diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-06-26 23:05:28 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-06-26 23:05:28 +0000 |
| commit | 46dd6e44fc7f70ee8d82d41fb83bedfb2c7829c8 (patch) | |
| tree | 1a406ca586e36376a4f6fc527aef4c5964c174b5 /sys/security/mac_mls | |
| parent | 74854699d26c7fb406a5e0029641de33e278cbce (diff) | |
| download | FreeBSD-src-46dd6e44fc7f70ee8d82d41fb83bedfb2c7829c8.zip FreeBSD-src-46dd6e44fc7f70ee8d82d41fb83bedfb2c7829c8.tar.gz | |
Introduce locking around use of ifindex_table, whose use was previously
unsynchronized. While races were extremely rare, we've now had a
couple of reports of panics in environments involving large numbers of
IPSEC tunnels being added very quickly on an active system.
- Add accessor functions ifnet_byindex(), ifaddr_byindex(),
ifdev_byindex() to replace existing accessor macros. These functions
now acquire the ifnet lock before derefencing the table.
- Add IFNET_WLOCK_ASSERT().
- Add static accessor functions ifnet_setbyindex(), ifdev_setbyindex(),
which set values in the table either asserting of acquiring the ifnet
lock.
- Use accessor functions throughout if.c to modify and read
ifindex_table.
- Rework ifnet attach/detach to lock around ifindex_table modification.
Note that these changes simply close races around use of ifindex_table,
and make no attempt to solve the probem of disappearing ifnets. Further
refinement of this work, including with respect to ifindex_table
resizing, is still required.
In a future change, the ifnet lock should be converted from a mutex to an
rwlock in order to reduce contention.
Reviewed and tested by: brooks
Diffstat (limited to 'sys/security/mac_mls')
0 files changed, 0 insertions, 0 deletions
