svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf

Ian Lepore ian at freebsd.org
Wed Apr 1 23:26:03 UTC 2015 

On Wed, 2015-04-01 at 22:26 +0000, Gleb Smirnoff wrote:
> Author: glebius
> Date: Wed Apr  1 22:26:39 2015
> New Revision: 280971
> URL: https://svnweb.freebsd.org/changeset/base/280971
> 
> Log:
>   o Use new function ip_fillid() in all places throughout the kernel,
>     where we want to create a new IP datagram.
>   o Add support for RFC6864, which allows to set IP ID for atomic IP
>     datagrams to any value, to improve performance. The behaviour is
>     controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by
>     default.
>   o In case if we generate IP ID, use counter(9) to improve performance.
>   o Gather all code related to IP ID into ip_id.c.
>   
>   Differential Revision:		https://reviews.freebsd.org/D2177
>   Reviewed by:			adrian, cy, rpaulo
>   Tested by:			Emeric POUPON <emeric.poupon stormshield.eu>
>   Sponsored by:			Netflix
>   Sponsored by:			Nginx, Inc.
>   Relnotes:			yes
> 
[...]
> +void
> +ip_fillid(struct ip *ip)
> +{
> +
> +	/*
> +	 * Per RFC6864 Section 4
> +	 *
> +	 * o  Atomic datagrams: (DF==1) && (MF==0) && (frag_offset==0)
> +	 * o  Non-atomic datagrams: (DF==0) || (MF==1) || (frag_offset>0)
> +	 */
> +	if (V_ip_rfc6864 && (ip->ip_off & htons(IP_DF)) == htons(IP_DF))
> +		ip->ip_id = 0;
> +	else if (V_ip_do_randomid)
> +		ip->ip_id = ip_randomid();
> +	else {
> +		counter_u64_add(V_ip_id, 1);
> +		ip->ip_id = htons((*(uint64_t *)zpcpu_get(V_ip_id)) & 0xffff);
> +	}
> +}
> +

This is completely bogus.  It's a big opacity violation (it relies on
what should be opaque private internal implementation details of
counter(9)).  The fact that the counter api doesn't provide a function
for retrieving one cpu's counter value should be a big clue there -- the
fact that you know the internals doesn't make it okay to reach behind
the counter and grab a value like that.  It may not even be safe to do
so on any given architecture; it certainly isn't safe on arm, and that
line of code above will work only by accident because you're throwing
way all but 16 bits.

But even more importantly, this WILL result in multiple threads using
the same value at the same time...
 
 - Thread A on CPU 1 and thread B on CPU 2 both begin executing here at
the same time, and both get through counter_u64_add().
 - Thread A keeps running and uses CPU 1's new value, call it 27.
 - Thread B gets prempted between counter_u64_add() and zpcpu_get().
When it resumes it's now on CPU 1, so it retrieves value 27 as well.

-- Ian

More information about the svn-src-all mailing list