Page MenuHomeFreeBSD
Differential D45690

ifnet: fix a race in if_detach_internal on clearing if_afdata
AbandonedPublic
Actions

Authored by takahiro.kurosawa_gmail.com on Jun 22 2024, 4:20 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 9, 2:43 AM
Unknown Object (File)
Thu, Dec 5, 1:14 AM
Unknown Object (File)
Nov 6 2024, 10:51 PM
Unknown Object (File)
Oct 27 2024, 8:49 PM
Unknown Object (File)
Oct 18 2024, 1:41 PM
Unknown Object (File)
Oct 18 2024, 8:25 AM
Unknown Object (File)
Sep 13 2024, 4:28 AM
Unknown Object (File)
Sep 12 2024, 2:41 PM
View All 26 Files
Subscribers
ae
franco_opnsense.org
glebius
imp
melifaro
zlei

Details

Reviewers
None
Group Reviewers
network
Summary

Functions that access if_afdata (like in6_selecthlim) are called during
packet transmission. ifnets may be detached while other threads call
these functions.
Add epoch_wait_preempt() and NET_EPOCH_DRAIN_CALLBACKS just before
clearing if_afdata since object references are guarded with net_epoch.

Test Plan

Run the following script posted in FreeBSD bugzilla 279653:
https://bugs.freebsd.org/bugzilla/attachment.cgi?id=251613

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 58329
Build 55217: arc lint + arc unit

Event Timeline

takahiro.kurosawa_gmail.com created this revision.Jun 22 2024, 4:20 AM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptJun 22 2024, 4:20 AM
takahiro.kurosawa_gmail.com requested review of this revision.Jun 22 2024, 4:20 AM
Harbormaster completed remote builds in B58300: Diff 140099.Jun 22 2024, 4:20 AM
takahiro.kurosawa_gmail.com added a reviewer: network.Jun 22 2024, 4:25 AM
franco_opnsense.org added a subscriber: franco_opnsense.org.Jun 22 2024, 10:01 AM
zlei added a subscriber: zlei.EditedJun 24 2024, 3:55 AM

@glebius

I have mixed filling about this. I presume the above epoch_wait_preempt(net_epoch_preempt); combining with NET_EPOCH_DRAIN_CALLBACKS() should be sufficient but that is not true.

So how is this change sufficient then ?

And is it possible to defer the uninitialization of domain private data, aka if_afdata[], into if_free_deferred() ?

PS: I do not like the event ordering of ifnet_departure_event . The event handlers for ifnet_departure_event are invoked too late IMO. I guess it is more appropriate to invoke them right after if_unlink_ifnet() or so.

sys/net/if.c
1252

Use NET_EPOCH_WAIT() instead.

takahiro.kurosawa_gmail.com updated this revision to Diff 140172.Jun 24 2024, 10:12 AM

Replace epoch_wait_preempt() with NET_EPOCH_WAIT()

Harbormaster completed remote builds in B58329: Diff 140172.Jun 24 2024, 10:12 AM
takahiro.kurosawa_gmail.com added inline comments.Jun 24 2024, 10:15 AM
sys/net/if.c
1252

Thanks for looking at the problem in detail.
Updated according to the comment though further work would be needed for the complete fix.

glebius added a comment.Jun 26 2024, 4:22 PM
In D45690#1042576, @zlei wrote:

And is it possible to defer the uninitialization of domain private data, aka if_afdata[], into if_free_deferred() ?

Yes, freeing afdata with epoch is the right way to do it. Not necessarily in if_free_deferred() though, cause it was not allocated by the ifnet layer. It is IPv6 that should do that.

In general a proper use of epoch(9) doesn't use epoch_drain_callbacks at all. This function was added later as a crutch to solve complicated scenarios. If you need to resort to using it, then definitely there is a room for improvement. IMHO.

takahiro.kurosawa_gmail.com abandoned this revision.Jul 20 2024, 7:19 AM

I will retract this since it does not completely fix the problem and I have not come up with a good fix so far.

Revision Contents
Changeset List

PathSize
sys/
net/
16 lines

Diff 140172

View Options

sys/net/if.c

Loading...