From d0e157f6aa36e3949944a9da182f04d80cb5dd18 Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Wed, 17 Mar 2010 18:28:27 +0000 Subject: [PATCH] Add pcb reference counting to the pcblist sysctl handler functions to ensure type stability while caching the pcb pointers for the copyout. Reviewed by: rwatson MFC after: 7 days --- sys/netinet/ip_divert.c | 17 ++++++++++++++--- sys/netinet/raw_ip.c | 15 ++++++++++++--- sys/netinet/tcp_subr.c | 18 ++++++++++++++---- sys/netinet/udp_usrreq.c | 18 +++++++++++++++--- 4 files changed, 55 insertions(+), 13 deletions(-) diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 2e8703439da..acee34112a2 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -628,11 +628,13 @@ div_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_divcbinfo); for (inp = LIST_FIRST(V_divcbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && - cr_canseeinpcb(req->td->td_ucred, inp) == 0) + cr_canseeinpcb(req->td->td_ucred, inp) == 0) { + in_pcbref(inp); inp_list[i++] = inp; - INP_RUNLOCK(inp); + } + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_divcbinfo); n = i; @@ -654,6 +656,15 @@ div_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_divcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_divcbinfo); + if (!error) { /* * Give the user an updated idea of our state. diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 88c1e61d452..1db37746c83 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1011,13 +1011,13 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_ripcbinfo); for (inp = LIST_FIRST(V_ripcbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && cr_canseeinpcb(req->td->td_ucred, inp) == 0) { - /* XXX held references? */ + in_pcbref(inp); inp_list[i++] = inp; } - INP_RUNLOCK(inp); + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_ripcbinfo); n = i; @@ -1040,6 +1040,15 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_ripcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_ripcbinfo); + if (!error) { /* * Give the user an updated idea of our state. If the diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 4a2f21f18b3..9ec434c0c34 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1108,7 +1108,7 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_tcbinfo); for (inp = LIST_FIRST(V_tcbinfo.ipi_listhead), i = 0; inp != NULL && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt) { /* * XXX: This use of cr_cansee(), introduced with @@ -1123,10 +1123,12 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) error = EINVAL; /* Skip this inp. */ } else error = cr_canseeinpcb(req->td->td_ucred, inp); - if (error == 0) + if (error == 0) { + in_pcbref(inp); inp_list[i++] = inp; + } } - INP_RUNLOCK(inp); + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_tcbinfo); n = i; @@ -1165,8 +1167,16 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) error = SYSCTL_OUT(req, &xt, sizeof xt); } else INP_RUNLOCK(inp); - } + INP_INFO_WLOCK(&V_tcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_tcbinfo); + if (!error) { /* * Give the user an updated idea of our state. diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index e0189d3227a..0d8e04deaf6 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -746,11 +746,13 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_udbinfo); for (inp = LIST_FIRST(V_udbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && - cr_canseeinpcb(req->td->td_ucred, inp) == 0) + cr_canseeinpcb(req->td->td_ucred, inp) == 0) { + in_pcbref(inp); inp_list[i++] = inp; - INP_RUNLOCK(inp); + } + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_udbinfo); n = i; @@ -761,6 +763,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) INP_RLOCK(inp); if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ @@ -773,6 +776,15 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_udbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_udbinfo); + if (!error) { /* * Give the user an updated idea of our state. If the