Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/mld6.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.81 retrieving revision 1.96 diff -u -p -r1.81 -r1.96 --- src/sys/netinet6/mld6.c 2017/02/07 02:38:08 1.81 +++ src/sys/netinet6/mld6.c 2018/05/29 04:37:58 1.96 @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $ */ +/* $NetBSD: mld6.c,v 1.96 2018/05/29 04:37:58 ozaki-r Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,7 +102,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.96 2018/05/29 04:37:58 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -119,6 +119,7 @@ __KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.8 #include #include #include +#include #include @@ -132,21 +133,7 @@ __KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.8 #include #include -#include - - -/* - * This structure is used to keep track of in6_multi chains which belong to - * deleted interface addresses. - */ -static LIST_HEAD(, multi6_kludge) in6_mk = LIST_HEAD_INITIALIZER(in6_mk); - -struct multi6_kludge { - LIST_ENTRY(multi6_kludge) mk_entry; - struct ifnet *mk_ifp; - struct in6_multihead mk_head; -}; - +static krwlock_t in6_multilock __cacheline_aligned; /* * Protocol constants @@ -163,13 +150,16 @@ static struct ip6_pktopts ip6_opts; static void mld_start_listening(struct in6_multi *); static void mld_stop_listening(struct in6_multi *); -static struct mld_hdr * mld_allocbuf(struct mbuf **, int, struct in6_multi *, - int); +static struct mld_hdr *mld_allocbuf(struct mbuf **, struct in6_multi *, int); static void mld_sendpkt(struct in6_multi *, int, const struct in6_addr *); static void mld_starttimer(struct in6_multi *); static void mld_stoptimer(struct in6_multi *); static u_long mld_timerresid(struct in6_multi *); +static void in6m_ref(struct in6_multi *); +static void in6m_unref(struct in6_multi *); +static void in6m_destroy(struct in6_multi *); + void mld_init(void) { @@ -191,6 +181,8 @@ mld_init(void) /* We will specify the hoplimit by a multicast option. */ ip6_opts.ip6po_hlim = -1; ip6_opts.ip6po_prefer_tempaddr = IP6PO_TEMPADDR_NOTPREFER; + + rw_init(&in6_multilock); } static void @@ -198,6 +190,7 @@ mld_starttimer(struct in6_multi *in6m) { struct timeval now; + KASSERT(rw_write_held(&in6_multilock)); KASSERT(in6m->in6m_timer != IN6M_TIMER_UNDEF); microtime(&now); @@ -213,13 +206,24 @@ mld_starttimer(struct in6_multi *in6m) callout_schedule(&in6m->in6m_timer_ch, in6m->in6m_timer); } +/* + * mld_stoptimer releases in6_multilock when calling callout_halt. + * The caller must ensure in6m won't be freed while releasing the lock. + */ static void mld_stoptimer(struct in6_multi *in6m) { + + KASSERT(rw_write_held(&in6_multilock)); + if (in6m->in6m_timer == IN6M_TIMER_UNDEF) return; - callout_stop(&in6m->in6m_timer_ch); + rw_exit(&in6_multilock); + + callout_halt(&in6m->in6m_timer_ch, NULL); + + rw_enter(&in6_multilock, RW_WRITER); in6m->in6m_timer = IN6M_TIMER_UNDEF; } @@ -229,10 +233,10 @@ mld_timeo(void *arg) { struct in6_multi *in6m = arg; - /* XXX NOMPSAFE still need softnet_lock */ - mutex_enter(softnet_lock); - KERNEL_LOCK(1, NULL); + KASSERT(in6m->in6m_refcount > 0); + KERNEL_LOCK_UNLESS_NET_MPSAFE(); + rw_enter(&in6_multilock, RW_WRITER); if (in6m->in6m_timer == IN6M_TIMER_UNDEF) goto out; @@ -248,8 +252,8 @@ mld_timeo(void *arg) } out: - KERNEL_UNLOCK_ONE(NULL); - mutex_exit(softnet_lock); + rw_exit(&in6_multilock); + KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); } static u_long @@ -281,6 +285,8 @@ mld_start_listening(struct in6_multi *in { struct in6_addr all_in6; + KASSERT(rw_write_held(&in6_multilock)); + /* * RFC2710 page 10: * The node never sends a Report or Done for the link-scope all-nodes @@ -313,6 +319,8 @@ mld_stop_listening(struct in6_multi *in6 { struct in6_addr allnode, allrouter; + KASSERT(rw_lock_held(&in6_multilock)); + allnode = in6addr_linklocal_allnodes; if (in6_setscope(&allnode, in6m->in6m_ifp, NULL)) { /* XXX: this should not happen! */ @@ -340,11 +348,10 @@ mld_input(struct mbuf *m, int off) struct ifnet *ifp; struct in6_multi *in6m = NULL; struct in6_addr mld_addr, all_in6; - struct in6_ifaddr *ia; u_long timer = 0; /* timer value in the MLD query header */ - int s; + struct psref psref; - ifp = m_get_rcvif(m, &s); + ifp = m_get_rcvif_psref(m, &psref); if (__predict_false(ifp == NULL)) goto out; IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); @@ -353,8 +360,9 @@ mld_input(struct mbuf *m, int off) goto out_nodrop; } + ip6 = mtod(m, struct ip6_hdr *); + /* source address validation */ - ip6 = mtod(m, struct ip6_hdr *);/* in case mpullup */ if (!IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) { /* * RFC3590 allows the IPv6 unspecified address as the source @@ -400,7 +408,7 @@ mld_input(struct mbuf *m, int off) * * In Non-Listener state, we simply don't have a membership record. * In Delaying Listener state, our timer is running (in6m->in6m_timer) - * In Idle Listener state, our timer is not running + * In Idle Listener state, our timer is not running * (in6m->in6m_timer==IN6M_TIMER_UNDEF) * * The flag is in6m->in6m_state, it is set to MLD_OTHERLISTENER if @@ -409,7 +417,7 @@ mld_input(struct mbuf *m, int off) */ switch (mldh->mld_type) { case MLD_LISTENER_QUERY: { - struct psref psref; + struct in6_multi *next; if (ifp->if_flags & IFF_LOOPBACK) break; @@ -436,15 +444,17 @@ mld_input(struct mbuf *m, int off) */ timer = ntohs(mldh->mld_maxdelay); - ia = in6_get_ia_from_ifp_psref(ifp, &psref); - if (ia == NULL) - break; - - /* The following operations may sleep */ - m_put_rcvif(ifp, &s); - ifp = NULL; - - LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) { + rw_enter(&in6_multilock, RW_WRITER); + /* + * mld_stoptimer and mld_sendpkt release in6_multilock + * temporarily, so we have to prevent in6m from being freed + * while releasing the lock by having an extra reference to it. + * + * Also in6_purge_multi might remove items from the list of the + * ifp while releasing the lock. Fortunately in6_purge_multi is + * never executed as long as we have a psref of the ifp. + */ + LIST_FOREACH_SAFE(in6m, &ifp->if_multiaddrs, in6m_entry, next) { if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) @@ -458,10 +468,14 @@ mld_input(struct mbuf *m, int off) continue; if (timer == 0) { + in6m_ref(in6m); + /* send a report immediately */ mld_stoptimer(in6m); mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); in6m->in6m_state = MLD_IREPORTEDLAST; + + in6m_unref(in6m); /* May free in6m */ } else if (in6m->in6m_timer == IN6M_TIMER_UNDEF || mld_timerresid(in6m) > timer) { in6m->in6m_timer = @@ -469,7 +483,7 @@ mld_input(struct mbuf *m, int off) mld_starttimer(in6m); } } - ia6_release(ia, &psref); + rw_exit(&in6_multilock); break; } @@ -493,11 +507,16 @@ mld_input(struct mbuf *m, int off) * If we belong to the group being reported, stop * our timer for that group. */ - IN6_LOOKUP_MULTI(mld_addr, ifp, in6m); + rw_enter(&in6_multilock, RW_WRITER); + in6m = in6_lookup_multi(&mld_addr, ifp); if (in6m) { + in6m_ref(in6m); mld_stoptimer(in6m); /* transit to idle state */ in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */ + in6m_unref(in6m); + in6m = NULL; /* in6m might be freed */ } + rw_exit(&in6_multilock); break; default: /* this is impossible */ #if 0 @@ -514,12 +533,16 @@ mld_input(struct mbuf *m, int off) out: m_freem(m); out_nodrop: - m_put_rcvif(ifp, &s); + m_put_rcvif_psref(ifp, &psref); } +/* + * XXX mld_sendpkt must be called with in6_multilock held and + * will release in6_multilock before calling ip6_output and + * returning to avoid locking against myself in ip6_output. + */ static void -mld_sendpkt(struct in6_multi *in6m, int type, - const struct in6_addr *dst) +mld_sendpkt(struct in6_multi *in6m, int type, const struct in6_addr *dst) { struct mbuf *mh; struct mld_hdr *mldh; @@ -531,6 +554,8 @@ mld_sendpkt(struct in6_multi *in6m, int struct psref psref; int bound; + KASSERT(rw_write_held(&in6_multilock)); + /* * At first, find a link local address on the outgoing interface * to use as the source address of the MLD packet. @@ -550,7 +575,7 @@ mld_sendpkt(struct in6_multi *in6m, int } /* Allocate two mbufs to store IPv6 header and MLD header */ - mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type); + mldh = mld_allocbuf(&mh, in6m, type); if (mldh == NULL) { ia6_release(ia, &psref); curlwp_bindx(bound); @@ -558,9 +583,9 @@ mld_sendpkt(struct in6_multi *in6m, int } /* fill src/dst here */ - ip6 = mtod(mh, struct ip6_hdr *); - ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any; - ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; + ip6 = mtod(mh, struct ip6_hdr *); + ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any; + ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; ia6_release(ia, &psref); curlwp_bindx(bound); @@ -580,7 +605,7 @@ mld_sendpkt(struct in6_multi *in6m, int */ im6o.im6o_multicast_loop = (ip6_mrouter != NULL); - /* increment output statictics */ + /* increment output statistics */ ICMP6_STATINC(ICMP6_STAT_OUTHIST + type); icmp6_ifstat_inc(ifp, ifs6_out_msg); switch (type) { @@ -595,13 +620,17 @@ mld_sendpkt(struct in6_multi *in6m, int break; } + /* XXX we cannot call ip6_output with holding in6_multilock */ + rw_exit(&in6_multilock); + ip6_output(mh, &ip6_opts, NULL, ia ? 0 : IPV6_UNSPECSRC, &im6o, NULL, NULL); + + rw_enter(&in6_multilock, RW_WRITER); } static struct mld_hdr * -mld_allocbuf(struct mbuf **mh, int len, struct in6_multi *in6m, - int type) +mld_allocbuf(struct mbuf **mh, struct in6_multi *in6m, int type) { struct mbuf *md; struct mld_hdr *mldh; @@ -625,7 +654,7 @@ mld_allocbuf(struct mbuf **mh, int len, md->m_next = NULL; m_reset_rcvif((*mh)); - (*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + len; + (*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + sizeof(struct mld_hdr); (*mh)->m_len = sizeof(struct ip6_hdr); MH_ALIGN(*mh, sizeof(struct ip6_hdr)); @@ -641,48 +670,61 @@ mld_allocbuf(struct mbuf **mh, int len, /* ip6_src/dst will be set by mld_sendpkt() or mld_sendbuf() */ /* fill in the MLD header as much as possible */ - md->m_len = len; + md->m_len = sizeof(struct mld_hdr); mldh = mtod(md, struct mld_hdr *); - memset(mldh, 0, len); + memset(mldh, 0, sizeof(struct mld_hdr)); mldh->mld_type = type; return mldh; } +static void +in6m_ref(struct in6_multi *in6m) +{ + + KASSERT(rw_write_held(&in6_multilock)); + in6m->in6m_refcount++; +} + +static void +in6m_unref(struct in6_multi *in6m) +{ + + KASSERT(rw_write_held(&in6_multilock)); + if (--in6m->in6m_refcount == 0) + in6m_destroy(in6m); +} + /* * Add an address to the list of IP6 multicast addresses for a given interface. */ struct in6_multi * -in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, - int *errorp, int timer) +in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp, + int timer) { - struct in6_ifaddr *ia; struct sockaddr_in6 sin6; struct in6_multi *in6m; - int s = splsoftnet(); *errorp = 0; + rw_enter(&in6_multilock, RW_WRITER); /* * See if address already in list. */ - IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); + in6m = in6_lookup_multi(maddr6, ifp); if (in6m != NULL) { /* - * Found it; just increment the refrence count. + * Found it; just increment the reference count. */ in6m->in6m_refcount++; } else { - int _s; /* * New address; allocate a new multicast record * and link it into the interface's multicast list. */ - in6m = (struct in6_multi *) - malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT|M_ZERO); + in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT|M_ZERO); if (in6m == NULL) { - splx(s); *errorp = ENOBUFS; - return (NULL); + goto out; } in6m->in6m_addr = *maddr6; @@ -692,21 +734,7 @@ in6_addmulti(struct in6_addr *maddr6, st callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE); callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m); - _s = pserialize_read_enter(); - ia = in6_get_ia_from_ifp(ifp); - if (ia == NULL) { - pserialize_read_exit(_s); - callout_destroy(&in6m->in6m_timer_ch); - free(in6m, M_IPMADDR); - splx(s); - *errorp = EADDRNOTAVAIL; /* appropriate? */ - return (NULL); - } - in6m->in6m_ia = ia; - ifaref(&ia->ia_ifa); /* gain a reference */ - /* FIXME NOMPSAFE: need to lock */ - LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); - pserialize_read_exit(_s); + LIST_INSERT_HEAD(&ifp->if_multiaddrs, in6m, in6m_entry); /* * Ask the network driver to update its multicast reception @@ -718,18 +746,15 @@ in6_addmulti(struct in6_addr *maddr6, st callout_destroy(&in6m->in6m_timer_ch); LIST_REMOVE(in6m, in6m_entry); free(in6m, M_IPMADDR); - ifafree(&ia->ia_ifa); - splx(s); - return (NULL); + in6m = NULL; + goto out; } in6m->in6m_timer = timer; if (in6m->in6m_timer > 0) { in6m->in6m_state = MLD_REPORTPENDING; mld_starttimer(in6m); - - splx(s); - return (in6m); + goto out; } /* @@ -738,281 +763,213 @@ in6_addmulti(struct in6_addr *maddr6, st */ mld_start_listening(in6m); } - splx(s); - return (in6m); +out: + rw_exit(&in6_multilock); + return in6m; } -/* - * Delete a multicast address record. - */ -void -in6_delmulti(struct in6_multi *in6m) +static void +in6m_destroy(struct in6_multi *in6m) { - struct sockaddr_in6 sin6; - struct in6_ifaddr *ia; - int s = splsoftnet(); + struct sockaddr_in6 sin6; - mld_stoptimer(in6m); + KASSERT(rw_write_held(&in6_multilock)); + KASSERT(in6m->in6m_refcount == 0); - if (--in6m->in6m_refcount == 0) { - int _s; + /* + * Unlink from list. This must be done before mld_stop_listening + * because it releases in6_multilock and that allows someone to + * look up the removing in6m from the list and add a reference to the + * entry unexpectedly. + */ + LIST_REMOVE(in6m, in6m_entry); - /* - * No remaining claims to this record; let MLD6 know - * that we are leaving the multicast group. - */ - mld_stop_listening(in6m); + /* + * No remaining claims to this record; let MLD6 know + * that we are leaving the multicast group. + */ + mld_stop_listening(in6m); - /* - * Unlink from list. - */ - LIST_REMOVE(in6m, in6m_entry); - if (in6m->in6m_ia != NULL) { - ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */ - in6m->in6m_ia = NULL; - } + /* + * Delete all references of this multicasting group from + * the membership arrays + */ + in6_purge_mcast_references(in6m); - /* - * Delete all references of this multicasting group from - * the membership arrays - */ - _s = pserialize_read_enter(); - IN6_ADDRLIST_READER_FOREACH(ia) { - struct in6_multi_mship *imm; - LIST_FOREACH(imm, &ia->ia6_memberships, i6mm_chain) { - if (imm->i6mm_maddr == in6m) - imm->i6mm_maddr = NULL; - } - } - pserialize_read_exit(_s); + /* + * Notify the network driver to update its multicast + * reception filter. + */ + sockaddr_in6_init(&sin6, &in6m->in6m_addr, 0, 0, 0); + if_mcast_op(in6m->in6m_ifp, SIOCDELMULTI, sin6tosa(&sin6)); - /* - * Notify the network driver to update its multicast - * reception filter. - */ - sockaddr_in6_init(&sin6, &in6m->in6m_addr, 0, 0, 0); - if_mcast_op(in6m->in6m_ifp, SIOCDELMULTI, sin6tosa(&sin6)); + /* Tell mld_timeo we're halting the timer */ + in6m->in6m_timer = IN6M_TIMER_UNDEF; - /* Tell mld_timeo we're halting the timer */ - in6m->in6m_timer = IN6M_TIMER_UNDEF; - if (mutex_owned(softnet_lock)) - callout_halt(&in6m->in6m_timer_ch, softnet_lock); - else - callout_halt(&in6m->in6m_timer_ch, NULL); - callout_destroy(&in6m->in6m_timer_ch); + rw_exit(&in6_multilock); + callout_halt(&in6m->in6m_timer_ch, NULL); + callout_destroy(&in6m->in6m_timer_ch); - free(in6m, M_IPMADDR); - } - splx(s); + free(in6m, M_IPMADDR); + rw_enter(&in6_multilock, RW_WRITER); } - -struct in6_multi_mship * -in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, - int *errorp, int timer) +/* + * Delete a multicast address record. + */ +void +in6_delmulti_locked(struct in6_multi *in6m) { - struct in6_multi_mship *imm; - imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT|M_ZERO); - if (imm == NULL) { - *errorp = ENOBUFS; - return NULL; - } + KASSERT(rw_write_held(&in6_multilock)); + KASSERT(in6m->in6m_refcount > 0); - imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp, timer); - if (!imm->i6mm_maddr) { - /* *errorp is already set */ - free(imm, M_IPMADDR); - return NULL; - } - return imm; + /* + * The caller should have a reference to in6m. So we don't need to care + * of releasing the lock in mld_stoptimer. + */ + mld_stoptimer(in6m); + if (--in6m->in6m_refcount == 0) + in6m_destroy(in6m); } -int -in6_leavegroup(struct in6_multi_mship *imm) +void +in6_delmulti(struct in6_multi *in6m) { - if (imm->i6mm_maddr) { - in6_delmulti(imm->i6mm_maddr); - } - free(imm, M_IPMADDR); - return 0; + rw_enter(&in6_multilock, RW_WRITER); + in6_delmulti_locked(in6m); + rw_exit(&in6_multilock); } - /* - * Multicast address kludge: - * If there were any multicast addresses attached to this interface address, - * either move them to another address on this interface, or save them until - * such time as this interface is reconfigured for IPv6. + * Look up the in6_multi record for a given IP6 multicast address + * on a given interface. If no matching record is found, "in6m" + * returns NULL. */ -void -in6_savemkludge(struct in6_ifaddr *oia) +struct in6_multi * +in6_lookup_multi(const struct in6_addr *addr, const struct ifnet *ifp) { - struct in6_ifaddr *ia; struct in6_multi *in6m; - int s; - s = pserialize_read_enter(); - ia = in6_get_ia_from_ifp(oia->ia_ifp); - if (ia) { /* there is another address */ - KASSERT(ia != oia); - while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) { - LIST_REMOVE(in6m, in6m_entry); - ifaref(&ia->ia_ifa); - ifafree(&in6m->in6m_ia->ia_ifa); - in6m->in6m_ia = ia; - /* FIXME NOMPSAFE: need to lock */ - LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); - } - } else { /* last address on this if deleted, save */ - struct multi6_kludge *mk; - - LIST_FOREACH(mk, &in6_mk, mk_entry) { - if (mk->mk_ifp == oia->ia_ifp) - break; - } - if (mk == NULL) /* this should not happen! */ - panic("in6_savemkludge: no kludge space"); + KASSERT(rw_lock_held(&in6_multilock)); - while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) { - LIST_REMOVE(in6m, in6m_entry); - ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */ - in6m->in6m_ia = NULL; - LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry); - } + LIST_FOREACH(in6m, &ifp->if_multiaddrs, in6m_entry) { + if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, addr)) + break; } - pserialize_read_exit(s); + return in6m; +} + +bool +in6_multi_group(const struct in6_addr *addr, const struct ifnet *ifp) +{ + bool ingroup; + + rw_enter(&in6_multilock, RW_READER); + ingroup = in6_lookup_multi(addr, ifp) != NULL; + rw_exit(&in6_multilock); + + return ingroup; } /* - * Continuation of multicast address hack: - * If there was a multicast group list previously saved for this interface, - * then we re-attach it to the first address configured on the i/f. + * Purge in6_multi records associated to the interface. */ void -in6_restoremkludge(struct in6_ifaddr *ia, struct ifnet *ifp) +in6_purge_multi(struct ifnet *ifp) { - struct multi6_kludge *mk; - struct in6_multi *in6m; + struct in6_multi *in6m, *next; - LIST_FOREACH(mk, &in6_mk, mk_entry) { - if (mk->mk_ifp == ifp) - break; - } - if (mk == NULL) - return; - while ((in6m = LIST_FIRST(&mk->mk_head)) != NULL) { + rw_enter(&in6_multilock, RW_WRITER); + LIST_FOREACH_SAFE(in6m, &ifp->if_multiaddrs, in6m_entry, next) { + /* + * Normally multicast addresses are already purged at this + * point. Remaining references aren't accessible via ifp, + * so what we can do here is to prevent ifp from being + * accessed via in6m by removing it from the list of ifp. + */ + mld_stoptimer(in6m); LIST_REMOVE(in6m, in6m_entry); - in6m->in6m_ia = ia; - ifaref(&ia->ia_ifa); - LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); } + rw_exit(&in6_multilock); } -/* - * Allocate space for the kludge at interface initialization time. - * Formerly, we dynamically allocated the space in in6_savemkludge() with - * malloc(M_WAITOK). However, it was wrong since the function could be called - * under an interrupt context (software timer on address lifetime expiration). - * Also, we cannot just give up allocating the strucutre, since the group - * membership structure is very complex and we need to keep it anyway. - * Of course, this function MUST NOT be called under an interrupt context. - * Specifically, it is expected to be called only from in6_ifattach(), though - * it is a global function. - */ void -in6_createmkludge(struct ifnet *ifp) +in6_multi_lock(int op) { - struct multi6_kludge *mk; - LIST_FOREACH(mk, &in6_mk, mk_entry) { - /* If we've already had one, do not allocate. */ - if (mk->mk_ifp == ifp) - return; - } + rw_enter(&in6_multilock, op); +} - mk = malloc(sizeof(*mk), M_IPMADDR, M_ZERO|M_WAITOK); +void +in6_multi_unlock(void) +{ - LIST_INIT(&mk->mk_head); - mk->mk_ifp = ifp; - LIST_INSERT_HEAD(&in6_mk, mk, mk_entry); + rw_exit(&in6_multilock); } -void -in6_purgemkludge(struct ifnet *ifp) +bool +in6_multi_locked(int op) { - struct multi6_kludge *mk; - struct in6_multi *in6m, *next; - LIST_FOREACH(mk, &in6_mk, mk_entry) { - if (mk->mk_ifp == ifp) - break; + switch (op) { + case RW_READER: + return rw_read_held(&in6_multilock); + case RW_WRITER: + return rw_write_held(&in6_multilock); + default: + return rw_lock_held(&in6_multilock); + } +} + +struct in6_multi_mship * +in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp, int timer) +{ + struct in6_multi_mship *imm; + + imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT|M_ZERO); + if (imm == NULL) { + *errorp = ENOBUFS; + return NULL; } - if (mk == NULL) - return; - /* leave from all multicast groups joined */ - for (in6m = LIST_FIRST(&mk->mk_head); in6m != NULL; in6m = next) { - next = LIST_NEXT(in6m, in6m_entry); - in6_delmulti(in6m); + imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp, timer); + if (!imm->i6mm_maddr) { + /* *errorp is already set */ + free(imm, M_IPMADDR); + return NULL; } - LIST_REMOVE(mk, mk_entry); - free(mk, M_IPMADDR); + return imm; } -static int -in6_mkludge_sysctl(SYSCTLFN_ARGS) +int +in6_leavegroup(struct in6_multi_mship *imm) { - struct multi6_kludge *mk; struct in6_multi *in6m; - int error; - uint32_t tmp; - size_t written; - - if (namelen != 1) - return EINVAL; - if (oldp == NULL) { - *oldlenp = 0; - LIST_FOREACH(mk, &in6_mk, mk_entry) { - if (mk->mk_ifp->if_index == name[0]) - continue; - LIST_FOREACH(in6m, &mk->mk_head, in6m_entry) { - *oldlenp += sizeof(struct in6_addr) + - sizeof(uint32_t); - } - } - return 0; + rw_enter(&in6_multilock, RW_WRITER); + in6m = imm->i6mm_maddr; + imm->i6mm_maddr = NULL; + if (in6m != NULL) { + in6_delmulti_locked(in6m); } + rw_exit(&in6_multilock); + free(imm, M_IPMADDR); + return 0; +} - error = 0; - written = 0; - LIST_FOREACH(mk, &in6_mk, mk_entry) { - if (mk->mk_ifp->if_index == name[0]) - continue; - LIST_FOREACH(in6m, &mk->mk_head, in6m_entry) { - if (written + sizeof(struct in6_addr) + - sizeof(uint32_t) > *oldlenp) - goto done; - error = sysctl_copyout(l, &in6m->in6m_addr, - oldp, sizeof(struct in6_addr)); - if (error) - goto done; - oldp = (char *)oldp + sizeof(struct in6_addr); - written += sizeof(struct in6_addr); - tmp = in6m->in6m_refcount; - error = sysctl_copyout(l, &tmp, oldp, sizeof(tmp)); - if (error) - goto done; - oldp = (char *)oldp + sizeof(tmp); - written += sizeof(tmp); - } - } +/* + * DEPRECATED: keep it just to avoid breaking old sysctl users. + */ +static int +in6_mkludge_sysctl(SYSCTLFN_ARGS) +{ -done: - *oldlenp = written; - return error; + if (namelen != 1) + return EINVAL; + *oldlenp = 0; + return 0; } static int @@ -1020,7 +977,7 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) { struct ifnet *ifp; struct ifaddr *ifa; - struct in6_ifaddr *ifa6; + struct in6_ifaddr *ia6; struct in6_multi *in6m; uint32_t tmp; int error; @@ -1031,10 +988,13 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) if (namelen != 1) return EINVAL; + rw_enter(&in6_multilock, RW_READER); + bound = curlwp_bind(); ifp = if_get_byindex(name[0], &psref); if (ifp == NULL) { curlwp_bindx(bound); + rw_exit(&in6_multilock); return ENODEV; } @@ -1042,10 +1002,7 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) *oldlenp = 0; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { - if (ifa->ifa_addr->sa_family != AF_INET6) - continue; - ifa6 = (struct in6_ifaddr *)ifa; - LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { + LIST_FOREACH(in6m, &ifp->if_multiaddrs, in6m_entry) { *oldlenp += 2 * sizeof(struct in6_addr) + sizeof(uint32_t); } @@ -1053,6 +1010,7 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) pserialize_read_exit(s); if_put(ifp, &psref); curlwp_bindx(bound); + rw_exit(&in6_multilock); return 0; } @@ -1066,12 +1024,18 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) ifa_acquire(ifa, &psref_ia); pserialize_read_exit(s); - ifa6 = (struct in6_ifaddr *)ifa; - LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { + ia6 = ifatoia6(ifa); + LIST_FOREACH(in6m, &ifp->if_multiaddrs, in6m_entry) { if (written + 2 * sizeof(struct in6_addr) + sizeof(uint32_t) > *oldlenp) goto done; - error = sysctl_copyout(l, &ifa6->ia_addr.sin6_addr, + /* + * XXX return the first IPv6 address to keep backward + * compatibility, however now multicast addresses + * don't belong to any IPv6 addresses so it should be + * unnecessary. + */ + error = sysctl_copyout(l, &ia6->ia_addr.sin6_addr, oldp, sizeof(struct in6_addr)); if (error) goto done; @@ -1092,13 +1056,15 @@ in6_multicast_sysctl(SYSCTLFN_ARGS) } s = pserialize_read_enter(); - ifa_release(ifa, &psref_ia); + + break; } pserialize_read_exit(s); done: ifa_release(ifa, &psref_ia); if_put(ifp, &psref); curlwp_bindx(bound); + rw_exit(&in6_multilock); *oldlenp = written; return error; }