From nobody Mon Nov 14 08:36:59 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N9jNC6lS8z4hSS7; Mon, 14 Nov 2022 08:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N9jNC67hZz4l2r; Mon, 14 Nov 2022 08:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668415019; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GU73XxkNN7wPjHvTyKIZCBmKLS+HidBrnY9xpMDwJWM=; b=M/6t6Z9649BDcZH4fuW2Ukp2FxxX2vBVHzWr1y7pCHAcMAh6Sbgx8bUW0pPjbxGrFQDEMB OCy5NRlLWrPa7U7AtsfGIrRUym/U9lqwMF8kgls+QzFrDXch+WYf9QlfsqDqM8XUfouXQR pLASJ9hT0wDteLtRlkFRPAhR/ia7qlegKkH6NtF3reAWVqwvWKG8OfCaxaQUM4ivNIZG7Q wBLozXWpZmvnSCmT9hD1yLHFanR6ibrwIEgMaGPqFEMci1GFJl4Jy3Ral8mGmDkMaV8//P 27Y2bYv7hqTGm5Btp+My2AkDaowa9mffsAxa1FLPAqPynOArI+bnq+oiqeTy8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668415019; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GU73XxkNN7wPjHvTyKIZCBmKLS+HidBrnY9xpMDwJWM=; b=tct5/4dKpAr9ZKXMmfnLWQnA/Gyd1TDr7oxPGXovJ0k71eWw61uNbCVdTOSZDfNhuyJHRp GeT4XwVJkV/A2lYZ6Q21Bo4y/rnHtDROZTyfN/1kwDrp9HHhoTEGdVRLbr5SZjZpuibbnW ZDzUtPTw4qtX8FCG7VG6begQEj4qIv+oPvGunA4V6EU44ePvl4tm81lvi9RhQbr+I2cSMo YIvt9eAiIgV+rhs86yPXlUeaU8HAdpdXDWhph+6kanGQ7tHkh+8IRJ+R8hlY4ogeyH4v0z oF1gtviGsS5m/mbRalEL4bIdBNdAlIYt+vySgQ/5YfDunhTlhosLeeJf9CVRSA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668415019; a=rsa-sha256; cv=none; b=pNjR7O/g+k0pzoQPMvVlbcIlyvF7MFWcDr7B21ecUY0+74YV2cIxIxu0evfN94z1DxMrlu kvfgRzB60J6pP2r0rB1h9iInSntwaHG9L2jU656yjvZd9vrHIyPd//MXEjQd8mqPNs9ChL GMKM4i28oAnTgkRiHHnlMSKg83Dj1lCMHxbb4A9Hx+1yCZg+oJPArUOahNO3mgfURdHDYv RIyYGNm4uqNAOEayp2SPPrivO9RdVSNNhL6Q1c64ZT814vKjsXK3UUQAKvKDUY2RsT4eHQ uy3Xri1Be2y06euHDedLuaP0iyyWrrvvSSEbs2MB8/IDm0bENN3jUKt6YYpTqg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N9jNC4nktzZgD; Mon, 14 Nov 2022 08:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AE8axfs098637; Mon, 14 Nov 2022 08:36:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AE8ax0l098636; Mon, 14 Nov 2022 08:36:59 GMT (envelope-from git) Date: Mon, 14 Nov 2022 08:36:59 GMT Message-Id: <202211140836.2AE8ax0l098636@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 6905fd01cb64 - main - if_ovpn: ensure we're in vnet context when calling sorele() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6905fd01cb64ca2853b8312880f18a6ae2068099 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6905fd01cb64ca2853b8312880f18a6ae2068099 commit 6905fd01cb64ca2853b8312880f18a6ae2068099 Author: Kristof Provost AuthorDate: 2022-11-10 12:54:09 +0000 Commit: Kristof Provost CommitDate: 2022-11-14 08:36:44 +0000 if_ovpn: ensure we're in vnet context when calling sorele() We reference count to ensure we don't release the socket while we still have data in flight. That means that we can end up releasing the socket from ovpn_encrypt_tx_cb(). We must have a vnet context set when calling sorele() (which asserts this from within sofree()), so move the CURVNET_SET()/CURVNET_RESTORE() to ensure this is the case. While here also add a couple of assertions to make this more obvious, and to ease future debugging. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37326 --- sys/net/if_ovpn.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 94d12fa25f1a..6ce5d07dc230 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -410,6 +410,8 @@ ovpn_peer_release_ref(struct ovpn_kpeer *peer, bool locked) { struct ovpn_softc *sc; + CURVNET_ASSERT_SET(); + atomic_add_int(&peer->refcount, -1); if (atomic_load_int(&peer->refcount) > 0) @@ -427,6 +429,8 @@ ovpn_peer_release_ref(struct ovpn_kpeer *peer, bool locked) } } + OVPN_ASSERT(sc); + /* The peer should have been removed from the list already. */ MPASS(ovpn_find_peer(sc, peer->peerid) == NULL); @@ -633,6 +637,7 @@ _ovpn_del_peer(struct ovpn_softc *sc, uint32_t peerid) int i; OVPN_WASSERT(sc); + CURVNET_ASSERT_SET(); for (i = 0; i < OVPN_MAX_PEERS; i++) { if (sc->peers[i] == NULL) @@ -1441,17 +1446,19 @@ ovpn_encrypt_tx_cb(struct cryptop *crp) int tunnel_len; int ret; + CURVNET_SET(sc->ifp->if_vnet); + NET_EPOCH_ENTER(et); + if (crp->crp_etype != 0) { crypto_freereq(crp); ovpn_peer_release_ref(peer, false); + NET_EPOCH_EXIT(et); + CURVNET_RESTORE(); OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); m_freem(m); return (0); } - NET_EPOCH_ENTER(et); - CURVNET_SET(sc->ifp->if_vnet); - MPASS(crp->crp_buf.cb_type == CRYPTO_BUF_MBUF); tunnel_len = m->m_pkthdr.len - sizeof(struct ovpn_wire_header); @@ -1461,12 +1468,12 @@ ovpn_encrypt_tx_cb(struct cryptop *crp) OVPN_COUNTER_ADD(sc, tunnel_bytes_sent, tunnel_len); } - CURVNET_RESTORE(); - NET_EPOCH_EXIT(et); - crypto_freereq(crp); ovpn_peer_release_ref(peer, false); + NET_EPOCH_EXIT(et); + CURVNET_RESTORE(); + return (0); }