git: cbb019b831ad - main - dummynet: fix ip_dn_vnet_init() / dummynet_task() race

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 05 Jul 2022 17:55:47 UTC 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=cbb019b831ad59ead34b825bf053169ebbe81bbf

commit cbb019b831ad59ead34b825bf053169ebbe81bbf
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-07-04 20:36:43 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-07-05 16:59:00 +0000

    dummynet: fix ip_dn_vnet_init() / dummynet_task() race
    
    If dummynet_task() is run on a vnet where dummynet is still initialising
    (i.e. still running ip_dn_vnet_init()) we can attempt to use an
    uninitialised mutex.
    
    We can use the existing init_done field to check if the per-vnet
    V_dn_cfg is fully set up, if we ensure that it's only set to 1 when
    we've done all of the init work.
    
    Reported by:    Alfredo Dal'Ava JĂșnior <alfredo@freebsd.org>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D35716
---
 sys/netpfil/ipfw/ip_dn_io.c    | 5 +++++
 sys/netpfil/ipfw/ip_dummynet.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/ipfw/ip_dn_io.c b/sys/netpfil/ipfw/ip_dn_io.c
index deeb3d9325de..7a85714fa0c6 100644
--- a/sys/netpfil/ipfw/ip_dn_io.c
+++ b/sys/netpfil/ipfw/ip_dn_io.c
@@ -669,6 +669,11 @@ dummynet_task(void *context, int pending)
 		memset(&q, 0, sizeof(struct mq));
 		CURVNET_SET(vnet_iter);
 
+		if (! V_dn_cfg.init_done) {
+			CURVNET_RESTORE();
+			continue;
+		}
+
 		DN_BH_WLOCK();
 
 		/* Update number of lost(coalesced) ticks. */
diff --git a/sys/netpfil/ipfw/ip_dummynet.c b/sys/netpfil/ipfw/ip_dummynet.c
index 46300b90007e..503fbef6f530 100644
--- a/sys/netpfil/ipfw/ip_dummynet.c
+++ b/sys/netpfil/ipfw/ip_dummynet.c
@@ -2562,7 +2562,7 @@ ip_dn_vnet_init(void)
 {
 	if (V_dn_cfg.init_done)
 		return;
-	V_dn_cfg.init_done = 1;
+
 	/* Set defaults here. MSVC does not accept initializers,
 	 * and this is also useful for vimages
 	 */
@@ -2601,6 +2601,8 @@ ip_dn_vnet_init(void)
 
 	/* Initialize curr_time adjustment mechanics. */
 	getmicrouptime(&V_dn_cfg.prev_t);
+
+	V_dn_cfg.init_done = 1;
 }
 
 static void