From nobody Thu Aug 11 16:20:17 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M3X8d5YVNz4YqCJ; Thu, 11 Aug 2022 16:20:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M3X8d3X49z3ll1; Thu, 11 Aug 2022 16:20:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660234817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WZ7fF8G0g/98afplykaRxj02rAiS6LHRAMRo0sbwtXU=; b=MLCt26RCY3+N/8/FhsYoT29LQu1IhZSsP5zVvnYwjEr0/LWsnDemipmP8y68JZ0PluKCTD T+G9+WipPAkp7mUl5NSIsYLk7gPXu2iE5QLTCFGsMuFK/V22WIfMRblRAIj63OmOaWdTqV uBebrEw1VBktQd/nWIcfEk5PHkIhAR2PpovnIkSPSxgpr/GQND+JV+p/JwZRZNXpN/1btl +X9tG3v5flMPI/8XlJUP4f5CCesQ/FL8LqfIFSzaQsoB7BToh65XRyvnk/1PDlQjFFJ0ag hAoH48P7aFPscV7ExriLFK/1okXQHIh5XHY+eTPi+HuC+0aMtWNW7FarVgpoqQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M3X8d2dmCzxqp; Thu, 11 Aug 2022 16:20:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27BGKHlS048029; Thu, 11 Aug 2022 16:20:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27BGKHEH048024; Thu, 11 Aug 2022 16:20:17 GMT (envelope-from git) Date: Thu, 11 Aug 2022 16:20:17 GMT Message-Id: <202208111620.27BGKHEH048024@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 3d2041c0353d - main - raw ip: merge rip_output() into rip_send() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3d2041c0353d3cc44bd2a6e37bf1c6e341d2b4db Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660234817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WZ7fF8G0g/98afplykaRxj02rAiS6LHRAMRo0sbwtXU=; b=fLLAVBXlVRwsXO9Ck+9nAdq4h1cappCntYn8n4yFjE1eQecVzIOEMdWlyCw3YP9d77Iy9H PTiETZmXMLpisI5IzePoirASyzIoOKw3ESGq/avcWXXPsMdnO5whGxxV4IP2McjIzukRVj /vvX22oA7zBEiLUwnSdUKwuaasT3FBcODvIu2KbkVxoh/+6wlInLDz9B/wx1UYurhwYLh4 ukuiDuMoQv5pg844EXzL3JF40HS4CuYLzZ2i1ZQExmqpZT5JsJ5trtgwjwEL6ECbq+QHdO 47oLhIT4cb1g/YRwvH734olHj/z7WIOtnn9PF3sjsW5GIb/E+sIfqrwzMFJVZw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660234817; a=rsa-sha256; cv=none; b=e2Y/990Zt07JzsmggCkkqvq7SfEF6pSIyUWchQEXUxnJKBTVjlJF/snxC9c9kvtQ7s5Qfn GJyukj3NKVZAxdGZ9LjV2M0YKnSh7SoWzHdpQWE5ZFN9ikxIu/5aNXC8a8az07ULJKMFi7 sRVGMia7fyqO9bKUd5iHRiCHI4iEo5EaPGISyGq2eBHYeUiuC6AymUXou4hX+TMDGIfzAB esQLnOZuR6BEItFBBnCAP2mb5T8W4Xrd4XrM0+oQDzYspy3XPBLn1a2NawPjGrQOswfMvr JZ0iZkoziZRGNtKeTSGGBwamduE1qSyrT8js+8eCynuOOmRkJPTZYxyBqE+PLQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=3d2041c0353d3cc44bd2a6e37bf1c6e341d2b4db commit 3d2041c0353d3cc44bd2a6e37bf1c6e341d2b4db Author: Gleb Smirnoff AuthorDate: 2022-08-11 16:19:37 +0000 Commit: Gleb Smirnoff CommitDate: 2022-08-11 16:19:37 +0000 raw ip: merge rip_output() into rip_send() While here, address the unlocked 'dst' read. Solve that by storing a pointer either to the inpcb or to the sockaddr. If we end up copying address out of the inpcb, that would be done under the read lock section. Reviewed by: melifaro Differential revision: https://reviews.freebsd.org/D36127 --- sys/netinet/ip_var.h | 1 - sys/netinet/raw_ip.c | 97 ++++++++++++++++++++++------------------------------ 2 files changed, 40 insertions(+), 58 deletions(-) diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 4eaaef5c6991..92447c519cc3 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -236,7 +236,6 @@ void ip_fillid(struct ip *); int rip_ctloutput(struct socket *, struct sockopt *); void rip_ctlinput(int, struct sockaddr *, void *); int rip_input(struct mbuf **, int *, int); -int rip_output(struct mbuf *, struct socket *, ...); int ipip_input(struct mbuf **, int *, int); int rsvp_input(struct mbuf **, int *, int); int ip_rsvp_init(struct socket *); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 0bd874c717e6..bda0138107ae 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -406,23 +406,50 @@ rip_input(struct mbuf **mp, int *offp, int proto) * Generate IP header and pass packet to ip_output. Tack on options user may * have setup with control call. */ -int -rip_output(struct mbuf *m, struct socket *so, ...) +static int +rip_send(struct socket *so, int pruflags, struct mbuf *m, struct sockaddr *nam, + struct mbuf *control, struct thread *td) { struct epoch_tracker et; struct ip *ip; - int error; - struct inpcb *inp = sotoinpcb(so); - va_list ap; - u_long dst; - int flags = ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0) | - IP_ALLOWBROADCAST; - int cnt, hlen; + struct inpcb *inp; + in_addr_t *dst; + int error, flags, cnt, hlen; u_char opttype, optlen, *cp; - va_start(ap, so); - dst = va_arg(ap, u_long); - va_end(ap); + inp = sotoinpcb(so); + KASSERT(inp != NULL, ("rip_send: inp == NULL")); + + if (control != NULL) { + m_freem(control); + control = NULL; + } + + if (so->so_state & SS_ISCONNECTED) { + if (nam) { + error = EISCONN; + m_freem(m); + return (error); + } + dst = &inp->inp_faddr.s_addr; + } else { + if (nam == NULL) + error = ENOTCONN; + else if (nam->sa_family != AF_INET) + error = EAFNOSUPPORT; + else if (nam->sa_len != sizeof(struct sockaddr_in)) + error = EINVAL; + else + error = 0; + if (error != 0) { + m_freem(m); + return (error); + } + dst = &((struct sockaddr_in *)nam)->sin_addr.s_addr; + } + + flags = ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0) | + IP_ALLOWBROADCAST; /* * If the user handed us a complete IP packet, use it. Otherwise, @@ -447,7 +474,7 @@ rip_output(struct mbuf *m, struct socket *so, ...) ip->ip_p = inp->inp_ip_p; ip->ip_len = htons(m->m_pkthdr.len); ip->ip_src = inp->inp_laddr; - ip->ip_dst.s_addr = dst; + ip->ip_dst.s_addr = *dst; #ifdef ROUTE_MPATH if (CALC_FLOWID_OUTBOUND) { uint32_t hash_type, hash_val; @@ -971,50 +998,6 @@ rip_shutdown(struct socket *so) INP_WUNLOCK(inp); return (0); } - -static int -rip_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, - struct mbuf *control, struct thread *td) -{ - struct inpcb *inp; - u_long dst; - int error; - - inp = sotoinpcb(so); - KASSERT(inp != NULL, ("rip_send: inp == NULL")); - - if (control != NULL) { - m_freem(control); - control = NULL; - } - - /* - * Note: 'dst' reads below are unlocked. - */ - if (so->so_state & SS_ISCONNECTED) { - if (nam) { - error = EISCONN; - goto release; - } - dst = inp->inp_faddr.s_addr; /* Unlocked read. */ - } else { - error = 0; - if (nam == NULL) - error = ENOTCONN; - else if (nam->sa_family != AF_INET) - error = EAFNOSUPPORT; - else if (nam->sa_len != sizeof(struct sockaddr_in)) - error = EINVAL; - if (error != 0) - goto release; - dst = ((struct sockaddr_in *)nam)->sin_addr.s_addr; - } - return (rip_output(m, so, dst)); - -release: - m_freem(m); - return (error); -} #endif /* INET */ static int