From nobody Sun Jul 28 21:41:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WXFLr5hM1z5RkV1; Sun, 28 Jul 2024 21:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WXFLr5G2Xz4SQL; Sun, 28 Jul 2024 21:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722202916; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/tf8bi37oXx7xq6PyMvV9b9iK4nhFuUIw0p8zmY2LaU=; b=SVUDX1a/ege0NL55UuO9PiYNzybACUDqSFVcfB83LXPxvkEp0gIQPlinPoy7PcZPlIW8lV d8OYXgIzVhKtTceV4mdmPdgRKkhJgcNGGdNOnsMg57jpTiNDPKFkw5vWxsbnpnEeSYz2a2 El0swfSzu2Kq31J/TSxd1+7rVGLf4PSe8/5hB6Cqjb7VIu3S0jELvze8LIR9ncWlkH8Xjr Ic1o67kEwEve+wBcETuOMxF7kTNMk7EBgKXQvsE+euNqactyrpRdiwi+39J+915jYSGW9V gMvLwbzHMxnt2iha/Gn+XCZt64C9wrT0QYBJbd7QTnQfx7Msg3qq5kwoj2j18A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722202916; a=rsa-sha256; cv=none; b=wGDWRVuV6PlSOBXPUB9xSovheNVsfFbjhs78lR9WI+Zc2XMgmC5Tn3pQXAWX2Mawn/ksuR x57rWbLe6rio70Wgca7kJW5Glz1a6MjXzk/Kphdv0zAk8zQevq8ePkJtNoByFDh6RuoqHT YaBNFzEOBHNcQ4e9ApAQHMDTaR68KtSs3KaedTdo+SCaO96hcAyjpvzy8xni1sMjT/iHF6 NGoNEkaiatdYoPu4NVV0ewNQW+cA1IjMogi78eZAMPNabf/W1xag9rwPtSwOV4M3RDAwHB AfWZA+9jdgfxU9SctCMcIa6bKQXjadMBdgoK7UvTYASLOwDUrO+CRiDcxkrQ8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722202916; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/tf8bi37oXx7xq6PyMvV9b9iK4nhFuUIw0p8zmY2LaU=; b=XdsytuQwrD1DgpazJpZRKQXv/k1NvSSjyAesbP5XhiiWYy0LBUk5XoVQlqFWIJLe3xTMN2 sq6w29p8ch/kRJ7mDsi0nZ9NMX9T3pTwBRDvpZ60pFuEk87co5mEXNG2QMd1cb0rf9v5gC i6yN5zYmA7DYRLOq3Dn7S7mpfAJhDsiub8UQ/bvSByCPwqeVLAOPVcn3exa3vSwykX/V06 I2hetJA6EZz/fn5VhQLiYutvVxMfyswtZcF/8unwYAV1IBgX64m4QBpIcg0N+C93GrXeVJ a7n9tKWVAMSLrx9AnB681xccvkMaA85eMdaV06Irgu6aviCo60JnMNwg6uLPWw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WXFLr4tBNz16JQ; Sun, 28 Jul 2024 21:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46SLfuBr083128; Sun, 28 Jul 2024 21:41:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46SLfuuZ083113; Sun, 28 Jul 2024 21:41:56 GMT (envelope-from git) Date: Sun, 28 Jul 2024 21:41:56 GMT Message-Id: <202407282141.46SLfuuZ083113@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: 71867653008c - main - udp: improve handling of cached route List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 71867653008ce17a66a9c935e9dc29c1320bf48b Auto-Submitted: auto-generated The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=71867653008ce17a66a9c935e9dc29c1320bf48b commit 71867653008ce17a66a9c935e9dc29c1320bf48b Author: Michael Tuexen AuthorDate: 2024-07-28 21:25:22 +0000 Commit: Michael Tuexen CommitDate: 2024-07-28 21:36:48 +0000 udp: improve handling of cached route The inp_route pointer should only be provided to the network layer, when no destination address is provided. This is only one of the conditions, where a write lock is needed. If, for example, the route is also cached, when the socket is unbound, problems show up, when the sendto is called, then connect and finally send, when the route for the addresses provided in the sendto and connect call use different outgoing interfaces. While there, clearly document why the write lock is taken. Reported by: syzbot+59122d2e848087d3355a@syzkaller.appspotmail.com Reviewed by: Peter Lei, glebius MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46056 --- sys/netinet/udp_usrreq.c | 20 ++++++++++++-------- sys/netinet6/udp6_usrreq.c | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 9dad79e95b04..1666d4bd3142 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1087,7 +1087,6 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, uint16_t cscov = 0; uint32_t flowid = 0; uint8_t flowtype = M_HASHTYPE_NONE; - bool use_cached_route; inp = sotoinpcb(so); KASSERT(inp != NULL, ("udp_send: inp == NULL")); @@ -1116,16 +1115,21 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, sin = (struct sockaddr_in *)addr; /* - * udp_send() may need to temporarily bind or connect the current - * inpcb. As such, we don't know up front whether we will need the - * pcbinfo lock or not. Do any work to decide what is needed up - * front before acquiring any locks. + * In the following cases we want a write lock on the inp for either + * local operations or for possible route cache updates in the IPv6 + * output path: + * - on connected sockets (sin6 is NULL) for route cache updates, + * - when we are not bound to an address and source port (it is + * in_pcbinshash() which will require the write lock). + * - when we are using a mapped address on an IPv6 socket (for + * updating inp_vflag). * * We will need network epoch in either case, to safely lookup into * pcb hash. */ - use_cached_route = sin == NULL || (inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0); - if (use_cached_route || (flags & PRUS_IPV6) != 0) + if (sin == NULL || + (inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0) || + (flags & PRUS_IPV6) != 0) INP_WLOCK(inp); else INP_RLOCK(inp); @@ -1476,7 +1480,7 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, else UDP_PROBE(send, NULL, inp, &ui->ui_i, inp, &ui->ui_u); error = ip_output(m, inp->inp_options, - use_cached_route ? &inp->inp_route : NULL, ipflags, + sin == NULL ? &inp->inp_route : NULL, ipflags, inp->inp_moptions, inp); INP_UNLOCK(inp); NET_EPOCH_EXIT(et); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 414be35b5bef..d7d85c6b3d13 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -937,7 +937,7 @@ udp6_send(struct socket *so, int flags_arg, struct mbuf *m, else UDP_PROBE(send, NULL, inp, ip6, inp, udp6); error = ip6_output(m, optp, - INP_WLOCKED(inp) ? &inp->inp_route6 : NULL, flags, + sin6 == NULL ? &inp->inp_route6 : NULL, flags, inp->in6p_moptions, NULL, inp); INP_UNLOCK(inp); NET_EPOCH_EXIT(et);