svn commit: r353793 - head/sys/netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Mon Oct 21 08:48:48 UTC 2019
Author: bz
Date: Mon Oct 21 08:48:47 2019
New Revision: 353793
URL: https://svnweb.freebsd.org/changeset/base/353793
Log:
frag6: fix vnet teardown leak
When shutting down a VNET we did not cleanup the fragmentation hashes.
This has multiple problems: (1) leak memory but also (2) leak on the
global counters, which might eventually lead to a problem on a system
starting and stopping a lot of vnets and dealing with a lot of IPv6
fragments that the counters/limits would be exhausted and processing
would no longer take place.
Unfortunately we do not have a useable variable to indicate when
per-VNET initialization of frag6 has happened (or when destroy happened)
so introduce a boolean to flag this. This is needed here as well as
it was in r353635 for ip_reass.c in order to avoid tripping over the
already destroyed locks if interfaces go away after the frag6 destroy.
While splitting things up convert the TRY_LOCK to a LOCK operation in
now frag6_drain_one(). The try-lock was derived from a manual hand-rolled
implementation and carried forward all the time. We no longer can afford
not to get the lock as that would mean we would continue to leak memory.
Assert that all the buckets are empty before destroying to lock to
ensure long-term stability of a clean shutdown.
Reported by: hselasky
Reviewed by: hselasky
MFC after: 3 weeks
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D22054
Modified:
head/sys/netinet6/frag6.c
head/sys/netinet6/ip6_input.c
head/sys/netinet6/ip6_var.h
Modified: head/sys/netinet6/frag6.c
==============================================================================
--- head/sys/netinet6/frag6.c Mon Oct 21 08:36:15 2019 (r353792)
+++ head/sys/netinet6/frag6.c Mon Oct 21 08:48:47 2019 (r353793)
@@ -100,6 +100,12 @@ struct ip6asfrag {
static MALLOC_DEFINE(M_FRAG6, "frag6", "IPv6 fragment reassembly header");
+#ifdef VIMAGE
+/* A flag to indicate if IPv6 fragmentation is initialized. */
+VNET_DEFINE_STATIC(bool, frag6_on);
+#define V_frag6_on VNET(frag6_on)
+#endif
+
/* System wide (global) maximum and count of packets in reassembly queues. */
static int ip6_maxfrags;
static volatile u_int frag6_nfrags = 0;
@@ -289,6 +295,15 @@ frag6_cleanup(void *arg __unused, struct ifnet *ifp)
KASSERT(ifp != NULL, ("%s: ifp is NULL", __func__));
+#ifdef VIMAGE
+ /*
+ * Skip processing if IPv6 reassembly is not initialised or
+ * torn down by frag6_destroy().
+ */
+ if (!V_frag6_on)
+ return;
+#endif
+
CURVNET_SET_QUIET(ifp->if_vnet);
for (i = 0; i < IP6REASS_NHASH; i++) {
IP6QB_LOCK(i);
@@ -929,6 +944,9 @@ frag6_init(void)
}
V_ip6qb_hashseed = arc4random();
V_ip6_maxfragsperpacket = 64;
+#ifdef VIMAGE
+ V_frag6_on = true;
+#endif
if (!IS_DEFAULT_VNET(curvnet))
return;
@@ -940,31 +958,57 @@ frag6_init(void)
/*
* Drain off all datagram fragments.
*/
+static void
+frag6_drain_one(void)
+{
+ struct ip6q *head;
+ uint32_t bucket;
+
+ for (bucket = 0; bucket < IP6REASS_NHASH; bucket++) {
+ IP6QB_LOCK(bucket);
+ head = IP6QB_HEAD(bucket);
+ while (head->ip6q_next != head) {
+ IP6STAT_INC(ip6s_fragdropped);
+ /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
+ frag6_freef(head->ip6q_next, bucket);
+ }
+ IP6QB_UNLOCK(bucket);
+ }
+}
+
void
frag6_drain(void)
{
VNET_ITERATOR_DECL(vnet_iter);
- struct ip6q *head;
- uint32_t bucket;
VNET_LIST_RLOCK_NOSLEEP();
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
- for (bucket = 0; bucket < IP6REASS_NHASH; bucket++) {
- if (IP6QB_TRYLOCK(bucket) == 0)
- continue;
- head = IP6QB_HEAD(bucket);
- while (head->ip6q_next != head) {
- IP6STAT_INC(ip6s_fragdropped);
- /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
- frag6_freef(head->ip6q_next, bucket);
- }
- IP6QB_UNLOCK(bucket);
- }
+ frag6_drain_one();
CURVNET_RESTORE();
}
VNET_LIST_RUNLOCK_NOSLEEP();
}
+
+#ifdef VIMAGE
+/*
+ * Clear up IPv6 reassembly structures.
+ */
+void
+frag6_destroy(void)
+{
+ uint32_t bucket;
+
+ frag6_drain_one();
+ V_frag6_on = false;
+ for (bucket = 0; bucket < IP6REASS_NHASH; bucket++) {
+ KASSERT(V_ip6qb[bucket].count == 0,
+ ("%s: V_ip6qb[%d] (%p) count not 0 (%d)", __func__,
+ bucket, &V_ip6qb[bucket], V_ip6qb[bucket].count));
+ mtx_destroy(&V_ip6qb[bucket].lock);
+ }
+}
+#endif
/*
* Put an ip fragment on a reassembly chain.
Modified: head/sys/netinet6/ip6_input.c
==============================================================================
--- head/sys/netinet6/ip6_input.c Mon Oct 21 08:36:15 2019 (r353792)
+++ head/sys/netinet6/ip6_input.c Mon Oct 21 08:48:47 2019 (r353793)
@@ -393,6 +393,7 @@ ip6_destroy(void *unused __unused)
}
IFNET_RUNLOCK();
+ frag6_destroy();
nd6_destroy();
in6_ifattach_destroy();
Modified: head/sys/netinet6/ip6_var.h
==============================================================================
--- head/sys/netinet6/ip6_var.h Mon Oct 21 08:36:15 2019 (r353792)
+++ head/sys/netinet6/ip6_var.h Mon Oct 21 08:48:47 2019 (r353793)
@@ -392,6 +392,7 @@ int ip6_fragment(struct ifnet *, struct mbuf *, int, u
int route6_input(struct mbuf **, int *, int);
void frag6_init(void);
+void frag6_destroy(void);
int frag6_input(struct mbuf **, int *, int);
void frag6_slowtimo(void);
void frag6_drain(void);
More information about the svn-src-all
mailing list