netgraph(4): Don't process NGQF_MESG items in NET_EPOCH context.

Netgraph has two main types of message items: - NGQF_DATA items are used for data processing. This is a hot path that should be called from a NET_EPOCH context. - NGQF_MESG items are used for node configuration. There are many places in netgraph(4) where processing the NGQF_MESG item can call sections of code that are forbidden in the NET_EPOCH context. All item types can be queued and then processed using ngthread(). But ngthread() is unconditionally enter in the NET_EPOCH section for all types. This causes panic/deadlocks when processing NGQF_MESG elements. Reported by: mjg Reviewed by: glebius, vmaffione (mentor) Tested by: mjg, afedorov Approved by: glebius, vmaffione (mentor) Sponsored by: vstack.com Differential Revision: https://reviews.freebsd.org/D36496
2022-09-13 17:15:23 +03:00 · 2022-09-13 17:15:23 +03:00 · 0e6e2c4ef3
commit 0e6e2c4ef3
parent bb1d472d79
1 changed files with 13 additions and 1 deletions
--- a/sys/netgraph/ng_base.c
+++ b/sys/netgraph/ng_base.c
@ -3439,7 +3439,19 @@ ngthread(void *arg)
 			} else {
 				NG_QUEUE_UNLOCK(&node->nd_input_queue);
 				NGI_GET_NODE(item, node); /* zaps stored node */
-				ng_apply_item(node, item, rw);
+
+				if ((item->el_flags & NGQF_TYPE) == NGQF_MESG) {
+					/*
+					 * NGQF_MESG items should never be processed in
+					 * NET_EPOCH context. So, temporary exit from EPOCH.
+					 */
+					NET_EPOCH_EXIT(et);
+					ng_apply_item(node, item, rw);
+					NET_EPOCH_ENTER(et);
+				} else {
+					ng_apply_item(node, item, rw);
+				}
+
 				NG_NODE_UNREF(node);
 			}
 		}