Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.73 retrieving revision 1.82 diff -u -p -r1.73 -r1.82 --- src/sys/netinet6/mld6.c 2016/07/20 07:37:51 1.73 +++ src/sys/netinet6/mld6.c 2017/02/22 07:46:00 1.82 @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.73 2016/07/20 07:37:51 ozaki-r Exp $ */ +/* $NetBSD: mld6.c,v 1.82 2017/02/22 07:46:00 ozaki-r Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,10 +102,11 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.73 2016/07/20 07:37:51 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.82 2017/02/22 07:46:00 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" +#include "opt_net_mpsafe.h" #endif #include @@ -113,7 +114,6 @@ __KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.7 #include #include #include -#include #include #include #include @@ -229,6 +229,7 @@ mld_timeo(void *arg) { struct in6_multi *in6m = arg; + /* XXX NOMPSAFE still need softnet_lock */ mutex_enter(softnet_lock); KERNEL_LOCK(1, NULL); @@ -344,6 +345,8 @@ mld_input(struct mbuf *m, int off) int s; ifp = m_get_rcvif(m, &s); + if (__predict_false(ifp == NULL)) + goto out; IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); if (mldh == NULL) { ICMP6_STATINC(ICMP6_STAT_TOOSHORT); @@ -373,9 +376,12 @@ mld_input(struct mbuf *m, int off) * though RFC3590 says "SHOULD log" if the source of a query * is the unspecified address. */ + char ip6bufs[INET6_ADDRSTRLEN]; + char ip6bufm[INET6_ADDRSTRLEN]; log(LOG_INFO, "mld_input: src %s is not link-local (grp=%s)\n", - ip6_sprintf(&ip6->ip6_src), ip6_sprintf(&mldh->mld_addr)); + IN6_PRINT(ip6bufs,&ip6->ip6_src), + IN6_PRINT(ip6bufm, &mldh->mld_addr)); #endif goto out; } @@ -402,7 +408,9 @@ mld_input(struct mbuf *m, int off) * if we sent the last report. */ switch (mldh->mld_type) { - case MLD_LISTENER_QUERY: + case MLD_LISTENER_QUERY: { + struct psref psref; + if (ifp->if_flags & IFF_LOOPBACK) break; @@ -428,10 +436,14 @@ mld_input(struct mbuf *m, int off) */ timer = ntohs(mldh->mld_maxdelay); - ia = in6_get_ia_from_ifp(ifp); + ia = in6_get_ia_from_ifp_psref(ifp, &psref); if (ia == NULL) break; + /* The following operations may sleep */ + m_put_rcvif(ifp, &s); + ifp = NULL; + LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) { if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < @@ -457,7 +469,9 @@ mld_input(struct mbuf *m, int off) mld_starttimer(in6m); } } + ia6_release(ia, &psref); break; + } case MLD_LISTENER_REPORT: /* @@ -479,7 +493,7 @@ mld_input(struct mbuf *m, int off) * If we belong to the group being reported, stop * our timer for that group. */ - IN6_LOOKUP_MULTI(mld_addr, ifp, in6m); + in6m = in6_lookup_multi(&mld_addr, ifp); if (in6m) { mld_stoptimer(in6m); /* transit to idle state */ in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */ @@ -514,6 +528,8 @@ mld_sendpkt(struct in6_multi *in6m, int struct in6_ifaddr *ia = NULL; struct ifnet *ifp = in6m->in6m_ifp; int ignflags; + struct psref psref; + int bound; /* * At first, find a link local address on the outgoing interface @@ -522,20 +538,31 @@ mld_sendpkt(struct in6_multi *in6m, int * the case where we first join a link-local address. */ ignflags = (IN6_IFF_NOTREADY|IN6_IFF_ANYCAST) & ~IN6_IFF_TENTATIVE; - if ((ia = in6ifa_ifpforlinklocal(ifp, ignflags)) == NULL) + bound = curlwp_bind(); + ia = in6ifa_ifpforlinklocal_psref(ifp, ignflags, &psref); + if (ia == NULL) { + curlwp_bindx(bound); return; - if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) + } + if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) { + ia6_release(ia, &psref); ia = NULL; + } /* Allocate two mbufs to store IPv6 header and MLD header */ mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type); - if (mldh == NULL) + if (mldh == NULL) { + ia6_release(ia, &psref); + curlwp_bindx(bound); return; + } /* fill src/dst here */ ip6 = mtod(mh, struct ip6_hdr *); ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any; ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; + ia6_release(ia, &psref); + curlwp_bindx(bound); mldh->mld_addr = in6m->in6m_addr; in6_clearscope(&mldh->mld_addr); /* XXX */ @@ -638,13 +665,14 @@ in6_addmulti(struct in6_addr *maddr6, st /* * See if address already in list. */ - IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); + in6m = in6_lookup_multi(maddr6, ifp); if (in6m != NULL) { /* * Found it; just increment the refrence count. */ in6m->in6m_refcount++; } else { + int _s; /* * New address; allocate a new multicast record * and link it into the interface's multicast list. @@ -664,8 +692,10 @@ in6_addmulti(struct in6_addr *maddr6, st callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE); callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m); + _s = pserialize_read_enter(); ia = in6_get_ia_from_ifp(ifp); if (ia == NULL) { + pserialize_read_exit(_s); callout_destroy(&in6m->in6m_timer_ch); free(in6m, M_IPMADDR); splx(s); @@ -674,7 +704,9 @@ in6_addmulti(struct in6_addr *maddr6, st } in6m->in6m_ia = ia; ifaref(&ia->ia_ifa); /* gain a reference */ + /* FIXME NOMPSAFE: need to lock */ LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); + pserialize_read_exit(_s); /* * Ask the network driver to update its multicast reception @@ -763,7 +795,10 @@ in6_delmulti(struct in6_multi *in6m) /* Tell mld_timeo we're halting the timer */ in6m->in6m_timer = IN6M_TIMER_UNDEF; - callout_halt(&in6m->in6m_timer_ch, softnet_lock); + if (mutex_owned(softnet_lock)) + callout_halt(&in6m->in6m_timer_ch, softnet_lock); + else + callout_halt(&in6m->in6m_timer_ch, NULL); callout_destroy(&in6m->in6m_timer_ch); free(in6m, M_IPMADDR); @@ -816,7 +851,9 @@ in6_savemkludge(struct in6_ifaddr *oia) { struct in6_ifaddr *ia; struct in6_multi *in6m; + int s; + s = pserialize_read_enter(); ia = in6_get_ia_from_ifp(oia->ia_ifp); if (ia) { /* there is another address */ KASSERT(ia != oia); @@ -825,6 +862,7 @@ in6_savemkludge(struct in6_ifaddr *oia) ifaref(&ia->ia_ifa); ifafree(&in6m->in6m_ia->ia_ifa); in6m->in6m_ia = ia; + /* FIXME NOMPSAFE: need to lock */ LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); } } else { /* last address on this if deleted, save */ @@ -844,6 +882,7 @@ in6_savemkludge(struct in6_ifaddr *oia) LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry); } } + pserialize_read_exit(s); } /* @@ -986,8 +1025,8 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) uint32_t tmp; int error; size_t written; - struct psref psref; - int bound; + struct psref psref, psref_ia; + int bound, s; if (namelen != 1) return EINVAL; @@ -1001,6 +1040,7 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) if (oldp == NULL) { *oldlenp = 0; + s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family != AF_INET6) continue; @@ -1010,6 +1050,7 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) sizeof(uint32_t); } } + pserialize_read_exit(s); if_put(ifp, &psref); curlwp_bindx(bound); return 0; @@ -1017,9 +1058,14 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) error = 0; written = 0; + s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family != AF_INET6) continue; + + ifa_acquire(ifa, &psref_ia); + pserialize_read_exit(s); + ifa6 = (struct in6_ifaddr *)ifa; LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { if (written + 2 * sizeof(struct in6_addr) + @@ -1044,15 +1090,21 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) oldp = (char *)oldp + sizeof(tmp); written += sizeof(tmp); } + + s = pserialize_read_enter(); + ifa_release(ifa, &psref_ia); } + pserialize_read_exit(s); done: + ifa_release(ifa, &psref_ia); if_put(ifp, &psref); curlwp_bindx(bound); *oldlenp = written; return error; } -SYSCTL_SETUP(sysctl_in6_mklude_setup, "sysctl net.inet6.multicast_kludge subtree setup") +void +in6_sysctl_multicast_setup(struct sysctllog **clog) { sysctl_createv(clog, 0, NULL, NULL,