Protect the whole pipex(4) layer by NET_LOCK(). pipex(4) was

simultaneously protected by KERNEL_LOCK() and NET_LOCK() and now we have
the only lock for it. This step reduces locking mess in this layer.

ok mpi@

4 files changed, 47 insertions, 39 deletions

diff --git a/sys/net/if_pppx.c b/sys/net/if_pppx.c
index a6fc3bbd1e2..97670b2af91 100644
--- a/sys/net/if_pppx.c
+++ b/sys/net/if_pppx.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pppx.c,v 1.90 2020/06/24 08:52:53 mvs Exp $ */
+/*	$OpenBSD: if_pppx.c,v 1.91 2020/07/06 20:37:51 mvs Exp $ */
 
 /*
  * Copyright (c) 2010 Claudio Jeker <claudio@openbsd.org>
@@ -1117,6 +1117,8 @@ pppacopen(dev_t dev, int flags, int mode, struct proc *p)
 	ifp->if_output = pppac_output;
 	ifp->if_start = pppac_start;
 	ifp->if_ioctl = pppac_ioctl;
+	/* XXXSMP: be sure pppac_start() called under NET_LOCK() */
+	IFQ_SET_MAXLEN(&ifp->if_snd, 1);
 
 	if_counters_alloc(ifp);
 	if_attach(ifp);
diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index 48da59f377c..fb6ea9137ec 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.c,v 1.118 2020/07/06 20:28:38 mvs Exp $	*/
+/*	$OpenBSD: pipex.c,v 1.119 2020/07/06 20:37:51 mvs Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -869,6 +869,7 @@ pipex_output(struct mbuf *m0, int af, int off,
 	struct ip ip;
 	struct mbuf *mret;
 
+	NET_ASSERT_LOCKED();
 	session = NULL;
 	mret = NULL;
 	switch (af) {
@@ -962,6 +963,8 @@ pipex_ppp_output(struct mbuf *m0, struct pipex_session *session, int proto)
 {
 	u_char *cp, hdr[16];
 
+	NET_ASSERT_LOCKED();
+
 #ifdef PIPEX_MPPE
 	if (pipex_session_is_mppe_enabled(session)) {
 		if (proto == PPP_IP) {
@@ -1355,6 +1358,7 @@ pipex_pppoe_input(struct mbuf *m0, struct pipex_session *session)
 	int hlen;
 	struct pipex_pppoe_header pppoe;
 
+	NET_ASSERT_LOCKED();
 	/* already checked at pipex_pppoe_lookup_session */
 	KASSERT(m0->m_pkthdr.len >= (sizeof(struct ether_header) +
 	    sizeof(pppoe)));
@@ -1586,6 +1590,7 @@ pipex_pptp_input(struct mbuf *m0, struct pipex_session *session)
 	struct pipex_pptp_session *pptp_session;
 	int rewind = 0;
 
+	NET_ASSERT_LOCKED();
 	KASSERT(m0->m_pkthdr.len >= PIPEX_IPGRE_HDRLEN);
 	pptp_session = &session->proto.pptp;
 
@@ -2031,6 +2036,7 @@ pipex_l2tp_input(struct mbuf *m0, int off0, struct pipex_session *session,
 	uint16_t flags, ns = 0, nr = 0;
 	int rewind = 0;
 
+	NET_ASSERT_LOCKED();
 	length = offset = ns = nr = 0;
 	l2tp_session = &session->proto.l2tp;
 	l2tp_session->ipsecflowinfo = ipsecflowinfo;
diff --git a/sys/net/pipex.h b/sys/net/pipex.h
index 8f9a63ff567..133599ca935 100644
--- a/sys/net/pipex.h
+++ b/sys/net/pipex.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.h,v 1.23 2020/06/05 19:50:59 denis Exp $	*/
+/*	$OpenBSD: pipex.h,v 1.24 2020/07/06 20:37:51 mvs Exp $	*/
 
 /*
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -187,11 +187,11 @@ struct pipex_session;
  *
  * Locks used to protect struct members:
  *      I       immutable after creation
- *      k       kernel lock
+ *      N       net lock
  */
 struct pipex_iface_context {
 	struct	ifnet *ifnet_this;	/* [I] outer interface */
-	u_int	pipexmode;		/* [k] pipex mode */
+	u_int	pipexmode;		/* [N] pipex mode */
 	/* [I] virtual pipex_session entry for multicast routing */
 	struct pipex_session *multicast_session;
 };
diff --git a/sys/net/pipex_local.h b/sys/net/pipex_local.h
index f6fb33a53c7..b42a16d176b 100644
--- a/sys/net/pipex_local.h
+++ b/sys/net/pipex_local.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex_local.h,v 1.35 2020/06/18 14:20:12 mvs Exp $	*/
+/*	$OpenBSD: pipex_local.h,v 1.36 2020/07/06 20:37:51 mvs Exp $	*/
 
 /*
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -56,23 +56,23 @@
 /*
  * Locks used to protect struct members:
  *      I       immutable after creation
- *      k       kernel lock
+ *      N       net lock
  */
 
 #ifdef PIPEX_MPPE
 /* mppe rc4 key */
 struct pipex_mppe {
 	int16_t	stateless:1,			/* [I] key change mode */
-		resetreq:1,			/* [k] */
+		resetreq:1,			/* [N] */
 		reserved:14;
 	int16_t	keylenbits;			/* [I] key length */
 	int16_t keylen;				/* [I] */
-	uint16_t coher_cnt;			/* [k] cohency counter */
-	struct  rc4_ctx rc4ctx;			/* [k] */
-	u_char master_key[PIPEX_MPPE_KEYLEN];	/* [k] master key of MPPE */
-	u_char session_key[PIPEX_MPPE_KEYLEN];	/* [k] session key of MPPE */
+	uint16_t coher_cnt;			/* [N] cohency counter */
+	struct  rc4_ctx rc4ctx;			/* [N] */
+	u_char master_key[PIPEX_MPPE_KEYLEN];	/* [N] master key of MPPE */
+	u_char session_key[PIPEX_MPPE_KEYLEN];	/* [N] session key of MPPE */
 	u_char (*old_session_keys)[PIPEX_MPPE_KEYLEN];
-						/* [k] old session keys */
+						/* [N] old session keys */
 };
 #endif /* PIPEX_MPPE */
 
@@ -85,14 +85,14 @@ struct pipex_pppoe_session {
 #ifdef PIPEX_PPTP
 struct pipex_pptp_session {
 	/* sequence number gap between pipex and userland */
-	int32_t	snd_gap;		/* [k] gap of our sequence */
-	int32_t rcv_gap;		/* [k] gap of peer's sequence */
-	int32_t ul_snd_una;		/* [k] userland send acked seq */
+	int32_t	snd_gap;		/* [N] gap of our sequence */
+	int32_t rcv_gap;		/* [N] gap of peer's sequence */
+	int32_t ul_snd_una;		/* [N] userland send acked seq */
 
-	uint32_t snd_nxt;		/* [k] send next */
-	uint32_t rcv_nxt;		/* [k] receive next */
-	uint32_t snd_una;		/* [k] send acked sequence */
-	uint32_t rcv_acked;		/* [k] recv acked sequence */
+	uint32_t snd_nxt;		/* [N] send next */
+	uint32_t rcv_nxt;		/* [N] receive next */
+	uint32_t snd_una;		/* [N] send acked sequence */
+	uint32_t rcv_acked;		/* [N] recv acked sequence */
 
 	int winsz;			/* [I] windows size */
 	int maxwinsz;			/* [I] max windows size */
@@ -135,38 +135,38 @@ struct pipex_l2tp_session {
 
 	uint32_t option_flags;		/* [I] protocol options */
 
-	int16_t ns_gap;		/* [k] gap between userland and pipex */
-	int16_t nr_gap;		/* [k] gap between userland and pipex */
-	uint16_t ul_ns_una;	/* [k] unacked sequence number (userland) */
+	int16_t ns_gap;		/* [N] gap between userland and pipex */
+	int16_t nr_gap;		/* [N] gap between userland and pipex */
+	uint16_t ul_ns_una;	/* [N] unacked sequence number (userland) */
 
-	uint16_t ns_nxt;	/* [k] next sequence number to send */
-	uint16_t ns_una;	/* [k] unacked sequence number to send */
+	uint16_t ns_nxt;	/* [N] next sequence number to send */
+	uint16_t ns_una;	/* [N] unacked sequence number to send */
 
-	uint16_t nr_nxt;	/* [k] next sequence number to recv */
-	uint16_t nr_acked;	/* [k] acked sequence number to recv */
-	uint32_t ipsecflowinfo;	/* [k] IPsec SA flow id for NAT-T */
+	uint16_t nr_nxt;	/* [N] next sequence number to recv */
+	uint16_t nr_acked;	/* [N] acked sequence number to recv */
+	uint32_t ipsecflowinfo;	/* [N] IPsec SA flow id for NAT-T */
 };
 #endif /* PIPEX_L2TP */
 
 /* pppac ip-extension sessoin table */
 struct pipex_session {
 	struct radix_node	ps4_rn[2];
-					/* [k] tree glue, and other values */
+					/* [N] tree glue, and other values */
 	struct radix_node	ps6_rn[2];
-					/* [k] tree glue, and other values */
-	LIST_ENTRY(pipex_session) session_list;	/* [k] all session chain */
-	LIST_ENTRY(pipex_session) state_list;	/* [k] state list chain */
-	LIST_ENTRY(pipex_session) id_chain;	/* [k] id hash chain */
+					/* [N] tree glue, and other values */
+	LIST_ENTRY(pipex_session) session_list;	/* [N] all session chain */
+	LIST_ENTRY(pipex_session) state_list;	/* [N] state list chain */
+	LIST_ENTRY(pipex_session) id_chain;	/* [N] id hash chain */
 	LIST_ENTRY(pipex_session) peer_addr_chain;
-					/* [k] peer's address hash chain */
-	uint16_t	state;		/* [k] pipex session state */
+					/* [N] peer's address hash chain */
+	uint16_t	state;		/* [N] pipex session state */
 #define PIPEX_STATE_INITIAL		0x0000
 #define PIPEX_STATE_OPENED		0x0001
 #define PIPEX_STATE_CLOSE_WAIT		0x0002
 #define PIPEX_STATE_CLOSE_WAIT2		0x0003
 #define PIPEX_STATE_CLOSED		0x0004
 
-	uint16_t	ip_forward:1,	/* [k] {en|dis}ableIP forwarding */
+	uint16_t	ip_forward:1,	/* [N] {en|dis}ableIP forwarding */
 			ip6_forward:1,	/* [I] {en|dis}able IPv6 forwarding */
 			is_multicast:1,	/* [I] virtual entry for multicast */
 			reserved:13;
@@ -182,16 +182,16 @@ struct pipex_session {
 	struct sockaddr_in6 ip6_address; /* [I] remote IPv6 address */
 	int		ip6_prefixlen;   /* [I] remote IPv6 prefixlen */
 
-	struct pipex_iface_context* pipex_iface; /* [I] context for interface */
+	struct pipex_iface_context* pipex_iface; /* [N] context for interface */
 
 	uint32_t	ppp_flags;		/* [I] configure flags */
 #ifdef PIPEX_MPPE
-	int ccp_id;				/* [k] CCP packet id */
+	int ccp_id;				/* [N] CCP packet id */
 	struct pipex_mppe
 	    mppe_recv,				/* MPPE context for incoming */
 	    mppe_send;				/* MPPE context for outgoing */ 
 #endif /*PIPEXMPPE */
-	struct pipex_statistics stat;		/* [k] statistics */
+	struct pipex_statistics stat;		/* [N] statistics */
 	union {
 #ifdef PIPEX_PPPOE
 		struct pipex_pppoe_session pppoe;	/* context for PPPoE */