Convert all IPv4 and IPv6 multicast memberships

into using a STAILQ instead of a linear array.

The multicast memberships for the inpcb structure are protected by a
non-sleepable lock, INP_WLOCK(), which needs to be dropped when
calling the underlying possibly sleeping if_ioctl() method. When using
a linear array to keep track of multicast memberships, the computed
memory location of the multicast filter may suddenly change, due to
concurrent insertion or removal of elements in the linear array. This
in turn leads to various invalid memory access issues and kernel
panics.

To avoid this problem, put all multicast memberships on a STAILQ based
list. Then the memory location of the IPv4 and IPv6 multicast filters
become fixed during their lifetime and use after free and memory leak
issues are easier to track, for example by: vmstat -m | grep multi

All list manipulation has been factored into inline functions
including some macros, to easily allow for a future hash-list
implementation, if needed.

This patch has been tested by pho@ .

Differential Revision: https://reviews.freebsd.org/D20080
Reviewed by:	markj @
MFC after:	1 week
Sponsored by:	Mellanox Technologies
This commit is contained in:
hselasky 2019-06-25 11:54:41 +00:00 committed by Ken Brown
parent fc5d0d6b7a
commit cd2a0083f9
2 changed files with 3 additions and 10 deletions

View File

@ -505,13 +505,9 @@ __END_DECLS
#define IP_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */
/*
* The imo_membership vector for each socket is now dynamically allocated at
* run-time, bounded by USHRT_MAX, and is reallocated when needed, sized
* according to a power-of-two increment.
* Limit for IPv4 multicast memberships
*/
#define IP_MIN_MEMBERSHIPS 31
#define IP_MAX_MEMBERSHIPS 4095
#define IP_MAX_SOURCE_FILTER 1024 /* XXX to be unused */
/*
* Default resource limits for IPv4 multicast source filtering.

View File

@ -60,7 +60,7 @@
* SUCH DAMAGE.
*
* @(#)in.h 8.3 (Berkeley) 1/3/94
* $FreeBSD: head/sys/netinet6/in6.h 337783 2018-08-14 17:27:41Z jtl $
* $FreeBSD: head/sys/netinet6/in6.h 349369 2019-06-25 11:54:41Z hselasky $
*/
#ifndef __KAME_NETINET_IN_H_INCLUDED_
@ -395,11 +395,8 @@ struct route_in6 {
#define IPV6_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */
/*
* The im6o_membership vector for each socket is now dynamically allocated at
* run-time, bounded by USHRT_MAX, and is reallocated when needed, sized
* according to a power-of-two increment.
* Limit for IPv6 multicast memberships
*/
#define IPV6_MIN_MEMBERSHIPS 31
#define IPV6_MAX_MEMBERSHIPS 4095
/*