git: d6e32525c778 - stable/14 - fib_dxr: check if cached fib_data matches the new request in dxr_init()

Wed, 22 May 2024 10:35:02 -0700 

The branch stable/14 has been updated by zec:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=d6e32525c778d92c26a37f4e1b562e80b18a9af7

commit d6e32525c778d92c26a37f4e1b562e80b18a9af7
Author:     Marko Zec <z...@freebsd.org>
AuthorDate: 2024-05-17 15:55:43 +0000
Commit:     Marko Zec <z...@freebsd.org>
CommitDate: 2024-05-22 17:34:05 +0000

    fib_dxr: check if cached fib_data matches the new request in dxr_init()
    
    When calling dxr_init(), the FIB_ALGO infrastructure may provide a
    pointer to a previous dxr instance, which permits reuse of auxiliary
    dxr structures, i.e. incremental lookup structure updates.  For dxr this
    is a crucial feature provided by FIB_ALGO, since dxr incremental updates
    are typically several orders of magnitude faster than full lookup table
    rebuilds.
    
    However, the auxiliary dxr structure caches a pointer to struct fib_data and
    relies upon it for performing incremental updates.  Apparently, incremental
    rebuild requests from FIB_ALGO, i.e. a calls to dxr_init() with a pointer
    old_data set, may (under not yet fully understood circumstances) be invoked
    within a different fib_data context than the one cached in the previous
    version of dxr auxiliary structures.  In such (rare) events, we ignore the
    offered old dxr context, and proceed with a full lookup structure rebuild
    instead of attempting an incremental one using a fib_data context which
    may or may not no longer be valid, and thus lead to a system crash.
    
    PR:             278422
    MFC after:      1 week
    
    (cherry picked from commit 4ab122e8ef127d36d95f874e85600c36c87c8c22)
---
 sys/netinet/in_fib_dxr.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c
index 82245ecf6e66..539d7fe6c96f 100644
--- a/sys/netinet/in_fib_dxr.c
+++ b/sys/netinet/in_fib_dxr.c
@@ -1139,7 +1139,8 @@ dxr_init(uint32_t fibnum, struct fib_data *fd, void 
*old_data, void **data)
        }
 
        /* Check whether we may reuse the old auxiliary structures */
-       if (old_dxr != NULL && old_dxr->aux != NULL) {
+       if (old_dxr != NULL && old_dxr->aux != NULL &&
+           old_dxr->aux->fd == fd) {
                da = old_dxr->aux;
                atomic_add_int(&da->refcnt, 1);
        }
@@ -1275,7 +1276,7 @@ dxr_change_rib_batch(struct rib_head *rnh, struct 
fib_change_queue *q,
 
        da = dxr->aux;
        MPASS(da != NULL);
-       MPASS(da->fd != NULL);
+       MPASS(da->fd == dxr->fd);
        MPASS(da->refcnt > 0);
 
        FIB_PRINTF(LOG_INFO, da->fd, "processing %d update(s)", q->count);

Reply via email to