read_exit(_s); /* * Notify the network driver to update its multicast @@ -803,8 +842,10 @@ in6_savemkludge(struct in6_ifaddr *oia) { struct in6_ifaddr *ia; struct in6_multi *in6m; + int s; - IFP_TO_IA6(oia->ia_ifp, ia); + s = pserialize_read_enter(); + ia = in6_get_ia_from_ifp(oia->ia_ifp); if (ia) { /* there is another address */ KASSERT(ia != oia); while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) { @@ -812,6 +853,7 @@ in6_savemkludge(struct in6_ifaddr *oia) ifaref(&ia->ia_ifa); ifafree(&in6m->in6m_ia->ia_ifa); in6m->in6m_ia = ia; + /* FIXME NOMPSAFE: need to lock */ LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); } } else { /* last address on this if deleted, save */ @@ -831,6 +873,7 @@ in6_savemkludge(struct in6_ifaddr *oia) LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry); } } + pserialize_read_exit(s); } /* @@ -973,19 +1016,23 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) uint32_t tmp; int error; size_t written; + struct psref psref, psref_ia; + int bound, s; if (namelen != 1) return EINVAL; - ifp = if_byindex(name[0]); - if (ifp == NULL) + bound = curlwp_bind(); + ifp = if_get_byindex(name[0], &psref); + if (ifp == NULL) { + curlwp_bindx(bound); return ENODEV; + } if (oldp == NULL) { *oldlenp = 0; - IFADDR_FOREACH(ifa, ifp) { - if (ifa->ifa_addr == NULL) - continue; + s = pserialize_read_enter(); + IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family != AF_INET6) continue; ifa6 = (struct in6_ifaddr *)ifa; @@ -994,16 +1041,22 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) sizeof(uint32_t); } } + pserialize_read_exit(s); + if_put(ifp, &psref); + curlwp_bindx(bound); return 0; } error = 0; written = 0; - IFADDR_FOREACH(ifa, ifp) { - if (ifa->ifa_addr == NULL) - continue; + s = pserialize_read_enter(); + IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family != AF_INET6) continue; + + ifa_acquire(ifa, &psref_ia); + pserialize_read_exit(s); + ifa6 = (struct in6_ifaddr *)ifa; LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { if (written + 2 * sizeof(struct in6_addr) + @@ -1028,8 +1081,15 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) oldp = (char *)oldp + sizeof(tmp); written += sizeof(tmp); } + + s = pserialize_read_enter(); + ifa_release(ifa, &psref_ia); } + pserialize_read_exit(s); done: + ifa_release(ifa, &psref_ia); + if_put(ifp, &psref); + curlwp_bindx(bound); *oldlenp = written; return error; }