git: 3bc40f39fd86 - main - if_free: add a comment explaining why ifindex_free() is performed here

From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Tue, 23 Nov 2021 03:59:44 UTC
The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=3bc40f39fd8668f0be71ca6ee5da513054080d7d

commit 3bc40f39fd8668f0be71ca6ee5da513054080d7d
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2021-11-23 03:53:12 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2021-11-23 03:59:27 +0000

    if_free: add a comment explaining why ifindex_free() is performed here
---
 sys/net/if.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index 3e640ebfa679..85bf7e91fe1c 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -710,6 +710,22 @@ if_free(struct ifnet *ifp)
 
 	ifp->if_flags |= IFF_DYING;			/* XXX: Locking */
 
+	/*
+	 * XXXGL: An interface index is really an alias to ifp pointer.
+	 * Why would we clear the alias now, and not in the deferred
+	 * context?  Indeed there is nothing wrong with some network
+	 * thread obtaining ifp via ifnet_byindex() inside the network
+	 * epoch and then dereferencing ifp while we peform if_free(),
+	 * and after if_free() finished, too.
+	 *
+	 * The reason is the VIMAGE.  For some reason it was designed
+	 * to require all sockets drained before destroying, but not all
+	 * ifnets.  A vnet destruction calls if_vmove() on ifnet, which
+	 * causes ID change.  But ID change and a possible misidentification
+	 * of an ifnet later is a lesser problem, as it doesn't crash kernel.
+	 * A worse problem is that removed interface may outlive the vnet it
+	 * belongs too!  The if_free_deferred() would see ifp->if_vnet freed.
+	 */
 	CURVNET_SET_QUIET(ifp->if_vnet);
 	IFNET_WLOCK();
 	KASSERT(ifp == ifnet_byindex(ifp->if_index),