net: Enter a net epoch around protocol if_up/down notifications

When traversing a list of interface addresses, we need to be in a net epoch section, and protocol ctlinput routines need a stable reference to the address. Reported by: syzbot+3219af764ead146a3a4e@syzkaller.appspotmail.com Reviewed by: kp, melifaro Sponsored by: The FreeBSD Foundation (cherry picked from commit b1e6a792d6)
2021-09-10 09:07:40 -04:00 · 2021-09-10 09:07:40 -04:00 · cdb6f3d416
commit cdb6f3d416
parent b4194a432b
2 changed files with 8 additions and 0 deletions
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@ -510,6 +510,8 @@ pfctlinput(int cmd, struct sockaddr *sa)
 	struct domain *dp;
 	struct protosw *pr;

+	NET_EPOCH_ASSERT();
+
 	for (dp = domains; dp; dp = dp->dom_next)
 		for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
 			if (pr->pr_ctlinput)
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -2215,14 +2215,17 @@ static void
 if_unroute(struct ifnet *ifp, int flag, int fam)
 {
 	struct ifaddr *ifa;
+	struct epoch_tracker et;

 	KASSERT(flag == IFF_UP, ("if_unroute: flag != IFF_UP"));

 	ifp->if_flags &= ~flag;
 	getmicrotime(&ifp->if_lastchange);
+	NET_EPOCH_ENTER(et);
 	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
 		if (fam == PF_UNSPEC || (fam == ifa->ifa_addr->sa_family))
 			pfctlinput(PRC_IFDOWN, ifa->ifa_addr);
+	NET_EPOCH_EXIT(et);
 	ifp->if_qflush(ifp);

 	if (ifp->if_carp)
@ -2238,14 +2241,17 @@ static void
 if_route(struct ifnet *ifp, int flag, int fam)
 {
 	struct ifaddr *ifa;
+	struct epoch_tracker et;

 	KASSERT(flag == IFF_UP, ("if_route: flag != IFF_UP"));

 	ifp->if_flags |= flag;
 	getmicrotime(&ifp->if_lastchange);
+	NET_EPOCH_ENTER(et);
 	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
 		if (fam == PF_UNSPEC || (fam == ifa->ifa_addr->sa_family))
 			pfctlinput(PRC_IFUP, ifa->ifa_addr);
+	NET_EPOCH_EXIT(et);
 	if (ifp->if_carp)
 		(*carp_linkstate_p)(ifp);
 	rt_ifmsg(ifp);