m_pkthdr.rcvif dangling pointer problem

[Gleb Smirnoff]

On Thu, Jul 14, 2011 at 05:27:01PM -0700, John-Mark Gurney wrote:
J> Gleb Smirnoff wrote this message on Thu, Jul 14, 2011 at 19:44 +0400:
J> >   2) kib@ suggested to allocate ifnets from a UMA_ZONE_NOFREE zone.
J> > I've made a compilable & working patch:
J> > 
J> > http://people.freebsd.org/~glebius/patches/ifnet.no_free
J> > 
J> > But on second though I find this a bad idea, this is just fooling
J> > of INVARIANTS. Yes, we avoid thrashing of freed memory and rewriting
J> > it by some other kernel allocation. But still out pointer point to
J> > invalid ifnet. Even, if we make a check for IFF_DYING flag, we still
J> > can not guarantee that an interface had been re-allocated for a new
J> > instance. This would be not a panic condition, but subtle bugs in
J> > firewalls.
J> > 
J> >   3) As we now have a straight if_index table that can grow, what about
J> > storing the if_index in the m_pkthdr? Lookup of interface by index
J> > is fast enough if done lockless. Doing it lockless isn't perfect, but
J> > better than current pointer dereferncing. Optionally it could be
J> > done with locking and with putting a reference. To avoid situation
J> > with with getting to a re-allocated interface with the same index,
J> > we can use a unique cookie, that is incremented in if_alloc().
J> 
J> How is this any different than #2?  I assume that if_index's are reused
J> causing the same issues w/ the firewall that #2 has.

See last sentence: to avoid this situation we also store an interface
cookie. Index for fast lookup. Cookie to check that this is the same
interface.

-- 
Totus tuus, Glebius.