From: Vitaliy Makkoveev <mvs@openbsd.org>
Subject: sysctl(2): unlock etherip_sysctl()
To: Alexander Bluhm <bluhm@openbsd.org>, tech@openbsd.org
Date: Fri, 16 Aug 2024 17:42:44 +0300

- ETHERIPCTL_ALLOW - atomically accessed integer;
- ETHERIPCTL_STATS - per-CPU counters

ok?

Index: sys/net/if_etherip.c
===================================================================
RCS file: /cvs/src/sys/net/if_etherip.c,v
diff -u -p -r1.55 if_etherip.c
--- sys/net/if_etherip.c	13 Feb 2024 12:22:09 -0000	1.55
+++ sys/net/if_etherip.c	16 Aug 2024 14:38:30 -0000
@@ -55,6 +55,11 @@
 
 #include <net/if_etherip.h>
 
+/*
+ * Locks used to protect data:
+ *	a	atomic
+ */
+ 
 union etherip_addr {
 	struct in_addr	in4;
 	struct in6_addr	in6;
@@ -97,7 +102,7 @@ struct etherip_softc {
  * We can control the acceptance of EtherIP packets by altering the sysctl
  * net.inet.etherip.allow value. Zero means drop them, all else is acceptance.
  */
-int etherip_allow = 0;
+int etherip_allow = 0;	/* [a] */
 
 struct cpumem *etheripcounters;
 
@@ -628,7 +633,8 @@ etherip_input(struct etherip_tunnel *key
 	struct etherip_header *eip;
 	int rxprio;
 
-	if (!etherip_allow && (m->m_flags & (M_AUTH|M_CONF)) == 0) {
+	if (atomic_load_int(&etherip_allow) == 0 &&
+	    (m->m_flags & (M_AUTH|M_CONF)) == 0) {
 		etheripstat_inc(etherips_pdrops);
 		goto drop;
 	}
@@ -799,19 +805,14 @@ int
 etherip_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
     void *newp, size_t newlen)
 {
-	int error;
-
 	/* All sysctl names at this level are terminal. */
 	if (namelen != 1)
 		return ENOTDIR;
 
 	switch (name[0]) {
 	case ETHERIPCTL_ALLOW:
-		NET_LOCK();
-		error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
-		    &etherip_allow, 0, 1);
-		NET_UNLOCK();
-		return (error);
+		return (sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+		    &etherip_allow, 0, 1));
 	case ETHERIPCTL_STATS:
 		return (etherip_sysctl_etheripstat(oldp, oldlenp, newp));
 	default:
Index: sys/netinet/in_proto.c
===================================================================
RCS file: /cvs/src/sys/netinet/in_proto.c,v
diff -u -p -r1.108 in_proto.c
--- sys/netinet/in_proto.c	16 Aug 2024 09:20:35 -0000	1.108
+++ sys/netinet/in_proto.c	16 Aug 2024 14:38:30 -0000
@@ -366,7 +366,7 @@ const struct protosw inetsw[] = {
   .pr_type	= SOCK_RAW,
   .pr_domain	= &inetdomain,
   .pr_protocol	= IPPROTO_ETHERIP,
-  .pr_flags	= PR_ATOMIC|PR_ADDR|PR_MPSOCKET,
+  .pr_flags	= PR_ATOMIC|PR_ADDR|PR_MPSOCKET|PR_MPSYSCTL,
   .pr_input	= ip_etherip_input,
   .pr_ctloutput	= rip_ctloutput,
   .pr_usrreqs	= &rip_usrreqs,