Re: git: 4dfd3ffc4488 - stable/13 - if: avoid interface destroy race

In reply to: Kristof Provost : "git: 4dfd3ffc4488 - stable/13 - if: avoid interface destroy race"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dimitry Andric <dim_at_FreeBSD.org>
Date: Tue, 31 May 2022 09:06:57 UTC

On 27 May 2022, at 18:37, Kristof Provost <kp@freebsd.org> wrote:
> 
> The branch stable/13 has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=4dfd3ffc4488e5e2662cdc40deec17d82432da0b
> 
> commit 4dfd3ffc4488e5e2662cdc40deec17d82432da0b
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2022-03-27 18:23:25 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2022-05-27 16:25:10 +0000
> 
>    if: avoid interface destroy race
> 
>    When we destroy an interface while the jail containing it is being
>    destroyed we risk seeing a race between if_vmove() and the destruction
>    code, which results in us trying to move a destroyed interface.
> 
>    Protect against this by using the ifnet_detach_sxlock to also covert
>    if_vmove() (and not just detach).
> 
>    PR:             262829
>    MFC after:      3 weeks
>    Differential Revision:  https://reviews.freebsd.org/D34704
> 
>    (cherry picked from commit 868bf82153e8ff22f09a8860c872149e0fb6bdef)
> ---
> sys/net/if.c                   | 22 ++++++++++++++++++++--
> tests/sys/net/if_clone_test.sh | 29 +++++++++++++++++++++++++++++
> 2 files changed, 49 insertions(+), 2 deletions(-)
> 
> diff --git a/sys/net/if.c b/sys/net/if.c
> index d4871ccbc1f7..091e9e64b99f 100644
> --- a/sys/net/if.c
> +++ b/sys/net/if.c
> @@ -548,7 +548,9 @@ vnet_if_return(const void *unused __unused)
> 	IFNET_WUNLOCK();
> 
> 	for (int j = 0; j < i; j++) {
> +		sx_xlock(&ifnet_detach_sxlock);
> 		if_vmove(pending[j], pending[j]->if_home_vnet);
> +		sx_xunlock(&ifnet_detach_sxlock);
> 	}
> 
> 	free(pending, M_IFNET);
> @@ -1393,6 +1395,8 @@ if_vmove_loan(struct thread *td, struct ifnet *ifp, char *ifname, int jid)
> 	bool found;
> 	bool shutdown;
> 
> +	MPASS(ifindex_table[ifp->if_index].ife_ifnet == ifp);
> +
> 	/* Try to find the prison within our visibility. */
> 	sx_slock(&allprison_lock);
> 	pr = prison_find_child(td->td_ucred->cr_prison, jid);

This particular part resulted in errors during one of my universe builds:

_.amd64.LINT:

/home/dim/src/stable-13/sys/net/if.c:1398:8: error: use of undeclared identifier 'ifindex_table'
        MPASS(ifindex_table[ifp->if_index].ife_ifnet == ifp);
              ^

Note that it only seems to happen for the LINT kernels, though.

It appears that ifindex_table changed from a VNET define into a global
with Gleb's commit https://cgit.freebsd.org/src/commit/?id=80e60e236d85d

-Dimitry