Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.59.2.2
retrieving revision 1.81
diff -u -p -r1.59.2.2 -r1.81
--- src/sys/netinet6/mld6.c	2015/01/23 09:27:15	1.59.2.2
+++ src/sys/netinet6/mld6.c	2017/02/07 02:38:08	1.81
@@ -1,4 +1,4 @@
-/*	$NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $	*/
+/*	$NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $	*/
 /*	$KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $	*/
 
 /*
@@ -102,16 +102,18 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $");
 
+#ifdef _KERNEL_OPT
 #include "opt_inet.h"
+#include "opt_net_mpsafe.h"
+#endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
-#include <sys/protosw.h>
 #include <sys/syslog.h>
 #include <sys/sysctl.h>
 #include <sys/kernel.h>
@@ -227,6 +229,7 @@ mld_timeo(void *arg)
 {
 	struct in6_multi *in6m = arg;
 
+	/* XXX NOMPSAFE still need softnet_lock */
 	mutex_enter(softnet_lock);
 	KERNEL_LOCK(1, NULL);
 
@@ -334,16 +337,20 @@ mld_input(struct mbuf *m, int off)
 {
 	struct ip6_hdr *ip6;
 	struct mld_hdr *mldh;
-	struct ifnet *ifp = m->m_pkthdr.rcvif;
+	struct ifnet *ifp;
 	struct in6_multi *in6m = NULL;
 	struct in6_addr mld_addr, all_in6;
 	struct in6_ifaddr *ia;
 	u_long timer = 0;	/* timer value in the MLD query header */
+	int s;
 
+	ifp = m_get_rcvif(m, &s);
+	if (__predict_false(ifp == NULL))
+		goto out;
 	IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh));
 	if (mldh == NULL) {
 		ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
-		return;
+		goto out_nodrop;
 	}
 
 	/* source address validation */
@@ -369,12 +376,14 @@ mld_input(struct mbuf *m, int off)
 		 * though RFC3590 says "SHOULD log" if the source of a query
 		 * is the unspecified address.
 		 */
+		char ip6bufs[INET6_ADDRSTRLEN];
+		char ip6bufm[INET6_ADDRSTRLEN];
 		log(LOG_INFO,
 		    "mld_input: src %s is not link-local (grp=%s)\n",
-		    ip6_sprintf(&ip6->ip6_src), ip6_sprintf(&mldh->mld_addr));
+		    IN6_PRINT(ip6bufs,&ip6->ip6_src),
+		    IN6_PRINT(ip6bufm, &mldh->mld_addr));
 #endif
-		m_freem(m);
-		return;
+		goto out;
 	}
 
 	/*
@@ -383,8 +392,7 @@ mld_input(struct mbuf *m, int off)
 	mld_addr = mldh->mld_addr;
 	if (in6_setscope(&mld_addr, ifp, NULL)) {
 		/* XXX: this should not happen! */
-		m_free(m);
-		return;
+		goto out;
 	}
 
 	/*
@@ -400,7 +408,9 @@ mld_input(struct mbuf *m, int off)
 	 * if we sent the last report.
 	 */
 	switch (mldh->mld_type) {
-	case MLD_LISTENER_QUERY:
+	case MLD_LISTENER_QUERY: {
+		struct psref psref;
+
 		if (ifp->if_flags & IFF_LOOPBACK)
 			break;
 
@@ -426,10 +436,14 @@ mld_input(struct mbuf *m, int off)
 		 */
 		timer = ntohs(mldh->mld_maxdelay);
 
-		IFP_TO_IA6(ifp, ia);
+		ia = in6_get_ia_from_ifp_psref(ifp, &psref);
 		if (ia == NULL)
 			break;
 
+		/* The following operations may sleep */
+		m_put_rcvif(ifp, &s);
+		ifp = NULL;
+
 		LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) {
 			if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) ||
 			    IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) <
@@ -455,7 +469,9 @@ mld_input(struct mbuf *m, int off)
 				mld_starttimer(in6m);
 			}
 		}
+		ia6_release(ia, &psref);
 		break;
+	    }
 
 	case MLD_LISTENER_REPORT:
 		/*
@@ -495,7 +511,10 @@ mld_input(struct mbuf *m, int off)
 		break;
 	}
 
+out:
 	m_freem(m);
+out_nodrop:
+	m_put_rcvif(ifp, &s);
 }
 
 static void
@@ -509,6 +528,8 @@ mld_sendpkt(struct in6_multi *in6m, int 
 	struct in6_ifaddr *ia = NULL;
 	struct ifnet *ifp = in6m->in6m_ifp;
 	int ignflags;
+	struct psref psref;
+	int bound;
 
 	/*
 	 * At first, find a link local address on the outgoing interface
@@ -517,20 +538,31 @@ mld_sendpkt(struct in6_multi *in6m, int 
 	 * the case where we first join a link-local address.
 	 */
 	ignflags = (IN6_IFF_NOTREADY|IN6_IFF_ANYCAST) & ~IN6_IFF_TENTATIVE;
-	if ((ia = in6ifa_ifpforlinklocal(ifp, ignflags)) == NULL)
+	bound = curlwp_bind();
+	ia = in6ifa_ifpforlinklocal_psref(ifp, ignflags, &psref);
+	if (ia == NULL) {
+		curlwp_bindx(bound);
 		return;
-	if ((ia->ia6_flags & IN6_IFF_TENTATIVE))
+	}
+	if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) {
+		ia6_release(ia, &psref);
 		ia = NULL;
+	}
 
 	/* Allocate two mbufs to store IPv6 header and MLD header */
 	mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type);
-	if (mldh == NULL)
+	if (mldh == NULL) {
+		ia6_release(ia, &psref);
+		curlwp_bindx(bound);
 		return;
+	}
 
 	/* fill src/dst here */
  	ip6 = mtod(mh, struct ip6_hdr *);
  	ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any;
  	ip6->ip6_dst = dst ? *dst : in6m->in6m_addr;
+	ia6_release(ia, &psref);
+	curlwp_bindx(bound);
 
 	mldh->mld_addr = in6m->in6m_addr;
 	in6_clearscope(&mldh->mld_addr); /* XXX */
@@ -539,7 +571,7 @@ mld_sendpkt(struct in6_multi *in6m, int 
 
 	/* construct multicast option */
 	memset(&im6o, 0, sizeof(im6o));
-	im6o.im6o_multicast_ifp = ifp;
+	im6o.im6o_multicast_if_index = if_get_index(ifp);
 	im6o.im6o_multicast_hlim = 1;
 
 	/*
@@ -592,7 +624,7 @@ mld_allocbuf(struct mbuf **mh, int len, 
 	(*mh)->m_next = md;
 	md->m_next = NULL;
 
-	(*mh)->m_pkthdr.rcvif = NULL;
+	m_reset_rcvif((*mh));
 	(*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + len;
 	(*mh)->m_len = sizeof(struct ip6_hdr);
 	MH_ALIGN(*mh, sizeof(struct ip6_hdr));
@@ -640,6 +672,7 @@ in6_addmulti(struct in6_addr *maddr6, st
 		 */
 		in6m->in6m_refcount++;
 	} else {
+		int _s;
 		/*
 		 * New address; allocate a new multicast record
 		 * and link it into the interface's multicast list.
@@ -656,16 +689,24 @@ in6_addmulti(struct in6_addr *maddr6, st
 		in6m->in6m_ifp = ifp;
 		in6m->in6m_refcount = 1;
 		in6m->in6m_timer = IN6M_TIMER_UNDEF;
-		IFP_TO_IA6(ifp, ia);
+		callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE);
+		callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m);
+
+		_s = pserialize_read_enter();
+		ia = in6_get_ia_from_ifp(ifp);
 		if (ia == NULL) {
+			pserialize_read_exit(_s);
+			callout_destroy(&in6m->in6m_timer_ch);
 			free(in6m, M_IPMADDR);
 			splx(s);
 			*errorp = EADDRNOTAVAIL; /* appropriate? */
 			return (NULL);
 		}
 		in6m->in6m_ia = ia;
-		IFAREF(&ia->ia_ifa); /* gain a reference */
+		ifaref(&ia->ia_ifa); /* gain a reference */
+		/* FIXME NOMPSAFE: need to lock */
 		LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
+		pserialize_read_exit(_s);
 
 		/*
 		 * Ask the network driver to update its multicast reception
@@ -674,15 +715,14 @@ in6_addmulti(struct in6_addr *maddr6, st
 		sockaddr_in6_init(&sin6, maddr6, 0, 0, 0);
 		*errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa(&sin6));
 		if (*errorp) {
+			callout_destroy(&in6m->in6m_timer_ch);
 			LIST_REMOVE(in6m, in6m_entry);
 			free(in6m, M_IPMADDR);
-			IFAFREE(&ia->ia_ifa);
+			ifafree(&ia->ia_ifa);
 			splx(s);
 			return (NULL);
 		}
 
-		callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE);
-		callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m);
 		in6m->in6m_timer = timer;
 		if (in6m->in6m_timer > 0) {
 			in6m->in6m_state = MLD_REPORTPENDING;
@@ -715,6 +755,8 @@ in6_delmulti(struct in6_multi *in6m)
 	mld_stoptimer(in6m);
 
 	if (--in6m->in6m_refcount == 0) {
+		int _s;
+
 		/*
 		 * No remaining claims to this record; let MLD6 know
 		 * that we are leaving the multicast group.
@@ -726,7 +768,7 @@ in6_delmulti(struct in6_multi *in6m)
 		 */
 		LIST_REMOVE(in6m, in6m_entry);
 		if (in6m->in6m_ia != NULL) {
-			IFAFREE(&in6m->in6m_ia->ia_ifa); /* release reference */
+			ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */
 			in6m->in6m_ia = NULL;
 		}
 
@@ -734,13 +776,15 @@ in6_delmulti(struct in6_multi *in6m)
 		 * Delete all references of this multicasting group from
 		 * the membership arrays
 		 */
-		for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
+		_s = pserialize_read_enter();
+		IN6_ADDRLIST_READER_FOREACH(ia) {
 			struct in6_multi_mship *imm;
 			LIST_FOREACH(imm, &ia->ia6_memberships, i6mm_chain) {
 				if (imm->i6mm_maddr == in6m)
 					imm->i6mm_maddr = NULL;
 			}
 		}
+		pserialize_read_exit(_s);
 
 		/*
 		 * Notify the network driver to update its multicast
@@ -751,7 +795,10 @@ in6_delmulti(struct in6_multi *in6m)
 
 		/* Tell mld_timeo we're halting the timer */
 		in6m->in6m_timer = IN6M_TIMER_UNDEF;
-		callout_halt(&in6m->in6m_timer_ch, softnet_lock);
+		if (mutex_owned(softnet_lock))
+			callout_halt(&in6m->in6m_timer_ch, softnet_lock);
+		else
+			callout_halt(&in6m->in6m_timer_ch, NULL);
 		callout_destroy(&in6m->in6m_timer_ch);
 
 		free(in6m, M_IPMADDR);
@@ -804,15 +851,18 @@ in6_savemkludge(struct in6_ifaddr *oia)
 {
 	struct in6_ifaddr *ia;
 	struct in6_multi *in6m;
+	int s;
 
-	IFP_TO_IA6(oia->ia_ifp, ia);
+	s = pserialize_read_enter();
+	ia = in6_get_ia_from_ifp(oia->ia_ifp);
 	if (ia) {	/* there is another address */
 		KASSERT(ia != oia);
 		while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) {
 			LIST_REMOVE(in6m, in6m_entry);
-			IFAREF(&ia->ia_ifa);
-			IFAFREE(&in6m->in6m_ia->ia_ifa);
+			ifaref(&ia->ia_ifa);
+			ifafree(&in6m->in6m_ia->ia_ifa);
 			in6m->in6m_ia = ia;
+			/* FIXME NOMPSAFE: need to lock */
 			LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
 		}
 	} else {	/* last address on this if deleted, save */
@@ -827,11 +877,12 @@ in6_savemkludge(struct in6_ifaddr *oia)
 
 		while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) {
 			LIST_REMOVE(in6m, in6m_entry);
-			IFAFREE(&in6m->in6m_ia->ia_ifa); /* release reference */
+			ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */
 			in6m->in6m_ia = NULL;
 			LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry);
 		}
 	}
+	pserialize_read_exit(s);
 }
 
 /*
@@ -854,7 +905,7 @@ in6_restoremkludge(struct in6_ifaddr *ia
 	while ((in6m = LIST_FIRST(&mk->mk_head)) != NULL) {
 		LIST_REMOVE(in6m, in6m_entry);
 		in6m->in6m_ia = ia;
-		IFAREF(&ia->ia_ifa);
+		ifaref(&ia->ia_ifa);
 		LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
 	}
 }
@@ -974,19 +1025,23 @@ in6_multicast_sysctl(SYSCTLFN_ARGS)
 	uint32_t tmp;
 	int error;
 	size_t written;
+	struct psref psref, psref_ia;
+	int bound, s;
 
 	if (namelen != 1)
 		return EINVAL;
 
-	ifp = if_byindex(name[0]);
-	if (ifp == NULL)
+	bound = curlwp_bind();
+	ifp = if_get_byindex(name[0], &psref);
+	if (ifp == NULL) {
+		curlwp_bindx(bound);
 		return ENODEV;
+	}
 
 	if (oldp == NULL) {
 		*oldlenp = 0;
-		IFADDR_FOREACH(ifa, ifp) {
-			if (ifa->ifa_addr == NULL)
-				continue;
+		s = pserialize_read_enter();
+		IFADDR_READER_FOREACH(ifa, ifp) {
 			if (ifa->ifa_addr->sa_family != AF_INET6)
 				continue;
 			ifa6 = (struct in6_ifaddr *)ifa;
@@ -995,16 +1050,22 @@ in6_multicast_sysctl(SYSCTLFN_ARGS)
 				    sizeof(uint32_t);
 			}
 		}
+		pserialize_read_exit(s);
+		if_put(ifp, &psref);
+		curlwp_bindx(bound);
 		return 0;
 	}
 
 	error = 0;
 	written = 0;
-	IFADDR_FOREACH(ifa, ifp) {
-		if (ifa->ifa_addr == NULL)
-			continue;
+	s = pserialize_read_enter();
+	IFADDR_READER_FOREACH(ifa, ifp) {
 		if (ifa->ifa_addr->sa_family != AF_INET6)
 			continue;
+
+		ifa_acquire(ifa, &psref_ia);
+		pserialize_read_exit(s);
+
 		ifa6 = (struct in6_ifaddr *)ifa;
 		LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) {
 			if (written + 2 * sizeof(struct in6_addr) +
@@ -1029,13 +1090,21 @@ in6_multicast_sysctl(SYSCTLFN_ARGS)
 			oldp = (char *)oldp + sizeof(tmp);
 			written += sizeof(tmp);
 		}
+
+		s = pserialize_read_enter();
+		ifa_release(ifa, &psref_ia);
 	}
+	pserialize_read_exit(s);
 done:
+	ifa_release(ifa, &psref_ia);
+	if_put(ifp, &psref);
+	curlwp_bindx(bound);
 	*oldlenp = written;
 	return error;
 }
 
-SYSCTL_SETUP(sysctl_in6_mklude_setup, "sysctl net.inet6.multicast_kludge subtree setup")
+void
+in6_sysctl_multicast_setup(struct sysctllog **clog)
 {
 
 	sysctl_createv(clog, 0, NULL, NULL,