domain: make it safer to add domains post-domainfinalize

I can see two concerns for adding domains after domainfinalize: 1.) The slow/fast callouts have already been setup. 2.) Userland could create a socket while we're in the middle of initialization. We can address #1 fairly easily by tracking whether the domain's been initialized for at least the default vnet. There are still some concerns about the callbacks being invoked while a vnet is in the process of being created/destroyed, but this is a pre-existing issue that the callbacks must coordinate anyways. We should also address #2, but technically this has been an issue anyways because we don't assert on post-domainfinalize additions; we don't seem to hit it in practice. Future work can fix that up to make sure we don't find partially constructed domains, but care must be taken to make sure that at least, e.g., the usages of pffindproto in ip_input.c can still find them. Differential Revision: https://reviews.freebsd.org/D25459
2020-06-25 21:38:27 -05:00 · 2020-06-25 21:38:27 -05:00 · 29e400e994
commit 29e400e994
parent 625932c9aa
2 changed files with 17 additions and 11 deletions
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@ -47,6 +47,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/socketvar.h>
 #include <sys/systm.h>

+#include <machine/atomic.h>
+
 #include <net/vnet.h>

 /*
@ -177,6 +179,8 @@ domain_init(void *arg)
 	flags = atomic_load_acq_int(&dp->dom_flags);
 	if ((flags & DOMF_SUPPORTED) == 0)
 		return;
+	KASSERT((flags & DOMF_INITED) == 0 || !IS_DEFAULT_VNET(curvnet),
+	    ("Premature initialization of domain in non-default vnet"));
 	if (dp->dom_init)
 		(*dp->dom_init)();
 	for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
@ -188,6 +192,8 @@ domain_init(void *arg)
 	max_datalen = MHLEN - max_hdr;
 	if (max_datalen < 1)
 		panic("%s: max_datalen < 1", __func__);
+	if (IS_DEFAULT_VNET(curvnet))
+		atomic_set_rel_int(&dp->dom_flags, DOMF_INITED);
 }

 #ifdef VIMAGE
@ -236,15 +242,6 @@ domain_add(void *data)
 	if (domain_init_status < 1)
 		printf("WARNING: attempt to domain_add(%s) before "
 		    "domaininit()\n", dp->dom_name);
-#endif
-#ifdef notyet
-	KASSERT(domain_init_status < 2,
-	    ("attempt to domain_add(%s) after domainfinalize()",
-	    dp->dom_name));
-#else
-	if (domain_init_status >= 2)
-		printf("WARNING: attempt to domain_add(%s) after "
-		    "domainfinalize()\n", dp->dom_name);
 #endif
 	mtx_unlock(&dom_mtx);
 }
@ -491,10 +488,14 @@ pfslowtimo(void *arg)
 	struct protosw *pr;

 	NET_EPOCH_ENTER(et);
-	for (dp = domains; dp; dp = dp->dom_next)
+	for (dp = domains; dp; dp = dp->dom_next) {
+		if ((atomic_load_int(&dp->dom_flags) & DOMF_INITED) == 0)
+			continue;
+		atomic_thread_fence_acq();
 		for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
 			if (pr->pr_slowtimo)
 				(*pr->pr_slowtimo)();
+	}
 	NET_EPOCH_EXIT(et);
 	callout_reset(&pfslow_callout, hz/2, pfslowtimo, NULL);
 }
@ -507,10 +508,14 @@ pffasttimo(void *arg)
 	struct protosw *pr;

 	NET_EPOCH_ENTER(et);
-	for (dp = domains; dp; dp = dp->dom_next)
+	for (dp = domains; dp; dp = dp->dom_next) {
+		if ((atomic_load_int(&dp->dom_flags) & DOMF_INITED) == 0)
+			continue;
+		atomic_thread_fence_acq();
 		for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
 			if (pr->pr_fasttimo)
 				(*pr->pr_fasttimo)();
+	}
 	NET_EPOCH_EXIT(et);
 	callout_reset(&pffast_callout, hz/5, pffasttimo, NULL);
 }
--- a/sys/sys/domain.h
+++ b/sys/sys/domain.h
@ -74,6 +74,7 @@ struct domain {

 /* dom_flags */
 #define	DOMF_SUPPORTED	0x0001	/* System supports this domain. */
+#define	DOMF_INITED	0x0002	/* Initialized in the default vnet. */

 #ifdef _KERNEL
 extern int	domain_init_status;