Page MenuHomeFreeBSD

mbuf: do not restore dying interfaces
ClosedPublic

Authored by kp on Jan 28 2022, 10:34 AM.
Tags
None
Referenced Files
F55990455: D34076.diff
Tue, Feb 7, 4:50 AM
F55955111: D34076.diff
Mon, Feb 6, 1:22 PM
Unknown Object (File)
Fri, Jan 13, 3:07 AM
Unknown Object (File)
Thu, Jan 12, 5:31 AM
Unknown Object (File)
Dec 21 2022, 2:32 AM
Unknown Object (File)
Dec 14 2022, 6:18 PM
Unknown Object (File)
Nov 28 2022, 3:29 AM

Details

Summary

When we remove an interface it is first removed from the interface list
V_ifnet (by if_unlink_ifnet()) and marked as IFF_DYING. We then wait for
any possible references to stop being used (i.e.
epoch_wait/epoch_drain_callbacks) before we tear it fully down.

However, the index in ifindex_table is not removed, so m_rcvif_restore()
can still find the (now dying) interface.

This results in panics, for example when dummynet restores the rcvif
pointer and passes a packet to ip6_input() we can panic because the
AF_INET6 domain has already been removed (so we end up dereferencing a
NULL pointer there).

Check that the interface is not dying before we restore it, which is
equivalent to checking its presence in V_ifnet, and thus ensures that
future accesses (while in NET_EPOCH) are safe.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp requested review of this revision.Jan 28 2022, 10:34 AM

Remove mostly unrelated dummynet fix

Why can't we remove it from the ifindex, too? That would be a normal delayed free practice: remove all references to a structure, mark it as being deleted and wait for threads that hold a reference to finish.

Note: we set this flag twice: if_unlink_vnet() and if_free(). This doesn't look consistent.

Why can't we remove it from the ifindex, too? That would be a normal delayed free practice: remove all references to a structure, mark it as being deleted and wait for threads that hold a reference to finish.

That might be better. I'll take a closer look at that tomorrow, when I'm sure I'm not going to break if_vmove().

I'm also digging that. I think your patch is fine as temporary measure.

This revision is now accepted and ready to land.Jan 28 2022, 5:52 PM
This revision was automatically updated to reflect the committed changes.