svn commit: r368743 - head/tests/sys/net
Author: kp
Date: Thu Dec 17 21:54:25 2020
New Revision: 368743
URL: https://svnweb.freebsd.org/changeset/base/368743
Log:
net tests: Re-enable most if_clone tests
All but one of these (tap_ipv6_up_stress) currently pass, so we should enable
them so we don't regress.
Modified:
head/tests/sys/net/if_clone_test.sh
Modified: head/tests/sys/net/if_clone_test.sh
==
--- head/tests/sys/net/if_clone_test.sh Thu Dec 17 21:02:58 2020
(r368742)
+++ head/tests/sys/net/if_clone_test.sh Thu Dec 17 21:54:25 2020
(r368743)
@@ -47,9 +47,6 @@ epair_stress_head()
}
epair_stress_body()
{
- if [ "$(atf_config_get ci false)" = "true" ]; then
- atf_skip "https://bugs.freebsd.org/246443;
- fi
do_stress "epair"
}
epair_stress_cleanup()
@@ -80,7 +77,6 @@ epair_ipv6_up_stress_head()
}
epair_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: page fault in in6_unlink_ifa (PR 225438)"
do_up_stress "epair" "6" ""
}
epair_ipv6_up_stress_cleanup()
@@ -111,7 +107,6 @@ faith_up_stress_head()
}
faith_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "faith" "" ""
}
faith_up_stress_cleanup()
@@ -127,7 +122,6 @@ faith_ipv6_up_stress_head()
}
faith_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "faith" "6" ""
}
faith_ipv6_up_stress_cleanup()
@@ -158,7 +152,6 @@ gif_up_stress_head()
}
gif_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "gif" "" "p2p"
}
gif_up_stress_cleanup()
@@ -174,7 +167,6 @@ gif_ipv6_up_stress_head()
}
gif_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: rt_tables_get_rnh_ptr: fam out of bounds."
do_up_stress "gif" "6" "p2p"
}
gif_ipv6_up_stress_cleanup()
@@ -205,7 +197,6 @@ lo_up_stress_head()
}
lo_up_stress_body()
{
- atf_skip "Quickly panics: GPF in rtsock_routemsg"
do_up_stress "lo" "" ""
}
lo_up_stress_cleanup()
@@ -221,7 +212,6 @@ lo_ipv6_up_stress_head()
}
lo_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: page fault in rtsock_addrmsg"
do_up_stress "lo" "6" ""
}
lo_ipv6_up_stress_cleanup()
@@ -252,7 +242,6 @@ tap_up_stress_head()
}
tap_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "tap" "" ""
}
tap_up_stress_cleanup()
@@ -299,7 +288,6 @@ tun_up_stress_head()
}
tun_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "tun" "" "p2p"
}
tun_up_stress_cleanup()
@@ -315,7 +303,6 @@ tun_ipv6_up_stress_head()
}
tun_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "tun" "6" "p2p"
}
tun_ipv6_up_stress_cleanup()
@@ -346,7 +333,6 @@ vlan_up_stress_head()
}
vlan_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "vlan" "" ""
}
vlan_up_stress_cleanup()
@@ -362,7 +348,6 @@ vlan_ipv6_up_stress_head()
}
vlan_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "vlan" "6" ""
}
vlan_ipv6_up_stress_cleanup()
@@ -408,7 +393,6 @@ vmnet_ipv6_up_stress_head()
}
vmnet_ipv6_up_stress_body()
{
- atf_skip "Quickly panics: if_freemulti: protospec not NULL"
do_up_stress "vmnet" "6" ""
}
vmnet_ipv6_up_stress_cleanup()
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368666 - stable/12/tests/sys/netpfil/pf
Author: kp
Date: Tue Dec 15 16:15:25 2020
New Revision: 368666
URL: https://svnweb.freebsd.org/changeset/base/368666
Log:
MFC r368239:
pf tests: Re-enable panicing tests
We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these
tests.
Sponsored by: Modirum MDPay
Modified:
stable/12/tests/sys/netpfil/pf/forward.sh
stable/12/tests/sys/netpfil/pf/names.sh
stable/12/tests/sys/netpfil/pf/nat.sh
stable/12/tests/sys/netpfil/pf/set_tos.sh
stable/12/tests/sys/netpfil/pf/synproxy.sh
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/netpfil/pf/forward.sh
==
--- stable/12/tests/sys/netpfil/pf/forward.sh Tue Dec 15 16:13:32 2020
(r368665)
+++ stable/12/tests/sys/netpfil/pf/forward.sh Tue Dec 15 16:15:25 2020
(r368666)
@@ -14,10 +14,6 @@ v4_head()
v4_body()
{
- if [ `uname -p` = "i386" ]; then
- atf_skip "https://bugs.freebsd.org/239380;
- fi
-
pft_init
epair_send=$(vnet_mkepair)
@@ -77,10 +73,6 @@ v6_head()
v6_body()
{
- if [ `uname -p` = "i386" ]; then
- atf_skip "https://bugs.freebsd.org/239380;
- fi
-
pft_init
epair_send=$(vnet_mkepair)
Modified: stable/12/tests/sys/netpfil/pf/names.sh
==
--- stable/12/tests/sys/netpfil/pf/names.sh Tue Dec 15 16:13:32 2020
(r368665)
+++ stable/12/tests/sys/netpfil/pf/names.sh Tue Dec 15 16:15:25 2020
(r368666)
@@ -11,7 +11,6 @@ names_head()
names_body()
{
- atf_skip "Kernel panics when flushing epair queue (bug238870)"
pft_init
epair=$(vnet_mkepair)
Modified: stable/12/tests/sys/netpfil/pf/nat.sh
==
--- stable/12/tests/sys/netpfil/pf/nat.sh Tue Dec 15 16:13:32 2020
(r368665)
+++ stable/12/tests/sys/netpfil/pf/nat.sh Tue Dec 15 16:15:25 2020
(r368666)
@@ -11,10 +11,6 @@ exhaust_head()
exhaust_body()
{
- if [ "$(atf_config_get ci false)" = "true" ]; then
- atf_skip "https://bugs.freebsd.org/244703;
- fi
-
pft_init
epair_nat=$(vnet_mkepair)
Modified: stable/12/tests/sys/netpfil/pf/set_tos.sh
==
--- stable/12/tests/sys/netpfil/pf/set_tos.sh Tue Dec 15 16:13:32 2020
(r368665)
+++ stable/12/tests/sys/netpfil/pf/set_tos.sh Tue Dec 15 16:15:25 2020
(r368666)
@@ -14,10 +14,6 @@ v4_head()
v4_body()
{
- if [ `uname -p` = "i386" ]; then
- atf_skip "https://bugs.freebsd.org/239380;
- fi
-
pft_init
epair_send=$(vnet_mkepair)
Modified: stable/12/tests/sys/netpfil/pf/synproxy.sh
==
--- stable/12/tests/sys/netpfil/pf/synproxy.sh Tue Dec 15 16:13:32 2020
(r368665)
+++ stable/12/tests/sys/netpfil/pf/synproxy.sh Tue Dec 15 16:15:25 2020
(r368666)
@@ -11,7 +11,6 @@ synproxy_head()
synproxy_body()
{
- atf_skip "Kernel panics when flushing epair queue (bug238870)"
pft_init
epair=$(vnet_mkepair)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368665 - stable/12/sys/net
Author: kp
Date: Tue Dec 15 16:13:32 2020
New Revision: 368665
URL: https://svnweb.freebsd.org/changeset/base/368665
Log:
MFC r368238:
net: Revert vnet/epair cleanup race mitigation
Revert the mitigation code for the vnet/epair cleanup race (done in r365457).
r368237 introduced a more reliable fix.
Sponsored by: Modirum MDPay
Modified:
stable/12/sys/net/if.c
stable/12/sys/net/if_epair.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c Tue Dec 15 15:36:41 2020(r368664)
+++ stable/12/sys/net/if.c Tue Dec 15 16:13:32 2020(r368665)
@@ -1322,10 +1322,6 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
ifindex_free_locked(ifp->if_index);
IFNET_WUNLOCK();
- /* Don't re-attach DYING interfaces. */
- if (ifp->if_flags & IFF_DYING)
- return;
-
/*
* Perform interface-specific reassignment tasks, if provided by
* the driver.
Modified: stable/12/sys/net/if_epair.c
==
--- stable/12/sys/net/if_epair.cTue Dec 15 15:36:41 2020
(r368664)
+++ stable/12/sys/net/if_epair.cTue Dec 15 16:13:32 2020
(r368665)
@@ -609,14 +609,8 @@ epair_qflush(struct ifnet *ifp)
struct epair_softc *sc;
sc = ifp->if_softc;
-
- /*
-* See epair_clone_destroy(), we can end up getting called twice.
-* Don't do anything on the second call.
-*/
- if (sc == NULL)
- return;
-
+ KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
+ __func__, ifp, sc));
/*
* Remove this ifp from all backpointer lists. The interface will not
* usable for flushing anyway nor should it have anything to flush
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368663 - stable/12/sys/net
Author: kp
Date: Tue Dec 15 15:33:28 2020
New Revision: 368663
URL: https://svnweb.freebsd.org/changeset/base/368663
Log:
MFC r368237:
if: Fix panic when destroying vnet and epair simultaneously
When destroying a vnet and an epair (with one end in the vnet) we often
panicked. This was the result of the destruction of the epair, which destroys
both ends simultaneously, happening while vnet_if_return() was moving the
struct ifnet to its home vnet. This can result in a freed ifnet being re-added
to the home vnet V_ifnet list. That in turn panics the next time the ifnet is
used.
Prevent this race by ensuring that vnet_if_return() cannot run at the same
time
as if_detach() or epair_clone_destroy().
PR: 238870, 234985, 244703, 250870
Sponsored by: Modirum MDPay
Modified:
stable/12/sys/net/if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c Tue Dec 15 15:13:06 2020(r368662)
+++ stable/12/sys/net/if.c Tue Dec 15 15:33:28 2020(r368663)
@@ -315,6 +315,9 @@ RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw",
struct sx ifnet_sxlock;
SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE);
+struct sx ifnet_detach_sxlock;
+SX_SYSINIT(ifnet_detach, _detach_sxlock, "ifnet_detach_sx");
+
/*
* The allocation of network interfaces is a rather non-atomic affair; we
* need to select an index before we are ready to expose the interface for
@@ -549,7 +552,9 @@ vnet_if_return(const void *unused __unused)
IFNET_WUNLOCK();
for (int j = 0; j < i; j++) {
+ sx_xlock(_detach_sxlock);
if_vmove(pending[j], pending[j]->if_home_vnet);
+ sx_xunlock(_detach_sxlock);
}
free(pending, M_IFNET);
@@ -1102,8 +1107,11 @@ if_detach(struct ifnet *ifp)
CURVNET_SET_QUIET(ifp->if_vnet);
found = if_unlink_ifnet(ifp, false);
- if (found)
+ if (found) {
+ sx_slock(_detach_sxlock);
if_detach_internal(ifp, 0, NULL);
+ sx_sunlock(_detach_sxlock);
+ }
CURVNET_RESTORE();
}
@@ -3141,8 +3149,12 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, s
goto out_noref;
case SIOCIFDESTROY:
error = priv_check(td, PRIV_NET_IFDESTROY);
- if (error == 0)
+
+ if (error == 0) {
+ sx_slock(_detach_sxlock);
error = if_clone_destroy(ifr->ifr_name);
+ sx_sunlock(_detach_sxlock);
+ }
goto out_noref;
case SIOCIFGCLONERS:
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368656 - stable/12/sys/netpfil/pf
Author: kp Date: Tue Dec 15 08:29:45 2020 New Revision: 368656 URL: https://svnweb.freebsd.org/changeset/base/368656 Log: MFC r368588: pf: Allow net.pf.request_maxcount to be set from loader.conf Mark request_maxcount as RWTUN so we can set it both at runtime and from loader.conf. This avoids users getting caught out by the change from tunable to run time configuration. Suggested by: Franco Fichtner Modified: stable/12/sys/netpfil/pf/pf.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf.c == --- stable/12/sys/netpfil/pf/pf.c Tue Dec 15 07:31:00 2020 (r368655) +++ stable/12/sys/netpfil/pf/pf.c Tue Dec 15 08:29:45 2020 (r368656) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RWTUN, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368588 - head/sys/netpfil/pf
Author: kp Date: Sat Dec 12 20:14:39 2020 New Revision: 368588 URL: https://svnweb.freebsd.org/changeset/base/368588 Log: pf: Allow net.pf.request_maxcount to be set from loader.conf Mark request_maxcount as RWTUN so we can set it both at runtime and from loader.conf. This avoids usings getting caught out by the change from tunable to run time configuration. Suggested by: Franco Fichtner MFC after:3 days Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c == --- head/sys/netpfil/pf/pf.cSat Dec 12 19:43:38 2020(r368587) +++ head/sys/netpfil/pf/pf.cSat Dec 12 20:14:39 2020(r368588) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RWTUN, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368554 - stable/12/sys/net
Author: kp
Date: Fri Dec 11 15:39:22 2020
New Revision: 368554
URL: https://svnweb.freebsd.org/changeset/base/368554
Log:
MFC r368020, r368025:
if: Protect V_ifnet in vnet_if_return()
When we terminate a vnet (i.e. jail) we move interfaces back to their home
vnet. We need to protect our access to the V_ifnet CK_LIST.
We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove())
waits for net epoch callback completion. That's not possible from NET_EPOCH.
Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to
move and, once we've released the lock, move them back to their home vnet.
We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a
LOR between ifnet_sx, in_multi_sx and iflib ctx lock.
Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as
we do the list manipulation, but do not hold it as we if_vmove().
if: Fix non-VIMAGE build
if_link_ifnet() and if_unlink_ifnet() are needed even when VIMAGE is not
enabled.
Sponsored by: Modirum MDPay
Modified:
stable/12/sys/net/if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c Fri Dec 11 14:32:42 2020(r368553)
+++ stable/12/sys/net/if.c Fri Dec 11 15:39:22 2020(r368554)
@@ -274,6 +274,8 @@ static int if_getgroupmembers(struct ifgroupreq *);
static voidif_delgroups(struct ifnet *);
static voidif_attach_internal(struct ifnet *, int, struct if_clone *);
static int if_detach_internal(struct ifnet *, int, struct if_clone **);
+static voidif_link_ifnet(struct ifnet *);
+static boolif_unlink_ifnet(struct ifnet *, bool);
#ifdef VIMAGE
static voidif_vmove(struct ifnet *, struct vnet *);
#endif
@@ -472,17 +474,85 @@ vnet_if_uninit(const void *unused __unused)
}
VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDER_FIRST,
vnet_if_uninit, NULL);
+#endif
static void
+if_link_ifnet(struct ifnet *ifp)
+{
+
+ IFNET_WLOCK();
+ CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link);
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt++;
+#endif
+ IFNET_WUNLOCK();
+}
+
+static bool
+if_unlink_ifnet(struct ifnet *ifp, bool vmove)
+{
+ struct ifnet *iter;
+ int found = 0;
+
+ IFNET_WLOCK();
+ CK_STAILQ_FOREACH(iter, _ifnet, if_link)
+ if (iter == ifp) {
+ CK_STAILQ_REMOVE(_ifnet, ifp, ifnet, if_link);
+ if (!vmove)
+ ifp->if_flags |= IFF_DYING;
+ found = 1;
+ break;
+ }
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt--;
+#endif
+ IFNET_WUNLOCK();
+
+ return (found);
+}
+
+#ifdef VIMAGE
+static void
vnet_if_return(const void *unused __unused)
{
struct ifnet *ifp, *nifp;
+ struct ifnet **pending;
+ int found, i;
+ i = 0;
+
+ /*
+* We need to protect our access to the V_ifnet tailq. Ordinarily we'd
+* enter NET_EPOCH, but that's not possible, because if_vmove() calls
+* if_detach_internal(), which waits for NET_EPOCH callbacks to
+* complete. We can't do that from within NET_EPOCH.
+*
+* However, we can also use the IFNET_xLOCK, which is the V_ifnet
+* read/write lock. We cannot hold the lock as we call if_vmove()
+* though, as that presents LOR w.r.t ifnet_sx, in_multi_sx and iflib
+* ctx lock.
+*/
+ IFNET_WLOCK();
+
+ pending = malloc(sizeof(struct ifnet *) * curvnet->vnet_ifcnt,
+ M_IFNET, M_WAITOK | M_ZERO);
+
/* Return all inherited interfaces to their parent vnets. */
CK_STAILQ_FOREACH_SAFE(ifp, _ifnet, if_link, nifp) {
- if (ifp->if_home_vnet != ifp->if_vnet)
- if_vmove(ifp, ifp->if_home_vnet);
+ if (ifp->if_home_vnet != ifp->if_vnet) {
+ found = if_unlink_ifnet(ifp, true);
+ MPASS(found);
+
+ pending[i++] = ifp;
+ }
}
+ IFNET_WUNLOCK();
+
+ for (int j = 0; j < i; j++) {
+ if_vmove(pending[j], pending[j]->if_home_vnet);
+ }
+
+ free(pending, M_IFNET);
}
VNET_SYSUNINIT(vnet_if_return, SI_SUB_VNET_DONE, SI_ORDER_ANY,
vnet_if_return, NULL);
@@ -890,12 +960,7 @@ if_attach_internal(struct ifnet *ifp, int vmove, struc
}
#endif
- IFNET_WLOCK();
- CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link);
-#ifdef VIMAGE
- curvnet->vnet_ifcnt++;
-#endif
- IFNET_WUNLOCK();
+ if_link_ifnet(ifp);
if (domain_init_status >= 2)
if_attachdomain1(ifp);
@@ -1033,9 +1098,12 @@ if_purgemaddrs(struct ifnet *ifp)
void
if_detach(struct ifnet *ifp)
{
+ bool found;
svn commit: r368552 - stable/12/sys/net
Author: kp
Date: Fri Dec 11 14:11:41 2020
New Revision: 368552
URL: https://svnweb.freebsd.org/changeset/base/368552
Log:
MFC r368015:
if: Remove ifnet_rwlock
It no longer serves any purpose, as evidenced by the fact that we never take
it
without ifnet_sxlock.
This differs slightly from r368015 in that we keep the ifnet_rwlock instance
(but no longer take the lock) in case there are external users who still take
the lock.
Sponsored by: Modirum MDPay
Modified:
stable/12/sys/net/if.c
stable/12/sys/net/if_var.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c Fri Dec 11 13:23:59 2020(r368551)
+++ stable/12/sys/net/if.c Fri Dec 11 14:11:41 2020(r368552)
@@ -305,12 +305,8 @@ VNET_DEFINE(struct ifnet **, ifindex_table);
/*
* The global network interface list (V_ifnet) and related state (such as
- * if_index, if_indexlim, and ifindex_table) are protected by an sxlock and
- * an rwlock. Either may be acquired shared to stablize the list, but both
- * must be acquired writable to modify the list. This model allows us to
- * both stablize the interface list during interrupt thread processing, but
- * also to stablize it over long-running ioctls, without introducing priority
- * inversions and deadlocks.
+ * if_index, if_indexlim, and ifindex_table) are protected by an sxlock.
+ * This may be acquired to stabilise the list, or we may rely on NET_EPOCH.
*/
struct rwlock ifnet_rwlock;
RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw", RW_RECURSE);
Modified: stable/12/sys/net/if_var.h
==
--- stable/12/sys/net/if_var.h Fri Dec 11 13:23:59 2020(r368551)
+++ stable/12/sys/net/if_var.h Fri Dec 11 14:11:41 2020(r368552)
@@ -569,27 +569,11 @@ struct ifmultiaddr {
extern struct rwlock ifnet_rwlock;
extern struct sx ifnet_sxlock;
-#defineIFNET_WLOCK() do {
\
- sx_xlock(_sxlock);\
- rw_wlock(_rwlock);\
-} while (0)
-
-#defineIFNET_WUNLOCK() do {
\
- rw_wunlock(_rwlock); \
- sx_xunlock(_sxlock); \
-} while (0)
-
-/*
- * To assert the ifnet lock, you must know not only whether it's for read or
- * write, but also whether it was acquired with sleep support or not.
- */
-#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock,
SA_SLOCKED)
+#defineIFNET_WLOCK() sx_xlock(_sxlock)
+#defineIFNET_WUNLOCK() sx_xunlock(_sxlock)
+#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED)
#defineIFNET_RLOCK_NOSLEEP_ASSERT()
MPASS(in_epoch(net_epoch_preempt))
-#defineIFNET_WLOCK_ASSERT() do {
\
- sx_assert(_sxlock, SA_XLOCKED); \
- rw_assert(_rwlock, RA_WLOCKED); \
-} while (0)
-
+#defineIFNET_WLOCK_ASSERT()sx_assert(_sxlock, SA_XLOCKED)
#defineIFNET_RLOCK() sx_slock(_sxlock)
#defineIFNET_RLOCK_NOSLEEP() struct epoch_tracker ifnet_rlock_et;
epoch_enter_preempt(net_epoch_preempt, _rlock_et)
#defineIFNET_RUNLOCK() sx_sunlock(_sxlock)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368488 - stable/12/tests/sys/netpfil/pf
Author: kp
Date: Wed Dec 9 17:17:45 2020
New Revision: 368488
URL: https://svnweb.freebsd.org/changeset/base/368488
Log:
MFC r368277:
pf tests: Test case for bug #251414
Changing a table from not having counters to having counters (or vice versa)
may trigger panics.
PR: 251414
Modified:
stable/12/tests/sys/netpfil/pf/table.sh
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/netpfil/pf/table.sh
==
--- stable/12/tests/sys/netpfil/pf/table.sh Wed Dec 9 15:28:56 2020
(r368487)
+++ stable/12/tests/sys/netpfil/pf/table.sh Wed Dec 9 17:17:45 2020
(r368488)
@@ -108,8 +108,47 @@ v6_counters_cleanup()
pft_cleanup
}
+atf_test_case "pr251414" "cleanup"
+pr251414_head()
+{
+ atf_set descr 'Test PR 251414'
+ atf_set require.user root
+}
+
+pr251414_body()
+{
+ pft_init
+
+ epair_send=$(vnet_mkepair)
+ ifconfig ${epair_send}a 192.0.2.1/24 up
+
+ vnet_mkjail alcatraz ${epair_send}b
+ jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
+ jexec alcatraz pfctl -e
+
+ pft_set_rules alcatraz \
+ "pass all" \
+ "table { self }" \
+ "pass in log to "
+
+ pft_set_rules noflush alcatraz \
+ "pass all" \
+ "table counters { self }" \
+ "pass in log to "
+
+ atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2
+
+ jexec alcatraz pfctl -t tab -T show -vv
+}
+
+pr251414_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "v4_counters"
atf_add_test_case "v6_counters"
+ atf_add_test_case "pr251414"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368277 - head/tests/sys/netpfil/pf
Author: kp
Date: Wed Dec 2 16:33:23 2020
New Revision: 368277
URL: https://svnweb.freebsd.org/changeset/base/368277
Log:
pf tests: Test case for bug #251414
Changing a table from not having counters to having counters (or vice versa)
may trigger panics.
PR: 251414
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D27441
Modified:
head/tests/sys/netpfil/pf/table.sh
Modified: head/tests/sys/netpfil/pf/table.sh
==
--- head/tests/sys/netpfil/pf/table.sh Wed Dec 2 16:01:43 2020
(r368276)
+++ head/tests/sys/netpfil/pf/table.sh Wed Dec 2 16:33:23 2020
(r368277)
@@ -108,8 +108,47 @@ v6_counters_cleanup()
pft_cleanup
}
+atf_test_case "pr251414" "cleanup"
+pr251414_head()
+{
+ atf_set descr 'Test PR 251414'
+ atf_set require.user root
+}
+
+pr251414_body()
+{
+ pft_init
+
+ epair_send=$(vnet_mkepair)
+ ifconfig ${epair_send}a 192.0.2.1/24 up
+
+ vnet_mkjail alcatraz ${epair_send}b
+ jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
+ jexec alcatraz pfctl -e
+
+ pft_set_rules alcatraz \
+ "pass all" \
+ "table { self }" \
+ "pass in log to "
+
+ pft_set_rules noflush alcatraz \
+ "pass all" \
+ "table counters { self }" \
+ "pass in log to "
+
+ atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2
+
+ jexec alcatraz pfctl -t tab -T show -vv
+}
+
+pr251414_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "v4_counters"
atf_add_test_case "v6_counters"
+ atf_add_test_case "pr251414"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368239 - head/tests/sys/netpfil/pf
Author: kp
Date: Tue Dec 1 16:44:36 2020
New Revision: 368239
URL: https://svnweb.freebsd.org/changeset/base/368239
Log:
pf tests: Re-enable panicing tests
We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these
tests.
MFC after:2 weeks
Sponsored by: Modirum MDPay
Modified:
head/tests/sys/netpfil/pf/names.sh
head/tests/sys/netpfil/pf/nat.sh
head/tests/sys/netpfil/pf/synproxy.sh
Modified: head/tests/sys/netpfil/pf/names.sh
==
--- head/tests/sys/netpfil/pf/names.sh Tue Dec 1 16:34:43 2020
(r368238)
+++ head/tests/sys/netpfil/pf/names.sh Tue Dec 1 16:44:36 2020
(r368239)
@@ -36,7 +36,6 @@ names_head()
names_body()
{
- atf_skip "Kernel panics when flushing epair queue (bug238870)"
pft_init
epair=$(vnet_mkepair)
Modified: head/tests/sys/netpfil/pf/nat.sh
==
--- head/tests/sys/netpfil/pf/nat.shTue Dec 1 16:34:43 2020
(r368238)
+++ head/tests/sys/netpfil/pf/nat.shTue Dec 1 16:44:36 2020
(r368239)
@@ -36,10 +36,6 @@ exhaust_head()
exhaust_body()
{
- if [ "$(atf_config_get ci false)" = "true" ]; then
- atf_skip "https://bugs.freebsd.org/244703;
- fi
-
pft_init
epair_nat=$(vnet_mkepair)
Modified: head/tests/sys/netpfil/pf/synproxy.sh
==
--- head/tests/sys/netpfil/pf/synproxy.sh Tue Dec 1 16:34:43 2020
(r368238)
+++ head/tests/sys/netpfil/pf/synproxy.sh Tue Dec 1 16:44:36 2020
(r368239)
@@ -36,7 +36,6 @@ synproxy_head()
synproxy_body()
{
- atf_skip "Kernel panics when flushing epair queue (bug238870)"
pft_init
epair=$(vnet_mkepair)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368238 - head/sys/net
Author: kp
Date: Tue Dec 1 16:34:43 2020
New Revision: 368238
URL: https://svnweb.freebsd.org/changeset/base/368238
Log:
net: Revert vnet/epair cleanup race mitigation
Revert the mitigation code for the vnet/epair cleanup race (done in r365457).
r368237 introduced a more reliable fix.
MFC after:2 weeks
Sponsored by: Modirum MDPay
Modified:
head/sys/net/if.c
head/sys/net/if_epair.c
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Tue Dec 1 16:23:59 2020(r368237)
+++ head/sys/net/if.c Tue Dec 1 16:34:43 2020(r368238)
@@ -1338,11 +1338,6 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
ifindex_free_locked(ifp->if_index);
IFNET_WUNLOCK();
-
- /* Don't re-attach DYING interfaces. */
- if (ifp->if_flags & IFF_DYING)
- return (0);
-
/*
* Perform interface-specific reassignment tasks, if provided by
* the driver.
Modified: head/sys/net/if_epair.c
==
--- head/sys/net/if_epair.c Tue Dec 1 16:23:59 2020(r368237)
+++ head/sys/net/if_epair.c Tue Dec 1 16:34:43 2020(r368238)
@@ -611,14 +611,8 @@ epair_qflush(struct ifnet *ifp)
struct epair_softc *sc;
sc = ifp->if_softc;
-
- /*
-* See epair_clone_destroy(), we can end up getting called twice.
-* Don't do anything on the second call.
-*/
- if (sc == NULL)
- return;
-
+ KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
+ __func__, ifp, sc));
/*
* Remove this ifp from all backpointer lists. The interface will not
* usable for flushing anyway nor should it have anything to flush
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368237 - head/sys/net
Author: kp
Date: Tue Dec 1 16:23:59 2020
New Revision: 368237
URL: https://svnweb.freebsd.org/changeset/base/368237
Log:
if: Fix panic when destroying vnet and epair simultaneously
When destroying a vnet and an epair (with one end in the vnet) we often
panicked. This was the result of the destruction of the epair, which destroys
both ends simultaneously, happening while vnet_if_return() was moving the
struct ifnet to its home vnet. This can result in a freed ifnet being re-added
to the home vnet V_ifnet list. That in turn panics the next time the ifnet is
used.
Prevent this race by ensuring that vnet_if_return() cannot run at the same
time
as if_detach() or epair_clone_destroy().
PR: 238870, 234985, 244703, 250870
MFC after:2 weeks
Sponsored by: Modirum MDPay
Differential Revision:https://reviews.freebsd.org/D27378
Modified:
head/sys/net/if.c
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Tue Dec 1 16:06:31 2020(r368236)
+++ head/sys/net/if.c Tue Dec 1 16:23:59 2020(r368237)
@@ -314,6 +314,9 @@ VNET_DEFINE(struct ifnet **, ifindex_table);
struct sx ifnet_sxlock;
SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE);
+struct sx ifnet_detach_sxlock;
+SX_SYSINIT(ifnet_detach, _detach_sxlock, "ifnet_detach_sx");
+
/*
* The allocation of network interfaces is a rather non-atomic affair; we
* need to select an index before we are ready to expose the interface for
@@ -543,7 +546,9 @@ vnet_if_return(const void *unused __unused)
IFNET_WUNLOCK();
for (int j = 0; j < i; j++) {
+ sx_xlock(_detach_sxlock);
if_vmove(pending[j], pending[j]->if_home_vnet);
+ sx_xunlock(_detach_sxlock);
}
free(pending, M_IFNET);
@@ -1118,8 +1123,11 @@ if_detach(struct ifnet *ifp)
CURVNET_SET_QUIET(ifp->if_vnet);
found = if_unlink_ifnet(ifp, false);
- if (found)
+ if (found) {
+ sx_slock(_detach_sxlock);
if_detach_internal(ifp, 0, NULL);
+ sx_sunlock(_detach_sxlock);
+ }
CURVNET_RESTORE();
}
@@ -3010,8 +3018,12 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, s
goto out_noref;
case SIOCIFDESTROY:
error = priv_check(td, PRIV_NET_IFDESTROY);
- if (error == 0)
+
+ if (error == 0) {
+ sx_slock(_detach_sxlock);
error = if_clone_destroy(ifr->ifr_name);
+ sx_sunlock(_detach_sxlock);
+ }
goto out_noref;
case SIOCIFGCLONERS:
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368235 - stable/12/tests/sys/netpfil/pf/ioctl
Author: kp
Date: Tue Dec 1 16:02:52 2020
New Revision: 368235
URL: https://svnweb.freebsd.org/changeset/base/368235
Log:
MFC r367990:
pf tests: provoke tag hashing panic
Attempt to provoke the panic fixed in r367987.
Modified:
stable/12/tests/sys/netpfil/pf/ioctl/validation.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/netpfil/pf/ioctl/validation.c
==
--- stable/12/tests/sys/netpfil/pf/ioctl/validation.c Tue Dec 1 15:53:12
2020(r368234)
+++ stable/12/tests/sys/netpfil/pf/ioctl/validation.c Tue Dec 1 16:02:52
2020(r368235)
@@ -790,6 +790,43 @@ ATF_TC_CLEANUP(getsrcnodes, tc)
COMMON_CLEANUP();
}
+ATF_TC_WITH_CLEANUP(tag);
+ATF_TC_HEAD(tag, tc)
+{
+ atf_tc_set_md_var(tc, "require.user", "root");
+}
+
+ATF_TC_BODY(tag, tc)
+{
+ struct pfioc_rule rule;
+
+ COMMON_HEAD();
+
+ memset(, 0x42, sizeof(rule));
+
+ rule.ticket = 0;
+ rule.pool_ticket = 0;
+ rule.anchor[0] = 0;
+
+ rule.rule.return_icmp = 0;
+ bzero(, sizeof(rule.rule.src));
+ bzero(, sizeof(rule.rule.dst));
+
+ rule.rule.ifname[0] = 0;
+ rule.rule.action = 0;
+ rule.rule.rtableid = 0;
+
+ rule.rule.tagname[0] = 0;
+
+ for (int i = 0; i < 10; i++)
+ ioctl(dev, DIOCADDRULE, );
+}
+
+ATF_TC_CLEANUP(tag, tc)
+{
+ COMMON_CLEANUP();
+}
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, addtables);
@@ -811,6 +848,7 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, cxrollback);
ATF_TP_ADD_TC(tp, commit);
ATF_TP_ADD_TC(tp, getsrcnodes);
+ ATF_TP_ADD_TC(tp, tag);
return (atf_no_error());
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368101 - stable/12/tests/sys/netpfil/pf
Author: kp
Date: Fri Nov 27 11:12:59 2020
New Revision: 368101
URL: https://svnweb.freebsd.org/changeset/base/368101
Log:
MFC r367869:
pf tests: Basic source tracking test
Added:
stable/12/tests/sys/netpfil/pf/src_track.sh
- copied unchanged from r367869, head/tests/sys/netpfil/pf/src_track.sh
Modified:
stable/12/tests/sys/netpfil/pf/Makefile
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/netpfil/pf/Makefile
==
--- stable/12/tests/sys/netpfil/pf/Makefile Fri Nov 27 11:12:10 2020
(r368100)
+++ stable/12/tests/sys/netpfil/pf/Makefile Fri Nov 27 11:12:59 2020
(r368101)
@@ -12,6 +12,7 @@ ATF_TESTS_SH+=anchor \
names \
nat \
set_tos \
+ src_track \
rdr \
route_to \
synproxy \
Copied: stable/12/tests/sys/netpfil/pf/src_track.sh (from r367869,
head/tests/sys/netpfil/pf/src_track.sh)
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/12/tests/sys/netpfil/pf/src_track.sh Fri Nov 27 11:12:59 2020
(r368101, copy of r367869, head/tests/sys/netpfil/pf/src_track.sh)
@@ -0,0 +1,66 @@
+# $FreeBSD$
+#
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2020 Kristof Provost
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#notice, this list of conditions and the following disclaimer in the
+#documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "source_track" "cleanup"
+source_track_head()
+{
+ atf_set descr 'Basic source tracking test'
+ atf_set require.user root
+}
+
+source_track_body()
+{
+ pft_init
+
+ epair=$(vnet_mkepair)
+
+ vnet_mkjail alcatraz ${epair}b
+
+ ifconfig ${epair}a 192.0.2.2/24 up
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+ # Enable pf!
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz \
+ "pass in keep state (source-track)" \
+ "pass out keep state (source-track)"
+
+ ping -c 3 192.0.2.1
+ jexec alcatraz pfctl -s all -v
+}
+
+source_track_cleanup()
+{
+ pft_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case "source_track"
+}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368100 - stable/12/sys/netpfil/pf
Author: kp
Date: Fri Nov 27 11:12:10 2020
New Revision: 368100
URL: https://svnweb.freebsd.org/changeset/base/368100
Log:
MFC r367867:
pf: Fix incorrect assertion
We never set PFRULE_RULESRCTRACK when calling pf_insert_src_node(). We do set
PFRULE_SRCTRACK, so update the assertion to match.
Modified:
stable/12/sys/netpfil/pf/pf.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf.c
==
--- stable/12/sys/netpfil/pf/pf.c Fri Nov 27 09:07:46 2020
(r368099)
+++ stable/12/sys/netpfil/pf/pf.c Fri Nov 27 11:12:10 2020
(r368100)
@@ -705,7 +705,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_
struct pf_addr *src, sa_family_t af)
{
- KASSERT((rule->rule_flag & PFRULE_RULESRCTRACK ||
+ KASSERT((rule->rule_flag & PFRULE_SRCTRACK ||
rule->rpool.opts & PF_POOL_STICKYADDR),
("%s for non-tracking rule %p", __func__, rule));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368054 - stable/12/sys/net
Author: kp
Date: Thu Nov 26 10:17:56 2020
New Revision: 368054
URL: https://svnweb.freebsd.org/changeset/base/368054
Log:
Add missing NET_EPOCH_EXIT() to if_bridge
In r367706 one return in bridge_input() did not NET_EPOCH_EXIT(), which caused
seemingly random panics on the next use of NET_EPOCH.
Direct commit to stable/12, because this code is different in CURRENT.
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Thu Nov 26 09:07:45 2020
(r368053)
+++ stable/12/sys/net/if_bridge.c Thu Nov 26 10:17:56 2020
(r368054)
@@ -2528,6 +2528,7 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
OR_PFIL_HOOKED_INET6)) { \
if (bridge_pfil(, NULL, ifp, \
PFIL_IN) != 0 || m == NULL) { \
+ NET_EPOCH_EXIT_ET(et); \
return (NULL); \
} \
eh = mtod(m, struct ether_header *);\
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368025 - head/sys/net
Author: kp
Date: Wed Nov 25 17:15:24 2020
New Revision: 368025
URL: https://svnweb.freebsd.org/changeset/base/368025
Log:
if: Fix non-VIMAGE build
if_link_ifnet() and if_unlink_ifnet() are needed even when VIMAGE is not
enabled.
MFC after:2 weeks
Sponsored by: Modirum MDPay
Modified:
head/sys/net/if.c
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Wed Nov 25 17:12:21 2020(r368024)
+++ head/sys/net/if.c Wed Nov 25 17:15:24 2020(r368025)
@@ -468,6 +468,7 @@ vnet_if_uninit(const void *unused __unused)
}
VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDER_FIRST,
vnet_if_uninit, NULL);
+#endif
static void
if_link_ifnet(struct ifnet *ifp)
@@ -504,6 +505,7 @@ if_unlink_ifnet(struct ifnet *ifp, bool vmove)
return (found);
}
+#ifdef VIMAGE
static void
vnet_if_return(const void *unused __unused)
{
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368020 - head/sys/net
Author: kp
Date: Wed Nov 25 15:07:22 2020
New Revision: 368020
URL: https://svnweb.freebsd.org/changeset/base/368020
Log:
if: Protect V_ifnet in vnet_if_return()
When we terminate a vnet (i.e. jail) we move interfaces back to their home
vnet. We need to protect our access to the V_ifnet CK_LIST.
We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove())
waits for net epoch callback completion. That's not possible from NET_EPOCH.
Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to
move and, once we've released the lock, move them back to their home vnet.
We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a
LOR between ifnet_sx, in_multi_sx and iflib ctx lock.
Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as
we do the list manipulation, but do not hold it as we if_vmove().
Reviewed by: melifaro
MFC after:2 weeks
Sponsored by: Modirum MDPay
Differential Revision:https://reviews.freebsd.org/D27279
Modified:
head/sys/net/if.c
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Wed Nov 25 14:26:13 2020(r368019)
+++ head/sys/net/if.c Wed Nov 25 15:07:22 2020(r368020)
@@ -275,6 +275,8 @@ static void if_delgroups(struct ifnet *);
static voidif_attach_internal(struct ifnet *, int, struct if_clone *);
static int if_detach_internal(struct ifnet *, int, struct if_clone **);
static voidif_siocaddmulti(void *, int);
+static voidif_link_ifnet(struct ifnet *);
+static boolif_unlink_ifnet(struct ifnet *, bool);
#ifdef VIMAGE
static int if_vmove(struct ifnet *, struct vnet *);
#endif
@@ -468,15 +470,81 @@ VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDE
vnet_if_uninit, NULL);
static void
+if_link_ifnet(struct ifnet *ifp)
+{
+
+ IFNET_WLOCK();
+ CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link);
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt++;
+#endif
+ IFNET_WUNLOCK();
+}
+
+static bool
+if_unlink_ifnet(struct ifnet *ifp, bool vmove)
+{
+ struct ifnet *iter;
+ int found = 0;
+
+ IFNET_WLOCK();
+ CK_STAILQ_FOREACH(iter, _ifnet, if_link)
+ if (iter == ifp) {
+ CK_STAILQ_REMOVE(_ifnet, ifp, ifnet, if_link);
+ if (!vmove)
+ ifp->if_flags |= IFF_DYING;
+ found = 1;
+ break;
+ }
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt--;
+#endif
+ IFNET_WUNLOCK();
+
+ return (found);
+}
+
+static void
vnet_if_return(const void *unused __unused)
{
struct ifnet *ifp, *nifp;
+ struct ifnet **pending;
+ int found, i;
+ i = 0;
+
+ /*
+* We need to protect our access to the V_ifnet tailq. Ordinarily we'd
+* enter NET_EPOCH, but that's not possible, because if_vmove() calls
+* if_detach_internal(), which waits for NET_EPOCH callbacks to
+* complete. We can't do that from within NET_EPOCH.
+*
+* However, we can also use the IFNET_xLOCK, which is the V_ifnet
+* read/write lock. We cannot hold the lock as we call if_vmove()
+* though, as that presents LOR w.r.t ifnet_sx, in_multi_sx and iflib
+* ctx lock.
+*/
+ IFNET_WLOCK();
+
+ pending = malloc(sizeof(struct ifnet *) * curvnet->vnet_ifcnt,
+ M_IFNET, M_WAITOK | M_ZERO);
+
/* Return all inherited interfaces to their parent vnets. */
CK_STAILQ_FOREACH_SAFE(ifp, _ifnet, if_link, nifp) {
- if (ifp->if_home_vnet != ifp->if_vnet)
- if_vmove(ifp, ifp->if_home_vnet);
+ if (ifp->if_home_vnet != ifp->if_vnet) {
+ found = if_unlink_ifnet(ifp, true);
+ MPASS(found);
+
+ pending[i++] = ifp;
+ }
}
+ IFNET_WUNLOCK();
+
+ for (int j = 0; j < i; j++) {
+ if_vmove(pending[j], pending[j]->if_home_vnet);
+ }
+
+ free(pending, M_IFNET);
}
VNET_SYSUNINIT(vnet_if_return, SI_SUB_VNET_DONE, SI_ORDER_ANY,
vnet_if_return, NULL);
@@ -906,12 +974,7 @@ if_attach_internal(struct ifnet *ifp, int vmove, struc
}
#endif
- IFNET_WLOCK();
- CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link);
-#ifdef VIMAGE
- curvnet->vnet_ifcnt++;
-#endif
- IFNET_WUNLOCK();
+ if_link_ifnet(ifp);
if (domain_init_status >= 2)
if_attachdomain1(ifp);
@@ -1049,9 +1112,12 @@ if_purgemaddrs(struct ifnet *ifp)
void
if_detach(struct ifnet *ifp)
{
+ bool found;
CURVNET_SET_QUIET(ifp->if_vnet);
- if_detach_internal(ifp, 0, NULL);
+ found = if_unlink_ifnet(ifp, false);
+ if (found)
+ if_detach_internal(ifp, 0, NULL);
CURVNET_RESTORE();
svn commit: r368015 - head/sys/net
Author: kp
Date: Wed Nov 25 10:56:38 2020
New Revision: 368015
URL: https://svnweb.freebsd.org/changeset/base/368015
Log:
if: Remove ifnet_rwlock
It no longer serves any purpose, as evidenced by the fact that we never take
it
without ifnet_sxlock.
Sponsored by: Modirum MDPay
Differential Revision:https://reviews.freebsd.org/D27278
Modified:
head/sys/net/if.c
head/sys/net/if_var.h
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Wed Nov 25 10:21:29 2020(r368014)
+++ head/sys/net/if.c Wed Nov 25 10:56:38 2020(r368015)
@@ -306,15 +306,9 @@ VNET_DEFINE(struct ifnet **, ifindex_table);
/*
* The global network interface list (V_ifnet) and related state (such as
- * if_index, if_indexlim, and ifindex_table) are protected by an sxlock and
- * an rwlock. Either may be acquired shared to stablize the list, but both
- * must be acquired writable to modify the list. This model allows us to
- * both stablize the interface list during interrupt thread processing, but
- * also to stablize it over long-running ioctls, without introducing priority
- * inversions and deadlocks.
+ * if_index, if_indexlim, and ifindex_table) are protected by an sxlock.
+ * This may be acquired to stabilise the list, or we may rely on NET_EPOCH.
*/
-struct rwlock ifnet_rwlock;
-RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw", RW_RECURSE);
struct sx ifnet_sxlock;
SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE);
Modified: head/sys/net/if_var.h
==
--- head/sys/net/if_var.h Wed Nov 25 10:21:29 2020(r368014)
+++ head/sys/net/if_var.h Wed Nov 25 10:56:38 2020(r368015)
@@ -593,29 +593,12 @@ struct ifmultiaddr {
struct epoch_context ifma_epoch_ctx;
};
-extern struct rwlock ifnet_rwlock;
extern struct sx ifnet_sxlock;
-#defineIFNET_WLOCK() do {
\
- sx_xlock(_sxlock);\
- rw_wlock(_rwlock);\
-} while (0)
-
-#defineIFNET_WUNLOCK() do {
\
- rw_wunlock(_rwlock); \
- sx_xunlock(_sxlock); \
-} while (0)
-
-/*
- * To assert the ifnet lock, you must know not only whether it's for read or
- * write, but also whether it was acquired with sleep support or not.
- */
-#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock,
SA_SLOCKED)
-#defineIFNET_WLOCK_ASSERT() do {
\
- sx_assert(_sxlock, SA_XLOCKED); \
- rw_assert(_rwlock, RA_WLOCKED); \
-} while (0)
-
+#defineIFNET_WLOCK() sx_xlock(_sxlock)
+#defineIFNET_WUNLOCK() sx_xunlock(_sxlock)
+#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED)
+#defineIFNET_WLOCK_ASSERT()sx_assert(_sxlock, SA_XLOCKED)
#defineIFNET_RLOCK() sx_slock(_sxlock)
#defineIFNET_RUNLOCK() sx_sunlock(_sxlock)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367990 - head/tests/sys/netpfil/pf/ioctl
Author: kp
Date: Tue Nov 24 17:32:49 2020
New Revision: 367990
URL: https://svnweb.freebsd.org/changeset/base/367990
Log:
pf tests: provoke tag hashing panic
Attempt to provoke the panic fixed in r367987.
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D27350
Modified:
head/tests/sys/netpfil/pf/ioctl/validation.c
Modified: head/tests/sys/netpfil/pf/ioctl/validation.c
==
--- head/tests/sys/netpfil/pf/ioctl/validation.cTue Nov 24 17:13:08
2020(r367989)
+++ head/tests/sys/netpfil/pf/ioctl/validation.cTue Nov 24 17:32:49
2020(r367990)
@@ -790,6 +790,43 @@ ATF_TC_CLEANUP(getsrcnodes, tc)
COMMON_CLEANUP();
}
+ATF_TC_WITH_CLEANUP(tag);
+ATF_TC_HEAD(tag, tc)
+{
+ atf_tc_set_md_var(tc, "require.user", "root");
+}
+
+ATF_TC_BODY(tag, tc)
+{
+ struct pfioc_rule rule;
+
+ COMMON_HEAD();
+
+ memset(, 0x42, sizeof(rule));
+
+ rule.ticket = 0;
+ rule.pool_ticket = 0;
+ rule.anchor[0] = 0;
+
+ rule.rule.return_icmp = 0;
+ bzero(, sizeof(rule.rule.src));
+ bzero(, sizeof(rule.rule.dst));
+
+ rule.rule.ifname[0] = 0;
+ rule.rule.action = 0;
+ rule.rule.rtableid = 0;
+
+ rule.rule.tagname[0] = 0;
+
+ for (int i = 0; i < 10; i++)
+ ioctl(dev, DIOCADDRULE, );
+}
+
+ATF_TC_CLEANUP(tag, tc)
+{
+ COMMON_CLEANUP();
+}
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, addtables);
@@ -811,6 +848,7 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, cxrollback);
ATF_TP_ADD_TC(tp, commit);
ATF_TP_ADD_TC(tp, getsrcnodes);
+ ATF_TP_ADD_TC(tp, tag);
return (atf_no_error());
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367869 - head/tests/sys/netpfil/pf
Author: kp
Date: Fri Nov 20 10:11:03 2020
New Revision: 367869
URL: https://svnweb.freebsd.org/changeset/base/367869
Log:
pf tests: Basic source tracking test
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D27255
Added:
head/tests/sys/netpfil/pf/src_track.sh (contents, props changed)
Modified:
head/tests/sys/netpfil/pf/Makefile
Modified: head/tests/sys/netpfil/pf/Makefile
==
--- head/tests/sys/netpfil/pf/Makefile Fri Nov 20 10:09:48 2020
(r367868)
+++ head/tests/sys/netpfil/pf/Makefile Fri Nov 20 10:11:03 2020
(r367869)
@@ -12,6 +12,7 @@ ATF_TESTS_SH+=anchor \
names \
nat \
set_tos \
+ src_track \
rdr \
route_to \
synproxy \
Added: head/tests/sys/netpfil/pf/src_track.sh
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/netpfil/pf/src_track.sh Fri Nov 20 10:11:03 2020
(r367869)
@@ -0,0 +1,66 @@
+# $FreeBSD$
+#
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2020 Kristof Provost
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#notice, this list of conditions and the following disclaimer in the
+#documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "source_track" "cleanup"
+source_track_head()
+{
+ atf_set descr 'Basic source tracking test'
+ atf_set require.user root
+}
+
+source_track_body()
+{
+ pft_init
+
+ epair=$(vnet_mkepair)
+
+ vnet_mkjail alcatraz ${epair}b
+
+ ifconfig ${epair}a 192.0.2.2/24 up
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+ # Enable pf!
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz \
+ "pass in keep state (source-track)" \
+ "pass out keep state (source-track)"
+
+ ping -c 3 192.0.2.1
+ jexec alcatraz pfctl -s all -v
+}
+
+source_track_cleanup()
+{
+ pft_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case "source_track"
+}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367867 - head/sys/netpfil/pf
Author: kp
Date: Fri Nov 20 10:08:33 2020
New Revision: 367867
URL: https://svnweb.freebsd.org/changeset/base/367867
Log:
pf: Fix incorrect assertion
We never set PFRULE_RULESRCTRACK when calling pf_insert_src_node(). We do set
PFRULE_SRCTRACK, so update the assertion to match.
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D27254
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==
--- head/sys/netpfil/pf/pf.cFri Nov 20 09:56:46 2020(r367866)
+++ head/sys/netpfil/pf/pf.cFri Nov 20 10:08:33 2020(r367867)
@@ -705,7 +705,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_
struct pf_addr *src, sa_family_t af)
{
- KASSERT((rule->rule_flag & PFRULE_RULESRCTRACK ||
+ KASSERT((rule->rule_flag & PFRULE_SRCTRACK ||
rule->rpool.opts & PF_POOL_STICKYADDR),
("%s for non-tracking rule %p", __func__, rule));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367706 - stable/12/sys/net
Author: kp
Date: Sun Nov 15 11:56:16 2020
New Revision: 367706
URL: https://svnweb.freebsd.org/changeset/base/367706
Log:
MFC r366500:
bridge: call member interface ioctl() without NET_EPOCH
We're not allowed to hold NET_EPOCH while sleeping, so when we call ioctl()
handlers for member interfaces we cannot be in NET_EPOCH. We still need some
protection of our CK_LISTs, so hold BRIDGE_LOCK instead.
That requires changing BRIDGE_LOCK into a sleepable lock, and separating the
BRIDGE_RT_LOCK, to protect bridge_rtnode lists. That lock is taken in the data
path (while in NET_EPOCH), so it cannot be a sleepable lock.
While here document the locking strategy.
Modified:
stable/12/sys/net/if_bridge.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Sun Nov 15 11:46:44 2020
(r367705)
+++ stable/12/sys/net/if_bridge.c Sun Nov 15 11:56:16 2020
(r367706)
@@ -186,17 +186,41 @@ extern void nd6_setmtu(struct ifnet *);
/*
* Bridge locking
+ *
+ * The bridge relies heavily on the epoch(9) system to protect its data
+ * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we
+ * must ensure there is only one writer at a time.
+ *
+ * That is: for read accesses we only need to be in NET_EPOCH, but for write
+ * accesses we must hold:
+ *
+ * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes
+ * - BRIDGE_LOCK, for any other change
+ *
+ * The BRIDGE_LOCK is a sleepable lock, because it is held accross ioctl()
+ * calls to bridge member interfaces and these ioctl()s can sleep.
+ * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes
+ * required while we're in NET_EPOCH and then we're not allowed to sleep.
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
- mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
+ sx_init(&(_sc)->sc_sx, "if_bridge");\
+ mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
- mtx_destroy(&(_sc)->sc_mtx);\
+ sx_destroy(&(_sc)->sc_sx); \
+ mtx_destroy(&(_sc)->sc_rt_mtx); \
} while (0)
-#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
-#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
-#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
-#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
+#define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx)
+#define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx)
+#define BRIDGE_LOCK_ASSERT(_sc)sx_assert(&(_sc)->sc_sx,
SX_XLOCKED)
+#define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
+ MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx))
+#define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED)
+#define BRIDGE_RT_LOCK(_sc)mtx_lock(&(_sc)->sc_rt_mtx)
+#define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx)
+#define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED)
+#define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc)\
+ MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx))
/*
* Bridge interface list entry.
@@ -237,7 +261,8 @@ struct bridge_rtnode {
struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
- struct mtx sc_mtx;
+ struct sx sc_sx;
+ struct mtx sc_rt_mtx;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
@@ -255,8 +280,8 @@ struct bridge_softc {
struct epoch_contextsc_epoch_ctx;
};
-VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx);
-#defineV_bridge_list_mtx VNET(bridge_list_mtx)
+VNET_DEFINE_STATIC(struct sx, bridge_list_sx);
+#defineV_bridge_list_sxVNET(bridge_list_sx)
static eventhandler_tag bridge_detach_cookie;
intbridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
@@ -539,11 +564,11 @@ const int bridge_control_table_size = nitems(bridge_co
VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list);
#defineV_bridge_list VNET(bridge_list)
-#defineBRIDGE_LIST_LOCK_INIT(x)mtx_init(_bridge_list_mtx,
\
- "if_bridge list", NULL, MTX_DEF)
-#defineBRIDGE_LIST_LOCK_DESTROY(x) mtx_destroy(_bridge_list_mtx)
-#defineBRIDGE_LIST_LOCK(x) mtx_lock(_bridge_list_mtx)
-#defineBRIDGE_LIST_UNLOCK(x)
svn commit: r367705 - stable/12/sys/net
Author: kp
Date: Sun Nov 15 11:46:44 2020
New Revision: 367705
URL: https://svnweb.freebsd.org/changeset/base/367705
Log:
bridge: epoch-ification
Undo the revert (r363568). This commit still violates epoch rules by sleeping
within NET_EPOCH. That will be resolved in the following commit.
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Sun Nov 15 11:28:02 2020
(r367704)
+++ stable/12/sys/net/if_bridge.c Sun Nov 15 11:46:44 2020
(r367705)
@@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *);
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
- cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
mtx_destroy(&(_sc)->sc_mtx);\
- cv_destroy(&(_sc)->sc_cv); \
} while (0)
#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
-#defineBRIDGE_LOCK2REF(_sc, _err) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- if ((_sc)->sc_iflist_xcnt > 0) \
- (_err) = EBUSY; \
- else\
- (_sc)->sc_iflist_ref++; \
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_UNREF(_sc) do {
\
- mtx_lock(&(_sc)->sc_mtx); \
- (_sc)->sc_iflist_ref--; \
- if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
- cv_broadcast(&(_sc)->sc_cv);\
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XLOCK(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt++;\
- while ((_sc)->sc_iflist_ref > 0)\
- cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XDROP(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt--;\
-} while (0)
/*
* Bridge interface list entry.
@@ -237,6 +210,8 @@ struct bridge_iflist {
uint32_tbif_addrmax;/* max # of addresses */
uint32_tbif_addrcnt;/* cur. # of addresses */
uint32_tbif_addrexceeded;/* # of address violations */
+
+ struct epoch_contextbif_epoch_ctx;
};
/*
@@ -250,6 +225,9 @@ struct bridge_rtnode {
uint8_t brt_flags; /* address flags */
uint8_t brt_addr[ETHER_ADDR_LEN];
uint16_tbrt_vlan; /* vlan id */
+
+ struct vnet*brt_vnet;
+ struct epoch_context brt_epoch_ctx;
};
#definebrt_ifp brt_dst->bif_ifp
@@ -260,13 +238,10 @@ struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
struct mtx sc_mtx;
- struct cv sc_cv;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
struct callout sc_brcallout; /* bridge callout */
- uint32_tsc_iflist_ref; /* refcount for sc_iflist */
- uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */
CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface
list */
CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table
*/
CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of
above */
@@ -276,6 +251,8 @@ struct bridge_softc {
uint32_tsc_brtexceeded; /* # of cache drops */
struct ifnet*sc_ifaddr; /* member mac copied from */
struct ether_addr sc_defaddr; /* Default MAC address */
+
+ struct epoch_contextsc_epoch_ctx;
};
VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx);
@@ -595,6 +572,11 @@ vnet_bridge_uninit(const void *unused __unused)
if_clone_detach(V_bridge_cloner);
V_bridge_cloner = NULL;
BRIDGE_LIST_LOCK_DESTROY();
+
+ /* Before we can destroy the uma zone, because there
Re: svn commit: r367321 - head/sys/amd64/linux
On 4 Nov 2020, at 11:45, Gordon Bergling wrote: Shouldn't such a commit be approved by someone? The committer’s guide seems clear that doc committers may fix comments: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/committer.types.html doc committers may commit documentation changes to src files, such as man pages, READMEs, fortune databases, calendar files, and comment fixes without approval from a src committer, subject to the normal care and tending of commits. Arguably minor spelling fixes are not worth confusing the blame output for, but this seems well within the established rules. And why you just abandoned the differential [1]? Probably because it timed out. The review had been pending since August. Arguably the differential link should have been included as well, but it’s hardly important in this case. I don’t think we have explicit policies about this. We probably should. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367078 - head/sys/riscv/riscv
Author: kp Date: Tue Oct 27 12:44:49 2020 New Revision: 367078 URL: https://svnweb.freebsd.org/changeset/base/367078 Log: riscv: Minor cleanup in startup code - remove setting of register value which is not used until the next value is set - Use the L2_SHIFT constant when setting up L2 superpages Submitted by: Antonin Houska Modified: head/sys/riscv/riscv/locore.S Modified: head/sys/riscv/riscv/locore.S == --- head/sys/riscv/riscv/locore.S Tue Oct 27 12:32:17 2020 (r367077) +++ head/sys/riscv/riscv/locore.S Tue Oct 27 12:44:49 2020 (r367078) @@ -135,10 +135,9 @@ pagetables: /* Level 2 superpages (512 x 2MiB) */ lla s1, pagetable_l2 - srlit4, s9, 21 /* Div physmem base by 2 MiB */ + srlit4, s9, L2_SHIFT/* Div physmem base by 2 MiB */ li t2, 512 /* Build 512 entries */ add t3, t4, t2 - li t5, 0 li t0, (PTE_KERN | PTE_X) 1: sllit2, t4, PTE_PPN1_S /* << PTE_PPN1_S */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367058 - stable/12/tests/sys/netpfil/pf
Author: kp
Date: Mon Oct 26 13:24:20 2020
New Revision: 367058
URL: https://svnweb.freebsd.org/changeset/base/367058
Log:
MFC r366648:
pf tests: Test that 'set skip on ' works on new group members
There's a know issue where new group members don't get the 'set skip on'
applied until the rules are re-loaded.
Do this by setting rules that block all traffic, but skip members of the
'epair' group. If we can communicate over the epair interface we know the set
skip rule took effect, even if the rule was set before the interface was
created.
Modified:
stable/12/tests/sys/netpfil/pf/set_skip.sh
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/netpfil/pf/set_skip.sh
==
--- stable/12/tests/sys/netpfil/pf/set_skip.sh Mon Oct 26 13:23:40 2020
(r367057)
+++ stable/12/tests/sys/netpfil/pf/set_skip.sh Mon Oct 26 13:24:20 2020
(r367058)
@@ -60,8 +60,41 @@ set_skip_group_lo_cleanup()
pft_cleanup
}
+atf_test_case "set_skip_dynamic" "cleanup"
+set_skip_dynamic_head()
+{
+ atf_set descr "Cope with group changes"
+ atf_set require.user root
+}
+
+set_skip_dynamic_body()
+{
+ pft_init
+
+ set -x
+
+ vnet_mkjail alcatraz
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz "set skip on epair" \
+ "block"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a 192.0.2.2/24 up
+ ifconfig ${epair}b vnet alcatraz
+
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+ atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 192.0.2.2
+}
+
+set_skip_dynamic_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "set_skip_group"
atf_add_test_case "set_skip_group_lo"
+ atf_add_test_case "set_skip_dynamic"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367057 - stable/12/sys/netpfil/pf
Author: kp
Date: Mon Oct 26 13:23:40 2020
New Revision: 367057
URL: https://svnweb.freebsd.org/changeset/base/367057
Log:
MFC r37:
pf: do not remove kifs that are referenced by rules
Even if a kif doesn't have an ifp or if_group pointer we still can't delete it
if it's referenced by a rule. In other words: we must check rulerefs as well.
While we're here also teach pfi_kif_unref() not to remove kifs with flags.
Reported-by: syzbot+b31d1d7e12c5d4d42...@syzkaller.appspotmail.com
Modified:
stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_if.c
==
--- stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:22:55 2020
(r367056)
+++ stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:23:40 2020
(r367057)
@@ -258,8 +258,10 @@ pfi_kif_unref(struct pfi_kif *kif)
if (kif->pfik_rulerefs > 0)
return;
- /* kif referencing an existing ifnet or group should exist. */
- if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif ==
V_pfi_all)
+ /* kif referencing an existing ifnet or group or holding flags should
+* exist. */
+ if (kif->pfik_ifp != NULL || kif->pfik_group != NULL ||
+ kif == V_pfi_all || kif->pfik_flags != 0)
return;
RB_REMOVE(pfi_ifhead, _pfi_ifs, kif);
@@ -814,7 +816,7 @@ pfi_clear_flags(const char *name, int flags)
p->pfik_flags &= ~flags;
if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
- p->pfik_flags == 0) {
+ p->pfik_flags == 0 && p->pfik_rulerefs == 0) {
/* Delete this kif. */
RB_REMOVE(pfi_ifhead, _pfi_ifs, p);
free(p, PFI_MTYPE);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367056 - stable/12/sys/netpfil/pf
Author: kp
Date: Mon Oct 26 13:22:55 2020
New Revision: 367056
URL: https://svnweb.freebsd.org/changeset/base/367056
Log:
MFC r366647:
pf: create a kif for flags
If userspace tries to set flags (e.g. 'set skip on ') and
doesn't exist we should create a kif so that we apply the flags when the
does turn up.
Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get re-applied.
Modified:
stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_if.c
==
--- stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 12:34:50 2020
(r367055)
+++ stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:22:55 2020
(r367056)
@@ -787,8 +787,14 @@ pfi_skip_if(const char *filter, struct pfi_kif *p)
int
pfi_set_flags(const char *name, int flags)
{
- struct pfi_kif *p;
+ struct pfi_kif *p, *kif;
+ kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+ if (kif == NULL)
+ return (ENOMEM);
+
+ kif = pfi_kif_attach(kif, name);
+
RB_FOREACH(p, pfi_ifhead, _pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
@@ -800,12 +806,19 @@ pfi_set_flags(const char *name, int flags)
int
pfi_clear_flags(const char *name, int flags)
{
- struct pfi_kif *p;
+ struct pfi_kif *p, *tmp;
- RB_FOREACH(p, pfi_ifhead, _pfi_ifs) {
+ RB_FOREACH_SAFE(p, pfi_ifhead, _pfi_ifs, tmp) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags &= ~flags;
+
+ if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+ p->pfik_flags == 0) {
+ /* Delete this kif. */
+ RB_REMOVE(pfi_ifhead, _pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
}
return (0);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366667 - head/sys/netpfil/pf
Author: kp
Date: Tue Oct 13 11:04:00 2020
New Revision: 37
URL: https://svnweb.freebsd.org/changeset/base/37
Log:
pf: do not remove kifs that are referenced by rules
Even if a kif doesn't have an ifp or if_group pointer we still can't delete it
if it's referenced by a rule. In other words: we must check rulerefs as well.
While we're here also teach pfi_kif_unref() not to remove kifs with flags.
Reported-by: syzbot+b31d1d7e12c5d4d42...@syzkaller.appspotmail.com
MFC after: 2 weeks
Modified:
head/sys/netpfil/pf/pf_if.c
Modified: head/sys/netpfil/pf/pf_if.c
==
--- head/sys/netpfil/pf/pf_if.c Tue Oct 13 10:31:12 2020(r36)
+++ head/sys/netpfil/pf/pf_if.c Tue Oct 13 11:04:00 2020(r37)
@@ -282,8 +282,10 @@ pfi_kif_unref(struct pfi_kif *kif)
if (kif->pfik_rulerefs > 0)
return;
- /* kif referencing an existing ifnet or group should exist. */
- if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif ==
V_pfi_all)
+ /* kif referencing an existing ifnet or group or holding flags should
+* exist. */
+ if (kif->pfik_ifp != NULL || kif->pfik_group != NULL ||
+ kif == V_pfi_all || kif->pfik_flags != 0)
return;
RB_REMOVE(pfi_ifhead, _pfi_ifs, kif);
@@ -833,7 +835,7 @@ pfi_clear_flags(const char *name, int flags)
p->pfik_flags &= ~flags;
if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
- p->pfik_flags == 0) {
+ p->pfik_flags == 0 && p->pfik_rulerefs == 0) {
/* Delete this kif. */
RB_REMOVE(pfi_ifhead, _pfi_ifs, p);
free(p, PFI_MTYPE);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366648 - head/tests/sys/netpfil/pf
Author: kp
Date: Mon Oct 12 12:41:10 2020
New Revision: 366648
URL: https://svnweb.freebsd.org/changeset/base/366648
Log:
pf tests: Test that 'set skip on ' works on new group members
There's a know issue where new group members don't get the 'set skip on'
applied until the rules are re-loaded.
Do this by setting rules that block all traffic, but skip members of the
'epair' group. If we can communicate over the epair interface we know the set
skip rule took effect, even if the rule was set before the interface was
created.
MFC after:2 weeks
Modified:
head/tests/sys/netpfil/pf/set_skip.sh
Modified: head/tests/sys/netpfil/pf/set_skip.sh
==
--- head/tests/sys/netpfil/pf/set_skip.sh Mon Oct 12 12:39:37 2020
(r366647)
+++ head/tests/sys/netpfil/pf/set_skip.sh Mon Oct 12 12:41:10 2020
(r366648)
@@ -85,8 +85,41 @@ set_skip_group_lo_cleanup()
pft_cleanup
}
+atf_test_case "set_skip_dynamic" "cleanup"
+set_skip_dynamic_head()
+{
+ atf_set descr "Cope with group changes"
+ atf_set require.user root
+}
+
+set_skip_dynamic_body()
+{
+ pft_init
+
+ set -x
+
+ vnet_mkjail alcatraz
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz "set skip on epair" \
+ "block"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a 192.0.2.2/24 up
+ ifconfig ${epair}b vnet alcatraz
+
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+ atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 192.0.2.2
+}
+
+set_skip_dynamic_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "set_skip_group"
atf_add_test_case "set_skip_group_lo"
+ atf_add_test_case "set_skip_dynamic"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366647 - head/sys/netpfil/pf
Author: kp
Date: Mon Oct 12 12:39:37 2020
New Revision: 366647
URL: https://svnweb.freebsd.org/changeset/base/366647
Log:
pf: create a kif for flags
If userspace tries to set flags (e.g. 'set skip on ') and
doesn't exist we should create a kif so that we apply the flags when the
does turn up.
Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get re-applied.
Reviewed by: Lutz Donnerhacke
MFC after:2 weeks
Differential Revision:https://reviews.freebsd.org/D26742
Modified:
head/sys/netpfil/pf/pf_if.c
Modified: head/sys/netpfil/pf/pf_if.c
==
--- head/sys/netpfil/pf/pf_if.c Mon Oct 12 11:40:43 2020(r366646)
+++ head/sys/netpfil/pf/pf_if.c Mon Oct 12 12:39:37 2020(r366647)
@@ -801,9 +801,16 @@ int
pfi_set_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p;
+ struct pfi_kif *p, *kif;
+ kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+ if (kif == NULL)
+ return (ENOMEM);
+
NET_EPOCH_ENTER(et);
+
+ kif = pfi_kif_attach(kif, name);
+
RB_FOREACH(p, pfi_ifhead, _pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
@@ -817,13 +824,20 @@ int
pfi_clear_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p;
+ struct pfi_kif *p, *tmp;
NET_EPOCH_ENTER(et);
- RB_FOREACH(p, pfi_ifhead, _pfi_ifs) {
+ RB_FOREACH_SAFE(p, pfi_ifhead, _pfi_ifs, tmp) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags &= ~flags;
+
+ if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+ p->pfik_flags == 0) {
+ /* Delete this kif. */
+ RB_REMOVE(pfi_ifhead, _pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
}
NET_EPOCH_EXIT(et);
return (0);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366500 - head/sys/net
Author: kp
Date: Tue Oct 6 19:19:56 2020
New Revision: 366500
URL: https://svnweb.freebsd.org/changeset/base/366500
Log:
bridge: call member interface ioctl() without NET_EPOCH
We're not allowed to hold NET_EPOCH while sleeping, so when we call ioctl()
handlers for member interfaces we cannot be in NET_EPOCH. We still need some
protection of our CK_LISTs, so hold BRIDGE_LOCK instead.
That requires changing BRIDGE_LOCK into a sleepable lock, and separating the
BRIDGE_RT_LOCK, to protect bridge_rtnode lists. That lock is taken in the data
path (while in NET_EPOCH), so it cannot be a sleepable lock.
While here document the locking strategy.
MFC after:1 month
Differential Revision:https://reviews.freebsd.org/D26418
Modified:
head/sys/net/if_bridge.c
Modified: head/sys/net/if_bridge.c
==
--- head/sys/net/if_bridge.cTue Oct 6 19:15:11 2020(r366499)
+++ head/sys/net/if_bridge.cTue Oct 6 19:19:56 2020(r366500)
@@ -186,17 +186,41 @@ extern void nd6_setmtu(struct ifnet *);
/*
* Bridge locking
+ *
+ * The bridge relies heavily on the epoch(9) system to protect its data
+ * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we
+ * must ensure there is only one writer at a time.
+ *
+ * That is: for read accesses we only need to be in NET_EPOCH, but for write
+ * accesses we must hold:
+ *
+ * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes
+ * - BRIDGE_LOCK, for any other change
+ *
+ * The BRIDGE_LOCK is a sleepable lock, because it is held accross ioctl()
+ * calls to bridge member interfaces and these ioctl()s can sleep.
+ * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes
+ * required while we're in NET_EPOCH and then we're not allowed to sleep.
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
- mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
+ sx_init(&(_sc)->sc_sx, "if_bridge");\
+ mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
- mtx_destroy(&(_sc)->sc_mtx);\
+ sx_destroy(&(_sc)->sc_sx); \
+ mtx_destroy(&(_sc)->sc_rt_mtx); \
} while (0)
-#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
-#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
-#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
-#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
+#define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx)
+#define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx)
+#define BRIDGE_LOCK_ASSERT(_sc)sx_assert(&(_sc)->sc_sx,
SX_XLOCKED)
+#define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
+ MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx))
+#define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED)
+#define BRIDGE_RT_LOCK(_sc)mtx_lock(&(_sc)->sc_rt_mtx)
+#define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx)
+#define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED)
+#define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc)\
+ MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx))
/*
* Bridge interface list entry.
@@ -235,7 +259,8 @@ struct bridge_rtnode {
struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
- struct mtx sc_mtx;
+ struct sx sc_sx;
+ struct mtx sc_rt_mtx;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
@@ -252,8 +277,8 @@ struct bridge_softc {
struct epoch_contextsc_epoch_ctx;
};
-VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx);
-#defineV_bridge_list_mtx VNET(bridge_list_mtx)
+VNET_DEFINE_STATIC(struct sx, bridge_list_sx);
+#defineV_bridge_list_sxVNET(bridge_list_sx)
static eventhandler_tag bridge_detach_cookie;
intbridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
@@ -536,11 +561,11 @@ const int bridge_control_table_size = nitems(bridge_co
VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list);
#defineV_bridge_list VNET(bridge_list)
-#defineBRIDGE_LIST_LOCK_INIT(x)mtx_init(_bridge_list_mtx,
\
- "if_bridge list", NULL, MTX_DEF)
-#defineBRIDGE_LIST_LOCK_DESTROY(x) mtx_destroy(_bridge_list_mtx)
-#defineBRIDGE_LIST_LOCK(x) mtx_lock(_bridge_list_mtx)
-#defineBRIDGE_LIST_UNLOCK(x)
svn commit: r366461 - head/sbin/devfs
Author: kp Date: Mon Oct 5 19:26:54 2020 New Revision: 366461 URL: https://svnweb.freebsd.org/changeset/base/366461 Log: devfs.rules: unhide pf in vnet jails /dev/pf is usable in vnet jails, so don't hide the node there. We shouldn't expose /dev/pf in regular jails, as that gives them control over the host (or parent vnet jail) firewall. Reviewed by: bz Differential Revision:https://reviews.freebsd.org/D26537 Modified: head/sbin/devfs/devfs.rules Modified: head/sbin/devfs/devfs.rules == --- head/sbin/devfs/devfs.rules Mon Oct 5 19:22:28 2020(r366460) +++ head/sbin/devfs/devfs.rules Mon Oct 5 19:26:54 2020(r366461) @@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide + +[devfsrules_jail_vnet=5] +add include $devfsrules_jail +add path pf unhide ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366355 - head/sys/riscv/riscv
Author: kp Date: Fri Oct 2 07:30:11 2020 New Revision: 366355 URL: https://svnweb.freebsd.org/changeset/base/366355 Log: riscv: handle access faults in user mode Access faults in user mode are treated like TLB misses, which leads to an endless loop of faults. It's less serious than the same fault in kernel mode, because we can just terminate the process, but that's not ideal. Treat user mode access faults as a bus error. Suggested by: jrtc27 Reviewed by: br, jhb Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D26621 Modified: head/sys/riscv/riscv/trap.c Modified: head/sys/riscv/riscv/trap.c == --- head/sys/riscv/riscv/trap.c Fri Oct 2 05:59:55 2020(r366354) +++ head/sys/riscv/riscv/trap.c Fri Oct 2 07:30:11 2020(r366355) @@ -343,6 +343,10 @@ do_trap_user(struct trapframe *frame) case EXCP_FAULT_LOAD: case EXCP_FAULT_STORE: case EXCP_FAULT_FETCH: + call_trapsignal(td, SIGBUS, BUS_ADRERR, (void *)frame->tf_sepc, + exception); + userret(td, frame); + break; case EXCP_STORE_PAGE_FAULT: case EXCP_LOAD_PAGE_FAULT: case EXCP_INST_PAGE_FAULT: ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366315 - in head/sys/riscv: include riscv
Author: kp
Date: Thu Oct 1 15:04:55 2020
New Revision: 366315
URL: https://svnweb.freebsd.org/changeset/base/366315
Log:
riscv: Add memmmap so we can mmap /dev/mem
Reviewed by: mhorne
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D26622
Modified:
head/sys/riscv/include/memdev.h
head/sys/riscv/riscv/mem.c
Modified: head/sys/riscv/include/memdev.h
==
--- head/sys/riscv/include/memdev.h Thu Oct 1 14:20:36 2020
(r366314)
+++ head/sys/riscv/include/memdev.h Thu Oct 1 15:04:55 2020
(r366315)
@@ -35,6 +35,6 @@
d_open_t memopen;
d_read_t memrw;
d_ioctl_t memioctl_md;
-#definememmmap (d_mmap_t *)NULL
+d_mmap_t memmmap;
#endif /* _MACHINE_MEMDEV_H_ */
Modified: head/sys/riscv/riscv/mem.c
==
--- head/sys/riscv/riscv/mem.c Thu Oct 1 14:20:36 2020(r366314)
+++ head/sys/riscv/riscv/mem.c Thu Oct 1 15:04:55 2020(r366315)
@@ -122,6 +122,21 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
return (error);
}
+/*
+ * Allow user processes to MMAP some memory sections
+ * instead of going through read/write.
+ */
+int
+memmmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr,
+int prot __unused, vm_memattr_t *memattr __unused)
+{
+ if (dev2unit(dev) == CDEV_MINOR_MEM) {
+ *paddr = offset;
+ return (0);
+ }
+ return (-1);
+}
+
int
memioctl_md(struct cdev *dev __unused, u_long cmd __unused,
caddr_t data __unused, int flags __unused, struct thread *td __unused)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366284 - head/sys/riscv/riscv
Author: kp
Date: Wed Sep 30 08:23:43 2020
New Revision: 366284
URL: https://svnweb.freebsd.org/changeset/base/366284
Log:
riscv: Panic on PMP errors
Load/store/fetch access exceptions always indicate a violation of a PMP
rule. We can't treat those as page faults, because updating the page
table and trying again will only result in exactly the same access
exception recurring. This leaves us in an endless exception loop.
We cannot recover from these exceptions, so panic instead.
Reviewed by: jhb
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D26544
Modified:
head/sys/riscv/riscv/trap.c
Modified: head/sys/riscv/riscv/trap.c
==
--- head/sys/riscv/riscv/trap.c Wed Sep 30 04:27:38 2020(r366283)
+++ head/sys/riscv/riscv/trap.c Wed Sep 30 08:23:43 2020(r366284)
@@ -282,6 +282,9 @@ do_trap_supervisor(struct trapframe *frame)
case EXCP_FAULT_LOAD:
case EXCP_FAULT_STORE:
case EXCP_FAULT_FETCH:
+ dump_regs(frame);
+ panic("Memory access exception at 0x%016lx\n", frame->tf_sepc);
+ break;
case EXCP_STORE_PAGE_FAULT:
case EXCP_LOAD_PAGE_FAULT:
data_abort(frame, 0);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365669 - releng/12.2/sys/net
Author: kp
Date: Sat Sep 12 18:58:36 2020
New Revision: 365669
URL: https://svnweb.freebsd.org/changeset/base/365669
Log:
MFC r365457:
net: mitigate vnet / epair cleanup races
There's a race where dying vnets move their interfaces back to their original
vnet, and if_epair cleanup (where deleting one interface also deletes the
other
end of the epair). This is commonly triggered by the pf tests, but also by
cleanup of vnet jails.
As we've not yet been able to fix the root cause of the issue work around the
panic by not dereferencing a NULL softc in epair_qflush() and by not
re-attaching DYING interfaces.
This isn't a full fix, but makes a very common panic far less likely.
PR: 244703, 238870
Approved by: re (gjb)
Modified:
releng/12.2/sys/net/if.c
releng/12.2/sys/net/if_epair.c
Directory Properties:
releng/12.2/ (props changed)
Modified: releng/12.2/sys/net/if.c
==
--- releng/12.2/sys/net/if.cSat Sep 12 18:42:14 2020(r365668)
+++ releng/12.2/sys/net/if.cSat Sep 12 18:58:36 2020(r365669)
@@ -1280,6 +1280,10 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
ifindex_free_locked(ifp->if_index);
IFNET_WUNLOCK();
+ /* Don't re-attach DYING interfaces. */
+ if (ifp->if_flags & IFF_DYING)
+ return;
+
/*
* Perform interface-specific reassignment tasks, if provided by
* the driver.
Modified: releng/12.2/sys/net/if_epair.c
==
--- releng/12.2/sys/net/if_epair.c Sat Sep 12 18:42:14 2020
(r365668)
+++ releng/12.2/sys/net/if_epair.c Sat Sep 12 18:58:36 2020
(r365669)
@@ -609,8 +609,14 @@ epair_qflush(struct ifnet *ifp)
struct epair_softc *sc;
sc = ifp->if_softc;
- KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
- __func__, ifp, sc));
+
+ /*
+* See epair_clone_destroy(), we can end up getting called twice.
+* Don't do anything on the second call.
+*/
+ if (sc == NULL)
+ return;
+
/*
* Remove this ifp from all backpointer lists. The interface will not
* usable for flushing anyway nor should it have anything to flush
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365659 - stable/12/sys/net
Author: kp
Date: Sat Sep 12 12:45:31 2020
New Revision: 365659
URL: https://svnweb.freebsd.org/changeset/base/365659
Log:
MFC r365457:
net: mitigate vnet / epair cleanup races
There's a race where dying vnets move their interfaces back to their original
vnet, and if_epair cleanup (where deleting one interface also deletes the
other
end of the epair). This is commonly triggered by the pf tests, but also by
cleanup of vnet jails.
As we've not yet been able to fix the root cause of the issue work around the
panic by not dereferencing a NULL softc in epair_qflush() and by not
re-attaching DYING interfaces.
This isn't a full fix, but makes a very common panic far less likely.
PR: 244703, 238870
Modified:
stable/12/sys/net/if.c
stable/12/sys/net/if_epair.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c Sat Sep 12 11:24:36 2020(r365658)
+++ stable/12/sys/net/if.c Sat Sep 12 12:45:31 2020(r365659)
@@ -1280,6 +1280,10 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
ifindex_free_locked(ifp->if_index);
IFNET_WUNLOCK();
+ /* Don't re-attach DYING interfaces. */
+ if (ifp->if_flags & IFF_DYING)
+ return;
+
/*
* Perform interface-specific reassignment tasks, if provided by
* the driver.
Modified: stable/12/sys/net/if_epair.c
==
--- stable/12/sys/net/if_epair.cSat Sep 12 11:24:36 2020
(r365658)
+++ stable/12/sys/net/if_epair.cSat Sep 12 12:45:31 2020
(r365659)
@@ -609,8 +609,14 @@ epair_qflush(struct ifnet *ifp)
struct epair_softc *sc;
sc = ifp->if_softc;
- KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
- __func__, ifp, sc));
+
+ /*
+* See epair_clone_destroy(), we can end up getting called twice.
+* Don't do anything on the second call.
+*/
+ if (sc == NULL)
+ return;
+
/*
* Remove this ifp from all backpointer lists. The interface will not
* usable for flushing anyway nor should it have anything to flush
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365626 - in head/sys/cddl/dev: dtrace/riscv fbt/riscv
Author: kp
Date: Fri Sep 11 09:15:49 2020
New Revision: 365626
URL: https://svnweb.freebsd.org/changeset/base/365626
Log:
dtrace: fix fbt return probes on RISC-V
Return values are passed in a0, so read it from there. We also pass a1 through
to userspace, as the ABI allows small structs to be returned in registers
a0/a1. While here read the register values directly from the trapframe rather
than rtval, and remove the now unneeded argument from dtrace_invop().
Set fbtp_roffset so that we get the correct return location in arg0.
Reviewed by: markj
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D26389
Modified:
head/sys/cddl/dev/dtrace/riscv/dtrace_subr.c
head/sys/cddl/dev/fbt/riscv/fbt_isa.c
Modified: head/sys/cddl/dev/dtrace/riscv/dtrace_subr.c
==
--- head/sys/cddl/dev/dtrace/riscv/dtrace_subr.cFri Sep 11 05:45:27
2020(r365625)
+++ head/sys/cddl/dev/dtrace/riscv/dtrace_subr.cFri Sep 11 09:15:49
2020(r365626)
@@ -53,7 +53,7 @@ extern dtrace_id_tdtrace_probeid_error;
extern int (*dtrace_invop_jump_addr)(struct trapframe *);
extern void dtrace_getnanotime(struct timespec *tsp);
-int dtrace_invop(uintptr_t, struct trapframe *, uintptr_t);
+int dtrace_invop(uintptr_t, struct trapframe *);
void dtrace_invop_init(void);
void dtrace_invop_uninit(void);
@@ -65,13 +65,13 @@ typedef struct dtrace_invop_hdlr {
dtrace_invop_hdlr_t *dtrace_invop_hdlr;
int
-dtrace_invop(uintptr_t addr, struct trapframe *frame, uintptr_t eax)
+dtrace_invop(uintptr_t addr, struct trapframe *frame)
{
dtrace_invop_hdlr_t *hdlr;
int rval;
for (hdlr = dtrace_invop_hdlr; hdlr != NULL; hdlr = hdlr->dtih_next)
- if ((rval = hdlr->dtih_func(addr, frame, eax)) != 0)
+ if ((rval = hdlr->dtih_func(addr, frame, 0)) != 0)
return (rval);
return (0);
@@ -254,7 +254,7 @@ dtrace_invop_start(struct trapframe *frame)
uint32_t imm;
int invop;
- invop = dtrace_invop(frame->tf_sepc, frame, frame->tf_sepc);
+ invop = dtrace_invop(frame->tf_sepc, frame);
if (invop == 0)
return (-1);
Modified: head/sys/cddl/dev/fbt/riscv/fbt_isa.c
==
--- head/sys/cddl/dev/fbt/riscv/fbt_isa.c Fri Sep 11 05:45:27 2020
(r365625)
+++ head/sys/cddl/dev/fbt/riscv/fbt_isa.c Fri Sep 11 09:15:49 2020
(r365626)
@@ -59,9 +59,14 @@ fbt_invop(uintptr_t addr, struct trapframe *frame, uin
if ((uintptr_t)fbt->fbtp_patchpoint == addr) {
cpu->cpu_dtrace_caller = addr;
- dtrace_probe(fbt->fbtp_id, frame->tf_a[0],
- frame->tf_a[1], frame->tf_a[2],
- frame->tf_a[3], frame->tf_a[4]);
+ if (fbt->fbtp_roffset == 0) {
+ dtrace_probe(fbt->fbtp_id, frame->tf_a[0],
+ frame->tf_a[1], frame->tf_a[2],
+ frame->tf_a[3], frame->tf_a[4]);
+ } else {
+ dtrace_probe(fbt->fbtp_id, fbt->fbtp_roffset,
+ frame->tf_a[0], frame->tf_a[1], 0, 0);
+ }
cpu->cpu_dtrace_caller = 0;
return (fbt->fbtp_savedval);
@@ -233,6 +238,7 @@ again:
fbt->fbtp_loadcnt = lf->loadcnt;
fbt->fbtp_symindx = symindx;
fbt->fbtp_rval = rval;
+ fbt->fbtp_roffset = (uintptr_t)instr - (uintptr_t)symval->value;
fbt->fbtp_savedval = *instr;
fbt->fbtp_patchval = patchval;
fbt->fbtp_hashnext = fbt_probetab[FBT_ADDR2NDX(instr)];
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365457 - head/sys/net
Author: kp
Date: Tue Sep 8 14:54:10 2020
New Revision: 365457
URL: https://svnweb.freebsd.org/changeset/base/365457
Log:
net: mitigate vnet / epair cleanup races
There's a race where dying vnets move their interfaces back to their original
vnet, and if_epair cleanup (where deleting one interface also deletes the
other
end of the epair). This is commonly triggered by the pf tests, but also by
cleanup of vnet jails.
As we've not yet been able to fix the root cause of the issue work around the
panic by not dereferencing a NULL softc in epair_qflush() and by not
re-attaching DYING interfaces.
This isn't a full fix, but makes a very common panic far less likely.
PR: 244703, 238870
Reviewed by: lutz_donnerhacke.de
MFC after:4 days
Differential Revision:https://reviews.freebsd.org/D26324
Modified:
head/sys/net/if.c
head/sys/net/if_epair.c
Modified: head/sys/net/if.c
==
--- head/sys/net/if.c Tue Sep 8 13:24:44 2020(r365456)
+++ head/sys/net/if.c Tue Sep 8 14:54:10 2020(r365457)
@@ -1298,6 +1298,11 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
ifindex_free_locked(ifp->if_index);
IFNET_WUNLOCK();
+
+ /* Don't re-attach DYING interfaces. */
+ if (ifp->if_flags & IFF_DYING)
+ return (0);
+
/*
* Perform interface-specific reassignment tasks, if provided by
* the driver.
Modified: head/sys/net/if_epair.c
==
--- head/sys/net/if_epair.c Tue Sep 8 13:24:44 2020(r365456)
+++ head/sys/net/if_epair.c Tue Sep 8 14:54:10 2020(r365457)
@@ -611,8 +611,14 @@ epair_qflush(struct ifnet *ifp)
struct epair_softc *sc;
sc = ifp->if_softc;
- KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
- __func__, ifp, sc));
+
+ /*
+* See epair_clone_destroy(), we can end up getting called twice.
+* Don't do anything on the second call.
+*/
+ if (sc == NULL)
+ return;
+
/*
* Remove this ifp from all backpointer lists. The interface will not
* usable for flushing anyway nor should it have anything to flush
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365246 - head/sys/netgraph
Author: kp
Date: Wed Sep 2 11:49:22 2020
New Revision: 365246
URL: https://svnweb.freebsd.org/changeset/base/365246
Log:
ng_ether: Enter NET_EPOCH where required
We must enter NET_EPOCH before calling ether_output_frame(). Several of the
functions it calls (pfil_run_hooks, if_transmit) expect to be running in the
NET_EPOCH.
While here remove an unneeded EPOCH entry (which wasn't wide enough to cover
BRIDGE_INPUT).
PR: 248958
Reviewed by: glebius, bz (previous version), melifaro (previous version)
Tested by:manu
Differential Revision:https://reviews.freebsd.org/D26226
Modified:
head/sys/netgraph/ng_ether.c
head/sys/netgraph/ng_pppoe.c
Modified: head/sys/netgraph/ng_ether.c
==
--- head/sys/netgraph/ng_ether.cWed Sep 2 11:33:31 2020
(r365245)
+++ head/sys/netgraph/ng_ether.cWed Sep 2 11:49:22 2020
(r365246)
@@ -711,7 +711,6 @@ ng_ether_rcv_lower(hook_p hook, item_p item)
static int
ng_ether_rcv_upper(hook_p hook, item_p item)
{
- struct epoch_tracker et;
struct mbuf *m;
const node_p node = NG_HOOK_NODE(hook);
const priv_p priv = NG_NODE_PRIVATE(node);
@@ -739,9 +738,7 @@ ng_ether_rcv_upper(hook_p hook, item_p item)
}
/* Route packet back in */
- NET_EPOCH_ENTER(et);
ether_demux(ifp, m);
- NET_EPOCH_EXIT(et);
return (0);
}
Modified: head/sys/netgraph/ng_pppoe.c
==
--- head/sys/netgraph/ng_pppoe.cWed Sep 2 11:33:31 2020
(r365245)
+++ head/sys/netgraph/ng_pppoe.cWed Sep 2 11:49:22 2020
(r365246)
@@ -48,6 +48,7 @@
#include
#include
#include
+#include
#include
#include
@@ -761,6 +762,7 @@ ng_pppoe_connect(hook_p hook)
static int
ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasthook)
{
+ struct epoch_tracker et;
priv_p privp = NG_NODE_PRIVATE(node);
struct ngpppoe_init_data *ourmsg = NULL;
struct ng_mesg *resp = NULL;
@@ -980,7 +982,9 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth
neg->service.hdr.tag_len = htons((uint16_t)srvlen);
bcopy(ourmsg->data + srvpos, neg->service.data, srvlen);
neg->service_len = srvlen;
+ NET_EPOCH_ENTER(et);
pppoe_start(sp);
+ NET_EPOCH_EXIT(et);
break;
}
case NGM_PPPOE_LISTEN:
@@ -1166,8 +1170,10 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth
m->m_pkthdr.len = m->m_len = sizeof(*wh) +
sizeof(*tag) +
ourmsg->data_len;
wh->ph.length = htons(sizeof(*tag) +
ourmsg->data_len);
+ NET_EPOCH_ENTER(et);
NG_SEND_DATA_ONLY(error,
privp->ethernet_hook, m);
+ NET_EPOCH_EXIT(et);
}
break;
}
@@ -1209,8 +1215,10 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth
m->m_pkthdr.len = m->m_len = sizeof(*wh) +
sizeof(*tag) +
ourmsg->data_len;
wh->ph.length = htons(sizeof(*tag) +
ourmsg->data_len);
+ NET_EPOCH_ENTER(et);
NG_SEND_DATA_ONLY(error,
privp->ethernet_hook, m);
+ NET_EPOCH_EXIT(et);
}
break;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365245 - head/sys/riscv/riscv
Author: kp
Date: Wed Sep 2 11:33:31 2020
New Revision: 365245
URL: https://svnweb.freebsd.org/changeset/base/365245
Log:
riscv: very large dma mappings can cause integer overflow
Fix the return type for _bus_dmamap_addseg().
Based on the same fix done for arm64 in r348571.
Sponsored by: Axiado
Modified:
head/sys/riscv/riscv/busdma_bounce.c
Modified: head/sys/riscv/riscv/busdma_bounce.c
==
--- head/sys/riscv/riscv/busdma_bounce.cWed Sep 2 11:18:21 2020
(r365244)
+++ head/sys/riscv/riscv/busdma_bounce.cWed Sep 2 11:33:31 2020
(r365245)
@@ -633,7 +633,7 @@ _bus_dmamap_reserve_pages(bus_dma_tag_t dmat, bus_dmam
/*
* Add a single contiguous physical range to the segment list.
*/
-static int
+static bus_size_t
_bus_dmamap_addseg(bus_dma_tag_t dmat, bus_dmamap_t map, bus_addr_t curaddr,
bus_size_t sgsize, bus_dma_segment_t *segs, int *segp)
{
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364456 - stable/12/sys/netpfil/pf
Author: kp Date: Fri Aug 21 13:11:33 2020 New Revision: 364456 URL: https://svnweb.freebsd.org/changeset/base/364456 Log: MFC r355744: pf: Make request_maxcount runtime adjustable There's no reason for this to be a tunable. It's perfectly safe to change this at runtime. Modified: stable/12/sys/netpfil/pf/pf.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf.c == --- stable/12/sys/netpfil/pf/pf.c Fri Aug 21 10:06:01 2020 (r364455) +++ stable/12/sys/netpfil/pf/pf.c Fri Aug 21 13:11:33 2020 (r364456) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RDTUN, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363796 - in head: lib/libc/riscv/gen sys/riscv/include
Author: kp
Date: Mon Aug 3 12:48:51 2020
New Revision: 363796
URL: https://svnweb.freebsd.org/changeset/base/363796
Log:
libc: Provide sub fp(s|g)etmask() implementations for RISC-V
RISC-V doesn't support floating-point exceptions.
RISC-V Instruction Set Manual: Volume I: User-Level ISA, 11.2 Floating-Point
Control and Status Register: "As allowed by the standard, we do not support
traps on floating-point exceptions in the base ISA, but instead require
explicit checks of the flags in software. We considered adding branches
controlled directly by the contents of the floating-point accrued exception
flags, but ultimately chose to omit these instructions to keep the ISA
simple."
We still need these functions, because some applications (notably Perl) call
them, but we cannot provide a meaningful implementation.
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D25740
Added:
head/lib/libc/riscv/gen/fpgetmask.c (contents, props changed)
head/lib/libc/riscv/gen/fpsetmask.c (contents, props changed)
Modified:
head/lib/libc/riscv/gen/Makefile.inc
head/sys/riscv/include/ieeefp.h
Modified: head/lib/libc/riscv/gen/Makefile.inc
==
--- head/lib/libc/riscv/gen/Makefile.incMon Aug 3 10:19:50 2020
(r363795)
+++ head/lib/libc/riscv/gen/Makefile.incMon Aug 3 12:48:51 2020
(r363796)
@@ -3,6 +3,8 @@
SRCS+= _ctx_start.S \
fabs.S \
flt_rounds.c \
+ fpgetmask.c \
+ fpsetmask.c \
infinity.c \
ldexp.c \
makecontext.c \
Added: head/lib/libc/riscv/gen/fpgetmask.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libc/riscv/gen/fpgetmask.c Mon Aug 3 12:48:51 2020
(r363796)
@@ -0,0 +1,41 @@
+/*-
+ * Copyright (c) 2020 Axiado
+ * All rights reserved.
+ *
+ * This software was developed by Kristof Provost under
+ * sponsorship from Axiado.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include
+__FBSDID("$FreeBSD$");
+
+#include
+#include
+
+fp_except_t
+fpgetmask(void)
+{
+
+ return (0);
+}
Added: head/lib/libc/riscv/gen/fpsetmask.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libc/riscv/gen/fpsetmask.c Mon Aug 3 12:48:51 2020
(r363796)
@@ -0,0 +1,53 @@
+/*-
+ * Copyright (c) 2020 Axiado
+ * All rights reserved.
+ *
+ * This software was developed by Kristof Provost under
+ * sponsorship from Axiado.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR S
Re: svn commit: r363568 - stable/12/sys/net
On 26 Jul 2020, at 21:21, mike tancsa wrote: Hi Kristof, First off, thank you for all your efforts in pf and if_bridge. I have trying to track down a problem with a golang app (sysutils/zrepl) that started acting up around the time the if_bridge stuff was commited (june 26th). The problem would manifest in stalls of the daemon and am wondering this might have played a role. The june 10th kernel I had seemed to work just fine with the app, although I just rebooted to that to confirm as around that time we added more RAM to the server in question and put the app under slightly higher load too. I have yet to boot to a kernel post this being reverted. But apart from the panics some people saw could other 'odd' things pop up as well if traffic was coming in a bridge interface using an igb0 nic ? I wouldn’t think so, no. The epoch change mostly removed locks and opportunities to stall (I know it fixes at least one deadlock). If there are bugs it’s pretty much always going to manifest as a crash (or assertion failure). Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363568 - stable/12/sys/net
Author: kp
Date: Sun Jul 26 17:44:03 2020
New Revision: 363568
URL: https://svnweb.freebsd.org/changeset/base/363568
Log:
Revert bridge epochification
Revert r363492, r363491, r363430, r363429 and r362650.
The introduction of epoch in the network stack is incomplete in stable/12, and
there are simply too many limitations to make the bridge epoch code work
there.
The final problem is capability configuration of the bridge member interfaces.
if_bridge needs to enable promiscuous mode, which for certain drivers (e1000
for example) can sleep. In stable/12 we may not sleep within epoch.
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Sun Jul 26 17:21:24 2020
(r363567)
+++ stable/12/sys/net/if_bridge.c Sun Jul 26 17:44:03 2020
(r363568)
@@ -189,14 +189,41 @@ extern void nd6_setmtu(struct ifnet *);
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
+ cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
mtx_destroy(&(_sc)->sc_mtx);\
+ cv_destroy(&(_sc)->sc_cv); \
} while (0)
#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
+#defineBRIDGE_LOCK2REF(_sc, _err) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ if ((_sc)->sc_iflist_xcnt > 0) \
+ (_err) = EBUSY; \
+ else\
+ (_sc)->sc_iflist_ref++; \
+ mtx_unlock(&(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_UNREF(_sc) do {
\
+ mtx_lock(&(_sc)->sc_mtx); \
+ (_sc)->sc_iflist_ref--; \
+ if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
+ cv_broadcast(&(_sc)->sc_cv);\
+ mtx_unlock(&(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_XLOCK(_sc) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ (_sc)->sc_iflist_xcnt++;\
+ while ((_sc)->sc_iflist_ref > 0)\
+ cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_XDROP(_sc) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ (_sc)->sc_iflist_xcnt--;\
+} while (0)
/*
* Bridge interface list entry.
@@ -210,8 +237,6 @@ struct bridge_iflist {
uint32_tbif_addrmax;/* max # of addresses */
uint32_tbif_addrcnt;/* cur. # of addresses */
uint32_tbif_addrexceeded;/* # of address violations */
-
- struct epoch_contextbif_epoch_ctx;
};
/*
@@ -225,9 +250,6 @@ struct bridge_rtnode {
uint8_t brt_flags; /* address flags */
uint8_t brt_addr[ETHER_ADDR_LEN];
uint16_tbrt_vlan; /* vlan id */
-
- struct vnet*brt_vnet;
- struct epoch_context brt_epoch_ctx;
};
#definebrt_ifp brt_dst->bif_ifp
@@ -238,10 +260,13 @@ struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
struct mtx sc_mtx;
+ struct cv sc_cv;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
struct callout sc_brcallout; /* bridge callout */
+ uint32_tsc_iflist_ref; /* refcount for sc_iflist */
+ uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */
CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface
list */
CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table
*/
CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of
above */
@@ -251,8 +276,6 @@ struct bridge_softc {
uint32_tsc_brtexceeded; /* # of cache drops */
struct ifnet*sc_ifaddr; /* member mac copied from */
struct ether_addr sc_defaddr; /* Default MAC address */
-
- struct epoch_context
svn commit: r363491 - stable/12/sys/net
Author: kp
Date: Fri Jul 24 20:09:52 2020
New Revision: 363491
URL: https://svnweb.freebsd.org/changeset/base/363491
Log:
bridge: Fix mismerges from r360345
In r362650 we merged r360345. This required manual changes due to the
differences in EPOCH macros between head and stable/12, and was done
imperfectly.
This is a direct commit to stable/12.
PR: 248046
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Fri Jul 24 19:54:15 2020
(r363490)
+++ stable/12/sys/net/if_bridge.c Fri Jul 24 20:09:52 2020
(r363491)
@@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *);
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
- cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
mtx_destroy(&(_sc)->sc_mtx);\
- cv_destroy(&(_sc)->sc_cv); \
} while (0)
#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
-#defineBRIDGE_LOCK2REF(_sc, _err) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- if ((_sc)->sc_iflist_xcnt > 0) \
- (_err) = EBUSY; \
- else\
- (_sc)->sc_iflist_ref++; \
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_UNREF(_sc) do {
\
- mtx_lock(&(_sc)->sc_mtx); \
- (_sc)->sc_iflist_ref--; \
- if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
- cv_broadcast(&(_sc)->sc_cv);\
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XLOCK(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt++;\
- while ((_sc)->sc_iflist_ref > 0)\
- cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XDROP(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt--;\
-} while (0)
/*
* Bridge interface list entry.
@@ -265,13 +238,10 @@ struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
struct mtx sc_mtx;
- struct cv sc_cv;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
struct callout sc_brcallout; /* bridge callout */
- uint32_tsc_iflist_ref; /* refcount for sc_iflist */
- uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */
CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface
list */
CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table
*/
CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of
above */
@@ -790,7 +760,9 @@ bridge_clone_destroy(struct ifnet *ifp)
{
struct bridge_softc *sc = ifp->if_softc;
struct bridge_iflist *bif;
+ struct epoch_tracker et;
+ NET_EPOCH_ENTER_ET(et);
BRIDGE_LOCK(sc);
bridge_stop(ifp, 1);
@@ -815,6 +787,8 @@ bridge_clone_destroy(struct ifnet *ifp)
BRIDGE_LIST_UNLOCK();
bstp_detach(>sc_stp);
+ NET_EPOCH_EXIT_ET(et);
+
ether_ifdetach(ifp);
if_free(ifp);
@@ -994,7 +968,6 @@ bridge_mutecaps(struct bridge_softc *sc)
mask &= bif->bif_savedcaps;
}
- BRIDGE_XLOCK(sc);
CK_LIST_FOREACH(bif, >sc_iflist, bif_next) {
enabled = bif->bif_ifp->if_capenable;
enabled &= ~BRIDGE_IFCAPS_STRIP;
@@ -1005,8 +978,6 @@ bridge_mutecaps(struct bridge_softc *sc)
bridge_set_ifcap(sc, bif, enabled);
BRIDGE_LOCK(sc);
}
- BRIDGE_XDROP(sc);
-
}
static void
@@ -1107,9 +1078,7 @@ bridge_delete_member(struct bridge_softc *sc, struct b
bstp_disable(>bif_stp);
ifs->if_bridge = NULL;
- BRIDGE_XLOCK(sc);
CK_LIST_REMOVE(bif, bif_next);
- BRIDGE_XDROP(sc);
/*
svn commit: r363492 - stable/12/sys/net
Author: kp
Date: Fri Jul 24 20:10:27 2020
New Revision: 363492
URL: https://svnweb.freebsd.org/changeset/base/363492
Log:
bridge: Enter epoch for bridge_transmit()
Just like the change done for bridge_input()/bridge_output() in r363430
we must enter epoch ourselves, because its coverage is not as wide as in
head.
This is a direct commit to stable/12.
PR: 248046
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Fri Jul 24 20:09:52 2020
(r363491)
+++ stable/12/sys/net/if_bridge.c Fri Jul 24 20:10:27 2020
(r363492)
@@ -2189,11 +2189,14 @@ sendunicast:
static int
bridge_transmit(struct ifnet *ifp, struct mbuf *m)
{
+ struct epoch_tracker et;
struct bridge_softc *sc;
struct ether_header *eh;
struct ifnet *dst_if;
int error = 0;
+ NET_EPOCH_ENTER_ET(et);
+
sc = ifp->if_softc;
ETHER_BPF_MTAP(ifp, m);
@@ -2205,6 +2208,8 @@ bridge_transmit(struct ifnet *ifp, struct mbuf *m)
error = bridge_enqueue(sc, dst_if, m);
} else
bridge_broadcast(sc, ifp, m, 0);
+
+ NET_EPOCH_EXIT_ET(et);
return (error);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363430 - stable/12/sys/net
Author: kp
Date: Wed Jul 22 20:13:12 2020
New Revision: 363430
URL: https://svnweb.freebsd.org/changeset/base/363430
Log:
bridge: Enter epoch for bridge_input()/bridge_output()
In stable/12 epoch is not as wide as it is in head. The network stack isn't
yet
in epoch when bridge_input()/bridge_output() get called, so rather than assert
this we must enter it ourselves.
This is a direct commit to stable/12.
PR: 248046
Differential Revision:https://reviews.freebsd.org/D25715
Modified:
stable/12/sys/net/if_bridge.c
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Wed Jul 22 19:43:55 2020
(r363429)
+++ stable/12/sys/net/if_bridge.c Wed Jul 22 20:13:12 2020
(r363430)
@@ -605,7 +605,7 @@ vnet_bridge_uninit(const void *unused __unused)
/* Before we can destroy the uma zone, because there are callbacks that
* use it. */
- NET_EPOCH_WAIT();
+ epoch_drain_callbacks(net_epoch_preempt);
uma_zdestroy(V_bridge_rtnode_zone);
}
@@ -2114,17 +2114,20 @@ static int
bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
struct rtentry *rt)
{
+ struct epoch_tracker et;
struct ether_header *eh;
struct ifnet *dst_if;
struct bridge_softc *sc;
uint16_t vlan;
- MPASS(in_epoch(net_epoch_preempt));
+ NET_EPOCH_ENTER_ET(et);
if (m->m_len < ETHER_HDR_LEN) {
m = m_pullup(m, ETHER_HDR_LEN);
- if (m == NULL)
+ if (m == NULL) {
+ NET_EPOCH_EXIT_ET(et);
return (0);
+ }
}
eh = mtod(m, struct ether_header *);
@@ -2189,6 +2192,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struc
}
if (used == 0)
m_freem(m);
+ NET_EPOCH_EXIT_ET(et);
return (0);
}
@@ -2200,10 +2204,12 @@ sendunicast:
bridge_span(sc, m);
if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
m_freem(m);
+ NET_EPOCH_EXIT_ET(et);
return (0);
}
bridge_enqueue(sc, dst_if, m);
+ NET_EPOCH_EXIT_ET(et);
return (0);
}
@@ -2400,6 +2406,7 @@ drop:
static struct mbuf *
bridge_input(struct ifnet *ifp, struct mbuf *m)
{
+ struct epoch_tracker et;
struct bridge_softc *sc = ifp->if_bridge;
struct bridge_iflist *bif, *bif2;
struct ifnet *bifp;
@@ -2408,10 +2415,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
uint16_t vlan;
int error;
- MPASS(in_epoch(net_epoch_preempt));
+ NET_EPOCH_ENTER_ET(et);
- if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
+ if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
+ NET_EPOCH_EXIT_ET(et);
return (m);
+ }
bifp = sc->sc_ifp;
vlan = VLANTAGOF(m);
@@ -2428,10 +2437,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1);
if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
m_freem(m);
+ NET_EPOCH_EXIT_ET(et);
return (NULL);
}
bif = bridge_lookup_member_if(sc, ifp);
if (bif == NULL) {
+ NET_EPOCH_EXIT_ET(et);
return (m);
}
@@ -2444,11 +2455,13 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
if (memcmp(eh->ether_dhost, bstp_etheraddr,
ETHER_ADDR_LEN) == 0) {
bstp_input(>bif_stp, ifp, m); /* consumes mbuf */
+ NET_EPOCH_EXIT_ET(et);
return (NULL);
}
if ((bif->bif_flags & IFBIF_STP) &&
bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
+ NET_EPOCH_EXIT_ET(et);
return (m);
}
@@ -2459,6 +2472,7 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
*/
mc = m_dup(m, M_NOWAIT);
if (mc == NULL) {
+ NET_EPOCH_EXIT_ET(et);
return (m);
}
@@ -2485,11 +2499,13 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
}
/* Return the original packet for local processing. */
+ NET_EPOCH_EXIT_ET(et);
return (m);
}
if ((bif->bif_flags & IFBIF_STP) &&
bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
+ NET_EPOCH_EXIT_ET(et);
return (m);
}
@@ -2539,10 +2555,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
vlan, bif, 0, IFBAF_DYNAMIC); \
svn commit: r363429 - stable/12/sys/net
Author: kp Date: Wed Jul 22 19:43:55 2020 New Revision: 363429 URL: https://svnweb.freebsd.org/changeset/base/363429 Log: MFC r363308: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. PR: 248046 Modified: stable/12/sys/net/if_bridge.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Wed Jul 22 19:08:05 2020 (r363428) +++ stable/12/sys/net/if_bridge.c Wed Jul 22 19:43:55 2020 (r363429) @@ -1467,9 +1467,9 @@ bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) bifc->ifbic_len = buflen; return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1529,9 +1529,9 @@ bridge_ioctl_rts(struct bridge_softc *sc, void *arg) count++; buflen = sizeof(bareq) * count; - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1857,9 +1857,9 @@ bridge_ioctl_gifsstp(struct bridge_softc *sc, void *ar return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r363308 - head/sys/net
On 18 Jul 2020, at 20:47, Konstantin Belousov wrote: On Sat, Jul 18, 2020 at 12:43:11PM +, Kristof Provost wrote: Author: kp Date: Sat Jul 18 12:43:11 2020 New Revision: 363308 URL: https://svnweb.freebsd.org/changeset/base/363308 Log: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. This makes syscalls (ioctl) fail randomly. Can you pre-allocate the buffers before entering epoch, instead ? Not easily, no. The bridge ioctl handling is all done via bridge_ioctl(), which enters epoch and dispatches to the bridge_control_table. We’d have to modify every single ioctl function. These are also not the only ioctl functions that can return ENOMEM (or EINVAL). bridge_ioctl_add() already did, for example. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363308 - head/sys/net
Author: kp Date: Sat Jul 18 12:43:11 2020 New Revision: 363308 URL: https://svnweb.freebsd.org/changeset/base/363308 Log: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. PR: 248046 MFC after:3 days Modified: head/sys/net/if_bridge.c Modified: head/sys/net/if_bridge.c == --- head/sys/net/if_bridge.cSat Jul 18 12:21:08 2020(r363307) +++ head/sys/net/if_bridge.cSat Jul 18 12:43:11 2020(r363308) @@ -1393,9 +1393,9 @@ bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) bifc->ifbic_len = buflen; return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1455,9 +1455,9 @@ bridge_ioctl_rts(struct bridge_softc *sc, void *arg) count++; buflen = sizeof(bareq) * count; - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1783,9 +1783,9 @@ bridge_ioctl_gifsstp(struct bridge_softc *sc, void *ar return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362977 - head/sys/riscv/riscv
Author: kp
Date: Mon Jul 6 21:29:50 2020
New Revision: 362977
URL: https://svnweb.freebsd.org/changeset/base/362977
Log:
riscv plic: Do not complete interrupts until the interrupt handler has run
We cannot complete the interrupt (i.e. write to the claims/complete register
until the interrupt handler has actually run. We don't run the interrupt
handler immediately from intr_isrc_dispatch(), we only schedule it for later
execution.
If we immediately complete it (i.e. before the interrupt handler proper has
run) the interrupt may be triggered again if the interrupt source remains set.
From RISC-V Instruction Set Manual: Volume II: Priviliged Architecture, 7.4
Interrupt Gateways:
"If a level-sensitive interrupt source deasserts the interrupt after the PLIC
core accepts the request and before the interrupt is serviced, the interrupt
request remains present in the IP bit of the PLIC core and will be serviced by
a handler, which will then have to determine that the interrupt device no
longer requires service."
In other words, we may receive interrupts twice.
Avoid that by postponing the completion until after the interrupt handler has
run.
If the interrupt is handled by a filter rather than by scheduling an interrupt
thread we must also complete the interrupt, so set up a post_filter handler
(which is the same as the post_ithread handler).
Reviewed by: mhorne
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D25531
Modified:
head/sys/riscv/riscv/plic.c
Modified: head/sys/riscv/riscv/plic.c
==
--- head/sys/riscv/riscv/plic.c Mon Jul 6 21:20:57 2020(r362976)
+++ head/sys/riscv/riscv/plic.c Mon Jul 6 21:29:50 2020(r362977)
@@ -169,11 +169,11 @@ plic_intr(void *arg)
sc = arg;
cpu = PCPU_GET(cpuid);
+ /* Claim any pending interrupt. */
pending = RD4(sc, PLIC_CLAIM(sc, cpu));
if (pending) {
tf = curthread->td_intr_frame;
plic_irq_dispatch(sc, pending, tf);
- WR4(sc, PLIC_CLAIM(sc, cpu), pending);
}
return (FILTER_HANDLED);
@@ -384,7 +384,17 @@ plic_pre_ithread(device_t dev, struct intr_irqsrc *isr
static void
plic_post_ithread(device_t dev, struct intr_irqsrc *isrc)
{
+ struct plic_softc *sc;
+ struct plic_irqsrc *src;
+ uint32_t cpu;
+ sc = device_get_softc(dev);
+ src = (struct plic_irqsrc *)isrc;
+
+ cpu = CPU_FFS(>isrc_cpu) - 1;
+
+ /* Complete the interrupt. */
+ WR4(sc, PLIC_CLAIM(sc, cpu), src->irq);
plic_enable_intr(dev, isrc);
}
@@ -451,6 +461,7 @@ static device_method_t plic_methods[] = {
DEVMETHOD(pic_map_intr, plic_map_intr),
DEVMETHOD(pic_pre_ithread, plic_pre_ithread),
DEVMETHOD(pic_post_ithread, plic_post_ithread),
+ DEVMETHOD(pic_post_filter, plic_post_ithread),
DEVMETHOD(pic_setup_intr, plic_setup_intr),
DEVMETHOD(pic_bind_intr,plic_bind_intr),
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362853 - in head/sys/riscv: include riscv
Author: kp Date: Wed Jul 1 19:15:43 2020 New Revision: 362853 URL: https://svnweb.freebsd.org/changeset/base/362853 Log: riscv pmap: zero reserved pte bits in ppn The top 10 bits of a pte are reserved by specification[1] and are not part of the PPN. [1] 'Volume II: RISC-V Privileged Architectures V20190608-Priv-MSU-Ratified', '4.4.1 Addressing and Memory Protection', page 72: "The PTE format for Sv39 is shown in Figure 4.18. ... Bits 63–54 are reserved for future use and must be zeroed by software for forward compatibility." Submitted by: Nathaniel Filardo Reviewed by: kp, mhorne Differential Revision:https://reviews.freebsd.org/D25523 Modified: head/sys/riscv/include/pte.h head/sys/riscv/riscv/pmap.c Modified: head/sys/riscv/include/pte.h == --- head/sys/riscv/include/pte.hWed Jul 1 19:12:47 2020 (r362852) +++ head/sys/riscv/include/pte.hWed Jul 1 19:15:43 2020 (r362853) @@ -83,6 +83,9 @@ typedef uint64_tpn_t; /* page number */ #definePTE_PROMOTE (PTE_V | PTE_RWX | PTE_D | PTE_A | PTE_G | PTE_U | \ PTE_SW_MANAGED | PTE_SW_WIRED) +/* Bits 63 - 54 are reserved for future use. */ +#define PTE_HI_MASK0xFFC0ULL + #definePTE_PPN0_S 10 #definePTE_PPN1_S 19 #definePTE_PPN2_S 28 Modified: head/sys/riscv/riscv/pmap.c == --- head/sys/riscv/riscv/pmap.c Wed Jul 1 19:12:47 2020(r362852) +++ head/sys/riscv/riscv/pmap.c Wed Jul 1 19:15:43 2020(r362853) @@ -339,7 +339,8 @@ pagezero(void *p) #definepmap_l2_index(va) (((va) >> L2_SHIFT) & Ln_ADDR_MASK) #definepmap_l3_index(va) (((va) >> L3_SHIFT) & Ln_ADDR_MASK) -#definePTE_TO_PHYS(pte)((pte >> PTE_PPN0_S) * PAGE_SIZE) +#definePTE_TO_PHYS(pte) \ +pte) & ~PTE_HI_MASK) >> PTE_PPN0_S) * PAGE_SIZE) static __inline pd_entry_t * pmap_l1(pmap_t pmap, vm_offset_t va) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362852 - head/sys/riscv/riscv
Author: kp Date: Wed Jul 1 19:12:47 2020 New Revision: 362852 URL: https://svnweb.freebsd.org/changeset/base/362852 Log: riscv locore.S: load constant prior to loop A very minor micro-optimization; t0 is not clobbered between the loop top and bottom and there appear to be no other branches to this label. Submitted by: Nathaniel Filardo Reviewed by: mhorne Differential Revision:https://reviews.freebsd.org/D25524 Modified: head/sys/riscv/riscv/locore.S Modified: head/sys/riscv/riscv/locore.S == --- head/sys/riscv/riscv/locore.S Wed Jul 1 19:11:02 2020 (r362851) +++ head/sys/riscv/riscv/locore.S Wed Jul 1 19:12:47 2020 (r362852) @@ -139,8 +139,8 @@ pagetables: li t2, 512 /* Build 512 entries */ add t3, t4, t2 li t5, 0 -1: li t0, (PTE_KERN | PTE_X) +1: sllit2, t4, PTE_PPN1_S /* << PTE_PPN1_S */ or t5, t0, t2 sd t5, (s1)/* Store PTE entry to position */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362851 - head/sys/riscv/riscv
Author: kp
Date: Wed Jul 1 19:11:02 2020
New Revision: 362851
URL: https://svnweb.freebsd.org/changeset/base/362851
Log:
riscv: Log missing registers in dump_regs()
If we panic we dump the registers for debugging. This is very useful, but it
missed several registers (ra, sp, gp and tp).
Log these as well. Especially the return address value is extremely useful.
Sponsored by: Axiado
Modified:
head/sys/riscv/riscv/trap.c
Modified: head/sys/riscv/riscv/trap.c
==
--- head/sys/riscv/riscv/trap.c Wed Jul 1 18:10:37 2020(r362850)
+++ head/sys/riscv/riscv/trap.c Wed Jul 1 19:11:02 2020(r362851)
@@ -147,6 +147,11 @@ dump_regs(struct trapframe *frame)
for (i = 0; i < n; i++)
printf("a[%d] == 0x%016lx\n", i, frame->tf_a[i]);
+ printf("ra == 0x%016lx\n", frame->tf_ra);
+ printf("sp == 0x%016lx\n", frame->tf_sp);
+ printf("gp == 0x%016lx\n", frame->tf_gp);
+ printf("tp == 0x%016lx\n", frame->tf_tp);
+
printf("sepc == 0x%016lx\n", frame->tf_sepc);
printf("sstatus == 0x%016lx\n", frame->tf_sstatus);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362650 - stable/12/sys/net
Author: kp
Date: Fri Jun 26 12:11:22 2020
New Revision: 362650
URL: https://svnweb.freebsd.org/changeset/base/362650
Log:
MFC r360345:
bridge: epoch-ification
Run the bridge datapath under epoch, rather than under the
BRIDGE_LOCK().
We still take the BRIDGE_LOCK() whenever we insert or delete items in
the relevant lists, but we use epoch callbacks to free items so that
it's safe to iterate the lists without the BRIDGE_LOCK.
Tests on mercat5/6 shows this increases bridge throughput significantly,
from 3.7Mpps to 18.6Mpps.
MFC after:The FreeBSD Foundation
Modified:
stable/12/sys/net/if_bridge.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Fri Jun 26 10:08:57 2020
(r362649)
+++ stable/12/sys/net/if_bridge.c Fri Jun 26 12:11:22 2020
(r362650)
@@ -237,6 +237,8 @@ struct bridge_iflist {
uint32_tbif_addrmax;/* max # of addresses */
uint32_tbif_addrcnt;/* cur. # of addresses */
uint32_tbif_addrexceeded;/* # of address violations */
+
+ struct epoch_contextbif_epoch_ctx;
};
/*
@@ -250,6 +252,9 @@ struct bridge_rtnode {
uint8_t brt_flags; /* address flags */
uint8_t brt_addr[ETHER_ADDR_LEN];
uint16_tbrt_vlan; /* vlan id */
+
+ struct vnet*brt_vnet;
+ struct epoch_context brt_epoch_ctx;
};
#definebrt_ifp brt_dst->bif_ifp
@@ -276,6 +281,8 @@ struct bridge_softc {
uint32_tsc_brtexceeded; /* # of cache drops */
struct ifnet*sc_ifaddr; /* member mac copied from */
struct ether_addr sc_defaddr; /* Default MAC address */
+
+ struct epoch_contextsc_epoch_ctx;
};
VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx);
@@ -595,6 +602,11 @@ vnet_bridge_uninit(const void *unused __unused)
if_clone_detach(V_bridge_cloner);
V_bridge_cloner = NULL;
BRIDGE_LIST_LOCK_DESTROY();
+
+ /* Before we can destroy the uma zone, because there are callbacks that
+* use it. */
+ NET_EPOCH_WAIT();
+
uma_zdestroy(V_bridge_rtnode_zone);
}
VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY,
@@ -757,6 +769,17 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca
return (0);
}
+static void
+bridge_clone_destroy_cb(struct epoch_context *ctx)
+{
+ struct bridge_softc *sc;
+
+ sc = __containerof(ctx, struct bridge_softc, sc_epoch_ctx);
+
+ BRIDGE_LOCK_DESTROY(sc);
+ free(sc, M_DEVBUF);
+}
+
/*
* bridge_clone_destroy:
*
@@ -795,8 +818,7 @@ bridge_clone_destroy(struct ifnet *ifp)
ether_ifdetach(ifp);
if_free(ifp);
- BRIDGE_LOCK_DESTROY(sc);
- free(sc, M_DEVBUF);
+ epoch_call(net_epoch_preempt, >sc_epoch_ctx,
bridge_clone_destroy_cb);
}
/*
@@ -822,7 +844,10 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da
struct ifdrv *ifd = (struct ifdrv *) data;
const struct bridge_control *bc;
int error = 0, oldmtu;
+ struct epoch_tracker et;
+ NET_EPOCH_ENTER_ET(et);
+
switch (cmd) {
case SIOCADDMULTI:
@@ -943,6 +968,8 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da
break;
}
+ NET_EPOCH_EXIT_ET(et);
+
return (error);
}
@@ -957,6 +984,8 @@ bridge_mutecaps(struct bridge_softc *sc)
struct bridge_iflist *bif;
int enabled, mask;
+ BRIDGE_LOCK_ASSERT(sc);
+
/* Initial bitmask of capabilities to test */
mask = BRIDGE_IFCAPS_MASK;
@@ -1018,7 +1047,7 @@ bridge_lookup_member(struct bridge_softc *sc, const ch
struct bridge_iflist *bif;
struct ifnet *ifp;
- BRIDGE_LOCK_ASSERT(sc);
+ MPASS(in_epoch(net_epoch_preempt));
CK_LIST_FOREACH(bif, >sc_iflist, bif_next) {
ifp = bif->bif_ifp;
@@ -1039,7 +1068,7 @@ bridge_lookup_member_if(struct bridge_softc *sc, struc
{
struct bridge_iflist *bif;
- BRIDGE_LOCK_ASSERT(sc);
+ MPASS(in_epoch(net_epoch_preempt));
CK_LIST_FOREACH(bif, >sc_iflist, bif_next) {
if (bif->bif_ifp == member_ifp)
@@ -1049,6 +1078,16 @@ bridge_lookup_member_if(struct bridge_softc *sc, struc
return (NULL);
}
+static void
+bridge_delete_member_cb(struct epoch_context *ctx)
+{
+ struct bridge_iflist *bif;
+
+ bif = __containerof(ctx, struct bridge_iflist, bif_epoch_ctx);
+
+ free(bif, M_DEVBUF);
+}
+
/*
* bridge_delete_member:
*
@@ -1129,7 +1168,9 @@ bridge_delete_member(struct bridge_softc *sc, struct b
}
bstp_destroy(>bif_stp);/* prepare to free */
BRIDGE_LOCK(sc);
-
svn commit: r362649 - stable/12/sys/net
Author: kp
Date: Fri Jun 26 10:08:57 2020
New Revision: 362649
URL: https://svnweb.freebsd.org/changeset/base/362649
Log:
MFC r359641:
bridge: Change lists to CK_LIST as a peparation for epochification
Prepare the ground for a rework of the bridge locking approach. We will
use an epoch-based approach in the datapath and making it safe to
iterate over the interface, span and rtnode lists without holding the
BRIDGE_LOCK. Replace the relevant lists by their ConcurrencyKit
equivalents.
No functional change in this commit.
Sponsored by: The FreeBSD Foundation
Modified:
stable/12/sys/net/if_bridge.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Fri Jun 26 09:52:43 2020
(r362648)
+++ stable/12/sys/net/if_bridge.c Fri Jun 26 10:08:57 2020
(r362649)
@@ -229,7 +229,7 @@ extern void nd6_setmtu(struct ifnet *);
* Bridge interface list entry.
*/
struct bridge_iflist {
- LIST_ENTRY(bridge_iflist) bif_next;
+ CK_LIST_ENTRY(bridge_iflist) bif_next;
struct ifnet*bif_ifp; /* member if */
struct bstp_portbif_stp;/* STP state */
uint32_tbif_flags; /* member if flags */
@@ -243,8 +243,8 @@ struct bridge_iflist {
* Bridge route node.
*/
struct bridge_rtnode {
- LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
- LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
+ CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
+ CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
struct bridge_iflist*brt_dst; /* destination if */
unsigned long brt_expire; /* expiration time */
uint8_t brt_flags; /* address flags */
@@ -267,11 +267,11 @@ struct bridge_softc {
struct callout sc_brcallout; /* bridge callout */
uint32_tsc_iflist_ref; /* refcount for sc_iflist */
uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */
- LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
- LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
- LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
+ CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface
list */
+ CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table
*/
+ CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of
above */
uint32_tsc_rthash_key; /* key for hash */
- LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
+ CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
struct bstp_state sc_stp; /* STP state */
uint32_tsc_brtexceeded; /* # of cache drops */
struct ifnet*sc_ifaddr; /* member mac copied from */
@@ -696,8 +696,8 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca
callout_init_mtx(>sc_brcallout, >sc_mtx, 0);
- LIST_INIT(>sc_iflist);
- LIST_INIT(>sc_spanlist);
+ CK_LIST_INIT(>sc_iflist);
+ CK_LIST_INIT(>sc_spanlist);
ifp->if_softc = sc;
if_initname(ifp, bridge_name, unit);
@@ -773,10 +773,10 @@ bridge_clone_destroy(struct ifnet *ifp)
bridge_stop(ifp, 1);
ifp->if_flags &= ~IFF_UP;
- while ((bif = LIST_FIRST(>sc_iflist)) != NULL)
+ while ((bif = CK_LIST_FIRST(>sc_iflist)) != NULL)
bridge_delete_member(sc, bif, 0);
- while ((bif = LIST_FIRST(>sc_spanlist)) != NULL) {
+ while ((bif = CK_LIST_FIRST(>sc_spanlist)) != NULL) {
bridge_delete_span(sc, bif);
}
@@ -915,12 +915,12 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da
error = EINVAL;
break;
}
- if (LIST_EMPTY(>sc_iflist)) {
+ if (CK_LIST_EMPTY(>sc_iflist)) {
sc->sc_ifp->if_mtu = ifr->ifr_mtu;
break;
}
BRIDGE_LOCK(sc);
- LIST_FOREACH(bif, >sc_iflist, bif_next) {
+ CK_LIST_FOREACH(bif, >sc_iflist, bif_next) {
if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) {
log(LOG_NOTICE, "%s: invalid MTU: %u(%s)"
" != %d\n", sc->sc_ifp->if_xname,
@@ -960,13 +960,13 @@ bridge_mutecaps(struct bridge_softc *sc)
/* Initial bitmask of capabilities to test */
mask = BRIDGE_IFCAPS_MASK;
- LIST_FOREACH(bif, >sc_iflist, bif_next) {
+ CK_LIST_FOREACH(bif, >sc_iflist, bif_next) {
/* Every member must support it or its
svn commit: r362648 - stable/12/sys/net
Author: kp
Date: Fri Jun 26 09:52:43 2020
New Revision: 362648
URL: https://svnweb.freebsd.org/changeset/base/362648
Log:
MFC r358325:
bridge: Move locking defines into if_bridge.c
The locking defines for if_bridge used to live in if_bridgevar.h, but
they're only ever used by the bridge implementation itself (in
if_bridge.c). Moving them into the .c file.
Sponsored by: The FreeBSD Foundation
Modified:
stable/12/sys/net/if_bridge.c
stable/12/sys/net/if_bridgevar.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_bridge.c
==
--- stable/12/sys/net/if_bridge.c Fri Jun 26 09:46:03 2020
(r362647)
+++ stable/12/sys/net/if_bridge.c Fri Jun 26 09:52:43 2020
(r362648)
@@ -185,6 +185,47 @@ extern voidnd6_setmtu(struct ifnet *);
#defineBRIDGE_IFCAPS_STRIP IFCAP_LRO
/*
+ * Bridge locking
+ */
+#define BRIDGE_LOCK_INIT(_sc) do {\
+ mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
+ cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
+} while (0)
+#define BRIDGE_LOCK_DESTROY(_sc) do {\
+ mtx_destroy(&(_sc)->sc_mtx);\
+ cv_destroy(&(_sc)->sc_cv); \
+} while (0)
+#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
+#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
+#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
+#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
+#defineBRIDGE_LOCK2REF(_sc, _err) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ if ((_sc)->sc_iflist_xcnt > 0) \
+ (_err) = EBUSY; \
+ else\
+ (_sc)->sc_iflist_ref++; \
+ mtx_unlock(&(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_UNREF(_sc) do {
\
+ mtx_lock(&(_sc)->sc_mtx); \
+ (_sc)->sc_iflist_ref--; \
+ if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
+ cv_broadcast(&(_sc)->sc_cv);\
+ mtx_unlock(&(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_XLOCK(_sc) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ (_sc)->sc_iflist_xcnt++;\
+ while ((_sc)->sc_iflist_ref > 0)\
+ cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \
+} while (0)
+#defineBRIDGE_XDROP(_sc) do {\
+ mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
+ (_sc)->sc_iflist_xcnt--;\
+} while (0)
+
+/*
* Bridge interface list entry.
*/
struct bridge_iflist {
Modified: stable/12/sys/net/if_bridgevar.h
==
--- stable/12/sys/net/if_bridgevar.hFri Jun 26 09:46:03 2020
(r362647)
+++ stable/12/sys/net/if_bridgevar.hFri Jun 26 09:52:43 2020
(r362648)
@@ -271,44 +271,6 @@ struct ifbpstpconf {
#ifdef _KERNEL
-#define BRIDGE_LOCK_INIT(_sc) do {\
- mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
- cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
-} while (0)
-#define BRIDGE_LOCK_DESTROY(_sc) do {\
- mtx_destroy(&(_sc)->sc_mtx);\
- cv_destroy(&(_sc)->sc_cv); \
-} while (0)
-#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
-#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
-#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
-#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
-#defineBRIDGE_LOCK2REF(_sc, _err) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- if ((_sc)->sc_iflist_xcnt > 0) \
- (_err) = EBUSY; \
- else\
- (_sc)->sc_iflist_ref++; \
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_UNREF(_sc) do {
\
- mtx_lock(&(_sc)->sc_mtx); \
- (_sc)->sc_iflist_ref--; \
- if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
- cv_broadcast(&(_sc)->sc_cv);\
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XLOCK(_sc) do {\
-
svn commit: r362235 - head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch
Author: kp
Date: Tue Jun 16 18:39:56 2020
New Revision: 362235
URL: https://svnweb.freebsd.org/changeset/base/362235
Log:
llvm: Default to -mno-relax on RISC-V
Compiling on a RISC-V system fails with 'relocation R_RISCV_ALIGN
requires unimplemented linker relaxation; recompile with -mno-relax'.
Our default linker (ld.lld) doesn't support relaxation, so default to
no-relax so we don't generate object files the linker can't handle.
Reviewed by: mhorne
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D25210
Modified:
head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp
Modified: head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp
==
--- head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp
Tue Jun 16 18:16:45 2020(r362234)
+++ head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp
Tue Jun 16 18:39:56 2020(r362235)
@@ -426,8 +426,9 @@ void riscv::getRISCVTargetFeatures(const Driver , co
if (Args.hasArg(options::OPT_ffixed_x31))
Features.push_back("+reserve-x31");
- // -mrelax is default, unless -mno-relax is specified.
- if (Args.hasFlag(options::OPT_mrelax, options::OPT_mno_relax, true))
+ // FreeBSD local, because ld.lld doesn't support relaxations
+ // -mno-relax is default, unless -mrelax is specified.
+ if (Args.hasFlag(options::OPT_mrelax, options::OPT_mno_relax, false))
Features.push_back("+relax");
else
Features.push_back("-relax");
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362217 - head/stand/common
On 16 Jun 2020, at 19:11, Ed Maste wrote: On Tue, 16 Jun 2020 at 13:01, Ian Lepore wrote: As much as I prefer doing it this way, style(9) doesn't allow for variable declarations inside a for() statement (or even inside a local block, which is just too 1980s for me, but it is still our standard). Perhaps it's time to update style(9) to at least permit these uses, as we've done with the blank line at the beginning of functions with no local variables, and with braces around single-line bodies. We have 431 instances of `for (int i` in sys alone. It’s not so much a question of allowing it as acknowledging reality at this point. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362064 - stable/12/sys/netpfil/pf
Author: kp
Date: Thu Jun 11 16:51:13 2020
New Revision: 362064
URL: https://svnweb.freebsd.org/changeset/base/362064
Log:
MFC r357061:
pf: Apply kif flags to new group members
If we have a 'set skip on ' rule this flag it set on the group
kif, but must also be set on all members. pfctl does this when the rules
are set, but if groups are added afterwards we must also apply the flags
to the new member. If not, new group members will not be skipped until
the rules are reloaded.
Modified:
stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_if.c
==
--- stable/12/sys/netpfil/pf/pf_if.cThu Jun 11 15:59:49 2020
(r362063)
+++ stable/12/sys/netpfil/pf/pf_if.cThu Jun 11 16:51:13 2020
(r362064)
@@ -463,13 +463,27 @@ static void
pfi_kif_update(struct pfi_kif *kif)
{
struct ifg_list *ifgl;
+ struct ifg_member *ifgm;
struct pfi_dynaddr *p;
+ struct pfi_kif *tmpkif;
PF_RULES_WASSERT();
/* update all dynaddr */
TAILQ_FOREACH(p, >pfik_dynaddrs, entry)
pfi_dynaddr_update(p);
+
+ /* Apply group flags to new members. */
+ if (kif->pfik_group != NULL) {
+ CK_STAILQ_FOREACH(ifgm, >pfik_group->ifg_members,
+ ifgm_next) {
+ tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif;
+ if (tmpkif == NULL)
+ continue;
+
+ tmpkif->pfik_flags |= kif->pfik_flags;
+ }
+ }
/* again for all groups kif is member of */
if (kif->pfik_ifp != NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361893 - head/tests/sys/net
Author: kp
Date: Sun Jun 7 13:53:02 2020
New Revision: 361893
URL: https://svnweb.freebsd.org/changeset/base/361893
Log:
bridge tests: Re-enable STP test
This test should no longer provoke large amounts of traffic, which can
overwhelm single-core systems, preventing them from making progress in the
tests.
The test can now be re-enabled.
PR: 246448
Modified:
head/tests/sys/net/if_bridge_test.sh
Modified: head/tests/sys/net/if_bridge_test.sh
==
--- head/tests/sys/net/if_bridge_test.shSun Jun 7 13:52:49 2020
(r361892)
+++ head/tests/sys/net/if_bridge_test.shSun Jun 7 13:53:02 2020
(r361893)
@@ -76,10 +76,6 @@ stp_head()
stp_body()
{
- if [ "$(atf_config_get ci false)" = "true" ]; then
- atf_skip "https://bugs.freebsd.org/246448;
- fi
-
vnet_init
epair_one=$(vnet_mkepair)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361761 - stable/12/sys/dev/bnxt
Author: kp
Date: Wed Jun 3 18:09:31 2020
New Revision: 361761
URL: https://svnweb.freebsd.org/changeset/base/361761
Log:
MFC r361279:
bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two
Modified:
stable/12/sys/dev/bnxt/bnxt.h
stable/12/sys/dev/bnxt/if_bnxt.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/dev/bnxt/bnxt.h
==
--- stable/12/sys/dev/bnxt/bnxt.h Wed Jun 3 17:47:32 2020
(r361760)
+++ stable/12/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:31 2020
(r361761)
@@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$");
#define NETXTREME_E_VF20x16d3
#define NETXTREME_E_VF30x16dc
+/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power
+ * of two. The hardware has no particular limitation. */
+#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1)
+#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1)
+
#define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \
CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \
CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP)
Modified: stable/12/sys/dev/bnxt/if_bnxt.c
==
--- stable/12/sys/dev/bnxt/if_bnxt.cWed Jun 3 17:47:32 2020
(r361760)
+++ stable/12/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:31 2020
(r361761)
@@ -315,11 +315,11 @@ static struct if_shared_ctx bnxt_sctx_init = {
.isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8,
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd),
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)},
- .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD},
.isc_ntxd_min = {16, 16, 16},
.isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2,
PAGE_SIZE / sizeof(struct tx_bd_short)},
- .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD},
.isc_admin_intrcnt = 1,
.isc_vendor_info = bnxt_vendor_info_array,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361762 - stable/11/sys/dev/bnxt
Author: kp
Date: Wed Jun 3 18:09:32 2020
New Revision: 361762
URL: https://svnweb.freebsd.org/changeset/base/361762
Log:
MFC r361279:
bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two
Modified:
stable/11/sys/dev/bnxt/bnxt.h
stable/11/sys/dev/bnxt/if_bnxt.c
Modified: stable/11/sys/dev/bnxt/bnxt.h
==
--- stable/11/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:31 2020
(r361761)
+++ stable/11/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:32 2020
(r361762)
@@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$");
#define NETXTREME_E_VF20x16d3
#define NETXTREME_E_VF30x16dc
+/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power
+ * of two. The hardware has no particular limitation. */
+#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1)
+#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1)
+
#define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \
CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \
CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP)
Modified: stable/11/sys/dev/bnxt/if_bnxt.c
==
--- stable/11/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:31 2020
(r361761)
+++ stable/11/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:32 2020
(r361762)
@@ -313,11 +313,11 @@ static struct if_shared_ctx bnxt_sctx_init = {
.isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8,
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd),
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)},
- .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD},
.isc_ntxd_min = {16, 16, 16},
.isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2,
PAGE_SIZE / sizeof(struct tx_bd_short)},
- .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD},
.isc_admin_intrcnt = 1,
.isc_vendor_info = bnxt_vendor_info_array,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361701 - head/tests/sys/net
Author: kp
Date: Mon Jun 1 19:26:16 2020
New Revision: 361701
URL: https://svnweb.freebsd.org/changeset/base/361701
Log:
bridge tests: Avoid building a switching loop
Enable STP before bringing the bridges up. This avoids a switching loop,
which has a tendency to drown out progress in userspace processes,
especially on single-core systems.
Only check that we have indeed shut down one of the looped interfaces
PR: 246448
Reviewed by: melifaro
Differential Revision:https://reviews.freebsd.org/D25084
Modified:
head/tests/sys/net/if_bridge_test.sh
Modified: head/tests/sys/net/if_bridge_test.sh
==
--- head/tests/sys/net/if_bridge_test.shMon Jun 1 18:58:09 2020
(r361700)
+++ head/tests/sys/net/if_bridge_test.shMon Jun 1 19:26:16 2020
(r361701)
@@ -72,7 +72,6 @@ stp_head()
{
atf_set descr 'Spanning tree test'
atf_set require.user root
- atf_set require.progs jq
}
stp_body()
@@ -91,13 +90,11 @@ stp_body()
vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
- jexec a ifconfig ${bridge_a} up
jexec a ifconfig ${epair_one}a up
jexec a ifconfig ${epair_two}a up
jexec a ifconfig ${bridge_a} addm ${epair_one}a
jexec a ifconfig ${bridge_a} addm ${epair_two}a
- jexec b ifconfig ${bridge_b} up
jexec b ifconfig ${epair_one}b up
jexec b ifconfig ${epair_two}b up
jexec b ifconfig ${bridge_b} addm ${epair_one}b
@@ -105,22 +102,14 @@ stp_body()
jexec a ifconfig ${bridge_a} 192.0.2.1/24
- # Give the interfaces some time to come up and pass some traffic
- sleep 5
-
- # Confirm that there's looping traffic
- nbr=$(jexec a netstat -I ${bridge_a} --libxo json \
- | jq ".statistics.interface[0].\"received-packets\"")
- if [ ${nbr} -lt 100 ]
- then
- atf_fail "Expected bridging loop, but found very few packets."
- fi
-
# Enable spanning tree
jexec a ifconfig ${bridge_a} stp ${epair_one}a
jexec a ifconfig ${bridge_a} stp ${epair_two}a
jexec b ifconfig ${bridge_b} stp ${epair_one}b
jexec b ifconfig ${bridge_b} stp ${epair_two}b
+
+ jexec b ifconfig ${bridge_b} up
+ jexec a ifconfig ${bridge_a} up
# Give STP time to do its thing
sleep 5
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361279 - head/sys/dev/bnxt
Author: kp
Date: Wed May 20 16:07:37 2020
New Revision: 361279
URL: https://svnweb.freebsd.org/changeset/base/361279
Log:
bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two
Reviewed by: gallatin, rpokala
MFC after:2 weeks
Differential Revision:https://reviews.freebsd.org/D24922
Modified:
head/sys/dev/bnxt/bnxt.h
head/sys/dev/bnxt/if_bnxt.c
Modified: head/sys/dev/bnxt/bnxt.h
==
--- head/sys/dev/bnxt/bnxt.hWed May 20 13:51:27 2020(r361278)
+++ head/sys/dev/bnxt/bnxt.hWed May 20 16:07:37 2020(r361279)
@@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$");
#define NETXTREME_E_VF20x16d3
#define NETXTREME_E_VF30x16dc
+/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power
+ * of two. The hardware has no particular limitation. */
+#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1)
+#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1)
+
#define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \
CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \
CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP)
Modified: head/sys/dev/bnxt/if_bnxt.c
==
--- head/sys/dev/bnxt/if_bnxt.c Wed May 20 13:51:27 2020(r361278)
+++ head/sys/dev/bnxt/if_bnxt.c Wed May 20 16:07:37 2020(r361279)
@@ -316,11 +316,11 @@ static struct if_shared_ctx bnxt_sctx_init = {
.isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8,
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd),
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)},
- .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD},
.isc_ntxd_min = {16, 16, 16},
.isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2,
PAGE_SIZE / sizeof(struct tx_bd_short)},
- .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD},
.isc_admin_intrcnt = 1,
.isc_vendor_info = bnxt_vendor_info_array,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r347418 - head/sys/net
On 19 May 2020, at 17:02, Andrew Gallatin wrote:
On 2020-05-19 04:21, Kristof Provost wrote:
The if_bnxt driver initialises |.isc_nrxd_max = {INT32_MAX,
INT32_MAX, INT32_MAX},|, so presumably that’s the cause.
I don’t know what a sane value would be though. I’ve defaulted to
4096 (because that’s what some other iflib users seems to do) for
now, and that seems to work. It doesn’t panic and I can get traffic
through it at least:
You seem to be setting the max, not the default, and 4K max
descriptors on a 100g device is going to basically cripple it.
Yeah, I just grabbed whatever number other iflib users used. My
immediate concern was to get it to stop panicking.
How about setting to the next power of 2 below max int so as to keep
with the authors intent?
Makes sense, yes.
If we don't already have a macro, something like (INT32_MAX >> 1) + 1
https://reviews.freebsd.org/D24922
Best regards,
Kristof
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r347418 - head/sys/net
On 10 May 2019, at 2:41, Eric Joyner wrote:
Author: erj
Date: Fri May 10 00:41:42 2019
New Revision: 347418
URL: https://svnweb.freebsd.org/changeset/base/347418
Log:
iflib: use default ntxd and nrxd when user value is not power of 2
From Jake:
A user may set a sysctl to override the default number of Tx or Rx
descriptors. However, certain calculations in the iflib core expect
the
number of descriptors to be a power of 2.
Update _iflib_assert to verify that all of the shared context
parameters
for the number of descriptors are powers of 2.
Modify iflib_reset_qvalues to check that the provided isc_nrxd value
is
a power of 2. If it's not, print a warning message and then use the
default value.
An alternative might be to try rounding the number down instead.
However, this creates problems in case the rounded down value is
below
the minimum value that the driver would support.
This commit appears to trigger a panic I see on a system with a Broadcom
BCM57416 (if_bnxt) nic.
It trips over the power of two assertion:
panic: Assertion powerof2(sctx->isc_nrxd_max[i]) failed at
/usr/src/sys/net/iflib.c:5320
Tracing pid 0 tid 10 td 0x81c8c640
kdb_enter() at kdb_enter+0x37/frame 0x825be990
vpanic() at vpanic+0x19e/frame 0x825be9e0
panic() at panic+0x43/frame 0x825bea40
iflib_register() at iflib_register+0x340/frame 0x825bea80
iflib_device_register() at iflib_device_register+0x9f/frame
0x825bee10
iflib_device_attach() at iflib_device_attach+0xb5/frame
0x825bee40
device_attach() at device_attach+0x3ca/frame 0x825bee80
device_probe_and_attach() at device_probe_and_attach+0x70/frame
0x825beeb0
bus_generic_attach() at bus_generic_attach+0x18/frame
0x825beed0
pci_attach() at pci_attach+0xe0/frame 0x825bef10
acpi_pci_attach() at acpi_pci_attach+0x19/frame 0x825bf150
device_attach() at device_attach+0x3ca/frame 0x825bf190
device_probe_and_attach() at device_probe_and_attach+0x70/frame
0x825bf1c0
bus_generic_attach() at bus_generic_attach+0x18/frame
0x825bf1e0
acpi_pcib_acpi_attach() at acpi_pcib_acpi_attach+0x431/frame
0x825bf250
device_attach() at device_attach+0x3ca/frame 0x825bf290
device_probe_and_attach() at device_probe_and_attach+0x70/frame
0x825bf2c0
bus_generic_attach() at bus_generic_attach+0x18/frame
0x825bf2e0
acpi_attach() at acpi_attach+0xbb7/frame 0x825bf370
device_attach() at device_attach+0x3ca/frame 0x825bf3b0
device_probe_and_attach() at device_probe_and_attach+0x70/frame
0x825bf3e0
bus_generic_attach() at bus_generic_attach+0x18/frame
0x825bf400
device_attach() at device_attach+0x3ca/frame 0x825bf440
device_probe_and_attach() at device_probe_and_attach+0x70/frame
0x825bf470
bus_generic_new_pass() at bus_generic_new_pass+0xed/frame
0x825bf4a0
bus_set_pass() at bus_set_pass+0x46/frame 0x825bf4d0
configure() at configure+0x9/frame 0x825bf4e0
mi_startup() at mi_startup+0xec/frame 0x825bf530
btext() at btext+0x2c
The if_bnxt driver initialises `.isc_nrxd_max = {INT32_MAX, INT32_MAX,
INT32_MAX},`, so presumably that’s the cause.
I don’t know what a sane value would be though. I’ve defaulted to
4096 (because that’s what some other iflib users seems to do) for now,
and that seems to work. It doesn’t panic and I can get traffic through
it at least:
diff --git a/sys/dev/bnxt/if_bnxt.c b/sys/dev/bnxt/if_bnxt.c
index 50827106024..3958d95cab9 100644
--- a/sys/dev/bnxt/if_bnxt.c
+++ b/sys/dev/bnxt/if_bnxt.c
@@ -316,11 +316,11 @@ static struct if_shared_ctx bnxt_sctx_init = {
.isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8,
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd),
PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)},
- .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_nrxd_max = {4096, 4096, 4096},
.isc_ntxd_min = {16, 16, 16},
.isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2,
PAGE_SIZE / sizeof(struct tx_bd_short)},
- .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},
+ .isc_ntxd_max = {4096, 4096, 4096},
.isc_admin_intrcnt = 1,
.isc_vendor_info = bnxt_vendor_info_array,
Best regards,
Kristof
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360935 - head/sys/opencrypto
Author: kp
Date: Mon May 11 21:42:19 2020
New Revision: 360935
URL: https://svnweb.freebsd.org/changeset/base/360935
Log:
opencrypto: Add missing ioctl exit SDTs
The opencrypto ioctl code has very useful probe points at the various exit
points. These allow us to figure out exactly why a request failed. However, a
few paths did not have these probe points. Add them here.
Reviewed by: jhb
Modified:
head/sys/opencrypto/cryptodev.c
Modified: head/sys/opencrypto/cryptodev.c
==
--- head/sys/opencrypto/cryptodev.c Mon May 11 21:39:02 2020
(r360934)
+++ head/sys/opencrypto/cryptodev.c Mon May 11 21:42:19 2020
(r360935)
@@ -465,6 +465,8 @@ cryptof_ioctl(
/* Should always be paired with GCM. */
if (sop->cipher != CRYPTO_AES_NIST_GCM_16) {
CRYPTDEB("GMAC without GCM");
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
return (EINVAL);
}
break;
@@ -539,8 +541,10 @@ cryptof_ioctl(
return (EINVAL);
}
- if (txform == NULL && thash == NULL)
+ if (txform == NULL && thash == NULL) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
memset(, 0, sizeof(csp));
@@ -550,13 +554,18 @@ cryptof_ioctl(
case CRYPTO_AES_128_NIST_GMAC:
case CRYPTO_AES_192_NIST_GMAC:
case CRYPTO_AES_256_NIST_GMAC:
- if (sop->keylen != sop->mackeylen)
+ if (sop->keylen != sop->mackeylen) {
+ SDT_PROBE1(opencrypto, dev, ioctl,
+ error, __LINE__);
return (EINVAL);
+ }
break;
#endif
case 0:
break;
default:
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
return (EINVAL);
}
csp.csp_mode = CSP_MODE_AEAD;
@@ -564,14 +573,19 @@ cryptof_ioctl(
switch (sop->mac) {
#ifdef COMPAT_FREEBSD12
case CRYPTO_AES_CCM_CBC_MAC:
- if (sop->keylen != sop->mackeylen)
+ if (sop->keylen != sop->mackeylen) {
+ SDT_PROBE1(opencrypto, dev, ioctl,
+ error, __LINE__);
return (EINVAL);
+ }
thash = NULL;
break;
#endif
case 0:
break;
default:
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
return (EINVAL);
}
csp.csp_mode = CSP_MODE_AEAD;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360867 - stable/11/sys/netpfil/pf
Author: kp
Date: Sun May 10 09:50:43 2020
New Revision: 360867
URL: https://svnweb.freebsd.org/changeset/base/360867
Log:
MFC r360609:
pf: Improve DIOCADDRULE validation
We expect the addrwrap.p.dyn value to be set to NULL (and assert such),
but do not verify it on input.
Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com
Modified:
stable/11/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/pf/pf_ioctl.c
==
--- stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:34:48 2020
(r360866)
+++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:43 2020
(r360867)
@@ -1152,6 +1152,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in
error = EINVAL;
break;
}
+ if (pr->rule.src.addr.p.dyn != NULL ||
+ pr->rule.dst.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
#ifndef INET
if (pr->rule.af == AF_INET) {
error = EAFNOSUPPORT;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360868 - stable/12/sys/netpfil/pf
Author: kp
Date: Sun May 10 09:50:44 2020
New Revision: 360868
URL: https://svnweb.freebsd.org/changeset/base/360868
Log:
MFC r360609:
pf: Improve DIOCADDRULE validation
We expect the addrwrap.p.dyn value to be set to NULL (and assert such),
but do not verify it on input.
Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com
Modified:
stable/12/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_ioctl.c
==
--- stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:43 2020
(r360867)
+++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:44 2020
(r360868)
@@ -1556,6 +1556,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in
error = EINVAL;
break;
}
+ if (pr->rule.src.addr.p.dyn != NULL ||
+ pr->rule.dst.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
#ifndef INET
if (pr->rule.af == AF_INET) {
error = EAFNOSUPPORT;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360800 - stable/11/lib/libc/net
Author: kp
Date: Thu May 7 21:14:12 2020
New Revision: 360800
URL: https://svnweb.freebsd.org/changeset/base/360800
Log:
MFC r360231:
libc: Shortcut if_indextoname() if index == 0
If the index we're trying to convert is 0 we can avoid a potentially
expensive call to getifaddrs(). No interface has an ifindex of zero, so
we can handle this as an error: set the errno to ENXIO and return NULL.
Submitted by: Nick Rogers
Sponsored by: RG Nets
Modified:
stable/11/lib/libc/net/if_indextoname.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/lib/libc/net/if_indextoname.c
==
--- stable/11/lib/libc/net/if_indextoname.c Thu May 7 21:14:11 2020
(r360799)
+++ stable/11/lib/libc/net/if_indextoname.c Thu May 7 21:14:12 2020
(r360800)
@@ -64,6 +64,11 @@ if_indextoname(unsigned int ifindex, char *ifname)
struct ifaddrs *ifaddrs, *ifa;
int error = 0;
+ if (ifindex == 0) {
+ errno = ENXIO;
+ return(NULL);
+ }
+
if (getifaddrs() < 0)
return(NULL); /* getifaddrs properly set errno */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360799 - stable/12/lib/libc/net
Author: kp
Date: Thu May 7 21:14:11 2020
New Revision: 360799
URL: https://svnweb.freebsd.org/changeset/base/360799
Log:
MFC r360231:
libc: Shortcut if_indextoname() if index == 0
If the index we're trying to convert is 0 we can avoid a potentially
expensive call to getifaddrs(). No interface has an ifindex of zero, so
we can handle this as an error: set the errno to ENXIO and return NULL.
Submitted by: Nick Rogers
Sponsored by: RG Nets
Modified:
stable/12/lib/libc/net/if_indextoname.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/lib/libc/net/if_indextoname.c
==
--- stable/12/lib/libc/net/if_indextoname.c Thu May 7 20:29:38 2020
(r360798)
+++ stable/12/lib/libc/net/if_indextoname.c Thu May 7 21:14:11 2020
(r360799)
@@ -66,6 +66,11 @@ if_indextoname(unsigned int ifindex, char *ifname)
struct ifaddrs *ifaddrs, *ifa;
int error = 0;
+ if (ifindex == 0) {
+ errno = ENXIO;
+ return(NULL);
+ }
+
if (getifaddrs() < 0)
return(NULL); /* getifaddrs properly set errno */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360609 - head/sys/netpfil/pf
Author: kp
Date: Sun May 3 16:09:35 2020
New Revision: 360609
URL: https://svnweb.freebsd.org/changeset/base/360609
Log:
pf: Improve DIOCADDRULE validation
We expect the addrwrap.p.dyn value to be set to NULL (and assert such),
but do not verify it on input.
Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com
Reviewed by: melifaro (previous version)
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D24538
Modified:
head/sys/netpfil/pf/pf_ioctl.c
Modified: head/sys/netpfil/pf/pf_ioctl.c
==
--- head/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:23 2020
(r360608)
+++ head/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:09:35 2020
(r360609)
@@ -1556,6 +1556,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in
error = EINVAL;
break;
}
+ if (pr->rule.src.addr.p.dyn != NULL ||
+ pr->rule.dst.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
#ifndef INET
if (pr->rule.af == AF_INET) {
error = EAFNOSUPPORT;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360608 - stable/11/sys/netpfil/pf
Author: kp
Date: Sun May 3 16:06:23 2020
New Revision: 360608
URL: https://svnweb.freebsd.org/changeset/base/360608
Log:
MFC r360344:
pf: Improve input validation
If we pass an anchor name which doesn't exist pfr_table_count() returns
-1, which leads to an overflow in mallocarray() and thus a panic.
Explicitly check that pfr_table_count() does not return an error.
Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com
Modified:
stable/11/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/pf/pf_ioctl.c
==
--- stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:17 2020
(r360607)
+++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:23 2020
(r360608)
@@ -2593,7 +2593,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTABLES: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -2601,6 +2602,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -2624,7 +2630,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_tstats *pfrtstats;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_tstats)) {
error = ENODEV;
@@ -2632,6 +2639,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_tstats);
@@ -2654,7 +2666,8 @@ DIOCCHANGEADDR_error:
case DIOCRCLRTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -2663,6 +2676,11 @@ DIOCCHANGEADDR_error:
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -2689,7 +2707,8 @@ DIOCCHANGEADDR_error:
case DIOCRSETTFLAGS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -2698,6 +2717,12 @@ DIOCCHANGEADDR_error:
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
+
io->pfrio_size = min(io->pfrio_size, n);
PF_RULES_RUNLOCK();
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360607 - stable/12/sys/netpfil/pf
Author: kp
Date: Sun May 3 16:06:17 2020
New Revision: 360607
URL: https://svnweb.freebsd.org/changeset/base/360607
Log:
MFC r360344:
pf: Improve input validation
If we pass an anchor name which doesn't exist pfr_table_count() returns
-1, which leads to an overflow in mallocarray() and thus a panic.
Explicitly check that pfr_table_count() does not return an error.
Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com
Modified:
stable/12/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_ioctl.c
==
--- stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 3 15:39:10 2020
(r360606)
+++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:17 2020
(r360607)
@@ -3008,7 +3008,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTABLES: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3016,6 +3017,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -3039,7 +3045,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_tstats *pfrtstats;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_tstats)) {
error = ENODEV;
@@ -3047,6 +3054,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_tstats);
@@ -3069,7 +3081,8 @@ DIOCCHANGEADDR_error:
case DIOCRCLRTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3078,6 +3091,11 @@ DIOCCHANGEADDR_error:
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -3104,7 +3122,8 @@ DIOCCHANGEADDR_error:
case DIOCRSETTFLAGS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3113,6 +3132,12 @@ DIOCCHANGEADDR_error:
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
+
io->pfrio_size = min(io->pfrio_size, n);
PF_RULES_RUNLOCK();
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360347 - head/sys/netpfil/pf
Author: kp
Date: Sun Apr 26 16:30:00 2020
New Revision: 360347
URL: https://svnweb.freebsd.org/changeset/base/360347
Log:
pf: Virtualise pf_frag_mtx
The pf_frag_mtx mutex protects the fragments queue. The fragments queue
is virtualised already (i.e. per-vnet) so it makes no sense to block
jail A from accessing its fragments queue while jail B is accessing its
own fragments queue.
Virtualise the lock for improved concurrency.
Differential Revision:https://reviews.freebsd.org/D24504
Modified:
head/sys/netpfil/pf/pf_norm.c
Modified: head/sys/netpfil/pf/pf_norm.c
==
--- head/sys/netpfil/pf/pf_norm.c Sun Apr 26 16:27:03 2020
(r360346)
+++ head/sys/netpfil/pf/pf_norm.c Sun Apr 26 16:30:00 2020
(r360347)
@@ -106,11 +106,11 @@ struct pf_fragment_tag {
uint32_tft_id; /* fragment id */
};
-static struct mtx pf_frag_mtx;
-MTX_SYSINIT(pf_frag_mtx, _frag_mtx, "pf fragments", MTX_DEF);
-#define PF_FRAG_LOCK() mtx_lock(_frag_mtx)
-#define PF_FRAG_UNLOCK() mtx_unlock(_frag_mtx)
-#define PF_FRAG_ASSERT() mtx_assert(_frag_mtx, MA_OWNED)
+VNET_DEFINE_STATIC(struct mtx, pf_frag_mtx);
+#define V_pf_frag_mtx VNET(pf_frag_mtx)
+#define PF_FRAG_LOCK() mtx_lock(_pf_frag_mtx)
+#define PF_FRAG_UNLOCK() mtx_unlock(_pf_frag_mtx)
+#define PF_FRAG_ASSERT() mtx_assert(_pf_frag_mtx, MA_OWNED)
VNET_DEFINE(uma_zone_t, pf_state_scrub_z); /* XXX: shared with pfsync */
@@ -192,6 +192,8 @@ pf_normalize_init(void)
sizeof(struct pf_state_scrub), NULL, NULL, NULL, NULL,
UMA_ALIGN_PTR, 0);
+ mtx_init(_pf_frag_mtx, "pf fragments", NULL, MTX_DEF);
+
V_pf_limits[PF_LIMIT_FRAGS].zone = V_pf_frent_z;
V_pf_limits[PF_LIMIT_FRAGS].limit = PFFRAG_FRENT_HIWAT;
uma_zone_set_max(V_pf_frent_z, PFFRAG_FRENT_HIWAT);
@@ -207,6 +209,8 @@ pf_normalize_cleanup(void)
uma_zdestroy(V_pf_state_scrub_z);
uma_zdestroy(V_pf_frent_z);
uma_zdestroy(V_pf_frag_z);
+
+ mtx_destroy(_pf_frag_mtx);
}
static int
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360346 - head/tests/sys/net
Author: kp
Date: Sun Apr 26 16:27:03 2020
New Revision: 360346
URL: https://svnweb.freebsd.org/changeset/base/360346
Log:
bridge tests: Test for #216510
We used to have an issue with recursive locking with
net.link.bridge.inherit_mac. This causes us to send an ARP request while
we hold the BRIDGE_LOCK, which used to cause us to acquire the
BRIDGE_LOCK again. We can't re-acquire it, so this caused a panic.
Now that we no longer need to acquire the BRIDGE_LOCK for
bridge_transmit() this should no longer panic. Test this.
PR: 216510
Reviewed by: emaste, philip
MFC after:2 months
Sponsored by: The FreeBSD Foundation
Differential Revision:https://reviews.freebsd.org/D24251
Modified:
head/tests/sys/net/if_bridge_test.sh
Modified: head/tests/sys/net/if_bridge_test.sh
==
--- head/tests/sys/net/if_bridge_test.shSun Apr 26 16:22:35 2020
(r360345)
+++ head/tests/sys/net/if_bridge_test.shSun Apr 26 16:27:03 2020
(r360346)
@@ -309,12 +309,40 @@ mac_conflict_cleanup()
vnet_cleanup
}
+atf_test_case "inherit_mac" "cleanup"
+inherit_mac_head()
+{
+ atf_set descr 'Bridge inherit_mac test, #216510'
+ atf_set require.user root
+}
+
+inherit_mac_body()
+{
+ vnet_init
+
+ bridge=$(vnet_mkbridge)
+ epair=$(vnet_mkepair)
+ vnet_mkjail one ${bridge} ${epair}a
+
+ jexec one sysctl net.link.bridge.inherit_mac=1
+
+ # Attempt to provoke the panic described in #216510
+ jexec one ifconfig ${bridge} 192.0.0.1/24 up
+ jexec one ifconfig ${bridge} addm ${epair}a
+}
+
+inherit_mac_cleanup()
+{
+ vnet_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "bridge_transmit_ipv4_unicast"
atf_add_test_case "stp"
atf_add_test_case "static"
atf_add_test_case "span"
+ atf_add_test_case "inherit_mac"
atf_add_test_case "delete_with_members"
atf_add_test_case "mac_conflict"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360345 - head/sys/net
Author: kp
Date: Sun Apr 26 16:22:35 2020
New Revision: 360345
URL: https://svnweb.freebsd.org/changeset/base/360345
Log:
bridge: epoch-ification
Run the bridge datapath under epoch, rather than under the
BRIDGE_LOCK().
We still take the BRIDGE_LOCK() whenever we insert or delete items in
the relevant lists, but we use epoch callbacks to free items so that
it's safe to iterate the lists without the BRIDGE_LOCK.
Tests on mercat5/6 shows this increases bridge throughput significantly,
from 3.7Mpps to 18.6Mpps.
Reviewed by: emaste, philip, melifaro
MFC after:2 months
Sponsored by: The FreeBSD Foundation
Differential Revision:https://reviews.freebsd.org/D24250
Modified:
head/sys/net/if_bridge.c
Modified: head/sys/net/if_bridge.c
==
--- head/sys/net/if_bridge.cSun Apr 26 16:16:39 2020(r360344)
+++ head/sys/net/if_bridge.cSun Apr 26 16:22:35 2020(r360345)
@@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *);
*/
#define BRIDGE_LOCK_INIT(_sc) do {\
mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \
- cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \
} while (0)
#define BRIDGE_LOCK_DESTROY(_sc) do {\
mtx_destroy(&(_sc)->sc_mtx);\
- cv_destroy(&(_sc)->sc_cv); \
} while (0)
#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx)
#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx)
#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx,
MA_OWNED)
#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED)
-#defineBRIDGE_LOCK2REF(_sc, _err) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- if ((_sc)->sc_iflist_xcnt > 0) \
- (_err) = EBUSY; \
- else\
- (_sc)->sc_iflist_ref++; \
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_UNREF(_sc) do {
\
- mtx_lock(&(_sc)->sc_mtx); \
- (_sc)->sc_iflist_ref--; \
- if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \
- cv_broadcast(&(_sc)->sc_cv);\
- mtx_unlock(&(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XLOCK(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt++;\
- while ((_sc)->sc_iflist_ref > 0)\
- cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \
-} while (0)
-#defineBRIDGE_XDROP(_sc) do {\
- mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \
- (_sc)->sc_iflist_xcnt--;\
-} while (0)
/*
* Bridge interface list entry.
@@ -237,6 +210,7 @@ struct bridge_iflist {
uint32_tbif_addrmax;/* max # of addresses */
uint32_tbif_addrcnt;/* cur. # of addresses */
uint32_tbif_addrexceeded;/* # of address violations */
+ struct epoch_contextbif_epoch_ctx;
};
/*
@@ -250,6 +224,8 @@ struct bridge_rtnode {
uint8_t brt_flags; /* address flags */
uint8_t brt_addr[ETHER_ADDR_LEN];
uint16_tbrt_vlan; /* vlan id */
+ struct vnet*brt_vnet;
+ struct epoch_context brt_epoch_ctx;
};
#definebrt_ifp brt_dst->bif_ifp
@@ -260,13 +236,10 @@ struct bridge_softc {
struct ifnet*sc_ifp;/* make this an interface */
LIST_ENTRY(bridge_softc) sc_list;
struct mtx sc_mtx;
- struct cv sc_cv;
uint32_tsc_brtmax; /* max # of addresses */
uint32_tsc_brtcnt; /* cur. # of addresses */
uint32_tsc_brttimeout; /* rt timeout in seconds */
struct callout sc_brcallout; /* bridge callout */
- uint32_tsc_iflist_ref; /* refcount for sc_iflist */
- uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */
CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface
list */
CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table
*/
CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of
above */
@@ -276,6 +249,7 @@ struct bridge_softc {
uint32_tsc_brtexceeded; /* # of cache drops */
struct ifnet*sc_ifaddr; /* member mac copied from */
struct ether_addr
svn commit: r360344 - head/sys/netpfil/pf
Author: kp
Date: Sun Apr 26 16:16:39 2020
New Revision: 360344
URL: https://svnweb.freebsd.org/changeset/base/360344
Log:
pf: Improve input validation
If we pass an anchor name which doesn't exist pfr_table_count() returns
-1, which leads to an overflow in mallocarray() and thus a panic.
Explicitly check that pfr_table_count() does not return an error.
Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com
Reviewed by: melifaro
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D24539
Modified:
head/sys/netpfil/pf/pf_ioctl.c
Modified: head/sys/netpfil/pf/pf_ioctl.c
==
--- head/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:51 2020
(r360343)
+++ head/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:16:39 2020
(r360344)
@@ -3008,7 +3008,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTABLES: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3016,6 +3017,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -3039,7 +3045,8 @@ DIOCCHANGEADDR_error:
case DIOCRGETTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_tstats *pfrtstats;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_tstats)) {
error = ENODEV;
@@ -3047,6 +3054,11 @@ DIOCCHANGEADDR_error:
}
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_tstats);
@@ -3069,7 +3081,8 @@ DIOCCHANGEADDR_error:
case DIOCRCLRTSTATS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3078,6 +3091,11 @@ DIOCCHANGEADDR_error:
PF_RULES_WLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_WUNLOCK();
+ error = EINVAL;
+ break;
+ }
io->pfrio_size = min(io->pfrio_size, n);
totlen = io->pfrio_size * sizeof(struct pfr_table);
@@ -3104,7 +3122,8 @@ DIOCCHANGEADDR_error:
case DIOCRSETTFLAGS: {
struct pfioc_table *io = (struct pfioc_table *)addr;
struct pfr_table *pfrts;
- size_t totlen, n;
+ size_t totlen;
+ int n;
if (io->pfrio_esize != sizeof(struct pfr_table)) {
error = ENODEV;
@@ -3113,6 +3132,12 @@ DIOCCHANGEADDR_error:
PF_RULES_RLOCK();
n = pfr_table_count(>pfrio_table, io->pfrio_flags);
+ if (n < 0) {
+ PF_RULES_RUNLOCK();
+ error = EINVAL;
+ break;
+ }
+
io->pfrio_size = min(io->pfrio_size, n);
PF_RULES_RUNLOCK();
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360343 - stable/11/sys/netpfil/pf
Author: kp
Date: Sun Apr 26 16:13:51 2020
New Revision: 360343
URL: https://svnweb.freebsd.org/changeset/base/360343
Log:
MFC r360098:
pf: Improve ioctl() input validation
Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from
userspace. They failed to validate the dyn pointer contained in its
struct pf_addr_wrap member structure.
This triggered assertion failures under fuzz testing in
pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but
we should verify that it's set to NULL anyway.
Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com
Modified:
stable/11/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/pf/pf_ioctl.c
==
--- stable/11/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:50 2020
(r360342)
+++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:51 2020
(r360343)
@@ -2229,6 +2229,10 @@ DIOCGETSTATES_full:
error = EINVAL;
break;
}
+ if (pp->addr.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK);
bcopy(>addr, pa, sizeof(struct pf_pooladdr));
if (pa->ifname[0])
@@ -2325,6 +2329,10 @@ DIOCGETSTATES_full:
if (pca->addr.addr.type != PF_ADDR_ADDRMASK &&
pca->addr.addr.type != PF_ADDR_DYNIFTL &&
pca->addr.addr.type != PF_ADDR_TABLE) {
+ error = EINVAL;
+ break;
+ }
+ if (pca->addr.addr.p.dyn != NULL) {
error = EINVAL;
break;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360342 - stable/12/sys/netpfil/pf
Author: kp
Date: Sun Apr 26 16:13:50 2020
New Revision: 360342
URL: https://svnweb.freebsd.org/changeset/base/360342
Log:
MFC r360098:
pf: Improve ioctl() input validation
Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from
userspace. They failed to validate the dyn pointer contained in its
struct pf_addr_wrap member structure.
This triggered assertion failures under fuzz testing in
pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but
we should verify that it's set to NULL anyway.
Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com
Modified:
stable/12/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_ioctl.c
==
--- stable/12/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:06:09 2020
(r360341)
+++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:50 2020
(r360342)
@@ -2643,6 +2643,10 @@ DIOCGETSTATES_full:
error = EINVAL;
break;
}
+ if (pp->addr.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK);
bcopy(>addr, pa, sizeof(struct pf_pooladdr));
if (pa->ifname[0])
@@ -2739,6 +2743,10 @@ DIOCGETSTATES_full:
if (pca->addr.addr.type != PF_ADDR_ADDRMASK &&
pca->addr.addr.type != PF_ADDR_DYNIFTL &&
pca->addr.addr.type != PF_ADDR_TABLE) {
+ error = EINVAL;
+ break;
+ }
+ if (pca->addr.addr.p.dyn != NULL) {
error = EINVAL;
break;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360341 - stable/12/sbin/pfctl
Author: kp
Date: Sun Apr 26 16:06:09 2020
New Revision: 360341
URL: https://svnweb.freebsd.org/changeset/base/360341
Log:
MFC r360096:
pfctl: Remove unused variable
Submitted by: Nick Rogers
MFC after:1 week
Sponsored by: RG Nets
Modified:
stable/12/sbin/pfctl/pfctl_parser.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sbin/pfctl/pfctl_parser.c
==
--- stable/12/sbin/pfctl/pfctl_parser.c Sun Apr 26 15:52:41 2020
(r360340)
+++ stable/12/sbin/pfctl/pfctl_parser.c Sun Apr 26 16:06:09 2020
(r360341)
@@ -1370,13 +1370,11 @@ struct node_host *
ifa_exists(char *ifa_name)
{
struct node_host*n;
- int s;
if (iftab == NULL)
ifa_load();
/* check whether this is a group */
- s = get_query_socket();
if (is_a_group(ifa_name)) {
/* fake a node_host */
if ((n = calloc(1, sizeof(*n))) == NULL)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360299 - in stable/11/sys: kern net sys
Author: kp
Date: Sat Apr 25 12:49:48 2020
New Revision: 360299
URL: https://svnweb.freebsd.org/changeset/base/360299
Log:
MFC r360068:
ethersubr: Make the mac address generation more robust
If we create two (vnet) jails and create a bridge interface in each we end up
with the same mac address on both bridge interfaces.
These very often conflicts, resulting in same mac address in both jails.
Mitigate this problem by including the jail name in the mac address.
Modified:
stable/11/sys/kern/kern_jail.c
stable/11/sys/net/if_ethersubr.c
stable/11/sys/sys/jail.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/kern/kern_jail.c
==
--- stable/11/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020
(r360298)
+++ stable/11/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020
(r360299)
@@ -2936,6 +2936,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti
mtx_unlock(>cr_prison->pr_mtx);
}
+void
+getjailname(struct ucred *cred, char *name, size_t len)
+{
+
+ mtx_lock(>cr_prison->pr_mtx);
+ strlcpy(name, cred->cr_prison->pr_name, len);
+ mtx_unlock(>cr_prison->pr_mtx);
+}
+
#ifdef VIMAGE
/*
* Determine whether the prison represented by cred owns
Modified: stable/11/sys/net/if_ethersubr.c
==
--- stable/11/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020
(r360298)
+++ stable/11/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020
(r360299)
@@ -1377,27 +1377,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife,
/*
* Allocate an address from the FreeBSD Foundation OUI. This uses a
- * cryptographic hash function on the containing jail's UUID and the interface
- * name to attempt to provide a unique but stable address. Pseudo-interfaces
- * which require a MAC address should use this function to allocate
- * non-locally-administered addresses.
+ * cryptographic hash function on the containing jail's name, UUID and the
+ * interface name to attempt to provide a unique but stable address.
+ * Pseudo-interfaces which require a MAC address should use this function to
+ * allocate non-locally-administered addresses.
*/
void
ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
{
-#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2
SHA1_CTX ctx;
- char buf[ETHER_GEN_ADDR_BUFSIZ];
+ char *buf;
char uuid[HOSTUUIDLEN + 1];
uint64_t addr;
int i, sz;
char digest[SHA1_RESULTLEN];
+ char jailname[MAXHOSTNAMELEN];
getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
- sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname);
+ /* If each (vnet) jail would also have a unique hostuuid this would not
+* be necessary. */
+ getjailname(curthread->td_ucred, jailname, sizeof(jailname));
+ sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
+ jailname);
+ if (sz < 0) {
+ /* Fall back to a random mac address. */
+ arc4rand(hwaddr, sizeof(*hwaddr), 0);
+ hwaddr->octet[0] = 0x02;
+ return;
+ }
+
SHA1Init();
SHA1Update(, buf, sz);
SHA1Final(digest, );
+ free(buf, M_TEMP);
addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) &
OUI_FREEBSD_GENERATED_MASK;
Modified: stable/11/sys/sys/jail.h
==
--- stable/11/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360298)
+++ stable/11/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360299)
@@ -367,6 +367,7 @@ void getcredhostname(struct ucred *, char *, size_t);
void getcreddomainname(struct ucred *, char *, size_t);
void getcredhostuuid(struct ucred *, char *, size_t);
void getcredhostid(struct ucred *, unsigned long *);
+void getjailname(struct ucred *cred, char *name, size_t len);
void prison0_init(void);
int prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360298 - in stable/12/sys: kern net sys
Author: kp
Date: Sat Apr 25 12:49:48 2020
New Revision: 360298
URL: https://svnweb.freebsd.org/changeset/base/360298
Log:
MFC r360068:
ethersubr: Make the mac address generation more robust
If we create two (vnet) jails and create a bridge interface in each we end up
with the same mac address on both bridge interfaces.
These very often conflicts, resulting in same mac address in both jails.
Mitigate this problem by including the jail name in the mac address.
Modified:
stable/12/sys/kern/kern_jail.c
stable/12/sys/net/if_ethersubr.c
stable/12/sys/sys/jail.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/kern/kern_jail.c
==
--- stable/12/sys/kern/kern_jail.c Sat Apr 25 12:39:28 2020
(r360297)
+++ stable/12/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020
(r360298)
@@ -2919,6 +2919,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti
mtx_unlock(>cr_prison->pr_mtx);
}
+void
+getjailname(struct ucred *cred, char *name, size_t len)
+{
+
+ mtx_lock(>cr_prison->pr_mtx);
+ strlcpy(name, cred->cr_prison->pr_name, len);
+ mtx_unlock(>cr_prison->pr_mtx);
+}
+
#ifdef VIMAGE
/*
* Determine whether the prison represented by cred owns
Modified: stable/12/sys/net/if_ethersubr.c
==
--- stable/12/sys/net/if_ethersubr.cSat Apr 25 12:39:28 2020
(r360297)
+++ stable/12/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020
(r360298)
@@ -1375,27 +1375,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife,
/*
* Allocate an address from the FreeBSD Foundation OUI. This uses a
- * cryptographic hash function on the containing jail's UUID and the interface
- * name to attempt to provide a unique but stable address. Pseudo-interfaces
- * which require a MAC address should use this function to allocate
- * non-locally-administered addresses.
+ * cryptographic hash function on the containing jail's name, UUID and the
+ * interface name to attempt to provide a unique but stable address.
+ * Pseudo-interfaces which require a MAC address should use this function to
+ * allocate non-locally-administered addresses.
*/
void
ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
{
-#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2
SHA1_CTX ctx;
- char buf[ETHER_GEN_ADDR_BUFSIZ];
+ char *buf;
char uuid[HOSTUUIDLEN + 1];
uint64_t addr;
int i, sz;
char digest[SHA1_RESULTLEN];
+ char jailname[MAXHOSTNAMELEN];
getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
- sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname);
+ /* If each (vnet) jail would also have a unique hostuuid this would not
+* be necessary. */
+ getjailname(curthread->td_ucred, jailname, sizeof(jailname));
+ sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
+ jailname);
+ if (sz < 0) {
+ /* Fall back to a random mac address. */
+ arc4rand(hwaddr, sizeof(*hwaddr), 0);
+ hwaddr->octet[0] = 0x02;
+ return;
+ }
+
SHA1Init();
SHA1Update(, buf, sz);
SHA1Final(digest, );
+ free(buf, M_TEMP);
addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) &
OUI_FREEBSD_GENERATED_MASK;
Modified: stable/12/sys/sys/jail.h
==
--- stable/12/sys/sys/jail.hSat Apr 25 12:39:28 2020(r360297)
+++ stable/12/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360298)
@@ -368,6 +368,7 @@ void getcredhostname(struct ucred *, char *, size_t);
void getcreddomainname(struct ucred *, char *, size_t);
void getcredhostuuid(struct ucred *, char *, size_t);
void getcredhostid(struct ucred *, unsigned long *);
+void getjailname(struct ucred *cred, char *name, size_t len);
void prison0_init(void);
int prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360268 - stable/11/sys/netpfil/pf
Author: kp
Date: Fri Apr 24 15:27:56 2020
New Revision: 360268
URL: https://svnweb.freebsd.org/changeset/base/360268
Log:
MFC r360042:
pf: Do not allow negative ps_len in DIOCGETSTATES
Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.
Reported-by: syzbot+53370d9d0358ee2a0...@syzkaller.appspotmail.com
Modified:
stable/11/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/pf/pf_ioctl.c
==
--- stable/11/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:55 2020
(r360267)
+++ stable/11/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:56 2020
(r360268)
@@ -1759,7 +1759,7 @@ relock_DIOCKILLSTATES:
struct pfsync_state *pstore, *p;
int i, nr;
- if (ps->ps_len == 0) {
+ if (ps->ps_len <= 0) {
nr = uma_zone_get_cur(V_pf_state_z);
ps->ps_len = sizeof(struct pfsync_state) * nr;
break;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360267 - stable/12/sys/netpfil/pf
Author: kp
Date: Fri Apr 24 15:27:55 2020
New Revision: 360267
URL: https://svnweb.freebsd.org/changeset/base/360267
Log:
MFC r360042:
pf: Do not allow negative ps_len in DIOCGETSTATES
Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.
Reported-by: syzbot+53370d9d0358ee2a0...@syzkaller.appspotmail.com
Modified:
stable/12/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_ioctl.c
==
--- stable/12/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:09:30 2020
(r360266)
+++ stable/12/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:55 2020
(r360267)
@@ -2163,7 +2163,7 @@ relock_DIOCKILLSTATES:
struct pfsync_state *pstore, *p;
int i, nr;
- if (ps->ps_len == 0) {
+ if (ps->ps_len <= 0) {
nr = uma_zone_get_cur(V_pf_state_z);
ps->ps_len = sizeof(struct pfsync_state) * nr;
break;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360231 - head/lib/libc/net
Author: kp
Date: Thu Apr 23 21:16:51 2020
New Revision: 360231
URL: https://svnweb.freebsd.org/changeset/base/360231
Log:
libc: Shortcut if_indextoname() if index == 0
If the index we're trying to convert is 0 we can avoid a potentially
expensive call to getifaddrs(). No interface has an ifindex of zero, so
we can handle this as an error: set the errno to ENXIO and return NULL.
Submitted by: Nick Rogers
Reviewed by: lutz at donnerhacke.de
MFC after:2 weeks
Sponsored by: RG Nets
Differential Revision:https://reviews.freebsd.org/D24524
Modified:
head/lib/libc/net/if_indextoname.c
Modified: head/lib/libc/net/if_indextoname.c
==
--- head/lib/libc/net/if_indextoname.c Thu Apr 23 20:14:59 2020
(r360230)
+++ head/lib/libc/net/if_indextoname.c Thu Apr 23 21:16:51 2020
(r360231)
@@ -66,6 +66,11 @@ if_indextoname(unsigned int ifindex, char *ifname)
struct ifaddrs *ifaddrs, *ifa;
int error = 0;
+ if (ifindex == 0) {
+ errno = ENXIO;
+ return(NULL);
+ }
+
if (getifaddrs() < 0)
return(NULL); /* getifaddrs properly set errno */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360068 - in head/sys: kern net sys
On 21 Apr 2020, at 4:34, Kyle Evans wrote:
On Mon, Apr 20, 2020 at 9:14 PM Kyle Evans wrote:
On Mon, Apr 20, 2020 at 8:15 PM Eric van Gyzen
wrote:
+ sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
+ jailname);
+ if (sz < 0) {
+ /* Fall back to a random mac address. */
I was wondering if it would be valuable to give this fall back
something
like:
printf("%s: unable to create fixed mac address; using
random
mac address", if_name(ifp));
This will only be printed in rare circumstances. But in that case
will
provide valuable information.
That would potentially be valuable, yes. On the other hand, we
traditionally
don???t sprinkle a lot of printf()s around in the kernel. This is
extremely
unlikely to happen, and if it does odds are attaching the
interface will
fail at an earlier or later point, you may struggle to pass
packets and run
into any number of other issues.
It???s also possible to diagnose absent the printf(), because the
MAC
address will be locally administered rather than within the
FreeBSD OUI.
So, in short: not a bad idea. You can argue it both ways, and I
find myself
(weakly) on the opposite side.
Would displaying the message only when verbose boot mode is enabled
be
a suitable compromise?
We could completely avoid the problems of dynamic allocation by
calling
SHA1Update three times, feeding each piece of data separately.
For bonus points, use a single char[] to save stack space, too.
Maybe
use a union, for legibility, and to ensure the proper size without
ugly
assertions.
To be honest, I'd be more inclined to just revert this part of it and
push it all back onto the stack. It's still < 512 bytes and pretty
much always called in short paths because it's generally only used
during initial creation of some ifnet; I found the concern about the
stack usage here, specifically, a bit dubious in the first place, and
this follow-up hasn't left me enjoying it any further.
Sorry, to clarify: I'm also pretty much OK with SHA1Update 3x if I'm
alone in the "don't really care about this particular stack usage"
camp, but I've found it useful that they're currently joined into a
single buffer as I've had occasion to dump it in the past to confirm
my understanding of the pedigree of the output, in case of, e.g.,
generated conflicts.
For what it’s worth, I’m in your camp: a few hundred bytes of stack
use doesn’t matter much here. Straightforward code is more important.
Best regards,
Kristof
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360099 - head/tests/sys/net
Author: kp
Date: Sun Apr 19 16:30:49 2020
New Revision: 360099
URL: https://svnweb.freebsd.org/changeset/base/360099
Log:
bridge tests: Ensure that bridges in different jails get different MAC
addresses
We used to have a problem where bridges created in different vnet jails
would end up having the same mac address. This is now fixed by
including the jail name as a seed for the mac address generation, but we
should verify that it doesn't regress.
Modified:
head/tests/sys/net/if_bridge_test.sh
Modified: head/tests/sys/net/if_bridge_test.sh
==
--- head/tests/sys/net/if_bridge_test.shSun Apr 19 16:10:20 2020
(r360098)
+++ head/tests/sys/net/if_bridge_test.shSun Apr 19 16:30:49 2020
(r360099)
@@ -271,6 +271,44 @@ delete_with_members_cleanup()
vnet_cleanup
}
+atf_test_case "mac_conflict" "cleanup"
+mac_conflict_head()
+{
+ atf_set descr 'Ensure that bridges in different jails get different mac
addresses'
+ atf_set require.user root
+}
+
+mac_conflict_body()
+{
+ vnet_init
+
+ epair=$(vnet_mkepair)
+
+ # Ensure the bridge module is loaded so jails can use it.
+ tmpbridge=$(vnet_mkbridge)
+
+ vnet_mkjail bridge_mac_conflict_one ${epair}a
+ vnet_mkjail bridge_mac_conflict_two ${epair}b
+
+ jexec bridge_mac_conflict_one ifconfig bridge create
+ jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \
+ addm ${epair}a
+ jexec bridge_mac_conflict_one ifconfig ${epair}a up
+
+ jexec bridge_mac_conflict_two ifconfig bridge create
+ jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \
+ addm ${epair}b
+ jexec bridge_mac_conflict_two ifconfig ${epair}b up
+
+ atf_check -s exit:0 -o ignore \
+ jexec bridge_mac_conflict_one ping -c 3 192.0.2.2
+}
+
+mac_conflict_cleanup()
+{
+ vnet_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "bridge_transmit_ipv4_unicast"
@@ -278,4 +316,5 @@ atf_init_test_cases()
atf_add_test_case "static"
atf_add_test_case "span"
atf_add_test_case "delete_with_members"
+ atf_add_test_case "mac_conflict"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360098 - head/sys/netpfil/pf
Author: kp
Date: Sun Apr 19 16:10:20 2020
New Revision: 360098
URL: https://svnweb.freebsd.org/changeset/base/360098
Log:
pf: Improve ioctl() input validation
Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from
userspace. They failed to validate the dyn pointer contained in its
struct pf_addr_wrap member structure.
This triggered assertion failures under fuzz testing in
pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but
we should verify that it's set to NULL anyway.
Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com
Reviewed by: emaste
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D24431
Modified:
head/sys/netpfil/pf/pf_ioctl.c
Modified: head/sys/netpfil/pf/pf_ioctl.c
==
--- head/sys/netpfil/pf/pf_ioctl.c Sun Apr 19 15:37:13 2020
(r360097)
+++ head/sys/netpfil/pf/pf_ioctl.c Sun Apr 19 16:10:20 2020
(r360098)
@@ -2643,6 +2643,10 @@ DIOCGETSTATES_full:
error = EINVAL;
break;
}
+ if (pp->addr.addr.p.dyn != NULL) {
+ error = EINVAL;
+ break;
+ }
pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK);
bcopy(>addr, pa, sizeof(struct pf_pooladdr));
if (pa->ifname[0])
@@ -2739,6 +2743,10 @@ DIOCGETSTATES_full:
if (pca->addr.addr.type != PF_ADDR_ADDRMASK &&
pca->addr.addr.type != PF_ADDR_DYNIFTL &&
pca->addr.addr.type != PF_ADDR_TABLE) {
+ error = EINVAL;
+ break;
+ }
+ if (pca->addr.addr.p.dyn != NULL) {
error = EINVAL;
break;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360097 - head/sbin/pfctl
Author: kp
Date: Sun Apr 19 15:37:13 2020
New Revision: 360097
URL: https://svnweb.freebsd.org/changeset/base/360097
Log:
pfctl: Call ifa_load() before ifa_grouplookup()
ifa_grouplookup() uses the data loaded in ifa_load() (through is_a_group()),
so
we must call ifa_load() before we can rely on any of the data it populates.
Submitted by: Nick Rogers
MFC after:1 week
Sponsored by: RG Nets
Modified:
head/sbin/pfctl/pfctl_parser.c
Modified: head/sbin/pfctl/pfctl_parser.c
==
--- head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:32:14 2020
(r360096)
+++ head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:37:13 2020
(r360097)
@@ -1436,14 +1436,15 @@ ifa_lookup(char *ifa_name, int flags)
int got4 = 0, got6 = 0;
const char *last_if = NULL;
+ /* first load iftab and isgroup_map */
+ if (iftab == NULL)
+ ifa_load();
+
if ((h = ifa_grouplookup(ifa_name, flags)) != NULL)
return (h);
if (!strncmp(ifa_name, "self", IFNAMSIZ))
ifa_name = NULL;
-
- if (iftab == NULL)
- ifa_load();
for (p = iftab; p; p = p->next) {
if (ifa_skip_if(ifa_name, p))
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360096 - head/sbin/pfctl
Author: kp
Date: Sun Apr 19 15:32:14 2020
New Revision: 360096
URL: https://svnweb.freebsd.org/changeset/base/360096
Log:
pfctl: Remove unused variable
Submitted by: Nick Rogers
MFC after:1 week
Sponsored by: RG Nets
Modified:
head/sbin/pfctl/pfctl_parser.c
Modified: head/sbin/pfctl/pfctl_parser.c
==
--- head/sbin/pfctl/pfctl_parser.c Sun Apr 19 14:25:56 2020
(r360095)
+++ head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:32:14 2020
(r360096)
@@ -1370,13 +1370,11 @@ struct node_host *
ifa_exists(char *ifa_name)
{
struct node_host*n;
- int s;
if (iftab == NULL)
ifa_load();
/* check whether this is a group */
- s = get_query_socket();
if (is_a_group(ifa_name)) {
/* fake a node_host */
if ((n = calloc(1, sizeof(*n))) == NULL)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360068 - in head/sys: kern net sys
On 19 Apr 2020, at 15:33, Ronald Klop wrote:
On Sat, 18 Apr 2020 09:50:30 +0200, Kristof Provost
wrote:
Author: kp
Date: Sat Apr 18 07:50:30 2020
New Revision: 360068
URL: https://svnweb.freebsd.org/changeset/base/360068
Log:
ethersubr: Make the mac address generation more robust
If we create two (vnet) jails and create a bridge interface in each
we end up
with the same mac address on both bridge interfaces.
These very often conflicts, resulting in same mac address in both
jails.
Mitigate this problem by including the jail name in the mac address.
Reviewed by: kevans, melifaro
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D24383
Modified:
head/sys/kern/kern_jail.c
head/sys/net/if_ethersubr.c
head/sys/sys/jail.h
Modified: head/sys/kern/kern_jail.c
==
--- head/sys/kern/kern_jail.c Sat Apr 18 03:14:16 2020(r360067)
+++ head/sys/kern/kern_jail.c Sat Apr 18 07:50:30 2020(r360068)
@@ -2920,6 +2920,15 @@ getcredhostid(struct ucred *cred, unsigned
long *hosti
mtx_unlock(>cr_prison->pr_mtx);
}
+void
+getjailname(struct ucred *cred, char *name, size_t len)
+{
+
+ mtx_lock(>cr_prison->pr_mtx);
+ strlcpy(name, cred->cr_prison->pr_name, len);
+ mtx_unlock(>cr_prison->pr_mtx);
+}
+
#ifdef VIMAGE
/*
* Determine whether the prison represented by cred owns
Modified: head/sys/net/if_ethersubr.c
==
--- head/sys/net/if_ethersubr.c Sat Apr 18 03:14:16 2020(r360067)
+++ head/sys/net/if_ethersubr.c Sat Apr 18 07:50:30 2020(r360068)
@@ -1419,27 +1419,39 @@ ether_8021q_frame(struct mbuf **mp, struct
ifnet *ife,
/*
* Allocate an address from the FreeBSD Foundation OUI. This uses a
- * cryptographic hash function on the containing jail's UUID and the
interface
- * name to attempt to provide a unique but stable address.
Pseudo-interfaces
- * which require a MAC address should use this function to allocate
- * non-locally-administered addresses.
+ * cryptographic hash function on the containing jail's name, UUID
and the
+ * interface name to attempt to provide a unique but stable address.
+ * Pseudo-interfaces which require a MAC address should use this
function to
+ * allocate non-locally-administered addresses.
*/
void
ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
{
-#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2
SHA1_CTX ctx;
- char buf[ETHER_GEN_ADDR_BUFSIZ];
+ char *buf;
char uuid[HOSTUUIDLEN + 1];
uint64_t addr;
int i, sz;
char digest[SHA1_RESULTLEN];
+ char jailname[MAXHOSTNAMELEN];
getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
- sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid,
ifp->if_xname);
+ /* If each (vnet) jail would also have a unique hostuuid this would
not
+* be necessary. */
+ getjailname(curthread->td_ucred, jailname, sizeof(jailname));
+ sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
+ jailname);
+ if (sz < 0) {
+ /* Fall back to a random mac address. */
I was wondering if it would be valuable to give this fall back
something like:
printf("%s: unable to create fixed mac address; using
random mac address", if_name(ifp));
This will only be printed in rare circumstances. But in that case will
provide valuable information.
That would potentially be valuable, yes. On the other hand, we
traditionally don’t sprinkle a lot of printf()s around in the kernel.
This is extremely unlikely to happen, and if it does odds are attaching
the interface will fail at an earlier or later point, you may struggle
to pass packets and run into any number of other issues.
It’s also possible to diagnose absent the printf(), because the MAC
address will be locally administered rather than within the FreeBSD OUI.
So, in short: not a bad idea. You can argue it both ways, and I find
myself (weakly) on the opposite side.
Best regards,
Kristof
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360069 - head/sys/net
Author: kp
Date: Sat Apr 18 08:00:58 2020
New Revision: 360069
URL: https://svnweb.freebsd.org/changeset/base/360069
Log:
bridge: Simplify mac address generation
Unconditionally use ether_gen_addr() to generate bridge mac addresses. This
function is now less likely to generate duplicate mac addresses across jails.
The old hand rolled hostid based code adds no value.
Reviewed by: bz
Differential Revision:https://reviews.freebsd.org/D24432
Modified:
head/sys/net/if_bridge.c
Modified: head/sys/net/if_bridge.c
==
--- head/sys/net/if_bridge.cSat Apr 18 07:50:30 2020(r360068)
+++ head/sys/net/if_bridge.cSat Apr 18 08:00:58 2020(r360069)
@@ -676,10 +676,8 @@ SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw,
static int
bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
{
- struct bridge_softc *sc, *sc2;
- struct ifnet *bifp, *ifp;
- int fb, retry;
- unsigned long hostid;
+ struct bridge_softc *sc;
+ struct ifnet *ifp;
sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
@@ -709,41 +707,7 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca
ifp->if_init = bridge_init;
ifp->if_type = IFT_BRIDGE;
- /*
-* Generate an ethernet address with a locally administered address.
-*
-* Since we are using random ethernet addresses for the bridge, it is
-* possible that we might have address collisions, so make sure that
-* this hardware address isn't already in use on another bridge.
-* The first try uses the hostid and falls back to arc4rand().
-*/
- fb = 0;
- getcredhostid(curthread->td_ucred, );
- do {
- if (fb || hostid == 0) {
- ether_gen_addr(ifp, >sc_defaddr);
- } else {
- sc->sc_defaddr.octet[0] = 0x2;
- sc->sc_defaddr.octet[1] = (hostid >> 24) & 0xff;
- sc->sc_defaddr.octet[2] = (hostid >> 16) & 0xff;
- sc->sc_defaddr.octet[3] = (hostid >> 8 ) & 0xff;
- sc->sc_defaddr.octet[4] = hostid& 0xff;
- sc->sc_defaddr.octet[5] = ifp->if_dunit & 0xff;
- }
-
- fb = 1;
- retry = 0;
- BRIDGE_LIST_LOCK();
- LIST_FOREACH(sc2, _bridge_list, sc_list) {
- bifp = sc2->sc_ifp;
- if (memcmp(sc->sc_defaddr.octet,
- IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) {
- retry = 1;
- break;
- }
- }
- BRIDGE_LIST_UNLOCK();
- } while (retry == 1);
+ ether_gen_addr(ifp, >sc_defaddr);
bstp_attach(>sc_stp, _ops);
ether_ifattach(ifp, sc->sc_defaddr.octet);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360068 - in head/sys: kern net sys
Author: kp
Date: Sat Apr 18 07:50:30 2020
New Revision: 360068
URL: https://svnweb.freebsd.org/changeset/base/360068
Log:
ethersubr: Make the mac address generation more robust
If we create two (vnet) jails and create a bridge interface in each we end up
with the same mac address on both bridge interfaces.
These very often conflicts, resulting in same mac address in both jails.
Mitigate this problem by including the jail name in the mac address.
Reviewed by: kevans, melifaro
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D24383
Modified:
head/sys/kern/kern_jail.c
head/sys/net/if_ethersubr.c
head/sys/sys/jail.h
Modified: head/sys/kern/kern_jail.c
==
--- head/sys/kern/kern_jail.c Sat Apr 18 03:14:16 2020(r360067)
+++ head/sys/kern/kern_jail.c Sat Apr 18 07:50:30 2020(r360068)
@@ -2920,6 +2920,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti
mtx_unlock(>cr_prison->pr_mtx);
}
+void
+getjailname(struct ucred *cred, char *name, size_t len)
+{
+
+ mtx_lock(>cr_prison->pr_mtx);
+ strlcpy(name, cred->cr_prison->pr_name, len);
+ mtx_unlock(>cr_prison->pr_mtx);
+}
+
#ifdef VIMAGE
/*
* Determine whether the prison represented by cred owns
Modified: head/sys/net/if_ethersubr.c
==
--- head/sys/net/if_ethersubr.c Sat Apr 18 03:14:16 2020(r360067)
+++ head/sys/net/if_ethersubr.c Sat Apr 18 07:50:30 2020(r360068)
@@ -1419,27 +1419,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife,
/*
* Allocate an address from the FreeBSD Foundation OUI. This uses a
- * cryptographic hash function on the containing jail's UUID and the interface
- * name to attempt to provide a unique but stable address. Pseudo-interfaces
- * which require a MAC address should use this function to allocate
- * non-locally-administered addresses.
+ * cryptographic hash function on the containing jail's name, UUID and the
+ * interface name to attempt to provide a unique but stable address.
+ * Pseudo-interfaces which require a MAC address should use this function to
+ * allocate non-locally-administered addresses.
*/
void
ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
{
-#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2
SHA1_CTX ctx;
- char buf[ETHER_GEN_ADDR_BUFSIZ];
+ char *buf;
char uuid[HOSTUUIDLEN + 1];
uint64_t addr;
int i, sz;
char digest[SHA1_RESULTLEN];
+ char jailname[MAXHOSTNAMELEN];
getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
- sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname);
+ /* If each (vnet) jail would also have a unique hostuuid this would not
+* be necessary. */
+ getjailname(curthread->td_ucred, jailname, sizeof(jailname));
+ sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
+ jailname);
+ if (sz < 0) {
+ /* Fall back to a random mac address. */
+ arc4rand(hwaddr, sizeof(*hwaddr), 0);
+ hwaddr->octet[0] = 0x02;
+ return;
+ }
+
SHA1Init();
SHA1Update(, buf, sz);
SHA1Final(digest, );
+ free(buf, M_TEMP);
addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) &
OUI_FREEBSD_GENERATED_MASK;
Modified: head/sys/sys/jail.h
==
--- head/sys/sys/jail.h Sat Apr 18 03:14:16 2020(r360067)
+++ head/sys/sys/jail.h Sat Apr 18 07:50:30 2020(r360068)
@@ -382,6 +382,7 @@ void getcredhostname(struct ucred *, char *, size_t);
void getcreddomainname(struct ucred *, char *, size_t);
void getcredhostuuid(struct ucred *, char *, size_t);
void getcredhostid(struct ucred *, unsigned long *);
+void getjailname(struct ucred *cred, char *name, size_t len);
void prison0_init(void);
int prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360043 - head/tests/sys/net
Author: kp
Date: Fri Apr 17 14:57:15 2020
New Revision: 360043
URL: https://svnweb.freebsd.org/changeset/base/360043
Log:
bridge tests: Test deleting a bridge with members
Reviewed by: philip, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision:https://reviews.freebsd.org/D24337
Modified:
head/tests/sys/net/if_bridge_test.sh
Modified: head/tests/sys/net/if_bridge_test.sh
==
--- head/tests/sys/net/if_bridge_test.shFri Apr 17 14:35:11 2020
(r360042)
+++ head/tests/sys/net/if_bridge_test.shFri Apr 17 14:57:15 2020
(r360043)
@@ -245,10 +245,37 @@ span_cleanup()
vnet_cleanup
}
+atf_test_case "delete_with_members" "cleanup"
+delete_with_members_head()
+{
+ atf_set descr 'Delete a bridge which still has member interfaces'
+ atf_set require.user root
+}
+
+delete_with_members_body()
+{
+ vnet_init
+
+ bridge=$(vnet_mkbridge)
+ epair=$(vnet_mkepair)
+
+ ifconfig ${bridge} 192.0.2.1/24 up
+ ifconfig ${epair}a up
+ ifconfig ${bridge} addm ${epair}a
+
+ ifconfig ${bridge} destroy
+}
+
+delete_with_members_cleanup()
+{
+ vnet_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "bridge_transmit_ipv4_unicast"
atf_add_test_case "stp"
atf_add_test_case "static"
atf_add_test_case "span"
+ atf_add_test_case "delete_with_members"
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
