Introduce a new lock, hostname_mtx, and use it to synchronize access

to global hostname and domainname variables.  Where necessary, copy
to or from a stack-local buffer before performing copyin() or
copyout().  A few uses, such as in cd9660 and daemon_saver, remain
under-synchronized and will require further updates.

Correct a bug in which a failed copyin() of domainname would leave
domainname potentially corrupted.

MFC after:	3 weeks

3 files changed, 14 insertions, 2 deletions

diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index d3c8315..e926c49 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -696,6 +696,7 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
 			n->m_pkthdr.rcvif = NULL;
 			n->m_len = 0;
 			maxhlen = M_TRAILINGSPACE(n) - maxlen;
+			mtx_lock(&hostname_mtx);
 			if (maxhlen > hostnamelen)
 				maxhlen = hostnamelen;
 			/*
@@ -708,6 +709,7 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
 			p = (u_char *)(nicmp6 + 1);
 			bzero(p, 4);
 			bcopy(hostname, p + 4, maxhlen); /* meaningless TTL */
+			mtx_unlock(&hostname_mtx);
 			noff = sizeof(struct ip6_hdr);
 			n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) +
 				sizeof(struct icmp6_hdr) + 4 + maxhlen;
@@ -1296,7 +1298,9 @@ ni6_input(struct mbuf *m, int off)
 			 *   wildcard match, if gethostname(3) side has
 			 *   truncated hostname.
 			 */
+			mtx_lock(&hostname_mtx);
 			n = ni6_nametodns(hostname, hostnamelen, 0);
+			mtx_unlock(&hostname_mtx);
 			if (!n || n->m_next || n->m_len == 0)
 				goto bad;
 			IP6_EXTHDR_GET(subj, char *, m,
@@ -1420,7 +1424,9 @@ ni6_input(struct mbuf *m, int off)
 		/*
 		 * XXX do we really have FQDN in variable "hostname"?
 		 */
+		mtx_lock(&hostname_mtx);
 		n->m_next = ni6_nametodns(hostname, hostnamelen, oldfqdn);
+		mtx_unlock(&hostname_mtx);
 		if (n->m_next == NULL)
 			goto bad;
 		/* XXX we assume that n->m_next is not a chain */
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index c24ca20..bc9dcc9 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1159,8 +1159,10 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
 			delay = arc4random() %
 			    (MAX_RTR_SOLICITATION_DELAY * hz);
 		}
+		mtx_lock(&hostname_mtx);
 		if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
 		    == 0) {
+			mtx_unlock(&hostname_mtx);
 			imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
 			    delay); /* XXX jinmei */
 			if (!imm) {
@@ -1174,7 +1176,8 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
 				LIST_INSERT_HEAD(&ia->ia6_memberships,
 				    imm, i6mm_chain);
 			}
-		}
+		} else
+			mtx_unlock(&hostname_mtx);
 #undef hostnamelen
 
 		/*
diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c
index 29dca4f..8714377 100644
--- a/sys/netinet6/in6_ifattach.c
+++ b/sys/netinet6/in6_ifattach.c
@@ -105,8 +105,10 @@ get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6)
 {
 	MD5_CTX ctxt;
 	u_int8_t digest[16];
-	int hostnamelen	= strlen(hostname);
+	int hostnamelen;
 
+	mtx_lock(&hostname_mtx);
+	hostnamelen = strlen(hostname);
 #if 0
 	/* we need at least several letters as seed for ifid */
 	if (hostnamelen < 3)
@@ -117,6 +119,7 @@ get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6)
 	bzero(&ctxt, sizeof(ctxt));
 	MD5Init(&ctxt);
 	MD5Update(&ctxt, hostname, hostnamelen);
+	mtx_unlock(&hostname_mtx);
 	MD5Final(digest, &ctxt);
 
 	/* assumes sizeof(digest) > sizeof(ifid) */