Merge pull request #16259 from yarrick/safe_lwip

pkg/lwip: Add thread safety check when using DEVELHELP
2024-12-29 04:50:03 +01:00 · 2021-07-20 17:18:49 +02:00 · 2021-07-20 17:18:49 +02:00 · e1449e27ff
commit e1449e27ff
parent 225c127a45 e04da0d828
5 changed files with 66 additions and 2 deletions
--- a/pkg/lwip/contrib/sock/ip/lwip_sock_ip.c
+++ b/pkg/lwip/contrib/sock/ip/lwip_sock_ip.c
@ -101,12 +101,15 @@ static uint16_t _ip6_addr_to_netif(const ip6_addr_p_t *_addr)
    ip6_addr_copy_from_packed(addr, *_addr);
    if (!ip6_addr_isany_val(addr)) {
        struct netif *netif;
+        LOCK_TCPIP_CORE();
        /* cppcheck-suppress uninitvar ; assigned by macro */
        NETIF_FOREACH(netif) {
            if (netif_get_ip6_addr_match(netif, &addr) >= 0) {
+                UNLOCK_TCPIP_CORE();
                return (int)netif->num + 1;
            }
        }
+        UNLOCK_TCPIP_CORE();
    }
    return SOCK_ADDR_ANY_NETIF;
 }
--- a/pkg/lwip/contrib/sock/lwip_sock.c
+++ b/pkg/lwip/contrib/sock/lwip_sock.c
@ -137,9 +137,13 @@ static bool _addr_on_netif(int family, int netif_num, const ip_addr_t *addr)
                    return ip_2_ip4(&netif->ip_addr)->addr == ip_2_ip4(addr)->addr;
 #endif
 #if LWIP_IPV6
-                case AF_INET6:
+                case AF_INET6: {
+                    LOCK_TCPIP_CORE();
                    /* link-local address is always the 0th */
-                    return (netif_get_ip6_addr_match(netif, ip_2_ip6(addr)) >= 0);
+                    s8_t match = netif_get_ip6_addr_match(netif, ip_2_ip6(addr));
+                    UNLOCK_TCPIP_CORE();
+                    return match >= 0;
+                }
 #endif
                default:
                    return false;
@ -445,11 +449,13 @@ uint16_t lwip_sock_bind_addr_to_netif(const ip_addr_t *bind_addr)

    if (!ip_addr_isany(bind_addr)) {
        struct netif *netif;
+        LOCK_TCPIP_CORE();
        /* cppcheck-suppress uninitvar ; assigned by macro */
        NETIF_FOREACH(netif) {
            if (IP_IS_V6(bind_addr)) {  /* XXX crappy API yields crappy code */
 #if LWIP_IPV6
                if (netif_get_ip6_addr_match(netif, ip_2_ip6(bind_addr)) >= 0) {
+                    UNLOCK_TCPIP_CORE();
                    return (int)netif->num + 1;
                }
 #endif
@ -457,11 +463,13 @@ uint16_t lwip_sock_bind_addr_to_netif(const ip_addr_t *bind_addr)
            else {
 #if LWIP_IPV4
                if (netif_ip4_addr(netif)->addr == ip_2_ip4(bind_addr)->addr) {
+                    UNLOCK_TCPIP_CORE();
                    return (int)netif->num + 1;
                }
 #endif
            }
        }
+        UNLOCK_TCPIP_CORE();
    }
    return SOCK_ADDR_ANY_NETIF;
 }
--- a/pkg/lwip/contrib/sys_arch.c
+++ b/pkg/lwip/contrib/sys_arch.c
@ -22,7 +22,9 @@
 #include "lwip/mem.h"
 #include "lwip/opt.h"
 #include "lwip/sys.h"
+#include "lwip/tcpip.h"

+#include "irq.h"
 #include "msg.h"
 #include "sema.h"
 #include "thread.h"
@ -222,4 +224,34 @@ sys_thread_t sys_thread_new(const char *name, lwip_thread_fn thread, void *arg,
    return res;
 }

+#ifdef DEVELHELP
+static kernel_pid_t lwip_tcpip_thread = KERNEL_PID_UNDEF;
+static kernel_pid_t lwip_lock_thread;
+
+void sys_mark_tcpip_thread(void) {
+    lwip_tcpip_thread = thread_getpid();
+}
+
+void sys_lock_tcpip_core(void) {
+    sys_mutex_lock(&lock_tcpip_core);
+    lwip_lock_thread = thread_getpid();
+}
+void sys_unlock_tcpip_core(void) {
+    lwip_lock_thread = KERNEL_PID_UNDEF;
+    sys_mutex_unlock(&lock_tcpip_core);
+}
+
+bool sys_check_core_locked(void) {
+    /* Don't call from inside isr */
+    if (irq_is_in()) {
+        return false;
+    }
+    if (lwip_tcpip_thread != KERNEL_PID_UNDEF) {
+        /* only call from thread with lock */
+        return lwip_lock_thread == thread_getpid();
+    }
+    return true;
+}
+#endif
+
 /** @} */
--- a/pkg/lwip/include/arch/sys_arch.h
+++ b/pkg/lwip/include/arch/sys_arch.h
@ -116,6 +116,18 @@ static inline void sys_mbox_set_invalid(sys_mbox_t *mbox)

 typedef kernel_pid_t sys_thread_t;      /**< Platform specific thread type */

+#if DEVELHELP
+/**
+ * @name    Functions for locking/unlocking core to assure thread safety.
+ * @{
+ */
+void sys_lock_tcpip_core(void);
+#define LOCK_TCPIP_CORE()          sys_lock_tcpip_core()
+void sys_unlock_tcpip_core(void);
+#define UNLOCK_TCPIP_CORE()        sys_unlock_tcpip_core()
+/** @} */
+#endif
+
 #ifdef MODULE_RANDOM
 /**
 * @brief   Use `random_uint32()` to generate random numbers, if available
--- a/pkg/lwip/include/lwipopts.h
+++ b/pkg/lwip/include/lwipopts.h
@ -171,6 +171,15 @@ extern "C" {
 #define MEM_SIZE                (TCPIP_THREAD_STACKSIZE + 6144)
 #endif

+#ifdef DEVELHELP
+void sys_mark_tcpip_thread(void);
+#define LWIP_MARK_TCPIP_THREAD sys_mark_tcpip_thread
+
+bool sys_check_core_locked(void);
+#define LWIP_ASSERT_CORE_LOCKED() \
+    LWIP_ASSERT("Core lock held", sys_check_core_locked())
+#endif
+
 /** @} */

 #ifdef __cplusplus