svn commit: r368743 - head/tests/sys/net
Author: kp Date: Thu Dec 17 21:54:25 2020 New Revision: 368743 URL: https://svnweb.freebsd.org/changeset/base/368743 Log: net tests: Re-enable most if_clone tests All but one of these (tap_ipv6_up_stress) currently pass, so we should enable them so we don't regress. Modified: head/tests/sys/net/if_clone_test.sh Modified: head/tests/sys/net/if_clone_test.sh == --- head/tests/sys/net/if_clone_test.sh Thu Dec 17 21:02:58 2020 (r368742) +++ head/tests/sys/net/if_clone_test.sh Thu Dec 17 21:54:25 2020 (r368743) @@ -47,9 +47,6 @@ epair_stress_head() } epair_stress_body() { - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/246443; - fi do_stress "epair" } epair_stress_cleanup() @@ -80,7 +77,6 @@ epair_ipv6_up_stress_head() } epair_ipv6_up_stress_body() { - atf_skip "Quickly panics: page fault in in6_unlink_ifa (PR 225438)" do_up_stress "epair" "6" "" } epair_ipv6_up_stress_cleanup() @@ -111,7 +107,6 @@ faith_up_stress_head() } faith_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "faith" "" "" } faith_up_stress_cleanup() @@ -127,7 +122,6 @@ faith_ipv6_up_stress_head() } faith_ipv6_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "faith" "6" "" } faith_ipv6_up_stress_cleanup() @@ -158,7 +152,6 @@ gif_up_stress_head() } gif_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "gif" "" "p2p" } gif_up_stress_cleanup() @@ -174,7 +167,6 @@ gif_ipv6_up_stress_head() } gif_ipv6_up_stress_body() { - atf_skip "Quickly panics: rt_tables_get_rnh_ptr: fam out of bounds." do_up_stress "gif" "6" "p2p" } gif_ipv6_up_stress_cleanup() @@ -205,7 +197,6 @@ lo_up_stress_head() } lo_up_stress_body() { - atf_skip "Quickly panics: GPF in rtsock_routemsg" do_up_stress "lo" "" "" } lo_up_stress_cleanup() @@ -221,7 +212,6 @@ lo_ipv6_up_stress_head() } lo_ipv6_up_stress_body() { - atf_skip "Quickly panics: page fault in rtsock_addrmsg" do_up_stress "lo" "6" "" } lo_ipv6_up_stress_cleanup() @@ -252,7 +242,6 @@ tap_up_stress_head() } tap_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "tap" "" "" } tap_up_stress_cleanup() @@ -299,7 +288,6 @@ tun_up_stress_head() } tun_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "tun" "" "p2p" } tun_up_stress_cleanup() @@ -315,7 +303,6 @@ tun_ipv6_up_stress_head() } tun_ipv6_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "tun" "6" "p2p" } tun_ipv6_up_stress_cleanup() @@ -346,7 +333,6 @@ vlan_up_stress_head() } vlan_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "vlan" "" "" } vlan_up_stress_cleanup() @@ -362,7 +348,6 @@ vlan_ipv6_up_stress_head() } vlan_ipv6_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "vlan" "6" "" } vlan_ipv6_up_stress_cleanup() @@ -408,7 +393,6 @@ vmnet_ipv6_up_stress_head() } vmnet_ipv6_up_stress_body() { - atf_skip "Quickly panics: if_freemulti: protospec not NULL" do_up_stress "vmnet" "6" "" } vmnet_ipv6_up_stress_cleanup() ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368666 - stable/12/tests/sys/netpfil/pf
Author: kp Date: Tue Dec 15 16:15:25 2020 New Revision: 368666 URL: https://svnweb.freebsd.org/changeset/base/368666 Log: MFC r368239: pf tests: Re-enable panicing tests We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these tests. Sponsored by: Modirum MDPay Modified: stable/12/tests/sys/netpfil/pf/forward.sh stable/12/tests/sys/netpfil/pf/names.sh stable/12/tests/sys/netpfil/pf/nat.sh stable/12/tests/sys/netpfil/pf/set_tos.sh stable/12/tests/sys/netpfil/pf/synproxy.sh Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/forward.sh == --- stable/12/tests/sys/netpfil/pf/forward.sh Tue Dec 15 16:13:32 2020 (r368665) +++ stable/12/tests/sys/netpfil/pf/forward.sh Tue Dec 15 16:15:25 2020 (r368666) @@ -14,10 +14,6 @@ v4_head() v4_body() { - if [ `uname -p` = "i386" ]; then - atf_skip "https://bugs.freebsd.org/239380; - fi - pft_init epair_send=$(vnet_mkepair) @@ -77,10 +73,6 @@ v6_head() v6_body() { - if [ `uname -p` = "i386" ]; then - atf_skip "https://bugs.freebsd.org/239380; - fi - pft_init epair_send=$(vnet_mkepair) Modified: stable/12/tests/sys/netpfil/pf/names.sh == --- stable/12/tests/sys/netpfil/pf/names.sh Tue Dec 15 16:13:32 2020 (r368665) +++ stable/12/tests/sys/netpfil/pf/names.sh Tue Dec 15 16:15:25 2020 (r368666) @@ -11,7 +11,6 @@ names_head() names_body() { - atf_skip "Kernel panics when flushing epair queue (bug238870)" pft_init epair=$(vnet_mkepair) Modified: stable/12/tests/sys/netpfil/pf/nat.sh == --- stable/12/tests/sys/netpfil/pf/nat.sh Tue Dec 15 16:13:32 2020 (r368665) +++ stable/12/tests/sys/netpfil/pf/nat.sh Tue Dec 15 16:15:25 2020 (r368666) @@ -11,10 +11,6 @@ exhaust_head() exhaust_body() { - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/244703; - fi - pft_init epair_nat=$(vnet_mkepair) Modified: stable/12/tests/sys/netpfil/pf/set_tos.sh == --- stable/12/tests/sys/netpfil/pf/set_tos.sh Tue Dec 15 16:13:32 2020 (r368665) +++ stable/12/tests/sys/netpfil/pf/set_tos.sh Tue Dec 15 16:15:25 2020 (r368666) @@ -14,10 +14,6 @@ v4_head() v4_body() { - if [ `uname -p` = "i386" ]; then - atf_skip "https://bugs.freebsd.org/239380; - fi - pft_init epair_send=$(vnet_mkepair) Modified: stable/12/tests/sys/netpfil/pf/synproxy.sh == --- stable/12/tests/sys/netpfil/pf/synproxy.sh Tue Dec 15 16:13:32 2020 (r368665) +++ stable/12/tests/sys/netpfil/pf/synproxy.sh Tue Dec 15 16:15:25 2020 (r368666) @@ -11,7 +11,6 @@ synproxy_head() synproxy_body() { - atf_skip "Kernel panics when flushing epair queue (bug238870)" pft_init epair=$(vnet_mkepair) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368665 - stable/12/sys/net
Author: kp Date: Tue Dec 15 16:13:32 2020 New Revision: 368665 URL: https://svnweb.freebsd.org/changeset/base/368665 Log: MFC r368238: net: Revert vnet/epair cleanup race mitigation Revert the mitigation code for the vnet/epair cleanup race (done in r365457). r368237 introduced a more reliable fix. Sponsored by: Modirum MDPay Modified: stable/12/sys/net/if.c stable/12/sys/net/if_epair.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if.c == --- stable/12/sys/net/if.c Tue Dec 15 15:36:41 2020(r368664) +++ stable/12/sys/net/if.c Tue Dec 15 16:13:32 2020(r368665) @@ -1322,10 +1322,6 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet) ifindex_free_locked(ifp->if_index); IFNET_WUNLOCK(); - /* Don't re-attach DYING interfaces. */ - if (ifp->if_flags & IFF_DYING) - return; - /* * Perform interface-specific reassignment tasks, if provided by * the driver. Modified: stable/12/sys/net/if_epair.c == --- stable/12/sys/net/if_epair.cTue Dec 15 15:36:41 2020 (r368664) +++ stable/12/sys/net/if_epair.cTue Dec 15 16:13:32 2020 (r368665) @@ -609,14 +609,8 @@ epair_qflush(struct ifnet *ifp) struct epair_softc *sc; sc = ifp->if_softc; - - /* -* See epair_clone_destroy(), we can end up getting called twice. -* Don't do anything on the second call. -*/ - if (sc == NULL) - return; - + KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n", + __func__, ifp, sc)); /* * Remove this ifp from all backpointer lists. The interface will not * usable for flushing anyway nor should it have anything to flush ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368663 - stable/12/sys/net
Author: kp Date: Tue Dec 15 15:33:28 2020 New Revision: 368663 URL: https://svnweb.freebsd.org/changeset/base/368663 Log: MFC r368237: if: Fix panic when destroying vnet and epair simultaneously When destroying a vnet and an epair (with one end in the vnet) we often panicked. This was the result of the destruction of the epair, which destroys both ends simultaneously, happening while vnet_if_return() was moving the struct ifnet to its home vnet. This can result in a freed ifnet being re-added to the home vnet V_ifnet list. That in turn panics the next time the ifnet is used. Prevent this race by ensuring that vnet_if_return() cannot run at the same time as if_detach() or epair_clone_destroy(). PR: 238870, 234985, 244703, 250870 Sponsored by: Modirum MDPay Modified: stable/12/sys/net/if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if.c == --- stable/12/sys/net/if.c Tue Dec 15 15:13:06 2020(r368662) +++ stable/12/sys/net/if.c Tue Dec 15 15:33:28 2020(r368663) @@ -315,6 +315,9 @@ RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw", struct sx ifnet_sxlock; SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE); +struct sx ifnet_detach_sxlock; +SX_SYSINIT(ifnet_detach, _detach_sxlock, "ifnet_detach_sx"); + /* * The allocation of network interfaces is a rather non-atomic affair; we * need to select an index before we are ready to expose the interface for @@ -549,7 +552,9 @@ vnet_if_return(const void *unused __unused) IFNET_WUNLOCK(); for (int j = 0; j < i; j++) { + sx_xlock(_detach_sxlock); if_vmove(pending[j], pending[j]->if_home_vnet); + sx_xunlock(_detach_sxlock); } free(pending, M_IFNET); @@ -1102,8 +1107,11 @@ if_detach(struct ifnet *ifp) CURVNET_SET_QUIET(ifp->if_vnet); found = if_unlink_ifnet(ifp, false); - if (found) + if (found) { + sx_slock(_detach_sxlock); if_detach_internal(ifp, 0, NULL); + sx_sunlock(_detach_sxlock); + } CURVNET_RESTORE(); } @@ -3141,8 +3149,12 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, s goto out_noref; case SIOCIFDESTROY: error = priv_check(td, PRIV_NET_IFDESTROY); - if (error == 0) + + if (error == 0) { + sx_slock(_detach_sxlock); error = if_clone_destroy(ifr->ifr_name); + sx_sunlock(_detach_sxlock); + } goto out_noref; case SIOCIFGCLONERS: ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368656 - stable/12/sys/netpfil/pf
Author: kp Date: Tue Dec 15 08:29:45 2020 New Revision: 368656 URL: https://svnweb.freebsd.org/changeset/base/368656 Log: MFC r368588: pf: Allow net.pf.request_maxcount to be set from loader.conf Mark request_maxcount as RWTUN so we can set it both at runtime and from loader.conf. This avoids users getting caught out by the change from tunable to run time configuration. Suggested by: Franco Fichtner Modified: stable/12/sys/netpfil/pf/pf.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf.c == --- stable/12/sys/netpfil/pf/pf.c Tue Dec 15 07:31:00 2020 (r368655) +++ stable/12/sys/netpfil/pf/pf.c Tue Dec 15 08:29:45 2020 (r368656) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RWTUN, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368588 - head/sys/netpfil/pf
Author: kp Date: Sat Dec 12 20:14:39 2020 New Revision: 368588 URL: https://svnweb.freebsd.org/changeset/base/368588 Log: pf: Allow net.pf.request_maxcount to be set from loader.conf Mark request_maxcount as RWTUN so we can set it both at runtime and from loader.conf. This avoids usings getting caught out by the change from tunable to run time configuration. Suggested by: Franco Fichtner MFC after:3 days Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c == --- head/sys/netpfil/pf/pf.cSat Dec 12 19:43:38 2020(r368587) +++ head/sys/netpfil/pf/pf.cSat Dec 12 20:14:39 2020(r368588) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RWTUN, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368554 - stable/12/sys/net
Author: kp Date: Fri Dec 11 15:39:22 2020 New Revision: 368554 URL: https://svnweb.freebsd.org/changeset/base/368554 Log: MFC r368020, r368025: if: Protect V_ifnet in vnet_if_return() When we terminate a vnet (i.e. jail) we move interfaces back to their home vnet. We need to protect our access to the V_ifnet CK_LIST. We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove()) waits for net epoch callback completion. That's not possible from NET_EPOCH. Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to move and, once we've released the lock, move them back to their home vnet. We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a LOR between ifnet_sx, in_multi_sx and iflib ctx lock. Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as we do the list manipulation, but do not hold it as we if_vmove(). if: Fix non-VIMAGE build if_link_ifnet() and if_unlink_ifnet() are needed even when VIMAGE is not enabled. Sponsored by: Modirum MDPay Modified: stable/12/sys/net/if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if.c == --- stable/12/sys/net/if.c Fri Dec 11 14:32:42 2020(r368553) +++ stable/12/sys/net/if.c Fri Dec 11 15:39:22 2020(r368554) @@ -274,6 +274,8 @@ static int if_getgroupmembers(struct ifgroupreq *); static voidif_delgroups(struct ifnet *); static voidif_attach_internal(struct ifnet *, int, struct if_clone *); static int if_detach_internal(struct ifnet *, int, struct if_clone **); +static voidif_link_ifnet(struct ifnet *); +static boolif_unlink_ifnet(struct ifnet *, bool); #ifdef VIMAGE static voidif_vmove(struct ifnet *, struct vnet *); #endif @@ -472,17 +474,85 @@ vnet_if_uninit(const void *unused __unused) } VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDER_FIRST, vnet_if_uninit, NULL); +#endif static void +if_link_ifnet(struct ifnet *ifp) +{ + + IFNET_WLOCK(); + CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link); +#ifdef VIMAGE + curvnet->vnet_ifcnt++; +#endif + IFNET_WUNLOCK(); +} + +static bool +if_unlink_ifnet(struct ifnet *ifp, bool vmove) +{ + struct ifnet *iter; + int found = 0; + + IFNET_WLOCK(); + CK_STAILQ_FOREACH(iter, _ifnet, if_link) + if (iter == ifp) { + CK_STAILQ_REMOVE(_ifnet, ifp, ifnet, if_link); + if (!vmove) + ifp->if_flags |= IFF_DYING; + found = 1; + break; + } +#ifdef VIMAGE + curvnet->vnet_ifcnt--; +#endif + IFNET_WUNLOCK(); + + return (found); +} + +#ifdef VIMAGE +static void vnet_if_return(const void *unused __unused) { struct ifnet *ifp, *nifp; + struct ifnet **pending; + int found, i; + i = 0; + + /* +* We need to protect our access to the V_ifnet tailq. Ordinarily we'd +* enter NET_EPOCH, but that's not possible, because if_vmove() calls +* if_detach_internal(), which waits for NET_EPOCH callbacks to +* complete. We can't do that from within NET_EPOCH. +* +* However, we can also use the IFNET_xLOCK, which is the V_ifnet +* read/write lock. We cannot hold the lock as we call if_vmove() +* though, as that presents LOR w.r.t ifnet_sx, in_multi_sx and iflib +* ctx lock. +*/ + IFNET_WLOCK(); + + pending = malloc(sizeof(struct ifnet *) * curvnet->vnet_ifcnt, + M_IFNET, M_WAITOK | M_ZERO); + /* Return all inherited interfaces to their parent vnets. */ CK_STAILQ_FOREACH_SAFE(ifp, _ifnet, if_link, nifp) { - if (ifp->if_home_vnet != ifp->if_vnet) - if_vmove(ifp, ifp->if_home_vnet); + if (ifp->if_home_vnet != ifp->if_vnet) { + found = if_unlink_ifnet(ifp, true); + MPASS(found); + + pending[i++] = ifp; + } } + IFNET_WUNLOCK(); + + for (int j = 0; j < i; j++) { + if_vmove(pending[j], pending[j]->if_home_vnet); + } + + free(pending, M_IFNET); } VNET_SYSUNINIT(vnet_if_return, SI_SUB_VNET_DONE, SI_ORDER_ANY, vnet_if_return, NULL); @@ -890,12 +960,7 @@ if_attach_internal(struct ifnet *ifp, int vmove, struc } #endif - IFNET_WLOCK(); - CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link); -#ifdef VIMAGE - curvnet->vnet_ifcnt++; -#endif - IFNET_WUNLOCK(); + if_link_ifnet(ifp); if (domain_init_status >= 2) if_attachdomain1(ifp); @@ -1033,9 +1098,12 @@ if_purgemaddrs(struct ifnet *ifp) void if_detach(struct ifnet *ifp) { + bool found;
svn commit: r368552 - stable/12/sys/net
Author: kp Date: Fri Dec 11 14:11:41 2020 New Revision: 368552 URL: https://svnweb.freebsd.org/changeset/base/368552 Log: MFC r368015: if: Remove ifnet_rwlock It no longer serves any purpose, as evidenced by the fact that we never take it without ifnet_sxlock. This differs slightly from r368015 in that we keep the ifnet_rwlock instance (but no longer take the lock) in case there are external users who still take the lock. Sponsored by: Modirum MDPay Modified: stable/12/sys/net/if.c stable/12/sys/net/if_var.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if.c == --- stable/12/sys/net/if.c Fri Dec 11 13:23:59 2020(r368551) +++ stable/12/sys/net/if.c Fri Dec 11 14:11:41 2020(r368552) @@ -305,12 +305,8 @@ VNET_DEFINE(struct ifnet **, ifindex_table); /* * The global network interface list (V_ifnet) and related state (such as - * if_index, if_indexlim, and ifindex_table) are protected by an sxlock and - * an rwlock. Either may be acquired shared to stablize the list, but both - * must be acquired writable to modify the list. This model allows us to - * both stablize the interface list during interrupt thread processing, but - * also to stablize it over long-running ioctls, without introducing priority - * inversions and deadlocks. + * if_index, if_indexlim, and ifindex_table) are protected by an sxlock. + * This may be acquired to stabilise the list, or we may rely on NET_EPOCH. */ struct rwlock ifnet_rwlock; RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw", RW_RECURSE); Modified: stable/12/sys/net/if_var.h == --- stable/12/sys/net/if_var.h Fri Dec 11 13:23:59 2020(r368551) +++ stable/12/sys/net/if_var.h Fri Dec 11 14:11:41 2020(r368552) @@ -569,27 +569,11 @@ struct ifmultiaddr { extern struct rwlock ifnet_rwlock; extern struct sx ifnet_sxlock; -#defineIFNET_WLOCK() do { \ - sx_xlock(_sxlock);\ - rw_wlock(_rwlock);\ -} while (0) - -#defineIFNET_WUNLOCK() do { \ - rw_wunlock(_rwlock); \ - sx_xunlock(_sxlock); \ -} while (0) - -/* - * To assert the ifnet lock, you must know not only whether it's for read or - * write, but also whether it was acquired with sleep support or not. - */ -#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED) +#defineIFNET_WLOCK() sx_xlock(_sxlock) +#defineIFNET_WUNLOCK() sx_xunlock(_sxlock) +#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED) #defineIFNET_RLOCK_NOSLEEP_ASSERT() MPASS(in_epoch(net_epoch_preempt)) -#defineIFNET_WLOCK_ASSERT() do { \ - sx_assert(_sxlock, SA_XLOCKED); \ - rw_assert(_rwlock, RA_WLOCKED); \ -} while (0) - +#defineIFNET_WLOCK_ASSERT()sx_assert(_sxlock, SA_XLOCKED) #defineIFNET_RLOCK() sx_slock(_sxlock) #defineIFNET_RLOCK_NOSLEEP() struct epoch_tracker ifnet_rlock_et; epoch_enter_preempt(net_epoch_preempt, _rlock_et) #defineIFNET_RUNLOCK() sx_sunlock(_sxlock) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368488 - stable/12/tests/sys/netpfil/pf
Author: kp Date: Wed Dec 9 17:17:45 2020 New Revision: 368488 URL: https://svnweb.freebsd.org/changeset/base/368488 Log: MFC r368277: pf tests: Test case for bug #251414 Changing a table from not having counters to having counters (or vice versa) may trigger panics. PR: 251414 Modified: stable/12/tests/sys/netpfil/pf/table.sh Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/table.sh == --- stable/12/tests/sys/netpfil/pf/table.sh Wed Dec 9 15:28:56 2020 (r368487) +++ stable/12/tests/sys/netpfil/pf/table.sh Wed Dec 9 17:17:45 2020 (r368488) @@ -108,8 +108,47 @@ v6_counters_cleanup() pft_cleanup } +atf_test_case "pr251414" "cleanup" +pr251414_head() +{ + atf_set descr 'Test PR 251414' + atf_set require.user root +} + +pr251414_body() +{ + pft_init + + epair_send=$(vnet_mkepair) + ifconfig ${epair_send}a 192.0.2.1/24 up + + vnet_mkjail alcatraz ${epair_send}b + jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up + jexec alcatraz pfctl -e + + pft_set_rules alcatraz \ + "pass all" \ + "table { self }" \ + "pass in log to " + + pft_set_rules noflush alcatraz \ + "pass all" \ + "table counters { self }" \ + "pass in log to " + + atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 + + jexec alcatraz pfctl -t tab -T show -vv +} + +pr251414_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4_counters" atf_add_test_case "v6_counters" + atf_add_test_case "pr251414" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368277 - head/tests/sys/netpfil/pf
Author: kp Date: Wed Dec 2 16:33:23 2020 New Revision: 368277 URL: https://svnweb.freebsd.org/changeset/base/368277 Log: pf tests: Test case for bug #251414 Changing a table from not having counters to having counters (or vice versa) may trigger panics. PR: 251414 MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27441 Modified: head/tests/sys/netpfil/pf/table.sh Modified: head/tests/sys/netpfil/pf/table.sh == --- head/tests/sys/netpfil/pf/table.sh Wed Dec 2 16:01:43 2020 (r368276) +++ head/tests/sys/netpfil/pf/table.sh Wed Dec 2 16:33:23 2020 (r368277) @@ -108,8 +108,47 @@ v6_counters_cleanup() pft_cleanup } +atf_test_case "pr251414" "cleanup" +pr251414_head() +{ + atf_set descr 'Test PR 251414' + atf_set require.user root +} + +pr251414_body() +{ + pft_init + + epair_send=$(vnet_mkepair) + ifconfig ${epair_send}a 192.0.2.1/24 up + + vnet_mkjail alcatraz ${epair_send}b + jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up + jexec alcatraz pfctl -e + + pft_set_rules alcatraz \ + "pass all" \ + "table { self }" \ + "pass in log to " + + pft_set_rules noflush alcatraz \ + "pass all" \ + "table counters { self }" \ + "pass in log to " + + atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 + + jexec alcatraz pfctl -t tab -T show -vv +} + +pr251414_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4_counters" atf_add_test_case "v6_counters" + atf_add_test_case "pr251414" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368239 - head/tests/sys/netpfil/pf
Author: kp Date: Tue Dec 1 16:44:36 2020 New Revision: 368239 URL: https://svnweb.freebsd.org/changeset/base/368239 Log: pf tests: Re-enable panicing tests We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these tests. MFC after:2 weeks Sponsored by: Modirum MDPay Modified: head/tests/sys/netpfil/pf/names.sh head/tests/sys/netpfil/pf/nat.sh head/tests/sys/netpfil/pf/synproxy.sh Modified: head/tests/sys/netpfil/pf/names.sh == --- head/tests/sys/netpfil/pf/names.sh Tue Dec 1 16:34:43 2020 (r368238) +++ head/tests/sys/netpfil/pf/names.sh Tue Dec 1 16:44:36 2020 (r368239) @@ -36,7 +36,6 @@ names_head() names_body() { - atf_skip "Kernel panics when flushing epair queue (bug238870)" pft_init epair=$(vnet_mkepair) Modified: head/tests/sys/netpfil/pf/nat.sh == --- head/tests/sys/netpfil/pf/nat.shTue Dec 1 16:34:43 2020 (r368238) +++ head/tests/sys/netpfil/pf/nat.shTue Dec 1 16:44:36 2020 (r368239) @@ -36,10 +36,6 @@ exhaust_head() exhaust_body() { - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/244703; - fi - pft_init epair_nat=$(vnet_mkepair) Modified: head/tests/sys/netpfil/pf/synproxy.sh == --- head/tests/sys/netpfil/pf/synproxy.sh Tue Dec 1 16:34:43 2020 (r368238) +++ head/tests/sys/netpfil/pf/synproxy.sh Tue Dec 1 16:44:36 2020 (r368239) @@ -36,7 +36,6 @@ synproxy_head() synproxy_body() { - atf_skip "Kernel panics when flushing epair queue (bug238870)" pft_init epair=$(vnet_mkepair) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368238 - head/sys/net
Author: kp Date: Tue Dec 1 16:34:43 2020 New Revision: 368238 URL: https://svnweb.freebsd.org/changeset/base/368238 Log: net: Revert vnet/epair cleanup race mitigation Revert the mitigation code for the vnet/epair cleanup race (done in r365457). r368237 introduced a more reliable fix. MFC after:2 weeks Sponsored by: Modirum MDPay Modified: head/sys/net/if.c head/sys/net/if_epair.c Modified: head/sys/net/if.c == --- head/sys/net/if.c Tue Dec 1 16:23:59 2020(r368237) +++ head/sys/net/if.c Tue Dec 1 16:34:43 2020(r368238) @@ -1338,11 +1338,6 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet) ifindex_free_locked(ifp->if_index); IFNET_WUNLOCK(); - - /* Don't re-attach DYING interfaces. */ - if (ifp->if_flags & IFF_DYING) - return (0); - /* * Perform interface-specific reassignment tasks, if provided by * the driver. Modified: head/sys/net/if_epair.c == --- head/sys/net/if_epair.c Tue Dec 1 16:23:59 2020(r368237) +++ head/sys/net/if_epair.c Tue Dec 1 16:34:43 2020(r368238) @@ -611,14 +611,8 @@ epair_qflush(struct ifnet *ifp) struct epair_softc *sc; sc = ifp->if_softc; - - /* -* See epair_clone_destroy(), we can end up getting called twice. -* Don't do anything on the second call. -*/ - if (sc == NULL) - return; - + KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n", + __func__, ifp, sc)); /* * Remove this ifp from all backpointer lists. The interface will not * usable for flushing anyway nor should it have anything to flush ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368237 - head/sys/net
Author: kp Date: Tue Dec 1 16:23:59 2020 New Revision: 368237 URL: https://svnweb.freebsd.org/changeset/base/368237 Log: if: Fix panic when destroying vnet and epair simultaneously When destroying a vnet and an epair (with one end in the vnet) we often panicked. This was the result of the destruction of the epair, which destroys both ends simultaneously, happening while vnet_if_return() was moving the struct ifnet to its home vnet. This can result in a freed ifnet being re-added to the home vnet V_ifnet list. That in turn panics the next time the ifnet is used. Prevent this race by ensuring that vnet_if_return() cannot run at the same time as if_detach() or epair_clone_destroy(). PR: 238870, 234985, 244703, 250870 MFC after:2 weeks Sponsored by: Modirum MDPay Differential Revision:https://reviews.freebsd.org/D27378 Modified: head/sys/net/if.c Modified: head/sys/net/if.c == --- head/sys/net/if.c Tue Dec 1 16:06:31 2020(r368236) +++ head/sys/net/if.c Tue Dec 1 16:23:59 2020(r368237) @@ -314,6 +314,9 @@ VNET_DEFINE(struct ifnet **, ifindex_table); struct sx ifnet_sxlock; SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE); +struct sx ifnet_detach_sxlock; +SX_SYSINIT(ifnet_detach, _detach_sxlock, "ifnet_detach_sx"); + /* * The allocation of network interfaces is a rather non-atomic affair; we * need to select an index before we are ready to expose the interface for @@ -543,7 +546,9 @@ vnet_if_return(const void *unused __unused) IFNET_WUNLOCK(); for (int j = 0; j < i; j++) { + sx_xlock(_detach_sxlock); if_vmove(pending[j], pending[j]->if_home_vnet); + sx_xunlock(_detach_sxlock); } free(pending, M_IFNET); @@ -1118,8 +1123,11 @@ if_detach(struct ifnet *ifp) CURVNET_SET_QUIET(ifp->if_vnet); found = if_unlink_ifnet(ifp, false); - if (found) + if (found) { + sx_slock(_detach_sxlock); if_detach_internal(ifp, 0, NULL); + sx_sunlock(_detach_sxlock); + } CURVNET_RESTORE(); } @@ -3010,8 +3018,12 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, s goto out_noref; case SIOCIFDESTROY: error = priv_check(td, PRIV_NET_IFDESTROY); - if (error == 0) + + if (error == 0) { + sx_slock(_detach_sxlock); error = if_clone_destroy(ifr->ifr_name); + sx_sunlock(_detach_sxlock); + } goto out_noref; case SIOCIFGCLONERS: ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368235 - stable/12/tests/sys/netpfil/pf/ioctl
Author: kp Date: Tue Dec 1 16:02:52 2020 New Revision: 368235 URL: https://svnweb.freebsd.org/changeset/base/368235 Log: MFC r367990: pf tests: provoke tag hashing panic Attempt to provoke the panic fixed in r367987. Modified: stable/12/tests/sys/netpfil/pf/ioctl/validation.c Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/ioctl/validation.c == --- stable/12/tests/sys/netpfil/pf/ioctl/validation.c Tue Dec 1 15:53:12 2020(r368234) +++ stable/12/tests/sys/netpfil/pf/ioctl/validation.c Tue Dec 1 16:02:52 2020(r368235) @@ -790,6 +790,43 @@ ATF_TC_CLEANUP(getsrcnodes, tc) COMMON_CLEANUP(); } +ATF_TC_WITH_CLEANUP(tag); +ATF_TC_HEAD(tag, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); +} + +ATF_TC_BODY(tag, tc) +{ + struct pfioc_rule rule; + + COMMON_HEAD(); + + memset(, 0x42, sizeof(rule)); + + rule.ticket = 0; + rule.pool_ticket = 0; + rule.anchor[0] = 0; + + rule.rule.return_icmp = 0; + bzero(, sizeof(rule.rule.src)); + bzero(, sizeof(rule.rule.dst)); + + rule.rule.ifname[0] = 0; + rule.rule.action = 0; + rule.rule.rtableid = 0; + + rule.rule.tagname[0] = 0; + + for (int i = 0; i < 10; i++) + ioctl(dev, DIOCADDRULE, ); +} + +ATF_TC_CLEANUP(tag, tc) +{ + COMMON_CLEANUP(); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, addtables); @@ -811,6 +848,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, cxrollback); ATF_TP_ADD_TC(tp, commit); ATF_TP_ADD_TC(tp, getsrcnodes); + ATF_TP_ADD_TC(tp, tag); return (atf_no_error()); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368101 - stable/12/tests/sys/netpfil/pf
Author: kp Date: Fri Nov 27 11:12:59 2020 New Revision: 368101 URL: https://svnweb.freebsd.org/changeset/base/368101 Log: MFC r367869: pf tests: Basic source tracking test Added: stable/12/tests/sys/netpfil/pf/src_track.sh - copied unchanged from r367869, head/tests/sys/netpfil/pf/src_track.sh Modified: stable/12/tests/sys/netpfil/pf/Makefile Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/Makefile == --- stable/12/tests/sys/netpfil/pf/Makefile Fri Nov 27 11:12:10 2020 (r368100) +++ stable/12/tests/sys/netpfil/pf/Makefile Fri Nov 27 11:12:59 2020 (r368101) @@ -12,6 +12,7 @@ ATF_TESTS_SH+=anchor \ names \ nat \ set_tos \ + src_track \ rdr \ route_to \ synproxy \ Copied: stable/12/tests/sys/netpfil/pf/src_track.sh (from r367869, head/tests/sys/netpfil/pf/src_track.sh) == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/tests/sys/netpfil/pf/src_track.sh Fri Nov 27 11:12:59 2020 (r368101, copy of r367869, head/tests/sys/netpfil/pf/src_track.sh) @@ -0,0 +1,66 @@ +# $FreeBSD$ +# +# SPDX-License-Identifier: BSD-2-Clause-FreeBSD +# +# Copyright (c) 2020 Kristof Provost +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +#notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +#notice, this list of conditions and the following disclaimer in the +#documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "source_track" "cleanup" +source_track_head() +{ + atf_set descr 'Basic source tracking test' + atf_set require.user root +} + +source_track_body() +{ + pft_init + + epair=$(vnet_mkepair) + + vnet_mkjail alcatraz ${epair}b + + ifconfig ${epair}a 192.0.2.2/24 up + jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up + + # Enable pf! + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "pass in keep state (source-track)" \ + "pass out keep state (source-track)" + + ping -c 3 192.0.2.1 + jexec alcatraz pfctl -s all -v +} + +source_track_cleanup() +{ + pft_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "source_track" +} ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368100 - stable/12/sys/netpfil/pf
Author: kp Date: Fri Nov 27 11:12:10 2020 New Revision: 368100 URL: https://svnweb.freebsd.org/changeset/base/368100 Log: MFC r367867: pf: Fix incorrect assertion We never set PFRULE_RULESRCTRACK when calling pf_insert_src_node(). We do set PFRULE_SRCTRACK, so update the assertion to match. Modified: stable/12/sys/netpfil/pf/pf.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf.c == --- stable/12/sys/netpfil/pf/pf.c Fri Nov 27 09:07:46 2020 (r368099) +++ stable/12/sys/netpfil/pf/pf.c Fri Nov 27 11:12:10 2020 (r368100) @@ -705,7 +705,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_ struct pf_addr *src, sa_family_t af) { - KASSERT((rule->rule_flag & PFRULE_RULESRCTRACK || + KASSERT((rule->rule_flag & PFRULE_SRCTRACK || rule->rpool.opts & PF_POOL_STICKYADDR), ("%s for non-tracking rule %p", __func__, rule)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368054 - stable/12/sys/net
Author: kp Date: Thu Nov 26 10:17:56 2020 New Revision: 368054 URL: https://svnweb.freebsd.org/changeset/base/368054 Log: Add missing NET_EPOCH_EXIT() to if_bridge In r367706 one return in bridge_input() did not NET_EPOCH_EXIT(), which caused seemingly random panics on the next use of NET_EPOCH. Direct commit to stable/12, because this code is different in CURRENT. Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Thu Nov 26 09:07:45 2020 (r368053) +++ stable/12/sys/net/if_bridge.c Thu Nov 26 10:17:56 2020 (r368054) @@ -2528,6 +2528,7 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) OR_PFIL_HOOKED_INET6)) { \ if (bridge_pfil(, NULL, ifp, \ PFIL_IN) != 0 || m == NULL) { \ + NET_EPOCH_EXIT_ET(et); \ return (NULL); \ } \ eh = mtod(m, struct ether_header *);\ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368025 - head/sys/net
Author: kp Date: Wed Nov 25 17:15:24 2020 New Revision: 368025 URL: https://svnweb.freebsd.org/changeset/base/368025 Log: if: Fix non-VIMAGE build if_link_ifnet() and if_unlink_ifnet() are needed even when VIMAGE is not enabled. MFC after:2 weeks Sponsored by: Modirum MDPay Modified: head/sys/net/if.c Modified: head/sys/net/if.c == --- head/sys/net/if.c Wed Nov 25 17:12:21 2020(r368024) +++ head/sys/net/if.c Wed Nov 25 17:15:24 2020(r368025) @@ -468,6 +468,7 @@ vnet_if_uninit(const void *unused __unused) } VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDER_FIRST, vnet_if_uninit, NULL); +#endif static void if_link_ifnet(struct ifnet *ifp) @@ -504,6 +505,7 @@ if_unlink_ifnet(struct ifnet *ifp, bool vmove) return (found); } +#ifdef VIMAGE static void vnet_if_return(const void *unused __unused) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368020 - head/sys/net
Author: kp Date: Wed Nov 25 15:07:22 2020 New Revision: 368020 URL: https://svnweb.freebsd.org/changeset/base/368020 Log: if: Protect V_ifnet in vnet_if_return() When we terminate a vnet (i.e. jail) we move interfaces back to their home vnet. We need to protect our access to the V_ifnet CK_LIST. We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove()) waits for net epoch callback completion. That's not possible from NET_EPOCH. Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to move and, once we've released the lock, move them back to their home vnet. We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a LOR between ifnet_sx, in_multi_sx and iflib ctx lock. Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as we do the list manipulation, but do not hold it as we if_vmove(). Reviewed by: melifaro MFC after:2 weeks Sponsored by: Modirum MDPay Differential Revision:https://reviews.freebsd.org/D27279 Modified: head/sys/net/if.c Modified: head/sys/net/if.c == --- head/sys/net/if.c Wed Nov 25 14:26:13 2020(r368019) +++ head/sys/net/if.c Wed Nov 25 15:07:22 2020(r368020) @@ -275,6 +275,8 @@ static void if_delgroups(struct ifnet *); static voidif_attach_internal(struct ifnet *, int, struct if_clone *); static int if_detach_internal(struct ifnet *, int, struct if_clone **); static voidif_siocaddmulti(void *, int); +static voidif_link_ifnet(struct ifnet *); +static boolif_unlink_ifnet(struct ifnet *, bool); #ifdef VIMAGE static int if_vmove(struct ifnet *, struct vnet *); #endif @@ -468,15 +470,81 @@ VNET_SYSUNINIT(vnet_if_uninit, SI_SUB_INIT_IF, SI_ORDE vnet_if_uninit, NULL); static void +if_link_ifnet(struct ifnet *ifp) +{ + + IFNET_WLOCK(); + CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link); +#ifdef VIMAGE + curvnet->vnet_ifcnt++; +#endif + IFNET_WUNLOCK(); +} + +static bool +if_unlink_ifnet(struct ifnet *ifp, bool vmove) +{ + struct ifnet *iter; + int found = 0; + + IFNET_WLOCK(); + CK_STAILQ_FOREACH(iter, _ifnet, if_link) + if (iter == ifp) { + CK_STAILQ_REMOVE(_ifnet, ifp, ifnet, if_link); + if (!vmove) + ifp->if_flags |= IFF_DYING; + found = 1; + break; + } +#ifdef VIMAGE + curvnet->vnet_ifcnt--; +#endif + IFNET_WUNLOCK(); + + return (found); +} + +static void vnet_if_return(const void *unused __unused) { struct ifnet *ifp, *nifp; + struct ifnet **pending; + int found, i; + i = 0; + + /* +* We need to protect our access to the V_ifnet tailq. Ordinarily we'd +* enter NET_EPOCH, but that's not possible, because if_vmove() calls +* if_detach_internal(), which waits for NET_EPOCH callbacks to +* complete. We can't do that from within NET_EPOCH. +* +* However, we can also use the IFNET_xLOCK, which is the V_ifnet +* read/write lock. We cannot hold the lock as we call if_vmove() +* though, as that presents LOR w.r.t ifnet_sx, in_multi_sx and iflib +* ctx lock. +*/ + IFNET_WLOCK(); + + pending = malloc(sizeof(struct ifnet *) * curvnet->vnet_ifcnt, + M_IFNET, M_WAITOK | M_ZERO); + /* Return all inherited interfaces to their parent vnets. */ CK_STAILQ_FOREACH_SAFE(ifp, _ifnet, if_link, nifp) { - if (ifp->if_home_vnet != ifp->if_vnet) - if_vmove(ifp, ifp->if_home_vnet); + if (ifp->if_home_vnet != ifp->if_vnet) { + found = if_unlink_ifnet(ifp, true); + MPASS(found); + + pending[i++] = ifp; + } } + IFNET_WUNLOCK(); + + for (int j = 0; j < i; j++) { + if_vmove(pending[j], pending[j]->if_home_vnet); + } + + free(pending, M_IFNET); } VNET_SYSUNINIT(vnet_if_return, SI_SUB_VNET_DONE, SI_ORDER_ANY, vnet_if_return, NULL); @@ -906,12 +974,7 @@ if_attach_internal(struct ifnet *ifp, int vmove, struc } #endif - IFNET_WLOCK(); - CK_STAILQ_INSERT_TAIL(_ifnet, ifp, if_link); -#ifdef VIMAGE - curvnet->vnet_ifcnt++; -#endif - IFNET_WUNLOCK(); + if_link_ifnet(ifp); if (domain_init_status >= 2) if_attachdomain1(ifp); @@ -1049,9 +1112,12 @@ if_purgemaddrs(struct ifnet *ifp) void if_detach(struct ifnet *ifp) { + bool found; CURVNET_SET_QUIET(ifp->if_vnet); - if_detach_internal(ifp, 0, NULL); + found = if_unlink_ifnet(ifp, false); + if (found) + if_detach_internal(ifp, 0, NULL); CURVNET_RESTORE();
svn commit: r368015 - head/sys/net
Author: kp Date: Wed Nov 25 10:56:38 2020 New Revision: 368015 URL: https://svnweb.freebsd.org/changeset/base/368015 Log: if: Remove ifnet_rwlock It no longer serves any purpose, as evidenced by the fact that we never take it without ifnet_sxlock. Sponsored by: Modirum MDPay Differential Revision:https://reviews.freebsd.org/D27278 Modified: head/sys/net/if.c head/sys/net/if_var.h Modified: head/sys/net/if.c == --- head/sys/net/if.c Wed Nov 25 10:21:29 2020(r368014) +++ head/sys/net/if.c Wed Nov 25 10:56:38 2020(r368015) @@ -306,15 +306,9 @@ VNET_DEFINE(struct ifnet **, ifindex_table); /* * The global network interface list (V_ifnet) and related state (such as - * if_index, if_indexlim, and ifindex_table) are protected by an sxlock and - * an rwlock. Either may be acquired shared to stablize the list, but both - * must be acquired writable to modify the list. This model allows us to - * both stablize the interface list during interrupt thread processing, but - * also to stablize it over long-running ioctls, without introducing priority - * inversions and deadlocks. + * if_index, if_indexlim, and ifindex_table) are protected by an sxlock. + * This may be acquired to stabilise the list, or we may rely on NET_EPOCH. */ -struct rwlock ifnet_rwlock; -RW_SYSINIT_FLAGS(ifnet_rw, _rwlock, "ifnet_rw", RW_RECURSE); struct sx ifnet_sxlock; SX_SYSINIT_FLAGS(ifnet_sx, _sxlock, "ifnet_sx", SX_RECURSE); Modified: head/sys/net/if_var.h == --- head/sys/net/if_var.h Wed Nov 25 10:21:29 2020(r368014) +++ head/sys/net/if_var.h Wed Nov 25 10:56:38 2020(r368015) @@ -593,29 +593,12 @@ struct ifmultiaddr { struct epoch_context ifma_epoch_ctx; }; -extern struct rwlock ifnet_rwlock; extern struct sx ifnet_sxlock; -#defineIFNET_WLOCK() do { \ - sx_xlock(_sxlock);\ - rw_wlock(_rwlock);\ -} while (0) - -#defineIFNET_WUNLOCK() do { \ - rw_wunlock(_rwlock); \ - sx_xunlock(_sxlock); \ -} while (0) - -/* - * To assert the ifnet lock, you must know not only whether it's for read or - * write, but also whether it was acquired with sleep support or not. - */ -#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED) -#defineIFNET_WLOCK_ASSERT() do { \ - sx_assert(_sxlock, SA_XLOCKED); \ - rw_assert(_rwlock, RA_WLOCKED); \ -} while (0) - +#defineIFNET_WLOCK() sx_xlock(_sxlock) +#defineIFNET_WUNLOCK() sx_xunlock(_sxlock) +#defineIFNET_RLOCK_ASSERT()sx_assert(_sxlock, SA_SLOCKED) +#defineIFNET_WLOCK_ASSERT()sx_assert(_sxlock, SA_XLOCKED) #defineIFNET_RLOCK() sx_slock(_sxlock) #defineIFNET_RUNLOCK() sx_sunlock(_sxlock) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367990 - head/tests/sys/netpfil/pf/ioctl
Author: kp Date: Tue Nov 24 17:32:49 2020 New Revision: 367990 URL: https://svnweb.freebsd.org/changeset/base/367990 Log: pf tests: provoke tag hashing panic Attempt to provoke the panic fixed in r367987. MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27350 Modified: head/tests/sys/netpfil/pf/ioctl/validation.c Modified: head/tests/sys/netpfil/pf/ioctl/validation.c == --- head/tests/sys/netpfil/pf/ioctl/validation.cTue Nov 24 17:13:08 2020(r367989) +++ head/tests/sys/netpfil/pf/ioctl/validation.cTue Nov 24 17:32:49 2020(r367990) @@ -790,6 +790,43 @@ ATF_TC_CLEANUP(getsrcnodes, tc) COMMON_CLEANUP(); } +ATF_TC_WITH_CLEANUP(tag); +ATF_TC_HEAD(tag, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); +} + +ATF_TC_BODY(tag, tc) +{ + struct pfioc_rule rule; + + COMMON_HEAD(); + + memset(, 0x42, sizeof(rule)); + + rule.ticket = 0; + rule.pool_ticket = 0; + rule.anchor[0] = 0; + + rule.rule.return_icmp = 0; + bzero(, sizeof(rule.rule.src)); + bzero(, sizeof(rule.rule.dst)); + + rule.rule.ifname[0] = 0; + rule.rule.action = 0; + rule.rule.rtableid = 0; + + rule.rule.tagname[0] = 0; + + for (int i = 0; i < 10; i++) + ioctl(dev, DIOCADDRULE, ); +} + +ATF_TC_CLEANUP(tag, tc) +{ + COMMON_CLEANUP(); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, addtables); @@ -811,6 +848,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, cxrollback); ATF_TP_ADD_TC(tp, commit); ATF_TP_ADD_TC(tp, getsrcnodes); + ATF_TP_ADD_TC(tp, tag); return (atf_no_error()); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367869 - head/tests/sys/netpfil/pf
Author: kp Date: Fri Nov 20 10:11:03 2020 New Revision: 367869 URL: https://svnweb.freebsd.org/changeset/base/367869 Log: pf tests: Basic source tracking test MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27255 Added: head/tests/sys/netpfil/pf/src_track.sh (contents, props changed) Modified: head/tests/sys/netpfil/pf/Makefile Modified: head/tests/sys/netpfil/pf/Makefile == --- head/tests/sys/netpfil/pf/Makefile Fri Nov 20 10:09:48 2020 (r367868) +++ head/tests/sys/netpfil/pf/Makefile Fri Nov 20 10:11:03 2020 (r367869) @@ -12,6 +12,7 @@ ATF_TESTS_SH+=anchor \ names \ nat \ set_tos \ + src_track \ rdr \ route_to \ synproxy \ Added: head/tests/sys/netpfil/pf/src_track.sh == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/netpfil/pf/src_track.sh Fri Nov 20 10:11:03 2020 (r367869) @@ -0,0 +1,66 @@ +# $FreeBSD$ +# +# SPDX-License-Identifier: BSD-2-Clause-FreeBSD +# +# Copyright (c) 2020 Kristof Provost +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +#notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +#notice, this list of conditions and the following disclaimer in the +#documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "source_track" "cleanup" +source_track_head() +{ + atf_set descr 'Basic source tracking test' + atf_set require.user root +} + +source_track_body() +{ + pft_init + + epair=$(vnet_mkepair) + + vnet_mkjail alcatraz ${epair}b + + ifconfig ${epair}a 192.0.2.2/24 up + jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up + + # Enable pf! + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "pass in keep state (source-track)" \ + "pass out keep state (source-track)" + + ping -c 3 192.0.2.1 + jexec alcatraz pfctl -s all -v +} + +source_track_cleanup() +{ + pft_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "source_track" +} ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367867 - head/sys/netpfil/pf
Author: kp Date: Fri Nov 20 10:08:33 2020 New Revision: 367867 URL: https://svnweb.freebsd.org/changeset/base/367867 Log: pf: Fix incorrect assertion We never set PFRULE_RULESRCTRACK when calling pf_insert_src_node(). We do set PFRULE_SRCTRACK, so update the assertion to match. MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27254 Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c == --- head/sys/netpfil/pf/pf.cFri Nov 20 09:56:46 2020(r367866) +++ head/sys/netpfil/pf/pf.cFri Nov 20 10:08:33 2020(r367867) @@ -705,7 +705,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_ struct pf_addr *src, sa_family_t af) { - KASSERT((rule->rule_flag & PFRULE_RULESRCTRACK || + KASSERT((rule->rule_flag & PFRULE_SRCTRACK || rule->rpool.opts & PF_POOL_STICKYADDR), ("%s for non-tracking rule %p", __func__, rule)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367706 - stable/12/sys/net
Author: kp Date: Sun Nov 15 11:56:16 2020 New Revision: 367706 URL: https://svnweb.freebsd.org/changeset/base/367706 Log: MFC r366500: bridge: call member interface ioctl() without NET_EPOCH We're not allowed to hold NET_EPOCH while sleeping, so when we call ioctl() handlers for member interfaces we cannot be in NET_EPOCH. We still need some protection of our CK_LISTs, so hold BRIDGE_LOCK instead. That requires changing BRIDGE_LOCK into a sleepable lock, and separating the BRIDGE_RT_LOCK, to protect bridge_rtnode lists. That lock is taken in the data path (while in NET_EPOCH), so it cannot be a sleepable lock. While here document the locking strategy. Modified: stable/12/sys/net/if_bridge.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Sun Nov 15 11:46:44 2020 (r367705) +++ stable/12/sys/net/if_bridge.c Sun Nov 15 11:56:16 2020 (r367706) @@ -186,17 +186,41 @@ extern void nd6_setmtu(struct ifnet *); /* * Bridge locking + * + * The bridge relies heavily on the epoch(9) system to protect its data + * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we + * must ensure there is only one writer at a time. + * + * That is: for read accesses we only need to be in NET_EPOCH, but for write + * accesses we must hold: + * + * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes + * - BRIDGE_LOCK, for any other change + * + * The BRIDGE_LOCK is a sleepable lock, because it is held accross ioctl() + * calls to bridge member interfaces and these ioctl()s can sleep. + * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes + * required while we're in NET_EPOCH and then we're not allowed to sleep. */ #define BRIDGE_LOCK_INIT(_sc) do {\ - mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ + sx_init(&(_sc)->sc_sx, "if_bridge");\ + mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ - mtx_destroy(&(_sc)->sc_mtx);\ + sx_destroy(&(_sc)->sc_sx); \ + mtx_destroy(&(_sc)->sc_rt_mtx); \ } while (0) -#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) -#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) -#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) -#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) +#define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx) +#define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx) +#define BRIDGE_LOCK_ASSERT(_sc)sx_assert(&(_sc)->sc_sx, SX_XLOCKED) +#define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \ + MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx)) +#define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED) +#define BRIDGE_RT_LOCK(_sc)mtx_lock(&(_sc)->sc_rt_mtx) +#define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx) +#define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED) +#define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc)\ + MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx)) /* * Bridge interface list entry. @@ -237,7 +261,8 @@ struct bridge_rtnode { struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; - struct mtx sc_mtx; + struct sx sc_sx; + struct mtx sc_rt_mtx; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ @@ -255,8 +280,8 @@ struct bridge_softc { struct epoch_contextsc_epoch_ctx; }; -VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx); -#defineV_bridge_list_mtx VNET(bridge_list_mtx) +VNET_DEFINE_STATIC(struct sx, bridge_list_sx); +#defineV_bridge_list_sxVNET(bridge_list_sx) static eventhandler_tag bridge_detach_cookie; intbridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; @@ -539,11 +564,11 @@ const int bridge_control_table_size = nitems(bridge_co VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list); #defineV_bridge_list VNET(bridge_list) -#defineBRIDGE_LIST_LOCK_INIT(x)mtx_init(_bridge_list_mtx, \ - "if_bridge list", NULL, MTX_DEF) -#defineBRIDGE_LIST_LOCK_DESTROY(x) mtx_destroy(_bridge_list_mtx) -#defineBRIDGE_LIST_LOCK(x) mtx_lock(_bridge_list_mtx) -#defineBRIDGE_LIST_UNLOCK(x)
svn commit: r367705 - stable/12/sys/net
Author: kp Date: Sun Nov 15 11:46:44 2020 New Revision: 367705 URL: https://svnweb.freebsd.org/changeset/base/367705 Log: bridge: epoch-ification Undo the revert (r363568). This commit still violates epoch rules by sleeping within NET_EPOCH. That will be resolved in the following commit. Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Sun Nov 15 11:28:02 2020 (r367704) +++ stable/12/sys/net/if_bridge.c Sun Nov 15 11:46:44 2020 (r367705) @@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *); */ #define BRIDGE_LOCK_INIT(_sc) do {\ mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ - cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ mtx_destroy(&(_sc)->sc_mtx);\ - cv_destroy(&(_sc)->sc_cv); \ } while (0) #define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) #define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) #define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) #define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) -#defineBRIDGE_LOCK2REF(_sc, _err) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - if ((_sc)->sc_iflist_xcnt > 0) \ - (_err) = EBUSY; \ - else\ - (_sc)->sc_iflist_ref++; \ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_UNREF(_sc) do { \ - mtx_lock(&(_sc)->sc_mtx); \ - (_sc)->sc_iflist_ref--; \ - if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ - cv_broadcast(&(_sc)->sc_cv);\ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XLOCK(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt++;\ - while ((_sc)->sc_iflist_ref > 0)\ - cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XDROP(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt--;\ -} while (0) /* * Bridge interface list entry. @@ -237,6 +210,8 @@ struct bridge_iflist { uint32_tbif_addrmax;/* max # of addresses */ uint32_tbif_addrcnt;/* cur. # of addresses */ uint32_tbif_addrexceeded;/* # of address violations */ + + struct epoch_contextbif_epoch_ctx; }; /* @@ -250,6 +225,9 @@ struct bridge_rtnode { uint8_t brt_flags; /* address flags */ uint8_t brt_addr[ETHER_ADDR_LEN]; uint16_tbrt_vlan; /* vlan id */ + + struct vnet*brt_vnet; + struct epoch_context brt_epoch_ctx; }; #definebrt_ifp brt_dst->bif_ifp @@ -260,13 +238,10 @@ struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; struct mtx sc_mtx; - struct cv sc_cv; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ struct callout sc_brcallout; /* bridge callout */ - uint32_tsc_iflist_ref; /* refcount for sc_iflist */ - uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */ CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface list */ CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of above */ @@ -276,6 +251,8 @@ struct bridge_softc { uint32_tsc_brtexceeded; /* # of cache drops */ struct ifnet*sc_ifaddr; /* member mac copied from */ struct ether_addr sc_defaddr; /* Default MAC address */ + + struct epoch_contextsc_epoch_ctx; }; VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx); @@ -595,6 +572,11 @@ vnet_bridge_uninit(const void *unused __unused) if_clone_detach(V_bridge_cloner); V_bridge_cloner = NULL; BRIDGE_LIST_LOCK_DESTROY(); + + /* Before we can destroy the uma zone, because there
Re: svn commit: r367321 - head/sys/amd64/linux
On 4 Nov 2020, at 11:45, Gordon Bergling wrote: Shouldn't such a commit be approved by someone? The committer’s guide seems clear that doc committers may fix comments: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/committer.types.html doc committers may commit documentation changes to src files, such as man pages, READMEs, fortune databases, calendar files, and comment fixes without approval from a src committer, subject to the normal care and tending of commits. Arguably minor spelling fixes are not worth confusing the blame output for, but this seems well within the established rules. And why you just abandoned the differential [1]? Probably because it timed out. The review had been pending since August. Arguably the differential link should have been included as well, but it’s hardly important in this case. I don’t think we have explicit policies about this. We probably should. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367078 - head/sys/riscv/riscv
Author: kp Date: Tue Oct 27 12:44:49 2020 New Revision: 367078 URL: https://svnweb.freebsd.org/changeset/base/367078 Log: riscv: Minor cleanup in startup code - remove setting of register value which is not used until the next value is set - Use the L2_SHIFT constant when setting up L2 superpages Submitted by: Antonin Houska Modified: head/sys/riscv/riscv/locore.S Modified: head/sys/riscv/riscv/locore.S == --- head/sys/riscv/riscv/locore.S Tue Oct 27 12:32:17 2020 (r367077) +++ head/sys/riscv/riscv/locore.S Tue Oct 27 12:44:49 2020 (r367078) @@ -135,10 +135,9 @@ pagetables: /* Level 2 superpages (512 x 2MiB) */ lla s1, pagetable_l2 - srlit4, s9, 21 /* Div physmem base by 2 MiB */ + srlit4, s9, L2_SHIFT/* Div physmem base by 2 MiB */ li t2, 512 /* Build 512 entries */ add t3, t4, t2 - li t5, 0 li t0, (PTE_KERN | PTE_X) 1: sllit2, t4, PTE_PPN1_S /* << PTE_PPN1_S */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367058 - stable/12/tests/sys/netpfil/pf
Author: kp Date: Mon Oct 26 13:24:20 2020 New Revision: 367058 URL: https://svnweb.freebsd.org/changeset/base/367058 Log: MFC r366648: pf tests: Test that 'set skip on ' works on new group members There's a know issue where new group members don't get the 'set skip on' applied until the rules are re-loaded. Do this by setting rules that block all traffic, but skip members of the 'epair' group. If we can communicate over the epair interface we know the set skip rule took effect, even if the rule was set before the interface was created. Modified: stable/12/tests/sys/netpfil/pf/set_skip.sh Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/set_skip.sh == --- stable/12/tests/sys/netpfil/pf/set_skip.sh Mon Oct 26 13:23:40 2020 (r367057) +++ stable/12/tests/sys/netpfil/pf/set_skip.sh Mon Oct 26 13:24:20 2020 (r367058) @@ -60,8 +60,41 @@ set_skip_group_lo_cleanup() pft_cleanup } +atf_test_case "set_skip_dynamic" "cleanup" +set_skip_dynamic_head() +{ + atf_set descr "Cope with group changes" + atf_set require.user root +} + +set_skip_dynamic_body() +{ + pft_init + + set -x + + vnet_mkjail alcatraz + jexec alcatraz pfctl -e + pft_set_rules alcatraz "set skip on epair" \ + "block" + + epair=$(vnet_mkepair) + ifconfig ${epair}a 192.0.2.2/24 up + ifconfig ${epair}b vnet alcatraz + + jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up + + atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 192.0.2.2 +} + +set_skip_dynamic_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "set_skip_group" atf_add_test_case "set_skip_group_lo" + atf_add_test_case "set_skip_dynamic" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367057 - stable/12/sys/netpfil/pf
Author: kp Date: Mon Oct 26 13:23:40 2020 New Revision: 367057 URL: https://svnweb.freebsd.org/changeset/base/367057 Log: MFC r37: pf: do not remove kifs that are referenced by rules Even if a kif doesn't have an ifp or if_group pointer we still can't delete it if it's referenced by a rule. In other words: we must check rulerefs as well. While we're here also teach pfi_kif_unref() not to remove kifs with flags. Reported-by: syzbot+b31d1d7e12c5d4d42...@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_if.c == --- stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:22:55 2020 (r367056) +++ stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:23:40 2020 (r367057) @@ -258,8 +258,10 @@ pfi_kif_unref(struct pfi_kif *kif) if (kif->pfik_rulerefs > 0) return; - /* kif referencing an existing ifnet or group should exist. */ - if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == V_pfi_all) + /* kif referencing an existing ifnet or group or holding flags should +* exist. */ + if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || + kif == V_pfi_all || kif->pfik_flags != 0) return; RB_REMOVE(pfi_ifhead, _pfi_ifs, kif); @@ -814,7 +816,7 @@ pfi_clear_flags(const char *name, int flags) p->pfik_flags &= ~flags; if (p->pfik_ifp == NULL && p->pfik_group == NULL && - p->pfik_flags == 0) { + p->pfik_flags == 0 && p->pfik_rulerefs == 0) { /* Delete this kif. */ RB_REMOVE(pfi_ifhead, _pfi_ifs, p); free(p, PFI_MTYPE); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367056 - stable/12/sys/netpfil/pf
Author: kp Date: Mon Oct 26 13:22:55 2020 New Revision: 367056 URL: https://svnweb.freebsd.org/changeset/base/367056 Log: MFC r366647: pf: create a kif for flags If userspace tries to set flags (e.g. 'set skip on ') and doesn't exist we should create a kif so that we apply the flags when the does turn up. Otherwise we'd end up in surprising situations where the rules say the interface should be skipped, but it's not until the rules get re-applied. Modified: stable/12/sys/netpfil/pf/pf_if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_if.c == --- stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 12:34:50 2020 (r367055) +++ stable/12/sys/netpfil/pf/pf_if.cMon Oct 26 13:22:55 2020 (r367056) @@ -787,8 +787,14 @@ pfi_skip_if(const char *filter, struct pfi_kif *p) int pfi_set_flags(const char *name, int flags) { - struct pfi_kif *p; + struct pfi_kif *p, *kif; + kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT); + if (kif == NULL) + return (ENOMEM); + + kif = pfi_kif_attach(kif, name); + RB_FOREACH(p, pfi_ifhead, _pfi_ifs) { if (pfi_skip_if(name, p)) continue; @@ -800,12 +806,19 @@ pfi_set_flags(const char *name, int flags) int pfi_clear_flags(const char *name, int flags) { - struct pfi_kif *p; + struct pfi_kif *p, *tmp; - RB_FOREACH(p, pfi_ifhead, _pfi_ifs) { + RB_FOREACH_SAFE(p, pfi_ifhead, _pfi_ifs, tmp) { if (pfi_skip_if(name, p)) continue; p->pfik_flags &= ~flags; + + if (p->pfik_ifp == NULL && p->pfik_group == NULL && + p->pfik_flags == 0) { + /* Delete this kif. */ + RB_REMOVE(pfi_ifhead, _pfi_ifs, p); + free(p, PFI_MTYPE); + } } return (0); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366667 - head/sys/netpfil/pf
Author: kp Date: Tue Oct 13 11:04:00 2020 New Revision: 37 URL: https://svnweb.freebsd.org/changeset/base/37 Log: pf: do not remove kifs that are referenced by rules Even if a kif doesn't have an ifp or if_group pointer we still can't delete it if it's referenced by a rule. In other words: we must check rulerefs as well. While we're here also teach pfi_kif_unref() not to remove kifs with flags. Reported-by: syzbot+b31d1d7e12c5d4d42...@syzkaller.appspotmail.com MFC after: 2 weeks Modified: head/sys/netpfil/pf/pf_if.c Modified: head/sys/netpfil/pf/pf_if.c == --- head/sys/netpfil/pf/pf_if.c Tue Oct 13 10:31:12 2020(r36) +++ head/sys/netpfil/pf/pf_if.c Tue Oct 13 11:04:00 2020(r37) @@ -282,8 +282,10 @@ pfi_kif_unref(struct pfi_kif *kif) if (kif->pfik_rulerefs > 0) return; - /* kif referencing an existing ifnet or group should exist. */ - if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == V_pfi_all) + /* kif referencing an existing ifnet or group or holding flags should +* exist. */ + if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || + kif == V_pfi_all || kif->pfik_flags != 0) return; RB_REMOVE(pfi_ifhead, _pfi_ifs, kif); @@ -833,7 +835,7 @@ pfi_clear_flags(const char *name, int flags) p->pfik_flags &= ~flags; if (p->pfik_ifp == NULL && p->pfik_group == NULL && - p->pfik_flags == 0) { + p->pfik_flags == 0 && p->pfik_rulerefs == 0) { /* Delete this kif. */ RB_REMOVE(pfi_ifhead, _pfi_ifs, p); free(p, PFI_MTYPE); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366648 - head/tests/sys/netpfil/pf
Author: kp Date: Mon Oct 12 12:41:10 2020 New Revision: 366648 URL: https://svnweb.freebsd.org/changeset/base/366648 Log: pf tests: Test that 'set skip on ' works on new group members There's a know issue where new group members don't get the 'set skip on' applied until the rules are re-loaded. Do this by setting rules that block all traffic, but skip members of the 'epair' group. If we can communicate over the epair interface we know the set skip rule took effect, even if the rule was set before the interface was created. MFC after:2 weeks Modified: head/tests/sys/netpfil/pf/set_skip.sh Modified: head/tests/sys/netpfil/pf/set_skip.sh == --- head/tests/sys/netpfil/pf/set_skip.sh Mon Oct 12 12:39:37 2020 (r366647) +++ head/tests/sys/netpfil/pf/set_skip.sh Mon Oct 12 12:41:10 2020 (r366648) @@ -85,8 +85,41 @@ set_skip_group_lo_cleanup() pft_cleanup } +atf_test_case "set_skip_dynamic" "cleanup" +set_skip_dynamic_head() +{ + atf_set descr "Cope with group changes" + atf_set require.user root +} + +set_skip_dynamic_body() +{ + pft_init + + set -x + + vnet_mkjail alcatraz + jexec alcatraz pfctl -e + pft_set_rules alcatraz "set skip on epair" \ + "block" + + epair=$(vnet_mkepair) + ifconfig ${epair}a 192.0.2.2/24 up + ifconfig ${epair}b vnet alcatraz + + jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up + + atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 192.0.2.2 +} + +set_skip_dynamic_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "set_skip_group" atf_add_test_case "set_skip_group_lo" + atf_add_test_case "set_skip_dynamic" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366647 - head/sys/netpfil/pf
Author: kp Date: Mon Oct 12 12:39:37 2020 New Revision: 366647 URL: https://svnweb.freebsd.org/changeset/base/366647 Log: pf: create a kif for flags If userspace tries to set flags (e.g. 'set skip on ') and doesn't exist we should create a kif so that we apply the flags when the does turn up. Otherwise we'd end up in surprising situations where the rules say the interface should be skipped, but it's not until the rules get re-applied. Reviewed by: Lutz Donnerhacke MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D26742 Modified: head/sys/netpfil/pf/pf_if.c Modified: head/sys/netpfil/pf/pf_if.c == --- head/sys/netpfil/pf/pf_if.c Mon Oct 12 11:40:43 2020(r366646) +++ head/sys/netpfil/pf/pf_if.c Mon Oct 12 12:39:37 2020(r366647) @@ -801,9 +801,16 @@ int pfi_set_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p; + struct pfi_kif *p, *kif; + kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT); + if (kif == NULL) + return (ENOMEM); + NET_EPOCH_ENTER(et); + + kif = pfi_kif_attach(kif, name); + RB_FOREACH(p, pfi_ifhead, _pfi_ifs) { if (pfi_skip_if(name, p)) continue; @@ -817,13 +824,20 @@ int pfi_clear_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p; + struct pfi_kif *p, *tmp; NET_EPOCH_ENTER(et); - RB_FOREACH(p, pfi_ifhead, _pfi_ifs) { + RB_FOREACH_SAFE(p, pfi_ifhead, _pfi_ifs, tmp) { if (pfi_skip_if(name, p)) continue; p->pfik_flags &= ~flags; + + if (p->pfik_ifp == NULL && p->pfik_group == NULL && + p->pfik_flags == 0) { + /* Delete this kif. */ + RB_REMOVE(pfi_ifhead, _pfi_ifs, p); + free(p, PFI_MTYPE); + } } NET_EPOCH_EXIT(et); return (0); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366500 - head/sys/net
Author: kp Date: Tue Oct 6 19:19:56 2020 New Revision: 366500 URL: https://svnweb.freebsd.org/changeset/base/366500 Log: bridge: call member interface ioctl() without NET_EPOCH We're not allowed to hold NET_EPOCH while sleeping, so when we call ioctl() handlers for member interfaces we cannot be in NET_EPOCH. We still need some protection of our CK_LISTs, so hold BRIDGE_LOCK instead. That requires changing BRIDGE_LOCK into a sleepable lock, and separating the BRIDGE_RT_LOCK, to protect bridge_rtnode lists. That lock is taken in the data path (while in NET_EPOCH), so it cannot be a sleepable lock. While here document the locking strategy. MFC after:1 month Differential Revision:https://reviews.freebsd.org/D26418 Modified: head/sys/net/if_bridge.c Modified: head/sys/net/if_bridge.c == --- head/sys/net/if_bridge.cTue Oct 6 19:15:11 2020(r366499) +++ head/sys/net/if_bridge.cTue Oct 6 19:19:56 2020(r366500) @@ -186,17 +186,41 @@ extern void nd6_setmtu(struct ifnet *); /* * Bridge locking + * + * The bridge relies heavily on the epoch(9) system to protect its data + * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we + * must ensure there is only one writer at a time. + * + * That is: for read accesses we only need to be in NET_EPOCH, but for write + * accesses we must hold: + * + * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes + * - BRIDGE_LOCK, for any other change + * + * The BRIDGE_LOCK is a sleepable lock, because it is held accross ioctl() + * calls to bridge member interfaces and these ioctl()s can sleep. + * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes + * required while we're in NET_EPOCH and then we're not allowed to sleep. */ #define BRIDGE_LOCK_INIT(_sc) do {\ - mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ + sx_init(&(_sc)->sc_sx, "if_bridge");\ + mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ - mtx_destroy(&(_sc)->sc_mtx);\ + sx_destroy(&(_sc)->sc_sx); \ + mtx_destroy(&(_sc)->sc_rt_mtx); \ } while (0) -#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) -#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) -#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) -#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) +#define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx) +#define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx) +#define BRIDGE_LOCK_ASSERT(_sc)sx_assert(&(_sc)->sc_sx, SX_XLOCKED) +#define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \ + MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx)) +#define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED) +#define BRIDGE_RT_LOCK(_sc)mtx_lock(&(_sc)->sc_rt_mtx) +#define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx) +#define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED) +#define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc)\ + MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx)) /* * Bridge interface list entry. @@ -235,7 +259,8 @@ struct bridge_rtnode { struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; - struct mtx sc_mtx; + struct sx sc_sx; + struct mtx sc_rt_mtx; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ @@ -252,8 +277,8 @@ struct bridge_softc { struct epoch_contextsc_epoch_ctx; }; -VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx); -#defineV_bridge_list_mtx VNET(bridge_list_mtx) +VNET_DEFINE_STATIC(struct sx, bridge_list_sx); +#defineV_bridge_list_sxVNET(bridge_list_sx) static eventhandler_tag bridge_detach_cookie; intbridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; @@ -536,11 +561,11 @@ const int bridge_control_table_size = nitems(bridge_co VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list); #defineV_bridge_list VNET(bridge_list) -#defineBRIDGE_LIST_LOCK_INIT(x)mtx_init(_bridge_list_mtx, \ - "if_bridge list", NULL, MTX_DEF) -#defineBRIDGE_LIST_LOCK_DESTROY(x) mtx_destroy(_bridge_list_mtx) -#defineBRIDGE_LIST_LOCK(x) mtx_lock(_bridge_list_mtx) -#defineBRIDGE_LIST_UNLOCK(x)
svn commit: r366461 - head/sbin/devfs
Author: kp Date: Mon Oct 5 19:26:54 2020 New Revision: 366461 URL: https://svnweb.freebsd.org/changeset/base/366461 Log: devfs.rules: unhide pf in vnet jails /dev/pf is usable in vnet jails, so don't hide the node there. We shouldn't expose /dev/pf in regular jails, as that gives them control over the host (or parent vnet jail) firewall. Reviewed by: bz Differential Revision:https://reviews.freebsd.org/D26537 Modified: head/sbin/devfs/devfs.rules Modified: head/sbin/devfs/devfs.rules == --- head/sbin/devfs/devfs.rules Mon Oct 5 19:22:28 2020(r366460) +++ head/sbin/devfs/devfs.rules Mon Oct 5 19:26:54 2020(r366461) @@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide + +[devfsrules_jail_vnet=5] +add include $devfsrules_jail +add path pf unhide ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366355 - head/sys/riscv/riscv
Author: kp Date: Fri Oct 2 07:30:11 2020 New Revision: 366355 URL: https://svnweb.freebsd.org/changeset/base/366355 Log: riscv: handle access faults in user mode Access faults in user mode are treated like TLB misses, which leads to an endless loop of faults. It's less serious than the same fault in kernel mode, because we can just terminate the process, but that's not ideal. Treat user mode access faults as a bus error. Suggested by: jrtc27 Reviewed by: br, jhb Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D26621 Modified: head/sys/riscv/riscv/trap.c Modified: head/sys/riscv/riscv/trap.c == --- head/sys/riscv/riscv/trap.c Fri Oct 2 05:59:55 2020(r366354) +++ head/sys/riscv/riscv/trap.c Fri Oct 2 07:30:11 2020(r366355) @@ -343,6 +343,10 @@ do_trap_user(struct trapframe *frame) case EXCP_FAULT_LOAD: case EXCP_FAULT_STORE: case EXCP_FAULT_FETCH: + call_trapsignal(td, SIGBUS, BUS_ADRERR, (void *)frame->tf_sepc, + exception); + userret(td, frame); + break; case EXCP_STORE_PAGE_FAULT: case EXCP_LOAD_PAGE_FAULT: case EXCP_INST_PAGE_FAULT: ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366315 - in head/sys/riscv: include riscv
Author: kp Date: Thu Oct 1 15:04:55 2020 New Revision: 366315 URL: https://svnweb.freebsd.org/changeset/base/366315 Log: riscv: Add memmmap so we can mmap /dev/mem Reviewed by: mhorne Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D26622 Modified: head/sys/riscv/include/memdev.h head/sys/riscv/riscv/mem.c Modified: head/sys/riscv/include/memdev.h == --- head/sys/riscv/include/memdev.h Thu Oct 1 14:20:36 2020 (r366314) +++ head/sys/riscv/include/memdev.h Thu Oct 1 15:04:55 2020 (r366315) @@ -35,6 +35,6 @@ d_open_t memopen; d_read_t memrw; d_ioctl_t memioctl_md; -#definememmmap (d_mmap_t *)NULL +d_mmap_t memmmap; #endif /* _MACHINE_MEMDEV_H_ */ Modified: head/sys/riscv/riscv/mem.c == --- head/sys/riscv/riscv/mem.c Thu Oct 1 14:20:36 2020(r366314) +++ head/sys/riscv/riscv/mem.c Thu Oct 1 15:04:55 2020(r366315) @@ -122,6 +122,21 @@ memrw(struct cdev *dev, struct uio *uio, int flags) return (error); } +/* + * Allow user processes to MMAP some memory sections + * instead of going through read/write. + */ +int +memmmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, +int prot __unused, vm_memattr_t *memattr __unused) +{ + if (dev2unit(dev) == CDEV_MINOR_MEM) { + *paddr = offset; + return (0); + } + return (-1); +} + int memioctl_md(struct cdev *dev __unused, u_long cmd __unused, caddr_t data __unused, int flags __unused, struct thread *td __unused) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366284 - head/sys/riscv/riscv
Author: kp Date: Wed Sep 30 08:23:43 2020 New Revision: 366284 URL: https://svnweb.freebsd.org/changeset/base/366284 Log: riscv: Panic on PMP errors Load/store/fetch access exceptions always indicate a violation of a PMP rule. We can't treat those as page faults, because updating the page table and trying again will only result in exactly the same access exception recurring. This leaves us in an endless exception loop. We cannot recover from these exceptions, so panic instead. Reviewed by: jhb Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D26544 Modified: head/sys/riscv/riscv/trap.c Modified: head/sys/riscv/riscv/trap.c == --- head/sys/riscv/riscv/trap.c Wed Sep 30 04:27:38 2020(r366283) +++ head/sys/riscv/riscv/trap.c Wed Sep 30 08:23:43 2020(r366284) @@ -282,6 +282,9 @@ do_trap_supervisor(struct trapframe *frame) case EXCP_FAULT_LOAD: case EXCP_FAULT_STORE: case EXCP_FAULT_FETCH: + dump_regs(frame); + panic("Memory access exception at 0x%016lx\n", frame->tf_sepc); + break; case EXCP_STORE_PAGE_FAULT: case EXCP_LOAD_PAGE_FAULT: data_abort(frame, 0); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365669 - releng/12.2/sys/net
Author: kp Date: Sat Sep 12 18:58:36 2020 New Revision: 365669 URL: https://svnweb.freebsd.org/changeset/base/365669 Log: MFC r365457: net: mitigate vnet / epair cleanup races There's a race where dying vnets move their interfaces back to their original vnet, and if_epair cleanup (where deleting one interface also deletes the other end of the epair). This is commonly triggered by the pf tests, but also by cleanup of vnet jails. As we've not yet been able to fix the root cause of the issue work around the panic by not dereferencing a NULL softc in epair_qflush() and by not re-attaching DYING interfaces. This isn't a full fix, but makes a very common panic far less likely. PR: 244703, 238870 Approved by: re (gjb) Modified: releng/12.2/sys/net/if.c releng/12.2/sys/net/if_epair.c Directory Properties: releng/12.2/ (props changed) Modified: releng/12.2/sys/net/if.c == --- releng/12.2/sys/net/if.cSat Sep 12 18:42:14 2020(r365668) +++ releng/12.2/sys/net/if.cSat Sep 12 18:58:36 2020(r365669) @@ -1280,6 +1280,10 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet) ifindex_free_locked(ifp->if_index); IFNET_WUNLOCK(); + /* Don't re-attach DYING interfaces. */ + if (ifp->if_flags & IFF_DYING) + return; + /* * Perform interface-specific reassignment tasks, if provided by * the driver. Modified: releng/12.2/sys/net/if_epair.c == --- releng/12.2/sys/net/if_epair.c Sat Sep 12 18:42:14 2020 (r365668) +++ releng/12.2/sys/net/if_epair.c Sat Sep 12 18:58:36 2020 (r365669) @@ -609,8 +609,14 @@ epair_qflush(struct ifnet *ifp) struct epair_softc *sc; sc = ifp->if_softc; - KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n", - __func__, ifp, sc)); + + /* +* See epair_clone_destroy(), we can end up getting called twice. +* Don't do anything on the second call. +*/ + if (sc == NULL) + return; + /* * Remove this ifp from all backpointer lists. The interface will not * usable for flushing anyway nor should it have anything to flush ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365659 - stable/12/sys/net
Author: kp Date: Sat Sep 12 12:45:31 2020 New Revision: 365659 URL: https://svnweb.freebsd.org/changeset/base/365659 Log: MFC r365457: net: mitigate vnet / epair cleanup races There's a race where dying vnets move their interfaces back to their original vnet, and if_epair cleanup (where deleting one interface also deletes the other end of the epair). This is commonly triggered by the pf tests, but also by cleanup of vnet jails. As we've not yet been able to fix the root cause of the issue work around the panic by not dereferencing a NULL softc in epair_qflush() and by not re-attaching DYING interfaces. This isn't a full fix, but makes a very common panic far less likely. PR: 244703, 238870 Modified: stable/12/sys/net/if.c stable/12/sys/net/if_epair.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if.c == --- stable/12/sys/net/if.c Sat Sep 12 11:24:36 2020(r365658) +++ stable/12/sys/net/if.c Sat Sep 12 12:45:31 2020(r365659) @@ -1280,6 +1280,10 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet) ifindex_free_locked(ifp->if_index); IFNET_WUNLOCK(); + /* Don't re-attach DYING interfaces. */ + if (ifp->if_flags & IFF_DYING) + return; + /* * Perform interface-specific reassignment tasks, if provided by * the driver. Modified: stable/12/sys/net/if_epair.c == --- stable/12/sys/net/if_epair.cSat Sep 12 11:24:36 2020 (r365658) +++ stable/12/sys/net/if_epair.cSat Sep 12 12:45:31 2020 (r365659) @@ -609,8 +609,14 @@ epair_qflush(struct ifnet *ifp) struct epair_softc *sc; sc = ifp->if_softc; - KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n", - __func__, ifp, sc)); + + /* +* See epair_clone_destroy(), we can end up getting called twice. +* Don't do anything on the second call. +*/ + if (sc == NULL) + return; + /* * Remove this ifp from all backpointer lists. The interface will not * usable for flushing anyway nor should it have anything to flush ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365626 - in head/sys/cddl/dev: dtrace/riscv fbt/riscv
Author: kp Date: Fri Sep 11 09:15:49 2020 New Revision: 365626 URL: https://svnweb.freebsd.org/changeset/base/365626 Log: dtrace: fix fbt return probes on RISC-V Return values are passed in a0, so read it from there. We also pass a1 through to userspace, as the ABI allows small structs to be returned in registers a0/a1. While here read the register values directly from the trapframe rather than rtval, and remove the now unneeded argument from dtrace_invop(). Set fbtp_roffset so that we get the correct return location in arg0. Reviewed by: markj Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D26389 Modified: head/sys/cddl/dev/dtrace/riscv/dtrace_subr.c head/sys/cddl/dev/fbt/riscv/fbt_isa.c Modified: head/sys/cddl/dev/dtrace/riscv/dtrace_subr.c == --- head/sys/cddl/dev/dtrace/riscv/dtrace_subr.cFri Sep 11 05:45:27 2020(r365625) +++ head/sys/cddl/dev/dtrace/riscv/dtrace_subr.cFri Sep 11 09:15:49 2020(r365626) @@ -53,7 +53,7 @@ extern dtrace_id_tdtrace_probeid_error; extern int (*dtrace_invop_jump_addr)(struct trapframe *); extern void dtrace_getnanotime(struct timespec *tsp); -int dtrace_invop(uintptr_t, struct trapframe *, uintptr_t); +int dtrace_invop(uintptr_t, struct trapframe *); void dtrace_invop_init(void); void dtrace_invop_uninit(void); @@ -65,13 +65,13 @@ typedef struct dtrace_invop_hdlr { dtrace_invop_hdlr_t *dtrace_invop_hdlr; int -dtrace_invop(uintptr_t addr, struct trapframe *frame, uintptr_t eax) +dtrace_invop(uintptr_t addr, struct trapframe *frame) { dtrace_invop_hdlr_t *hdlr; int rval; for (hdlr = dtrace_invop_hdlr; hdlr != NULL; hdlr = hdlr->dtih_next) - if ((rval = hdlr->dtih_func(addr, frame, eax)) != 0) + if ((rval = hdlr->dtih_func(addr, frame, 0)) != 0) return (rval); return (0); @@ -254,7 +254,7 @@ dtrace_invop_start(struct trapframe *frame) uint32_t imm; int invop; - invop = dtrace_invop(frame->tf_sepc, frame, frame->tf_sepc); + invop = dtrace_invop(frame->tf_sepc, frame); if (invop == 0) return (-1); Modified: head/sys/cddl/dev/fbt/riscv/fbt_isa.c == --- head/sys/cddl/dev/fbt/riscv/fbt_isa.c Fri Sep 11 05:45:27 2020 (r365625) +++ head/sys/cddl/dev/fbt/riscv/fbt_isa.c Fri Sep 11 09:15:49 2020 (r365626) @@ -59,9 +59,14 @@ fbt_invop(uintptr_t addr, struct trapframe *frame, uin if ((uintptr_t)fbt->fbtp_patchpoint == addr) { cpu->cpu_dtrace_caller = addr; - dtrace_probe(fbt->fbtp_id, frame->tf_a[0], - frame->tf_a[1], frame->tf_a[2], - frame->tf_a[3], frame->tf_a[4]); + if (fbt->fbtp_roffset == 0) { + dtrace_probe(fbt->fbtp_id, frame->tf_a[0], + frame->tf_a[1], frame->tf_a[2], + frame->tf_a[3], frame->tf_a[4]); + } else { + dtrace_probe(fbt->fbtp_id, fbt->fbtp_roffset, + frame->tf_a[0], frame->tf_a[1], 0, 0); + } cpu->cpu_dtrace_caller = 0; return (fbt->fbtp_savedval); @@ -233,6 +238,7 @@ again: fbt->fbtp_loadcnt = lf->loadcnt; fbt->fbtp_symindx = symindx; fbt->fbtp_rval = rval; + fbt->fbtp_roffset = (uintptr_t)instr - (uintptr_t)symval->value; fbt->fbtp_savedval = *instr; fbt->fbtp_patchval = patchval; fbt->fbtp_hashnext = fbt_probetab[FBT_ADDR2NDX(instr)]; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365457 - head/sys/net
Author: kp Date: Tue Sep 8 14:54:10 2020 New Revision: 365457 URL: https://svnweb.freebsd.org/changeset/base/365457 Log: net: mitigate vnet / epair cleanup races There's a race where dying vnets move their interfaces back to their original vnet, and if_epair cleanup (where deleting one interface also deletes the other end of the epair). This is commonly triggered by the pf tests, but also by cleanup of vnet jails. As we've not yet been able to fix the root cause of the issue work around the panic by not dereferencing a NULL softc in epair_qflush() and by not re-attaching DYING interfaces. This isn't a full fix, but makes a very common panic far less likely. PR: 244703, 238870 Reviewed by: lutz_donnerhacke.de MFC after:4 days Differential Revision:https://reviews.freebsd.org/D26324 Modified: head/sys/net/if.c head/sys/net/if_epair.c Modified: head/sys/net/if.c == --- head/sys/net/if.c Tue Sep 8 13:24:44 2020(r365456) +++ head/sys/net/if.c Tue Sep 8 14:54:10 2020(r365457) @@ -1298,6 +1298,11 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet) ifindex_free_locked(ifp->if_index); IFNET_WUNLOCK(); + + /* Don't re-attach DYING interfaces. */ + if (ifp->if_flags & IFF_DYING) + return (0); + /* * Perform interface-specific reassignment tasks, if provided by * the driver. Modified: head/sys/net/if_epair.c == --- head/sys/net/if_epair.c Tue Sep 8 13:24:44 2020(r365456) +++ head/sys/net/if_epair.c Tue Sep 8 14:54:10 2020(r365457) @@ -611,8 +611,14 @@ epair_qflush(struct ifnet *ifp) struct epair_softc *sc; sc = ifp->if_softc; - KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n", - __func__, ifp, sc)); + + /* +* See epair_clone_destroy(), we can end up getting called twice. +* Don't do anything on the second call. +*/ + if (sc == NULL) + return; + /* * Remove this ifp from all backpointer lists. The interface will not * usable for flushing anyway nor should it have anything to flush ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365246 - head/sys/netgraph
Author: kp Date: Wed Sep 2 11:49:22 2020 New Revision: 365246 URL: https://svnweb.freebsd.org/changeset/base/365246 Log: ng_ether: Enter NET_EPOCH where required We must enter NET_EPOCH before calling ether_output_frame(). Several of the functions it calls (pfil_run_hooks, if_transmit) expect to be running in the NET_EPOCH. While here remove an unneeded EPOCH entry (which wasn't wide enough to cover BRIDGE_INPUT). PR: 248958 Reviewed by: glebius, bz (previous version), melifaro (previous version) Tested by:manu Differential Revision:https://reviews.freebsd.org/D26226 Modified: head/sys/netgraph/ng_ether.c head/sys/netgraph/ng_pppoe.c Modified: head/sys/netgraph/ng_ether.c == --- head/sys/netgraph/ng_ether.cWed Sep 2 11:33:31 2020 (r365245) +++ head/sys/netgraph/ng_ether.cWed Sep 2 11:49:22 2020 (r365246) @@ -711,7 +711,6 @@ ng_ether_rcv_lower(hook_p hook, item_p item) static int ng_ether_rcv_upper(hook_p hook, item_p item) { - struct epoch_tracker et; struct mbuf *m; const node_p node = NG_HOOK_NODE(hook); const priv_p priv = NG_NODE_PRIVATE(node); @@ -739,9 +738,7 @@ ng_ether_rcv_upper(hook_p hook, item_p item) } /* Route packet back in */ - NET_EPOCH_ENTER(et); ether_demux(ifp, m); - NET_EPOCH_EXIT(et); return (0); } Modified: head/sys/netgraph/ng_pppoe.c == --- head/sys/netgraph/ng_pppoe.cWed Sep 2 11:33:31 2020 (r365245) +++ head/sys/netgraph/ng_pppoe.cWed Sep 2 11:49:22 2020 (r365246) @@ -48,6 +48,7 @@ #include #include #include +#include #include #include @@ -761,6 +762,7 @@ ng_pppoe_connect(hook_p hook) static int ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasthook) { + struct epoch_tracker et; priv_p privp = NG_NODE_PRIVATE(node); struct ngpppoe_init_data *ourmsg = NULL; struct ng_mesg *resp = NULL; @@ -980,7 +982,9 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth neg->service.hdr.tag_len = htons((uint16_t)srvlen); bcopy(ourmsg->data + srvpos, neg->service.data, srvlen); neg->service_len = srvlen; + NET_EPOCH_ENTER(et); pppoe_start(sp); + NET_EPOCH_EXIT(et); break; } case NGM_PPPOE_LISTEN: @@ -1166,8 +1170,10 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth m->m_pkthdr.len = m->m_len = sizeof(*wh) + sizeof(*tag) + ourmsg->data_len; wh->ph.length = htons(sizeof(*tag) + ourmsg->data_len); + NET_EPOCH_ENTER(et); NG_SEND_DATA_ONLY(error, privp->ethernet_hook, m); + NET_EPOCH_EXIT(et); } break; } @@ -1209,8 +1215,10 @@ ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasth m->m_pkthdr.len = m->m_len = sizeof(*wh) + sizeof(*tag) + ourmsg->data_len; wh->ph.length = htons(sizeof(*tag) + ourmsg->data_len); + NET_EPOCH_ENTER(et); NG_SEND_DATA_ONLY(error, privp->ethernet_hook, m); + NET_EPOCH_EXIT(et); } break; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365245 - head/sys/riscv/riscv
Author: kp Date: Wed Sep 2 11:33:31 2020 New Revision: 365245 URL: https://svnweb.freebsd.org/changeset/base/365245 Log: riscv: very large dma mappings can cause integer overflow Fix the return type for _bus_dmamap_addseg(). Based on the same fix done for arm64 in r348571. Sponsored by: Axiado Modified: head/sys/riscv/riscv/busdma_bounce.c Modified: head/sys/riscv/riscv/busdma_bounce.c == --- head/sys/riscv/riscv/busdma_bounce.cWed Sep 2 11:18:21 2020 (r365244) +++ head/sys/riscv/riscv/busdma_bounce.cWed Sep 2 11:33:31 2020 (r365245) @@ -633,7 +633,7 @@ _bus_dmamap_reserve_pages(bus_dma_tag_t dmat, bus_dmam /* * Add a single contiguous physical range to the segment list. */ -static int +static bus_size_t _bus_dmamap_addseg(bus_dma_tag_t dmat, bus_dmamap_t map, bus_addr_t curaddr, bus_size_t sgsize, bus_dma_segment_t *segs, int *segp) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364456 - stable/12/sys/netpfil/pf
Author: kp Date: Fri Aug 21 13:11:33 2020 New Revision: 364456 URL: https://svnweb.freebsd.org/changeset/base/364456 Log: MFC r355744: pf: Make request_maxcount runtime adjustable There's no reason for this to be a tunable. It's perfectly safe to change this at runtime. Modified: stable/12/sys/netpfil/pf/pf.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf.c == --- stable/12/sys/netpfil/pf/pf.c Fri Aug 21 10:06:01 2020 (r364455) +++ stable/12/sys/netpfil/pf/pf.c Fri Aug 21 13:11:33 2020 (r364456) @@ -382,7 +382,7 @@ SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFL _hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, _srchashsize, 0, "Size of pf(4) source nodes hashtable"); -SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RDTUN, +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RW, _ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363796 - in head: lib/libc/riscv/gen sys/riscv/include
Author: kp Date: Mon Aug 3 12:48:51 2020 New Revision: 363796 URL: https://svnweb.freebsd.org/changeset/base/363796 Log: libc: Provide sub fp(s|g)etmask() implementations for RISC-V RISC-V doesn't support floating-point exceptions. RISC-V Instruction Set Manual: Volume I: User-Level ISA, 11.2 Floating-Point Control and Status Register: "As allowed by the standard, we do not support traps on floating-point exceptions in the base ISA, but instead require explicit checks of the flags in software. We considered adding branches controlled directly by the contents of the floating-point accrued exception flags, but ultimately chose to omit these instructions to keep the ISA simple." We still need these functions, because some applications (notably Perl) call them, but we cannot provide a meaningful implementation. Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D25740 Added: head/lib/libc/riscv/gen/fpgetmask.c (contents, props changed) head/lib/libc/riscv/gen/fpsetmask.c (contents, props changed) Modified: head/lib/libc/riscv/gen/Makefile.inc head/sys/riscv/include/ieeefp.h Modified: head/lib/libc/riscv/gen/Makefile.inc == --- head/lib/libc/riscv/gen/Makefile.incMon Aug 3 10:19:50 2020 (r363795) +++ head/lib/libc/riscv/gen/Makefile.incMon Aug 3 12:48:51 2020 (r363796) @@ -3,6 +3,8 @@ SRCS+= _ctx_start.S \ fabs.S \ flt_rounds.c \ + fpgetmask.c \ + fpsetmask.c \ infinity.c \ ldexp.c \ makecontext.c \ Added: head/lib/libc/riscv/gen/fpgetmask.c == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libc/riscv/gen/fpgetmask.c Mon Aug 3 12:48:51 2020 (r363796) @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2020 Axiado + * All rights reserved. + * + * This software was developed by Kristof Provost under + * sponsorship from Axiado. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include + +fp_except_t +fpgetmask(void) +{ + + return (0); +} Added: head/lib/libc/riscv/gen/fpsetmask.c == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libc/riscv/gen/fpsetmask.c Mon Aug 3 12:48:51 2020 (r363796) @@ -0,0 +1,53 @@ +/*- + * Copyright (c) 2020 Axiado + * All rights reserved. + * + * This software was developed by Kristof Provost under + * sponsorship from Axiado. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR S
Re: svn commit: r363568 - stable/12/sys/net
On 26 Jul 2020, at 21:21, mike tancsa wrote: Hi Kristof, First off, thank you for all your efforts in pf and if_bridge. I have trying to track down a problem with a golang app (sysutils/zrepl) that started acting up around the time the if_bridge stuff was commited (june 26th). The problem would manifest in stalls of the daemon and am wondering this might have played a role. The june 10th kernel I had seemed to work just fine with the app, although I just rebooted to that to confirm as around that time we added more RAM to the server in question and put the app under slightly higher load too. I have yet to boot to a kernel post this being reverted. But apart from the panics some people saw could other 'odd' things pop up as well if traffic was coming in a bridge interface using an igb0 nic ? I wouldn’t think so, no. The epoch change mostly removed locks and opportunities to stall (I know it fixes at least one deadlock). If there are bugs it’s pretty much always going to manifest as a crash (or assertion failure). Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363568 - stable/12/sys/net
Author: kp Date: Sun Jul 26 17:44:03 2020 New Revision: 363568 URL: https://svnweb.freebsd.org/changeset/base/363568 Log: Revert bridge epochification Revert r363492, r363491, r363430, r363429 and r362650. The introduction of epoch in the network stack is incomplete in stable/12, and there are simply too many limitations to make the bridge epoch code work there. The final problem is capability configuration of the bridge member interfaces. if_bridge needs to enable promiscuous mode, which for certain drivers (e1000 for example) can sleep. In stable/12 we may not sleep within epoch. Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Sun Jul 26 17:21:24 2020 (r363567) +++ stable/12/sys/net/if_bridge.c Sun Jul 26 17:44:03 2020 (r363568) @@ -189,14 +189,41 @@ extern void nd6_setmtu(struct ifnet *); */ #define BRIDGE_LOCK_INIT(_sc) do {\ mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ + cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ mtx_destroy(&(_sc)->sc_mtx);\ + cv_destroy(&(_sc)->sc_cv); \ } while (0) #define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) #define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) #define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) #define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) +#defineBRIDGE_LOCK2REF(_sc, _err) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + if ((_sc)->sc_iflist_xcnt > 0) \ + (_err) = EBUSY; \ + else\ + (_sc)->sc_iflist_ref++; \ + mtx_unlock(&(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_UNREF(_sc) do { \ + mtx_lock(&(_sc)->sc_mtx); \ + (_sc)->sc_iflist_ref--; \ + if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ + cv_broadcast(&(_sc)->sc_cv);\ + mtx_unlock(&(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_XLOCK(_sc) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + (_sc)->sc_iflist_xcnt++;\ + while ((_sc)->sc_iflist_ref > 0)\ + cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_XDROP(_sc) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + (_sc)->sc_iflist_xcnt--;\ +} while (0) /* * Bridge interface list entry. @@ -210,8 +237,6 @@ struct bridge_iflist { uint32_tbif_addrmax;/* max # of addresses */ uint32_tbif_addrcnt;/* cur. # of addresses */ uint32_tbif_addrexceeded;/* # of address violations */ - - struct epoch_contextbif_epoch_ctx; }; /* @@ -225,9 +250,6 @@ struct bridge_rtnode { uint8_t brt_flags; /* address flags */ uint8_t brt_addr[ETHER_ADDR_LEN]; uint16_tbrt_vlan; /* vlan id */ - - struct vnet*brt_vnet; - struct epoch_context brt_epoch_ctx; }; #definebrt_ifp brt_dst->bif_ifp @@ -238,10 +260,13 @@ struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; struct mtx sc_mtx; + struct cv sc_cv; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ struct callout sc_brcallout; /* bridge callout */ + uint32_tsc_iflist_ref; /* refcount for sc_iflist */ + uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */ CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface list */ CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of above */ @@ -251,8 +276,6 @@ struct bridge_softc { uint32_tsc_brtexceeded; /* # of cache drops */ struct ifnet*sc_ifaddr; /* member mac copied from */ struct ether_addr sc_defaddr; /* Default MAC address */ - - struct epoch_context
svn commit: r363491 - stable/12/sys/net
Author: kp Date: Fri Jul 24 20:09:52 2020 New Revision: 363491 URL: https://svnweb.freebsd.org/changeset/base/363491 Log: bridge: Fix mismerges from r360345 In r362650 we merged r360345. This required manual changes due to the differences in EPOCH macros between head and stable/12, and was done imperfectly. This is a direct commit to stable/12. PR: 248046 Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Fri Jul 24 19:54:15 2020 (r363490) +++ stable/12/sys/net/if_bridge.c Fri Jul 24 20:09:52 2020 (r363491) @@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *); */ #define BRIDGE_LOCK_INIT(_sc) do {\ mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ - cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ mtx_destroy(&(_sc)->sc_mtx);\ - cv_destroy(&(_sc)->sc_cv); \ } while (0) #define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) #define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) #define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) #define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) -#defineBRIDGE_LOCK2REF(_sc, _err) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - if ((_sc)->sc_iflist_xcnt > 0) \ - (_err) = EBUSY; \ - else\ - (_sc)->sc_iflist_ref++; \ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_UNREF(_sc) do { \ - mtx_lock(&(_sc)->sc_mtx); \ - (_sc)->sc_iflist_ref--; \ - if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ - cv_broadcast(&(_sc)->sc_cv);\ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XLOCK(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt++;\ - while ((_sc)->sc_iflist_ref > 0)\ - cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XDROP(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt--;\ -} while (0) /* * Bridge interface list entry. @@ -265,13 +238,10 @@ struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; struct mtx sc_mtx; - struct cv sc_cv; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ struct callout sc_brcallout; /* bridge callout */ - uint32_tsc_iflist_ref; /* refcount for sc_iflist */ - uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */ CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface list */ CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of above */ @@ -790,7 +760,9 @@ bridge_clone_destroy(struct ifnet *ifp) { struct bridge_softc *sc = ifp->if_softc; struct bridge_iflist *bif; + struct epoch_tracker et; + NET_EPOCH_ENTER_ET(et); BRIDGE_LOCK(sc); bridge_stop(ifp, 1); @@ -815,6 +787,8 @@ bridge_clone_destroy(struct ifnet *ifp) BRIDGE_LIST_UNLOCK(); bstp_detach(>sc_stp); + NET_EPOCH_EXIT_ET(et); + ether_ifdetach(ifp); if_free(ifp); @@ -994,7 +968,6 @@ bridge_mutecaps(struct bridge_softc *sc) mask &= bif->bif_savedcaps; } - BRIDGE_XLOCK(sc); CK_LIST_FOREACH(bif, >sc_iflist, bif_next) { enabled = bif->bif_ifp->if_capenable; enabled &= ~BRIDGE_IFCAPS_STRIP; @@ -1005,8 +978,6 @@ bridge_mutecaps(struct bridge_softc *sc) bridge_set_ifcap(sc, bif, enabled); BRIDGE_LOCK(sc); } - BRIDGE_XDROP(sc); - } static void @@ -1107,9 +1078,7 @@ bridge_delete_member(struct bridge_softc *sc, struct b bstp_disable(>bif_stp); ifs->if_bridge = NULL; - BRIDGE_XLOCK(sc); CK_LIST_REMOVE(bif, bif_next); - BRIDGE_XDROP(sc); /*
svn commit: r363492 - stable/12/sys/net
Author: kp Date: Fri Jul 24 20:10:27 2020 New Revision: 363492 URL: https://svnweb.freebsd.org/changeset/base/363492 Log: bridge: Enter epoch for bridge_transmit() Just like the change done for bridge_input()/bridge_output() in r363430 we must enter epoch ourselves, because its coverage is not as wide as in head. This is a direct commit to stable/12. PR: 248046 Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Fri Jul 24 20:09:52 2020 (r363491) +++ stable/12/sys/net/if_bridge.c Fri Jul 24 20:10:27 2020 (r363492) @@ -2189,11 +2189,14 @@ sendunicast: static int bridge_transmit(struct ifnet *ifp, struct mbuf *m) { + struct epoch_tracker et; struct bridge_softc *sc; struct ether_header *eh; struct ifnet *dst_if; int error = 0; + NET_EPOCH_ENTER_ET(et); + sc = ifp->if_softc; ETHER_BPF_MTAP(ifp, m); @@ -2205,6 +2208,8 @@ bridge_transmit(struct ifnet *ifp, struct mbuf *m) error = bridge_enqueue(sc, dst_if, m); } else bridge_broadcast(sc, ifp, m, 0); + + NET_EPOCH_EXIT_ET(et); return (error); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363430 - stable/12/sys/net
Author: kp Date: Wed Jul 22 20:13:12 2020 New Revision: 363430 URL: https://svnweb.freebsd.org/changeset/base/363430 Log: bridge: Enter epoch for bridge_input()/bridge_output() In stable/12 epoch is not as wide as it is in head. The network stack isn't yet in epoch when bridge_input()/bridge_output() get called, so rather than assert this we must enter it ourselves. This is a direct commit to stable/12. PR: 248046 Differential Revision:https://reviews.freebsd.org/D25715 Modified: stable/12/sys/net/if_bridge.c Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Wed Jul 22 19:43:55 2020 (r363429) +++ stable/12/sys/net/if_bridge.c Wed Jul 22 20:13:12 2020 (r363430) @@ -605,7 +605,7 @@ vnet_bridge_uninit(const void *unused __unused) /* Before we can destroy the uma zone, because there are callbacks that * use it. */ - NET_EPOCH_WAIT(); + epoch_drain_callbacks(net_epoch_preempt); uma_zdestroy(V_bridge_rtnode_zone); } @@ -2114,17 +2114,20 @@ static int bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, struct rtentry *rt) { + struct epoch_tracker et; struct ether_header *eh; struct ifnet *dst_if; struct bridge_softc *sc; uint16_t vlan; - MPASS(in_epoch(net_epoch_preempt)); + NET_EPOCH_ENTER_ET(et); if (m->m_len < ETHER_HDR_LEN) { m = m_pullup(m, ETHER_HDR_LEN); - if (m == NULL) + if (m == NULL) { + NET_EPOCH_EXIT_ET(et); return (0); + } } eh = mtod(m, struct ether_header *); @@ -2189,6 +2192,7 @@ bridge_output(struct ifnet *ifp, struct mbuf *m, struc } if (used == 0) m_freem(m); + NET_EPOCH_EXIT_ET(et); return (0); } @@ -2200,10 +2204,12 @@ sendunicast: bridge_span(sc, m); if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { m_freem(m); + NET_EPOCH_EXIT_ET(et); return (0); } bridge_enqueue(sc, dst_if, m); + NET_EPOCH_EXIT_ET(et); return (0); } @@ -2400,6 +2406,7 @@ drop: static struct mbuf * bridge_input(struct ifnet *ifp, struct mbuf *m) { + struct epoch_tracker et; struct bridge_softc *sc = ifp->if_bridge; struct bridge_iflist *bif, *bif2; struct ifnet *bifp; @@ -2408,10 +2415,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) uint16_t vlan; int error; - MPASS(in_epoch(net_epoch_preempt)); + NET_EPOCH_ENTER_ET(et); - if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) + if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { + NET_EPOCH_EXIT_ET(et); return (m); + } bifp = sc->sc_ifp; vlan = VLANTAGOF(m); @@ -2428,10 +2437,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); m_freem(m); + NET_EPOCH_EXIT_ET(et); return (NULL); } bif = bridge_lookup_member_if(sc, ifp); if (bif == NULL) { + NET_EPOCH_EXIT_ET(et); return (m); } @@ -2444,11 +2455,13 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) if (memcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN) == 0) { bstp_input(>bif_stp, ifp, m); /* consumes mbuf */ + NET_EPOCH_EXIT_ET(et); return (NULL); } if ((bif->bif_flags & IFBIF_STP) && bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { + NET_EPOCH_EXIT_ET(et); return (m); } @@ -2459,6 +2472,7 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) */ mc = m_dup(m, M_NOWAIT); if (mc == NULL) { + NET_EPOCH_EXIT_ET(et); return (m); } @@ -2485,11 +2499,13 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) } /* Return the original packet for local processing. */ + NET_EPOCH_EXIT_ET(et); return (m); } if ((bif->bif_flags & IFBIF_STP) && bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { + NET_EPOCH_EXIT_ET(et); return (m); } @@ -2539,10 +2555,12 @@ bridge_input(struct ifnet *ifp, struct mbuf *m) vlan, bif, 0, IFBAF_DYNAMIC); \
svn commit: r363429 - stable/12/sys/net
Author: kp Date: Wed Jul 22 19:43:55 2020 New Revision: 363429 URL: https://svnweb.freebsd.org/changeset/base/363429 Log: MFC r363308: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. PR: 248046 Modified: stable/12/sys/net/if_bridge.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Wed Jul 22 19:08:05 2020 (r363428) +++ stable/12/sys/net/if_bridge.c Wed Jul 22 19:43:55 2020 (r363429) @@ -1467,9 +1467,9 @@ bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) bifc->ifbic_len = buflen; return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1529,9 +1529,9 @@ bridge_ioctl_rts(struct bridge_softc *sc, void *arg) count++; buflen = sizeof(bareq) * count; - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1857,9 +1857,9 @@ bridge_ioctl_gifsstp(struct bridge_softc *sc, void *ar return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r363308 - head/sys/net
On 18 Jul 2020, at 20:47, Konstantin Belousov wrote: On Sat, Jul 18, 2020 at 12:43:11PM +, Kristof Provost wrote: Author: kp Date: Sat Jul 18 12:43:11 2020 New Revision: 363308 URL: https://svnweb.freebsd.org/changeset/base/363308 Log: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. This makes syscalls (ioctl) fail randomly. Can you pre-allocate the buffers before entering epoch, instead ? Not easily, no. The bridge ioctl handling is all done via bridge_ioctl(), which enters epoch and dispatches to the bridge_control_table. We’d have to modify every single ioctl function. These are also not the only ioctl functions that can return ENOMEM (or EINVAL). bridge_ioctl_add() already did, for example. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363308 - head/sys/net
Author: kp Date: Sat Jul 18 12:43:11 2020 New Revision: 363308 URL: https://svnweb.freebsd.org/changeset/base/363308 Log: bridge: Don't sleep during epoch While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12. There's also no reason for it, as we can easily report the out of memory error to the caller (i.e. userspace). All of these can already fail. PR: 248046 MFC after:3 days Modified: head/sys/net/if_bridge.c Modified: head/sys/net/if_bridge.c == --- head/sys/net/if_bridge.cSat Jul 18 12:21:08 2020(r363307) +++ head/sys/net/if_bridge.cSat Jul 18 12:43:11 2020(r363308) @@ -1393,9 +1393,9 @@ bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) bifc->ifbic_len = buflen; return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1455,9 +1455,9 @@ bridge_ioctl_rts(struct bridge_softc *sc, void *arg) count++; buflen = sizeof(bareq) * count; - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; @@ -1783,9 +1783,9 @@ bridge_ioctl_gifsstp(struct bridge_softc *sc, void *ar return (0); } - BRIDGE_UNLOCK(sc); - outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); - BRIDGE_LOCK(sc); + outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO); + if (outbuf == NULL) + return (ENOMEM); count = 0; buf = outbuf; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362977 - head/sys/riscv/riscv
Author: kp Date: Mon Jul 6 21:29:50 2020 New Revision: 362977 URL: https://svnweb.freebsd.org/changeset/base/362977 Log: riscv plic: Do not complete interrupts until the interrupt handler has run We cannot complete the interrupt (i.e. write to the claims/complete register until the interrupt handler has actually run. We don't run the interrupt handler immediately from intr_isrc_dispatch(), we only schedule it for later execution. If we immediately complete it (i.e. before the interrupt handler proper has run) the interrupt may be triggered again if the interrupt source remains set. From RISC-V Instruction Set Manual: Volume II: Priviliged Architecture, 7.4 Interrupt Gateways: "If a level-sensitive interrupt source deasserts the interrupt after the PLIC core accepts the request and before the interrupt is serviced, the interrupt request remains present in the IP bit of the PLIC core and will be serviced by a handler, which will then have to determine that the interrupt device no longer requires service." In other words, we may receive interrupts twice. Avoid that by postponing the completion until after the interrupt handler has run. If the interrupt is handled by a filter rather than by scheduling an interrupt thread we must also complete the interrupt, so set up a post_filter handler (which is the same as the post_ithread handler). Reviewed by: mhorne Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D25531 Modified: head/sys/riscv/riscv/plic.c Modified: head/sys/riscv/riscv/plic.c == --- head/sys/riscv/riscv/plic.c Mon Jul 6 21:20:57 2020(r362976) +++ head/sys/riscv/riscv/plic.c Mon Jul 6 21:29:50 2020(r362977) @@ -169,11 +169,11 @@ plic_intr(void *arg) sc = arg; cpu = PCPU_GET(cpuid); + /* Claim any pending interrupt. */ pending = RD4(sc, PLIC_CLAIM(sc, cpu)); if (pending) { tf = curthread->td_intr_frame; plic_irq_dispatch(sc, pending, tf); - WR4(sc, PLIC_CLAIM(sc, cpu), pending); } return (FILTER_HANDLED); @@ -384,7 +384,17 @@ plic_pre_ithread(device_t dev, struct intr_irqsrc *isr static void plic_post_ithread(device_t dev, struct intr_irqsrc *isrc) { + struct plic_softc *sc; + struct plic_irqsrc *src; + uint32_t cpu; + sc = device_get_softc(dev); + src = (struct plic_irqsrc *)isrc; + + cpu = CPU_FFS(>isrc_cpu) - 1; + + /* Complete the interrupt. */ + WR4(sc, PLIC_CLAIM(sc, cpu), src->irq); plic_enable_intr(dev, isrc); } @@ -451,6 +461,7 @@ static device_method_t plic_methods[] = { DEVMETHOD(pic_map_intr, plic_map_intr), DEVMETHOD(pic_pre_ithread, plic_pre_ithread), DEVMETHOD(pic_post_ithread, plic_post_ithread), + DEVMETHOD(pic_post_filter, plic_post_ithread), DEVMETHOD(pic_setup_intr, plic_setup_intr), DEVMETHOD(pic_bind_intr,plic_bind_intr), ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362853 - in head/sys/riscv: include riscv
Author: kp Date: Wed Jul 1 19:15:43 2020 New Revision: 362853 URL: https://svnweb.freebsd.org/changeset/base/362853 Log: riscv pmap: zero reserved pte bits in ppn The top 10 bits of a pte are reserved by specification[1] and are not part of the PPN. [1] 'Volume II: RISC-V Privileged Architectures V20190608-Priv-MSU-Ratified', '4.4.1 Addressing and Memory Protection', page 72: "The PTE format for Sv39 is shown in Figure 4.18. ... Bits 63–54 are reserved for future use and must be zeroed by software for forward compatibility." Submitted by: Nathaniel Filardo Reviewed by: kp, mhorne Differential Revision:https://reviews.freebsd.org/D25523 Modified: head/sys/riscv/include/pte.h head/sys/riscv/riscv/pmap.c Modified: head/sys/riscv/include/pte.h == --- head/sys/riscv/include/pte.hWed Jul 1 19:12:47 2020 (r362852) +++ head/sys/riscv/include/pte.hWed Jul 1 19:15:43 2020 (r362853) @@ -83,6 +83,9 @@ typedef uint64_tpn_t; /* page number */ #definePTE_PROMOTE (PTE_V | PTE_RWX | PTE_D | PTE_A | PTE_G | PTE_U | \ PTE_SW_MANAGED | PTE_SW_WIRED) +/* Bits 63 - 54 are reserved for future use. */ +#define PTE_HI_MASK0xFFC0ULL + #definePTE_PPN0_S 10 #definePTE_PPN1_S 19 #definePTE_PPN2_S 28 Modified: head/sys/riscv/riscv/pmap.c == --- head/sys/riscv/riscv/pmap.c Wed Jul 1 19:12:47 2020(r362852) +++ head/sys/riscv/riscv/pmap.c Wed Jul 1 19:15:43 2020(r362853) @@ -339,7 +339,8 @@ pagezero(void *p) #definepmap_l2_index(va) (((va) >> L2_SHIFT) & Ln_ADDR_MASK) #definepmap_l3_index(va) (((va) >> L3_SHIFT) & Ln_ADDR_MASK) -#definePTE_TO_PHYS(pte)((pte >> PTE_PPN0_S) * PAGE_SIZE) +#definePTE_TO_PHYS(pte) \ +pte) & ~PTE_HI_MASK) >> PTE_PPN0_S) * PAGE_SIZE) static __inline pd_entry_t * pmap_l1(pmap_t pmap, vm_offset_t va) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362852 - head/sys/riscv/riscv
Author: kp Date: Wed Jul 1 19:12:47 2020 New Revision: 362852 URL: https://svnweb.freebsd.org/changeset/base/362852 Log: riscv locore.S: load constant prior to loop A very minor micro-optimization; t0 is not clobbered between the loop top and bottom and there appear to be no other branches to this label. Submitted by: Nathaniel Filardo Reviewed by: mhorne Differential Revision:https://reviews.freebsd.org/D25524 Modified: head/sys/riscv/riscv/locore.S Modified: head/sys/riscv/riscv/locore.S == --- head/sys/riscv/riscv/locore.S Wed Jul 1 19:11:02 2020 (r362851) +++ head/sys/riscv/riscv/locore.S Wed Jul 1 19:12:47 2020 (r362852) @@ -139,8 +139,8 @@ pagetables: li t2, 512 /* Build 512 entries */ add t3, t4, t2 li t5, 0 -1: li t0, (PTE_KERN | PTE_X) +1: sllit2, t4, PTE_PPN1_S /* << PTE_PPN1_S */ or t5, t0, t2 sd t5, (s1)/* Store PTE entry to position */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362851 - head/sys/riscv/riscv
Author: kp Date: Wed Jul 1 19:11:02 2020 New Revision: 362851 URL: https://svnweb.freebsd.org/changeset/base/362851 Log: riscv: Log missing registers in dump_regs() If we panic we dump the registers for debugging. This is very useful, but it missed several registers (ra, sp, gp and tp). Log these as well. Especially the return address value is extremely useful. Sponsored by: Axiado Modified: head/sys/riscv/riscv/trap.c Modified: head/sys/riscv/riscv/trap.c == --- head/sys/riscv/riscv/trap.c Wed Jul 1 18:10:37 2020(r362850) +++ head/sys/riscv/riscv/trap.c Wed Jul 1 19:11:02 2020(r362851) @@ -147,6 +147,11 @@ dump_regs(struct trapframe *frame) for (i = 0; i < n; i++) printf("a[%d] == 0x%016lx\n", i, frame->tf_a[i]); + printf("ra == 0x%016lx\n", frame->tf_ra); + printf("sp == 0x%016lx\n", frame->tf_sp); + printf("gp == 0x%016lx\n", frame->tf_gp); + printf("tp == 0x%016lx\n", frame->tf_tp); + printf("sepc == 0x%016lx\n", frame->tf_sepc); printf("sstatus == 0x%016lx\n", frame->tf_sstatus); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362650 - stable/12/sys/net
Author: kp Date: Fri Jun 26 12:11:22 2020 New Revision: 362650 URL: https://svnweb.freebsd.org/changeset/base/362650 Log: MFC r360345: bridge: epoch-ification Run the bridge datapath under epoch, rather than under the BRIDGE_LOCK(). We still take the BRIDGE_LOCK() whenever we insert or delete items in the relevant lists, but we use epoch callbacks to free items so that it's safe to iterate the lists without the BRIDGE_LOCK. Tests on mercat5/6 shows this increases bridge throughput significantly, from 3.7Mpps to 18.6Mpps. MFC after:The FreeBSD Foundation Modified: stable/12/sys/net/if_bridge.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Fri Jun 26 10:08:57 2020 (r362649) +++ stable/12/sys/net/if_bridge.c Fri Jun 26 12:11:22 2020 (r362650) @@ -237,6 +237,8 @@ struct bridge_iflist { uint32_tbif_addrmax;/* max # of addresses */ uint32_tbif_addrcnt;/* cur. # of addresses */ uint32_tbif_addrexceeded;/* # of address violations */ + + struct epoch_contextbif_epoch_ctx; }; /* @@ -250,6 +252,9 @@ struct bridge_rtnode { uint8_t brt_flags; /* address flags */ uint8_t brt_addr[ETHER_ADDR_LEN]; uint16_tbrt_vlan; /* vlan id */ + + struct vnet*brt_vnet; + struct epoch_context brt_epoch_ctx; }; #definebrt_ifp brt_dst->bif_ifp @@ -276,6 +281,8 @@ struct bridge_softc { uint32_tsc_brtexceeded; /* # of cache drops */ struct ifnet*sc_ifaddr; /* member mac copied from */ struct ether_addr sc_defaddr; /* Default MAC address */ + + struct epoch_contextsc_epoch_ctx; }; VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx); @@ -595,6 +602,11 @@ vnet_bridge_uninit(const void *unused __unused) if_clone_detach(V_bridge_cloner); V_bridge_cloner = NULL; BRIDGE_LIST_LOCK_DESTROY(); + + /* Before we can destroy the uma zone, because there are callbacks that +* use it. */ + NET_EPOCH_WAIT(); + uma_zdestroy(V_bridge_rtnode_zone); } VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, @@ -757,6 +769,17 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca return (0); } +static void +bridge_clone_destroy_cb(struct epoch_context *ctx) +{ + struct bridge_softc *sc; + + sc = __containerof(ctx, struct bridge_softc, sc_epoch_ctx); + + BRIDGE_LOCK_DESTROY(sc); + free(sc, M_DEVBUF); +} + /* * bridge_clone_destroy: * @@ -795,8 +818,7 @@ bridge_clone_destroy(struct ifnet *ifp) ether_ifdetach(ifp); if_free(ifp); - BRIDGE_LOCK_DESTROY(sc); - free(sc, M_DEVBUF); + epoch_call(net_epoch_preempt, >sc_epoch_ctx, bridge_clone_destroy_cb); } /* @@ -822,7 +844,10 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da struct ifdrv *ifd = (struct ifdrv *) data; const struct bridge_control *bc; int error = 0, oldmtu; + struct epoch_tracker et; + NET_EPOCH_ENTER_ET(et); + switch (cmd) { case SIOCADDMULTI: @@ -943,6 +968,8 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da break; } + NET_EPOCH_EXIT_ET(et); + return (error); } @@ -957,6 +984,8 @@ bridge_mutecaps(struct bridge_softc *sc) struct bridge_iflist *bif; int enabled, mask; + BRIDGE_LOCK_ASSERT(sc); + /* Initial bitmask of capabilities to test */ mask = BRIDGE_IFCAPS_MASK; @@ -1018,7 +1047,7 @@ bridge_lookup_member(struct bridge_softc *sc, const ch struct bridge_iflist *bif; struct ifnet *ifp; - BRIDGE_LOCK_ASSERT(sc); + MPASS(in_epoch(net_epoch_preempt)); CK_LIST_FOREACH(bif, >sc_iflist, bif_next) { ifp = bif->bif_ifp; @@ -1039,7 +1068,7 @@ bridge_lookup_member_if(struct bridge_softc *sc, struc { struct bridge_iflist *bif; - BRIDGE_LOCK_ASSERT(sc); + MPASS(in_epoch(net_epoch_preempt)); CK_LIST_FOREACH(bif, >sc_iflist, bif_next) { if (bif->bif_ifp == member_ifp) @@ -1049,6 +1078,16 @@ bridge_lookup_member_if(struct bridge_softc *sc, struc return (NULL); } +static void +bridge_delete_member_cb(struct epoch_context *ctx) +{ + struct bridge_iflist *bif; + + bif = __containerof(ctx, struct bridge_iflist, bif_epoch_ctx); + + free(bif, M_DEVBUF); +} + /* * bridge_delete_member: * @@ -1129,7 +1168,9 @@ bridge_delete_member(struct bridge_softc *sc, struct b } bstp_destroy(>bif_stp);/* prepare to free */ BRIDGE_LOCK(sc); -
svn commit: r362649 - stable/12/sys/net
Author: kp Date: Fri Jun 26 10:08:57 2020 New Revision: 362649 URL: https://svnweb.freebsd.org/changeset/base/362649 Log: MFC r359641: bridge: Change lists to CK_LIST as a peparation for epochification Prepare the ground for a rework of the bridge locking approach. We will use an epoch-based approach in the datapath and making it safe to iterate over the interface, span and rtnode lists without holding the BRIDGE_LOCK. Replace the relevant lists by their ConcurrencyKit equivalents. No functional change in this commit. Sponsored by: The FreeBSD Foundation Modified: stable/12/sys/net/if_bridge.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Fri Jun 26 09:52:43 2020 (r362648) +++ stable/12/sys/net/if_bridge.c Fri Jun 26 10:08:57 2020 (r362649) @@ -229,7 +229,7 @@ extern void nd6_setmtu(struct ifnet *); * Bridge interface list entry. */ struct bridge_iflist { - LIST_ENTRY(bridge_iflist) bif_next; + CK_LIST_ENTRY(bridge_iflist) bif_next; struct ifnet*bif_ifp; /* member if */ struct bstp_portbif_stp;/* STP state */ uint32_tbif_flags; /* member if flags */ @@ -243,8 +243,8 @@ struct bridge_iflist { * Bridge route node. */ struct bridge_rtnode { - LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ - LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ + CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ + CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ struct bridge_iflist*brt_dst; /* destination if */ unsigned long brt_expire; /* expiration time */ uint8_t brt_flags; /* address flags */ @@ -267,11 +267,11 @@ struct bridge_softc { struct callout sc_brcallout; /* bridge callout */ uint32_tsc_iflist_ref; /* refcount for sc_iflist */ uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */ - LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ - LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ - LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ + CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface list */ + CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ + CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of above */ uint32_tsc_rthash_key; /* key for hash */ - LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ + CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ struct bstp_state sc_stp; /* STP state */ uint32_tsc_brtexceeded; /* # of cache drops */ struct ifnet*sc_ifaddr; /* member mac copied from */ @@ -696,8 +696,8 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca callout_init_mtx(>sc_brcallout, >sc_mtx, 0); - LIST_INIT(>sc_iflist); - LIST_INIT(>sc_spanlist); + CK_LIST_INIT(>sc_iflist); + CK_LIST_INIT(>sc_spanlist); ifp->if_softc = sc; if_initname(ifp, bridge_name, unit); @@ -773,10 +773,10 @@ bridge_clone_destroy(struct ifnet *ifp) bridge_stop(ifp, 1); ifp->if_flags &= ~IFF_UP; - while ((bif = LIST_FIRST(>sc_iflist)) != NULL) + while ((bif = CK_LIST_FIRST(>sc_iflist)) != NULL) bridge_delete_member(sc, bif, 0); - while ((bif = LIST_FIRST(>sc_spanlist)) != NULL) { + while ((bif = CK_LIST_FIRST(>sc_spanlist)) != NULL) { bridge_delete_span(sc, bif); } @@ -915,12 +915,12 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t da error = EINVAL; break; } - if (LIST_EMPTY(>sc_iflist)) { + if (CK_LIST_EMPTY(>sc_iflist)) { sc->sc_ifp->if_mtu = ifr->ifr_mtu; break; } BRIDGE_LOCK(sc); - LIST_FOREACH(bif, >sc_iflist, bif_next) { + CK_LIST_FOREACH(bif, >sc_iflist, bif_next) { if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) { log(LOG_NOTICE, "%s: invalid MTU: %u(%s)" " != %d\n", sc->sc_ifp->if_xname, @@ -960,13 +960,13 @@ bridge_mutecaps(struct bridge_softc *sc) /* Initial bitmask of capabilities to test */ mask = BRIDGE_IFCAPS_MASK; - LIST_FOREACH(bif, >sc_iflist, bif_next) { + CK_LIST_FOREACH(bif, >sc_iflist, bif_next) { /* Every member must support it or its
svn commit: r362648 - stable/12/sys/net
Author: kp Date: Fri Jun 26 09:52:43 2020 New Revision: 362648 URL: https://svnweb.freebsd.org/changeset/base/362648 Log: MFC r358325: bridge: Move locking defines into if_bridge.c The locking defines for if_bridge used to live in if_bridgevar.h, but they're only ever used by the bridge implementation itself (in if_bridge.c). Moving them into the .c file. Sponsored by: The FreeBSD Foundation Modified: stable/12/sys/net/if_bridge.c stable/12/sys/net/if_bridgevar.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/if_bridge.c == --- stable/12/sys/net/if_bridge.c Fri Jun 26 09:46:03 2020 (r362647) +++ stable/12/sys/net/if_bridge.c Fri Jun 26 09:52:43 2020 (r362648) @@ -185,6 +185,47 @@ extern voidnd6_setmtu(struct ifnet *); #defineBRIDGE_IFCAPS_STRIP IFCAP_LRO /* + * Bridge locking + */ +#define BRIDGE_LOCK_INIT(_sc) do {\ + mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ + cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ +} while (0) +#define BRIDGE_LOCK_DESTROY(_sc) do {\ + mtx_destroy(&(_sc)->sc_mtx);\ + cv_destroy(&(_sc)->sc_cv); \ +} while (0) +#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) +#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) +#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) +#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) +#defineBRIDGE_LOCK2REF(_sc, _err) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + if ((_sc)->sc_iflist_xcnt > 0) \ + (_err) = EBUSY; \ + else\ + (_sc)->sc_iflist_ref++; \ + mtx_unlock(&(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_UNREF(_sc) do { \ + mtx_lock(&(_sc)->sc_mtx); \ + (_sc)->sc_iflist_ref--; \ + if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ + cv_broadcast(&(_sc)->sc_cv);\ + mtx_unlock(&(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_XLOCK(_sc) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + (_sc)->sc_iflist_xcnt++;\ + while ((_sc)->sc_iflist_ref > 0)\ + cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ +} while (0) +#defineBRIDGE_XDROP(_sc) do {\ + mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ + (_sc)->sc_iflist_xcnt--;\ +} while (0) + +/* * Bridge interface list entry. */ struct bridge_iflist { Modified: stable/12/sys/net/if_bridgevar.h == --- stable/12/sys/net/if_bridgevar.hFri Jun 26 09:46:03 2020 (r362647) +++ stable/12/sys/net/if_bridgevar.hFri Jun 26 09:52:43 2020 (r362648) @@ -271,44 +271,6 @@ struct ifbpstpconf { #ifdef _KERNEL -#define BRIDGE_LOCK_INIT(_sc) do {\ - mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ - cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ -} while (0) -#define BRIDGE_LOCK_DESTROY(_sc) do {\ - mtx_destroy(&(_sc)->sc_mtx);\ - cv_destroy(&(_sc)->sc_cv); \ -} while (0) -#define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) -#define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) -#define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) -#define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) -#defineBRIDGE_LOCK2REF(_sc, _err) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - if ((_sc)->sc_iflist_xcnt > 0) \ - (_err) = EBUSY; \ - else\ - (_sc)->sc_iflist_ref++; \ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_UNREF(_sc) do { \ - mtx_lock(&(_sc)->sc_mtx); \ - (_sc)->sc_iflist_ref--; \ - if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ - cv_broadcast(&(_sc)->sc_cv);\ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XLOCK(_sc) do {\ -
svn commit: r362235 - head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch
Author: kp Date: Tue Jun 16 18:39:56 2020 New Revision: 362235 URL: https://svnweb.freebsd.org/changeset/base/362235 Log: llvm: Default to -mno-relax on RISC-V Compiling on a RISC-V system fails with 'relocation R_RISCV_ALIGN requires unimplemented linker relaxation; recompile with -mno-relax'. Our default linker (ld.lld) doesn't support relaxation, so default to no-relax so we don't generate object files the linker can't handle. Reviewed by: mhorne Sponsored by: Axiado Differential Revision:https://reviews.freebsd.org/D25210 Modified: head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp Modified: head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp == --- head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp Tue Jun 16 18:16:45 2020(r362234) +++ head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/RISCV.cpp Tue Jun 16 18:39:56 2020(r362235) @@ -426,8 +426,9 @@ void riscv::getRISCVTargetFeatures(const Driver , co if (Args.hasArg(options::OPT_ffixed_x31)) Features.push_back("+reserve-x31"); - // -mrelax is default, unless -mno-relax is specified. - if (Args.hasFlag(options::OPT_mrelax, options::OPT_mno_relax, true)) + // FreeBSD local, because ld.lld doesn't support relaxations + // -mno-relax is default, unless -mrelax is specified. + if (Args.hasFlag(options::OPT_mrelax, options::OPT_mno_relax, false)) Features.push_back("+relax"); else Features.push_back("-relax"); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362217 - head/stand/common
On 16 Jun 2020, at 19:11, Ed Maste wrote: On Tue, 16 Jun 2020 at 13:01, Ian Lepore wrote: As much as I prefer doing it this way, style(9) doesn't allow for variable declarations inside a for() statement (or even inside a local block, which is just too 1980s for me, but it is still our standard). Perhaps it's time to update style(9) to at least permit these uses, as we've done with the blank line at the beginning of functions with no local variables, and with braces around single-line bodies. We have 431 instances of `for (int i` in sys alone. It’s not so much a question of allowing it as acknowledging reality at this point. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362064 - stable/12/sys/netpfil/pf
Author: kp Date: Thu Jun 11 16:51:13 2020 New Revision: 362064 URL: https://svnweb.freebsd.org/changeset/base/362064 Log: MFC r357061: pf: Apply kif flags to new group members If we have a 'set skip on ' rule this flag it set on the group kif, but must also be set on all members. pfctl does this when the rules are set, but if groups are added afterwards we must also apply the flags to the new member. If not, new group members will not be skipped until the rules are reloaded. Modified: stable/12/sys/netpfil/pf/pf_if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_if.c == --- stable/12/sys/netpfil/pf/pf_if.cThu Jun 11 15:59:49 2020 (r362063) +++ stable/12/sys/netpfil/pf/pf_if.cThu Jun 11 16:51:13 2020 (r362064) @@ -463,13 +463,27 @@ static void pfi_kif_update(struct pfi_kif *kif) { struct ifg_list *ifgl; + struct ifg_member *ifgm; struct pfi_dynaddr *p; + struct pfi_kif *tmpkif; PF_RULES_WASSERT(); /* update all dynaddr */ TAILQ_FOREACH(p, >pfik_dynaddrs, entry) pfi_dynaddr_update(p); + + /* Apply group flags to new members. */ + if (kif->pfik_group != NULL) { + CK_STAILQ_FOREACH(ifgm, >pfik_group->ifg_members, + ifgm_next) { + tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; + if (tmpkif == NULL) + continue; + + tmpkif->pfik_flags |= kif->pfik_flags; + } + } /* again for all groups kif is member of */ if (kif->pfik_ifp != NULL) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361893 - head/tests/sys/net
Author: kp Date: Sun Jun 7 13:53:02 2020 New Revision: 361893 URL: https://svnweb.freebsd.org/changeset/base/361893 Log: bridge tests: Re-enable STP test This test should no longer provoke large amounts of traffic, which can overwhelm single-core systems, preventing them from making progress in the tests. The test can now be re-enabled. PR: 246448 Modified: head/tests/sys/net/if_bridge_test.sh Modified: head/tests/sys/net/if_bridge_test.sh == --- head/tests/sys/net/if_bridge_test.shSun Jun 7 13:52:49 2020 (r361892) +++ head/tests/sys/net/if_bridge_test.shSun Jun 7 13:53:02 2020 (r361893) @@ -76,10 +76,6 @@ stp_head() stp_body() { - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/246448; - fi - vnet_init epair_one=$(vnet_mkepair) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361761 - stable/12/sys/dev/bnxt
Author: kp Date: Wed Jun 3 18:09:31 2020 New Revision: 361761 URL: https://svnweb.freebsd.org/changeset/base/361761 Log: MFC r361279: bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two Modified: stable/12/sys/dev/bnxt/bnxt.h stable/12/sys/dev/bnxt/if_bnxt.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/dev/bnxt/bnxt.h == --- stable/12/sys/dev/bnxt/bnxt.h Wed Jun 3 17:47:32 2020 (r361760) +++ stable/12/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:31 2020 (r361761) @@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$"); #define NETXTREME_E_VF20x16d3 #define NETXTREME_E_VF30x16dc +/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power + * of two. The hardware has no particular limitation. */ +#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1) +#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1) + #define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \ CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \ CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP) Modified: stable/12/sys/dev/bnxt/if_bnxt.c == --- stable/12/sys/dev/bnxt/if_bnxt.cWed Jun 3 17:47:32 2020 (r361760) +++ stable/12/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:31 2020 (r361761) @@ -315,11 +315,11 @@ static struct if_shared_ctx bnxt_sctx_init = { .isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8, PAGE_SIZE / sizeof(struct rx_prod_pkt_bd), PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)}, - .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD}, .isc_ntxd_min = {16, 16, 16}, .isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2, PAGE_SIZE / sizeof(struct tx_bd_short)}, - .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD}, .isc_admin_intrcnt = 1, .isc_vendor_info = bnxt_vendor_info_array, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361762 - stable/11/sys/dev/bnxt
Author: kp Date: Wed Jun 3 18:09:32 2020 New Revision: 361762 URL: https://svnweb.freebsd.org/changeset/base/361762 Log: MFC r361279: bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two Modified: stable/11/sys/dev/bnxt/bnxt.h stable/11/sys/dev/bnxt/if_bnxt.c Modified: stable/11/sys/dev/bnxt/bnxt.h == --- stable/11/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:31 2020 (r361761) +++ stable/11/sys/dev/bnxt/bnxt.h Wed Jun 3 18:09:32 2020 (r361762) @@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$"); #define NETXTREME_E_VF20x16d3 #define NETXTREME_E_VF30x16dc +/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power + * of two. The hardware has no particular limitation. */ +#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1) +#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1) + #define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \ CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \ CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP) Modified: stable/11/sys/dev/bnxt/if_bnxt.c == --- stable/11/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:31 2020 (r361761) +++ stable/11/sys/dev/bnxt/if_bnxt.cWed Jun 3 18:09:32 2020 (r361762) @@ -313,11 +313,11 @@ static struct if_shared_ctx bnxt_sctx_init = { .isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8, PAGE_SIZE / sizeof(struct rx_prod_pkt_bd), PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)}, - .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD}, .isc_ntxd_min = {16, 16, 16}, .isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2, PAGE_SIZE / sizeof(struct tx_bd_short)}, - .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD}, .isc_admin_intrcnt = 1, .isc_vendor_info = bnxt_vendor_info_array, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361701 - head/tests/sys/net
Author: kp Date: Mon Jun 1 19:26:16 2020 New Revision: 361701 URL: https://svnweb.freebsd.org/changeset/base/361701 Log: bridge tests: Avoid building a switching loop Enable STP before bringing the bridges up. This avoids a switching loop, which has a tendency to drown out progress in userspace processes, especially on single-core systems. Only check that we have indeed shut down one of the looped interfaces PR: 246448 Reviewed by: melifaro Differential Revision:https://reviews.freebsd.org/D25084 Modified: head/tests/sys/net/if_bridge_test.sh Modified: head/tests/sys/net/if_bridge_test.sh == --- head/tests/sys/net/if_bridge_test.shMon Jun 1 18:58:09 2020 (r361700) +++ head/tests/sys/net/if_bridge_test.shMon Jun 1 19:26:16 2020 (r361701) @@ -72,7 +72,6 @@ stp_head() { atf_set descr 'Spanning tree test' atf_set require.user root - atf_set require.progs jq } stp_body() @@ -91,13 +90,11 @@ stp_body() vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b - jexec a ifconfig ${bridge_a} up jexec a ifconfig ${epair_one}a up jexec a ifconfig ${epair_two}a up jexec a ifconfig ${bridge_a} addm ${epair_one}a jexec a ifconfig ${bridge_a} addm ${epair_two}a - jexec b ifconfig ${bridge_b} up jexec b ifconfig ${epair_one}b up jexec b ifconfig ${epair_two}b up jexec b ifconfig ${bridge_b} addm ${epair_one}b @@ -105,22 +102,14 @@ stp_body() jexec a ifconfig ${bridge_a} 192.0.2.1/24 - # Give the interfaces some time to come up and pass some traffic - sleep 5 - - # Confirm that there's looping traffic - nbr=$(jexec a netstat -I ${bridge_a} --libxo json \ - | jq ".statistics.interface[0].\"received-packets\"") - if [ ${nbr} -lt 100 ] - then - atf_fail "Expected bridging loop, but found very few packets." - fi - # Enable spanning tree jexec a ifconfig ${bridge_a} stp ${epair_one}a jexec a ifconfig ${bridge_a} stp ${epair_two}a jexec b ifconfig ${bridge_b} stp ${epair_one}b jexec b ifconfig ${bridge_b} stp ${epair_two}b + + jexec b ifconfig ${bridge_b} up + jexec a ifconfig ${bridge_a} up # Give STP time to do its thing sleep 5 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r361279 - head/sys/dev/bnxt
Author: kp Date: Wed May 20 16:07:37 2020 New Revision: 361279 URL: https://svnweb.freebsd.org/changeset/base/361279 Log: bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two Reviewed by: gallatin, rpokala MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D24922 Modified: head/sys/dev/bnxt/bnxt.h head/sys/dev/bnxt/if_bnxt.c Modified: head/sys/dev/bnxt/bnxt.h == --- head/sys/dev/bnxt/bnxt.hWed May 20 13:51:27 2020(r361278) +++ head/sys/dev/bnxt/bnxt.hWed May 20 16:07:37 2020(r361279) @@ -87,6 +87,11 @@ __FBSDID("$FreeBSD$"); #define NETXTREME_E_VF20x16d3 #define NETXTREME_E_VF30x16dc +/* Maximum numbers of RX and TX descriptors. iflib requires this to be a power + * of two. The hardware has no particular limitation. */ +#define BNXT_MAX_RXD ((INT32_MAX >> 1) + 1) +#define BNXT_MAX_TXD ((INT32_MAX >> 1) + 1) + #define CSUM_OFFLOAD (CSUM_IP_TSO|CSUM_IP6_TSO|CSUM_IP| \ CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP| \ CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP) Modified: head/sys/dev/bnxt/if_bnxt.c == --- head/sys/dev/bnxt/if_bnxt.c Wed May 20 13:51:27 2020(r361278) +++ head/sys/dev/bnxt/if_bnxt.c Wed May 20 16:07:37 2020(r361279) @@ -316,11 +316,11 @@ static struct if_shared_ctx bnxt_sctx_init = { .isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8, PAGE_SIZE / sizeof(struct rx_prod_pkt_bd), PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)}, - .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_nrxd_max = {BNXT_MAX_RXD, BNXT_MAX_RXD, BNXT_MAX_RXD}, .isc_ntxd_min = {16, 16, 16}, .isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2, PAGE_SIZE / sizeof(struct tx_bd_short)}, - .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_ntxd_max = {BNXT_MAX_TXD, BNXT_MAX_TXD, BNXT_MAX_TXD}, .isc_admin_intrcnt = 1, .isc_vendor_info = bnxt_vendor_info_array, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r347418 - head/sys/net
On 19 May 2020, at 17:02, Andrew Gallatin wrote: On 2020-05-19 04:21, Kristof Provost wrote: The if_bnxt driver initialises |.isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},|, so presumably that’s the cause. I don’t know what a sane value would be though. I’ve defaulted to 4096 (because that’s what some other iflib users seems to do) for now, and that seems to work. It doesn’t panic and I can get traffic through it at least: You seem to be setting the max, not the default, and 4K max descriptors on a 100g device is going to basically cripple it. Yeah, I just grabbed whatever number other iflib users used. My immediate concern was to get it to stop panicking. How about setting to the next power of 2 below max int so as to keep with the authors intent? Makes sense, yes. If we don't already have a macro, something like (INT32_MAX >> 1) + 1 https://reviews.freebsd.org/D24922 Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r347418 - head/sys/net
On 10 May 2019, at 2:41, Eric Joyner wrote: Author: erj Date: Fri May 10 00:41:42 2019 New Revision: 347418 URL: https://svnweb.freebsd.org/changeset/base/347418 Log: iflib: use default ntxd and nrxd when user value is not power of 2 From Jake: A user may set a sysctl to override the default number of Tx or Rx descriptors. However, certain calculations in the iflib core expect the number of descriptors to be a power of 2. Update _iflib_assert to verify that all of the shared context parameters for the number of descriptors are powers of 2. Modify iflib_reset_qvalues to check that the provided isc_nrxd value is a power of 2. If it's not, print a warning message and then use the default value. An alternative might be to try rounding the number down instead. However, this creates problems in case the rounded down value is below the minimum value that the driver would support. This commit appears to trigger a panic I see on a system with a Broadcom BCM57416 (if_bnxt) nic. It trips over the power of two assertion: panic: Assertion powerof2(sctx->isc_nrxd_max[i]) failed at /usr/src/sys/net/iflib.c:5320 Tracing pid 0 tid 10 td 0x81c8c640 kdb_enter() at kdb_enter+0x37/frame 0x825be990 vpanic() at vpanic+0x19e/frame 0x825be9e0 panic() at panic+0x43/frame 0x825bea40 iflib_register() at iflib_register+0x340/frame 0x825bea80 iflib_device_register() at iflib_device_register+0x9f/frame 0x825bee10 iflib_device_attach() at iflib_device_attach+0xb5/frame 0x825bee40 device_attach() at device_attach+0x3ca/frame 0x825bee80 device_probe_and_attach() at device_probe_and_attach+0x70/frame 0x825beeb0 bus_generic_attach() at bus_generic_attach+0x18/frame 0x825beed0 pci_attach() at pci_attach+0xe0/frame 0x825bef10 acpi_pci_attach() at acpi_pci_attach+0x19/frame 0x825bf150 device_attach() at device_attach+0x3ca/frame 0x825bf190 device_probe_and_attach() at device_probe_and_attach+0x70/frame 0x825bf1c0 bus_generic_attach() at bus_generic_attach+0x18/frame 0x825bf1e0 acpi_pcib_acpi_attach() at acpi_pcib_acpi_attach+0x431/frame 0x825bf250 device_attach() at device_attach+0x3ca/frame 0x825bf290 device_probe_and_attach() at device_probe_and_attach+0x70/frame 0x825bf2c0 bus_generic_attach() at bus_generic_attach+0x18/frame 0x825bf2e0 acpi_attach() at acpi_attach+0xbb7/frame 0x825bf370 device_attach() at device_attach+0x3ca/frame 0x825bf3b0 device_probe_and_attach() at device_probe_and_attach+0x70/frame 0x825bf3e0 bus_generic_attach() at bus_generic_attach+0x18/frame 0x825bf400 device_attach() at device_attach+0x3ca/frame 0x825bf440 device_probe_and_attach() at device_probe_and_attach+0x70/frame 0x825bf470 bus_generic_new_pass() at bus_generic_new_pass+0xed/frame 0x825bf4a0 bus_set_pass() at bus_set_pass+0x46/frame 0x825bf4d0 configure() at configure+0x9/frame 0x825bf4e0 mi_startup() at mi_startup+0xec/frame 0x825bf530 btext() at btext+0x2c The if_bnxt driver initialises `.isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX},`, so presumably that’s the cause. I don’t know what a sane value would be though. I’ve defaulted to 4096 (because that’s what some other iflib users seems to do) for now, and that seems to work. It doesn’t panic and I can get traffic through it at least: diff --git a/sys/dev/bnxt/if_bnxt.c b/sys/dev/bnxt/if_bnxt.c index 50827106024..3958d95cab9 100644 --- a/sys/dev/bnxt/if_bnxt.c +++ b/sys/dev/bnxt/if_bnxt.c @@ -316,11 +316,11 @@ static struct if_shared_ctx bnxt_sctx_init = { .isc_nrxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 8, PAGE_SIZE / sizeof(struct rx_prod_pkt_bd), PAGE_SIZE / sizeof(struct rx_prod_pkt_bd)}, - .isc_nrxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_nrxd_max = {4096, 4096, 4096}, .isc_ntxd_min = {16, 16, 16}, .isc_ntxd_default = {PAGE_SIZE / sizeof(struct cmpl_base) * 2, PAGE_SIZE / sizeof(struct tx_bd_short)}, - .isc_ntxd_max = {INT32_MAX, INT32_MAX, INT32_MAX}, + .isc_ntxd_max = {4096, 4096, 4096}, .isc_admin_intrcnt = 1, .isc_vendor_info = bnxt_vendor_info_array, Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360935 - head/sys/opencrypto
Author: kp Date: Mon May 11 21:42:19 2020 New Revision: 360935 URL: https://svnweb.freebsd.org/changeset/base/360935 Log: opencrypto: Add missing ioctl exit SDTs The opencrypto ioctl code has very useful probe points at the various exit points. These allow us to figure out exactly why a request failed. However, a few paths did not have these probe points. Add them here. Reviewed by: jhb Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c == --- head/sys/opencrypto/cryptodev.c Mon May 11 21:39:02 2020 (r360934) +++ head/sys/opencrypto/cryptodev.c Mon May 11 21:42:19 2020 (r360935) @@ -465,6 +465,8 @@ cryptof_ioctl( /* Should always be paired with GCM. */ if (sop->cipher != CRYPTO_AES_NIST_GCM_16) { CRYPTDEB("GMAC without GCM"); + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); return (EINVAL); } break; @@ -539,8 +541,10 @@ cryptof_ioctl( return (EINVAL); } - if (txform == NULL && thash == NULL) + if (txform == NULL && thash == NULL) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); + } memset(, 0, sizeof(csp)); @@ -550,13 +554,18 @@ cryptof_ioctl( case CRYPTO_AES_128_NIST_GMAC: case CRYPTO_AES_192_NIST_GMAC: case CRYPTO_AES_256_NIST_GMAC: - if (sop->keylen != sop->mackeylen) + if (sop->keylen != sop->mackeylen) { + SDT_PROBE1(opencrypto, dev, ioctl, + error, __LINE__); return (EINVAL); + } break; #endif case 0: break; default: + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); return (EINVAL); } csp.csp_mode = CSP_MODE_AEAD; @@ -564,14 +573,19 @@ cryptof_ioctl( switch (sop->mac) { #ifdef COMPAT_FREEBSD12 case CRYPTO_AES_CCM_CBC_MAC: - if (sop->keylen != sop->mackeylen) + if (sop->keylen != sop->mackeylen) { + SDT_PROBE1(opencrypto, dev, ioctl, + error, __LINE__); return (EINVAL); + } thash = NULL; break; #endif case 0: break; default: + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); return (EINVAL); } csp.csp_mode = CSP_MODE_AEAD; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360867 - stable/11/sys/netpfil/pf
Author: kp Date: Sun May 10 09:50:43 2020 New Revision: 360867 URL: https://svnweb.freebsd.org/changeset/base/360867 Log: MFC r360609: pf: Improve DIOCADDRULE validation We expect the addrwrap.p.dyn value to be set to NULL (and assert such), but do not verify it on input. Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com Modified: stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf_ioctl.c == --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:34:48 2020 (r360866) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:43 2020 (r360867) @@ -1152,6 +1152,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in error = EINVAL; break; } + if (pr->rule.src.addr.p.dyn != NULL || + pr->rule.dst.addr.p.dyn != NULL) { + error = EINVAL; + break; + } #ifndef INET if (pr->rule.af == AF_INET) { error = EAFNOSUPPORT; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360868 - stable/12/sys/netpfil/pf
Author: kp Date: Sun May 10 09:50:44 2020 New Revision: 360868 URL: https://svnweb.freebsd.org/changeset/base/360868 Log: MFC r360609: pf: Improve DIOCADDRULE validation We expect the addrwrap.p.dyn value to be set to NULL (and assert such), but do not verify it on input. Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_ioctl.c == --- stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:43 2020 (r360867) +++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 10 09:50:44 2020 (r360868) @@ -1556,6 +1556,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in error = EINVAL; break; } + if (pr->rule.src.addr.p.dyn != NULL || + pr->rule.dst.addr.p.dyn != NULL) { + error = EINVAL; + break; + } #ifndef INET if (pr->rule.af == AF_INET) { error = EAFNOSUPPORT; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360800 - stable/11/lib/libc/net
Author: kp Date: Thu May 7 21:14:12 2020 New Revision: 360800 URL: https://svnweb.freebsd.org/changeset/base/360800 Log: MFC r360231: libc: Shortcut if_indextoname() if index == 0 If the index we're trying to convert is 0 we can avoid a potentially expensive call to getifaddrs(). No interface has an ifindex of zero, so we can handle this as an error: set the errno to ENXIO and return NULL. Submitted by: Nick Rogers Sponsored by: RG Nets Modified: stable/11/lib/libc/net/if_indextoname.c Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libc/net/if_indextoname.c == --- stable/11/lib/libc/net/if_indextoname.c Thu May 7 21:14:11 2020 (r360799) +++ stable/11/lib/libc/net/if_indextoname.c Thu May 7 21:14:12 2020 (r360800) @@ -64,6 +64,11 @@ if_indextoname(unsigned int ifindex, char *ifname) struct ifaddrs *ifaddrs, *ifa; int error = 0; + if (ifindex == 0) { + errno = ENXIO; + return(NULL); + } + if (getifaddrs() < 0) return(NULL); /* getifaddrs properly set errno */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360799 - stable/12/lib/libc/net
Author: kp Date: Thu May 7 21:14:11 2020 New Revision: 360799 URL: https://svnweb.freebsd.org/changeset/base/360799 Log: MFC r360231: libc: Shortcut if_indextoname() if index == 0 If the index we're trying to convert is 0 we can avoid a potentially expensive call to getifaddrs(). No interface has an ifindex of zero, so we can handle this as an error: set the errno to ENXIO and return NULL. Submitted by: Nick Rogers Sponsored by: RG Nets Modified: stable/12/lib/libc/net/if_indextoname.c Directory Properties: stable/12/ (props changed) Modified: stable/12/lib/libc/net/if_indextoname.c == --- stable/12/lib/libc/net/if_indextoname.c Thu May 7 20:29:38 2020 (r360798) +++ stable/12/lib/libc/net/if_indextoname.c Thu May 7 21:14:11 2020 (r360799) @@ -66,6 +66,11 @@ if_indextoname(unsigned int ifindex, char *ifname) struct ifaddrs *ifaddrs, *ifa; int error = 0; + if (ifindex == 0) { + errno = ENXIO; + return(NULL); + } + if (getifaddrs() < 0) return(NULL); /* getifaddrs properly set errno */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360609 - head/sys/netpfil/pf
Author: kp Date: Sun May 3 16:09:35 2020 New Revision: 360609 URL: https://svnweb.freebsd.org/changeset/base/360609 Log: pf: Improve DIOCADDRULE validation We expect the addrwrap.p.dyn value to be set to NULL (and assert such), but do not verify it on input. Reported-by: syzbot+936a89182e7d8f927...@syzkaller.appspotmail.com Reviewed by: melifaro (previous version) MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24538 Modified: head/sys/netpfil/pf/pf_ioctl.c Modified: head/sys/netpfil/pf/pf_ioctl.c == --- head/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:23 2020 (r360608) +++ head/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:09:35 2020 (r360609) @@ -1556,6 +1556,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, in error = EINVAL; break; } + if (pr->rule.src.addr.p.dyn != NULL || + pr->rule.dst.addr.p.dyn != NULL) { + error = EINVAL; + break; + } #ifndef INET if (pr->rule.af == AF_INET) { error = EAFNOSUPPORT; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360608 - stable/11/sys/netpfil/pf
Author: kp Date: Sun May 3 16:06:23 2020 New Revision: 360608 URL: https://svnweb.freebsd.org/changeset/base/360608 Log: MFC r360344: pf: Improve input validation If we pass an anchor name which doesn't exist pfr_table_count() returns -1, which leads to an overflow in mallocarray() and thus a panic. Explicitly check that pfr_table_count() does not return an error. Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com Modified: stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf_ioctl.c == --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:17 2020 (r360607) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:23 2020 (r360608) @@ -2593,7 +2593,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTABLES: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -2601,6 +2602,11 @@ DIOCCHANGEADDR_error: } PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -2624,7 +2630,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_tstats *pfrtstats; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_tstats)) { error = ENODEV; @@ -2632,6 +2639,11 @@ DIOCCHANGEADDR_error: } PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_tstats); @@ -2654,7 +2666,8 @@ DIOCCHANGEADDR_error: case DIOCRCLRTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -2663,6 +2676,11 @@ DIOCCHANGEADDR_error: PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -2689,7 +2707,8 @@ DIOCCHANGEADDR_error: case DIOCRSETTFLAGS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -2698,6 +2717,12 @@ DIOCCHANGEADDR_error: PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } + io->pfrio_size = min(io->pfrio_size, n); PF_RULES_RUNLOCK(); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360607 - stable/12/sys/netpfil/pf
Author: kp Date: Sun May 3 16:06:17 2020 New Revision: 360607 URL: https://svnweb.freebsd.org/changeset/base/360607 Log: MFC r360344: pf: Improve input validation If we pass an anchor name which doesn't exist pfr_table_count() returns -1, which leads to an overflow in mallocarray() and thus a panic. Explicitly check that pfr_table_count() does not return an error. Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_ioctl.c == --- stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 3 15:39:10 2020 (r360606) +++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun May 3 16:06:17 2020 (r360607) @@ -3008,7 +3008,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTABLES: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3016,6 +3017,11 @@ DIOCCHANGEADDR_error: } PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -3039,7 +3045,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_tstats *pfrtstats; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_tstats)) { error = ENODEV; @@ -3047,6 +3054,11 @@ DIOCCHANGEADDR_error: } PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_tstats); @@ -3069,7 +3081,8 @@ DIOCCHANGEADDR_error: case DIOCRCLRTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3078,6 +3091,11 @@ DIOCCHANGEADDR_error: PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -3104,7 +3122,8 @@ DIOCCHANGEADDR_error: case DIOCRSETTFLAGS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3113,6 +3132,12 @@ DIOCCHANGEADDR_error: PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } + io->pfrio_size = min(io->pfrio_size, n); PF_RULES_RUNLOCK(); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360347 - head/sys/netpfil/pf
Author: kp Date: Sun Apr 26 16:30:00 2020 New Revision: 360347 URL: https://svnweb.freebsd.org/changeset/base/360347 Log: pf: Virtualise pf_frag_mtx The pf_frag_mtx mutex protects the fragments queue. The fragments queue is virtualised already (i.e. per-vnet) so it makes no sense to block jail A from accessing its fragments queue while jail B is accessing its own fragments queue. Virtualise the lock for improved concurrency. Differential Revision:https://reviews.freebsd.org/D24504 Modified: head/sys/netpfil/pf/pf_norm.c Modified: head/sys/netpfil/pf/pf_norm.c == --- head/sys/netpfil/pf/pf_norm.c Sun Apr 26 16:27:03 2020 (r360346) +++ head/sys/netpfil/pf/pf_norm.c Sun Apr 26 16:30:00 2020 (r360347) @@ -106,11 +106,11 @@ struct pf_fragment_tag { uint32_tft_id; /* fragment id */ }; -static struct mtx pf_frag_mtx; -MTX_SYSINIT(pf_frag_mtx, _frag_mtx, "pf fragments", MTX_DEF); -#define PF_FRAG_LOCK() mtx_lock(_frag_mtx) -#define PF_FRAG_UNLOCK() mtx_unlock(_frag_mtx) -#define PF_FRAG_ASSERT() mtx_assert(_frag_mtx, MA_OWNED) +VNET_DEFINE_STATIC(struct mtx, pf_frag_mtx); +#define V_pf_frag_mtx VNET(pf_frag_mtx) +#define PF_FRAG_LOCK() mtx_lock(_pf_frag_mtx) +#define PF_FRAG_UNLOCK() mtx_unlock(_pf_frag_mtx) +#define PF_FRAG_ASSERT() mtx_assert(_pf_frag_mtx, MA_OWNED) VNET_DEFINE(uma_zone_t, pf_state_scrub_z); /* XXX: shared with pfsync */ @@ -192,6 +192,8 @@ pf_normalize_init(void) sizeof(struct pf_state_scrub), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); + mtx_init(_pf_frag_mtx, "pf fragments", NULL, MTX_DEF); + V_pf_limits[PF_LIMIT_FRAGS].zone = V_pf_frent_z; V_pf_limits[PF_LIMIT_FRAGS].limit = PFFRAG_FRENT_HIWAT; uma_zone_set_max(V_pf_frent_z, PFFRAG_FRENT_HIWAT); @@ -207,6 +209,8 @@ pf_normalize_cleanup(void) uma_zdestroy(V_pf_state_scrub_z); uma_zdestroy(V_pf_frent_z); uma_zdestroy(V_pf_frag_z); + + mtx_destroy(_pf_frag_mtx); } static int ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360346 - head/tests/sys/net
Author: kp Date: Sun Apr 26 16:27:03 2020 New Revision: 360346 URL: https://svnweb.freebsd.org/changeset/base/360346 Log: bridge tests: Test for #216510 We used to have an issue with recursive locking with net.link.bridge.inherit_mac. This causes us to send an ARP request while we hold the BRIDGE_LOCK, which used to cause us to acquire the BRIDGE_LOCK again. We can't re-acquire it, so this caused a panic. Now that we no longer need to acquire the BRIDGE_LOCK for bridge_transmit() this should no longer panic. Test this. PR: 216510 Reviewed by: emaste, philip MFC after:2 months Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D24251 Modified: head/tests/sys/net/if_bridge_test.sh Modified: head/tests/sys/net/if_bridge_test.sh == --- head/tests/sys/net/if_bridge_test.shSun Apr 26 16:22:35 2020 (r360345) +++ head/tests/sys/net/if_bridge_test.shSun Apr 26 16:27:03 2020 (r360346) @@ -309,12 +309,40 @@ mac_conflict_cleanup() vnet_cleanup } +atf_test_case "inherit_mac" "cleanup" +inherit_mac_head() +{ + atf_set descr 'Bridge inherit_mac test, #216510' + atf_set require.user root +} + +inherit_mac_body() +{ + vnet_init + + bridge=$(vnet_mkbridge) + epair=$(vnet_mkepair) + vnet_mkjail one ${bridge} ${epair}a + + jexec one sysctl net.link.bridge.inherit_mac=1 + + # Attempt to provoke the panic described in #216510 + jexec one ifconfig ${bridge} 192.0.0.1/24 up + jexec one ifconfig ${bridge} addm ${epair}a +} + +inherit_mac_cleanup() +{ + vnet_cleanup +} + atf_init_test_cases() { atf_add_test_case "bridge_transmit_ipv4_unicast" atf_add_test_case "stp" atf_add_test_case "static" atf_add_test_case "span" + atf_add_test_case "inherit_mac" atf_add_test_case "delete_with_members" atf_add_test_case "mac_conflict" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360345 - head/sys/net
Author: kp Date: Sun Apr 26 16:22:35 2020 New Revision: 360345 URL: https://svnweb.freebsd.org/changeset/base/360345 Log: bridge: epoch-ification Run the bridge datapath under epoch, rather than under the BRIDGE_LOCK(). We still take the BRIDGE_LOCK() whenever we insert or delete items in the relevant lists, but we use epoch callbacks to free items so that it's safe to iterate the lists without the BRIDGE_LOCK. Tests on mercat5/6 shows this increases bridge throughput significantly, from 3.7Mpps to 18.6Mpps. Reviewed by: emaste, philip, melifaro MFC after:2 months Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D24250 Modified: head/sys/net/if_bridge.c Modified: head/sys/net/if_bridge.c == --- head/sys/net/if_bridge.cSun Apr 26 16:16:39 2020(r360344) +++ head/sys/net/if_bridge.cSun Apr 26 16:22:35 2020(r360345) @@ -189,41 +189,14 @@ extern void nd6_setmtu(struct ifnet *); */ #define BRIDGE_LOCK_INIT(_sc) do {\ mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ - cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ } while (0) #define BRIDGE_LOCK_DESTROY(_sc) do {\ mtx_destroy(&(_sc)->sc_mtx);\ - cv_destroy(&(_sc)->sc_cv); \ } while (0) #define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) #define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) #define BRIDGE_LOCK_ASSERT(_sc)mtx_assert(&(_sc)->sc_mtx, MA_OWNED) #define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) -#defineBRIDGE_LOCK2REF(_sc, _err) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - if ((_sc)->sc_iflist_xcnt > 0) \ - (_err) = EBUSY; \ - else\ - (_sc)->sc_iflist_ref++; \ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_UNREF(_sc) do { \ - mtx_lock(&(_sc)->sc_mtx); \ - (_sc)->sc_iflist_ref--; \ - if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ - cv_broadcast(&(_sc)->sc_cv);\ - mtx_unlock(&(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XLOCK(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt++;\ - while ((_sc)->sc_iflist_ref > 0)\ - cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ -} while (0) -#defineBRIDGE_XDROP(_sc) do {\ - mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ - (_sc)->sc_iflist_xcnt--;\ -} while (0) /* * Bridge interface list entry. @@ -237,6 +210,7 @@ struct bridge_iflist { uint32_tbif_addrmax;/* max # of addresses */ uint32_tbif_addrcnt;/* cur. # of addresses */ uint32_tbif_addrexceeded;/* # of address violations */ + struct epoch_contextbif_epoch_ctx; }; /* @@ -250,6 +224,8 @@ struct bridge_rtnode { uint8_t brt_flags; /* address flags */ uint8_t brt_addr[ETHER_ADDR_LEN]; uint16_tbrt_vlan; /* vlan id */ + struct vnet*brt_vnet; + struct epoch_context brt_epoch_ctx; }; #definebrt_ifp brt_dst->bif_ifp @@ -260,13 +236,10 @@ struct bridge_softc { struct ifnet*sc_ifp;/* make this an interface */ LIST_ENTRY(bridge_softc) sc_list; struct mtx sc_mtx; - struct cv sc_cv; uint32_tsc_brtmax; /* max # of addresses */ uint32_tsc_brtcnt; /* cur. # of addresses */ uint32_tsc_brttimeout; /* rt timeout in seconds */ struct callout sc_brcallout; /* bridge callout */ - uint32_tsc_iflist_ref; /* refcount for sc_iflist */ - uint32_tsc_iflist_xcnt; /* refcount for sc_iflist */ CK_LIST_HEAD(, bridge_iflist) sc_iflist;/* member interface list */ CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ CK_LIST_HEAD(, bridge_rtnode) sc_rtlist;/* list version of above */ @@ -276,6 +249,7 @@ struct bridge_softc { uint32_tsc_brtexceeded; /* # of cache drops */ struct ifnet*sc_ifaddr; /* member mac copied from */ struct ether_addr
svn commit: r360344 - head/sys/netpfil/pf
Author: kp Date: Sun Apr 26 16:16:39 2020 New Revision: 360344 URL: https://svnweb.freebsd.org/changeset/base/360344 Log: pf: Improve input validation If we pass an anchor name which doesn't exist pfr_table_count() returns -1, which leads to an overflow in mallocarray() and thus a panic. Explicitly check that pfr_table_count() does not return an error. Reported-by: syzbot+bd09d55d897d63d5f...@syzkaller.appspotmail.com Reviewed by: melifaro MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24539 Modified: head/sys/netpfil/pf/pf_ioctl.c Modified: head/sys/netpfil/pf/pf_ioctl.c == --- head/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:51 2020 (r360343) +++ head/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:16:39 2020 (r360344) @@ -3008,7 +3008,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTABLES: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3016,6 +3017,11 @@ DIOCCHANGEADDR_error: } PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -3039,7 +3045,8 @@ DIOCCHANGEADDR_error: case DIOCRGETTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_tstats *pfrtstats; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_tstats)) { error = ENODEV; @@ -3047,6 +3054,11 @@ DIOCCHANGEADDR_error: } PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_tstats); @@ -3069,7 +3081,8 @@ DIOCCHANGEADDR_error: case DIOCRCLRTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3078,6 +3091,11 @@ DIOCCHANGEADDR_error: PF_RULES_WLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_WUNLOCK(); + error = EINVAL; + break; + } io->pfrio_size = min(io->pfrio_size, n); totlen = io->pfrio_size * sizeof(struct pfr_table); @@ -3104,7 +3122,8 @@ DIOCCHANGEADDR_error: case DIOCRSETTFLAGS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen, n; + size_t totlen; + int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; @@ -3113,6 +3132,12 @@ DIOCCHANGEADDR_error: PF_RULES_RLOCK(); n = pfr_table_count(>pfrio_table, io->pfrio_flags); + if (n < 0) { + PF_RULES_RUNLOCK(); + error = EINVAL; + break; + } + io->pfrio_size = min(io->pfrio_size, n); PF_RULES_RUNLOCK(); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360343 - stable/11/sys/netpfil/pf
Author: kp Date: Sun Apr 26 16:13:51 2020 New Revision: 360343 URL: https://svnweb.freebsd.org/changeset/base/360343 Log: MFC r360098: pf: Improve ioctl() input validation Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from userspace. They failed to validate the dyn pointer contained in its struct pf_addr_wrap member structure. This triggered assertion failures under fuzz testing in pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but we should verify that it's set to NULL anyway. Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com Modified: stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf_ioctl.c == --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:50 2020 (r360342) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:51 2020 (r360343) @@ -2229,6 +2229,10 @@ DIOCGETSTATES_full: error = EINVAL; break; } + if (pp->addr.addr.p.dyn != NULL) { + error = EINVAL; + break; + } pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); bcopy(>addr, pa, sizeof(struct pf_pooladdr)); if (pa->ifname[0]) @@ -2325,6 +2329,10 @@ DIOCGETSTATES_full: if (pca->addr.addr.type != PF_ADDR_ADDRMASK && pca->addr.addr.type != PF_ADDR_DYNIFTL && pca->addr.addr.type != PF_ADDR_TABLE) { + error = EINVAL; + break; + } + if (pca->addr.addr.p.dyn != NULL) { error = EINVAL; break; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360342 - stable/12/sys/netpfil/pf
Author: kp Date: Sun Apr 26 16:13:50 2020 New Revision: 360342 URL: https://svnweb.freebsd.org/changeset/base/360342 Log: MFC r360098: pf: Improve ioctl() input validation Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from userspace. They failed to validate the dyn pointer contained in its struct pf_addr_wrap member structure. This triggered assertion failures under fuzz testing in pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but we should verify that it's set to NULL anyway. Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_ioctl.c == --- stable/12/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:06:09 2020 (r360341) +++ stable/12/sys/netpfil/pf/pf_ioctl.c Sun Apr 26 16:13:50 2020 (r360342) @@ -2643,6 +2643,10 @@ DIOCGETSTATES_full: error = EINVAL; break; } + if (pp->addr.addr.p.dyn != NULL) { + error = EINVAL; + break; + } pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); bcopy(>addr, pa, sizeof(struct pf_pooladdr)); if (pa->ifname[0]) @@ -2739,6 +2743,10 @@ DIOCGETSTATES_full: if (pca->addr.addr.type != PF_ADDR_ADDRMASK && pca->addr.addr.type != PF_ADDR_DYNIFTL && pca->addr.addr.type != PF_ADDR_TABLE) { + error = EINVAL; + break; + } + if (pca->addr.addr.p.dyn != NULL) { error = EINVAL; break; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360341 - stable/12/sbin/pfctl
Author: kp Date: Sun Apr 26 16:06:09 2020 New Revision: 360341 URL: https://svnweb.freebsd.org/changeset/base/360341 Log: MFC r360096: pfctl: Remove unused variable Submitted by: Nick Rogers MFC after:1 week Sponsored by: RG Nets Modified: stable/12/sbin/pfctl/pfctl_parser.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sbin/pfctl/pfctl_parser.c == --- stable/12/sbin/pfctl/pfctl_parser.c Sun Apr 26 15:52:41 2020 (r360340) +++ stable/12/sbin/pfctl/pfctl_parser.c Sun Apr 26 16:06:09 2020 (r360341) @@ -1370,13 +1370,11 @@ struct node_host * ifa_exists(char *ifa_name) { struct node_host*n; - int s; if (iftab == NULL) ifa_load(); /* check whether this is a group */ - s = get_query_socket(); if (is_a_group(ifa_name)) { /* fake a node_host */ if ((n = calloc(1, sizeof(*n))) == NULL) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360299 - in stable/11/sys: kern net sys
Author: kp Date: Sat Apr 25 12:49:48 2020 New Revision: 360299 URL: https://svnweb.freebsd.org/changeset/base/360299 Log: MFC r360068: ethersubr: Make the mac address generation more robust If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails. Mitigate this problem by including the jail name in the mac address. Modified: stable/11/sys/kern/kern_jail.c stable/11/sys/net/if_ethersubr.c stable/11/sys/sys/jail.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/kern_jail.c == --- stable/11/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020 (r360298) +++ stable/11/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020 (r360299) @@ -2936,6 +2936,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti mtx_unlock(>cr_prison->pr_mtx); } +void +getjailname(struct ucred *cred, char *name, size_t len) +{ + + mtx_lock(>cr_prison->pr_mtx); + strlcpy(name, cred->cr_prison->pr_name, len); + mtx_unlock(>cr_prison->pr_mtx); +} + #ifdef VIMAGE /* * Determine whether the prison represented by cred owns Modified: stable/11/sys/net/if_ethersubr.c == --- stable/11/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020 (r360298) +++ stable/11/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020 (r360299) @@ -1377,27 +1377,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife, /* * Allocate an address from the FreeBSD Foundation OUI. This uses a - * cryptographic hash function on the containing jail's UUID and the interface - * name to attempt to provide a unique but stable address. Pseudo-interfaces - * which require a MAC address should use this function to allocate - * non-locally-administered addresses. + * cryptographic hash function on the containing jail's name, UUID and the + * interface name to attempt to provide a unique but stable address. + * Pseudo-interfaces which require a MAC address should use this function to + * allocate non-locally-administered addresses. */ void ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) { -#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 SHA1_CTX ctx; - char buf[ETHER_GEN_ADDR_BUFSIZ]; + char *buf; char uuid[HOSTUUIDLEN + 1]; uint64_t addr; int i, sz; char digest[SHA1_RESULTLEN]; + char jailname[MAXHOSTNAMELEN]; getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname); + /* If each (vnet) jail would also have a unique hostuuid this would not +* be necessary. */ + getjailname(curthread->td_ucred, jailname, sizeof(jailname)); + sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), + jailname); + if (sz < 0) { + /* Fall back to a random mac address. */ + arc4rand(hwaddr, sizeof(*hwaddr), 0); + hwaddr->octet[0] = 0x02; + return; + } + SHA1Init(); SHA1Update(, buf, sz); SHA1Final(digest, ); + free(buf, M_TEMP); addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) & OUI_FREEBSD_GENERATED_MASK; Modified: stable/11/sys/sys/jail.h == --- stable/11/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360298) +++ stable/11/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360299) @@ -367,6 +367,7 @@ void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); +void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360298 - in stable/12/sys: kern net sys
Author: kp Date: Sat Apr 25 12:49:48 2020 New Revision: 360298 URL: https://svnweb.freebsd.org/changeset/base/360298 Log: MFC r360068: ethersubr: Make the mac address generation more robust If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails. Mitigate this problem by including the jail name in the mac address. Modified: stable/12/sys/kern/kern_jail.c stable/12/sys/net/if_ethersubr.c stable/12/sys/sys/jail.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/kern/kern_jail.c == --- stable/12/sys/kern/kern_jail.c Sat Apr 25 12:39:28 2020 (r360297) +++ stable/12/sys/kern/kern_jail.c Sat Apr 25 12:49:48 2020 (r360298) @@ -2919,6 +2919,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti mtx_unlock(>cr_prison->pr_mtx); } +void +getjailname(struct ucred *cred, char *name, size_t len) +{ + + mtx_lock(>cr_prison->pr_mtx); + strlcpy(name, cred->cr_prison->pr_name, len); + mtx_unlock(>cr_prison->pr_mtx); +} + #ifdef VIMAGE /* * Determine whether the prison represented by cred owns Modified: stable/12/sys/net/if_ethersubr.c == --- stable/12/sys/net/if_ethersubr.cSat Apr 25 12:39:28 2020 (r360297) +++ stable/12/sys/net/if_ethersubr.cSat Apr 25 12:49:48 2020 (r360298) @@ -1375,27 +1375,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife, /* * Allocate an address from the FreeBSD Foundation OUI. This uses a - * cryptographic hash function on the containing jail's UUID and the interface - * name to attempt to provide a unique but stable address. Pseudo-interfaces - * which require a MAC address should use this function to allocate - * non-locally-administered addresses. + * cryptographic hash function on the containing jail's name, UUID and the + * interface name to attempt to provide a unique but stable address. + * Pseudo-interfaces which require a MAC address should use this function to + * allocate non-locally-administered addresses. */ void ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) { -#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 SHA1_CTX ctx; - char buf[ETHER_GEN_ADDR_BUFSIZ]; + char *buf; char uuid[HOSTUUIDLEN + 1]; uint64_t addr; int i, sz; char digest[SHA1_RESULTLEN]; + char jailname[MAXHOSTNAMELEN]; getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname); + /* If each (vnet) jail would also have a unique hostuuid this would not +* be necessary. */ + getjailname(curthread->td_ucred, jailname, sizeof(jailname)); + sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), + jailname); + if (sz < 0) { + /* Fall back to a random mac address. */ + arc4rand(hwaddr, sizeof(*hwaddr), 0); + hwaddr->octet[0] = 0x02; + return; + } + SHA1Init(); SHA1Update(, buf, sz); SHA1Final(digest, ); + free(buf, M_TEMP); addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) & OUI_FREEBSD_GENERATED_MASK; Modified: stable/12/sys/sys/jail.h == --- stable/12/sys/sys/jail.hSat Apr 25 12:39:28 2020(r360297) +++ stable/12/sys/sys/jail.hSat Apr 25 12:49:48 2020(r360298) @@ -368,6 +368,7 @@ void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); +void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360268 - stable/11/sys/netpfil/pf
Author: kp Date: Fri Apr 24 15:27:56 2020 New Revision: 360268 URL: https://svnweb.freebsd.org/changeset/base/360268 Log: MFC r360042: pf: Do not allow negative ps_len in DIOCGETSTATES Userspace may pass a negative ps_len value to us, which causes an assertion failure in malloc(). Treat negative values as zero, i.e. return the required size. Reported-by: syzbot+53370d9d0358ee2a0...@syzkaller.appspotmail.com Modified: stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf_ioctl.c == --- stable/11/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:55 2020 (r360267) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:56 2020 (r360268) @@ -1759,7 +1759,7 @@ relock_DIOCKILLSTATES: struct pfsync_state *pstore, *p; int i, nr; - if (ps->ps_len == 0) { + if (ps->ps_len <= 0) { nr = uma_zone_get_cur(V_pf_state_z); ps->ps_len = sizeof(struct pfsync_state) * nr; break; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360267 - stable/12/sys/netpfil/pf
Author: kp Date: Fri Apr 24 15:27:55 2020 New Revision: 360267 URL: https://svnweb.freebsd.org/changeset/base/360267 Log: MFC r360042: pf: Do not allow negative ps_len in DIOCGETSTATES Userspace may pass a negative ps_len value to us, which causes an assertion failure in malloc(). Treat negative values as zero, i.e. return the required size. Reported-by: syzbot+53370d9d0358ee2a0...@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_ioctl.c == --- stable/12/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:09:30 2020 (r360266) +++ stable/12/sys/netpfil/pf/pf_ioctl.c Fri Apr 24 15:27:55 2020 (r360267) @@ -2163,7 +2163,7 @@ relock_DIOCKILLSTATES: struct pfsync_state *pstore, *p; int i, nr; - if (ps->ps_len == 0) { + if (ps->ps_len <= 0) { nr = uma_zone_get_cur(V_pf_state_z); ps->ps_len = sizeof(struct pfsync_state) * nr; break; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360231 - head/lib/libc/net
Author: kp Date: Thu Apr 23 21:16:51 2020 New Revision: 360231 URL: https://svnweb.freebsd.org/changeset/base/360231 Log: libc: Shortcut if_indextoname() if index == 0 If the index we're trying to convert is 0 we can avoid a potentially expensive call to getifaddrs(). No interface has an ifindex of zero, so we can handle this as an error: set the errno to ENXIO and return NULL. Submitted by: Nick Rogers Reviewed by: lutz at donnerhacke.de MFC after:2 weeks Sponsored by: RG Nets Differential Revision:https://reviews.freebsd.org/D24524 Modified: head/lib/libc/net/if_indextoname.c Modified: head/lib/libc/net/if_indextoname.c == --- head/lib/libc/net/if_indextoname.c Thu Apr 23 20:14:59 2020 (r360230) +++ head/lib/libc/net/if_indextoname.c Thu Apr 23 21:16:51 2020 (r360231) @@ -66,6 +66,11 @@ if_indextoname(unsigned int ifindex, char *ifname) struct ifaddrs *ifaddrs, *ifa; int error = 0; + if (ifindex == 0) { + errno = ENXIO; + return(NULL); + } + if (getifaddrs() < 0) return(NULL); /* getifaddrs properly set errno */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360068 - in head/sys: kern net sys
On 21 Apr 2020, at 4:34, Kyle Evans wrote: On Mon, Apr 20, 2020 at 9:14 PM Kyle Evans wrote: On Mon, Apr 20, 2020 at 8:15 PM Eric van Gyzen wrote: + sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), + jailname); + if (sz < 0) { + /* Fall back to a random mac address. */ I was wondering if it would be valuable to give this fall back something like: printf("%s: unable to create fixed mac address; using random mac address", if_name(ifp)); This will only be printed in rare circumstances. But in that case will provide valuable information. That would potentially be valuable, yes. On the other hand, we traditionally don???t sprinkle a lot of printf()s around in the kernel. This is extremely unlikely to happen, and if it does odds are attaching the interface will fail at an earlier or later point, you may struggle to pass packets and run into any number of other issues. It???s also possible to diagnose absent the printf(), because the MAC address will be locally administered rather than within the FreeBSD OUI. So, in short: not a bad idea. You can argue it both ways, and I find myself (weakly) on the opposite side. Would displaying the message only when verbose boot mode is enabled be a suitable compromise? We could completely avoid the problems of dynamic allocation by calling SHA1Update three times, feeding each piece of data separately. For bonus points, use a single char[] to save stack space, too. Maybe use a union, for legibility, and to ensure the proper size without ugly assertions. To be honest, I'd be more inclined to just revert this part of it and push it all back onto the stack. It's still < 512 bytes and pretty much always called in short paths because it's generally only used during initial creation of some ifnet; I found the concern about the stack usage here, specifically, a bit dubious in the first place, and this follow-up hasn't left me enjoying it any further. Sorry, to clarify: I'm also pretty much OK with SHA1Update 3x if I'm alone in the "don't really care about this particular stack usage" camp, but I've found it useful that they're currently joined into a single buffer as I've had occasion to dump it in the past to confirm my understanding of the pedigree of the output, in case of, e.g., generated conflicts. For what it’s worth, I’m in your camp: a few hundred bytes of stack use doesn’t matter much here. Straightforward code is more important. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360099 - head/tests/sys/net
Author: kp Date: Sun Apr 19 16:30:49 2020 New Revision: 360099 URL: https://svnweb.freebsd.org/changeset/base/360099 Log: bridge tests: Ensure that bridges in different jails get different MAC addresses We used to have a problem where bridges created in different vnet jails would end up having the same mac address. This is now fixed by including the jail name as a seed for the mac address generation, but we should verify that it doesn't regress. Modified: head/tests/sys/net/if_bridge_test.sh Modified: head/tests/sys/net/if_bridge_test.sh == --- head/tests/sys/net/if_bridge_test.shSun Apr 19 16:10:20 2020 (r360098) +++ head/tests/sys/net/if_bridge_test.shSun Apr 19 16:30:49 2020 (r360099) @@ -271,6 +271,44 @@ delete_with_members_cleanup() vnet_cleanup } +atf_test_case "mac_conflict" "cleanup" +mac_conflict_head() +{ + atf_set descr 'Ensure that bridges in different jails get different mac addresses' + atf_set require.user root +} + +mac_conflict_body() +{ + vnet_init + + epair=$(vnet_mkepair) + + # Ensure the bridge module is loaded so jails can use it. + tmpbridge=$(vnet_mkbridge) + + vnet_mkjail bridge_mac_conflict_one ${epair}a + vnet_mkjail bridge_mac_conflict_two ${epair}b + + jexec bridge_mac_conflict_one ifconfig bridge create + jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \ + addm ${epair}a + jexec bridge_mac_conflict_one ifconfig ${epair}a up + + jexec bridge_mac_conflict_two ifconfig bridge create + jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \ + addm ${epair}b + jexec bridge_mac_conflict_two ifconfig ${epair}b up + + atf_check -s exit:0 -o ignore \ + jexec bridge_mac_conflict_one ping -c 3 192.0.2.2 +} + +mac_conflict_cleanup() +{ + vnet_cleanup +} + atf_init_test_cases() { atf_add_test_case "bridge_transmit_ipv4_unicast" @@ -278,4 +316,5 @@ atf_init_test_cases() atf_add_test_case "static" atf_add_test_case "span" atf_add_test_case "delete_with_members" + atf_add_test_case "mac_conflict" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360098 - head/sys/netpfil/pf
Author: kp Date: Sun Apr 19 16:10:20 2020 New Revision: 360098 URL: https://svnweb.freebsd.org/changeset/base/360098 Log: pf: Improve ioctl() input validation Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from userspace. They failed to validate the dyn pointer contained in its struct pf_addr_wrap member structure. This triggered assertion failures under fuzz testing in pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but we should verify that it's set to NULL anyway. Reported-by: syzbot+93e93150bc29f9b4b...@syzkaller.appspotmail.com Reviewed by: emaste MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24431 Modified: head/sys/netpfil/pf/pf_ioctl.c Modified: head/sys/netpfil/pf/pf_ioctl.c == --- head/sys/netpfil/pf/pf_ioctl.c Sun Apr 19 15:37:13 2020 (r360097) +++ head/sys/netpfil/pf/pf_ioctl.c Sun Apr 19 16:10:20 2020 (r360098) @@ -2643,6 +2643,10 @@ DIOCGETSTATES_full: error = EINVAL; break; } + if (pp->addr.addr.p.dyn != NULL) { + error = EINVAL; + break; + } pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); bcopy(>addr, pa, sizeof(struct pf_pooladdr)); if (pa->ifname[0]) @@ -2739,6 +2743,10 @@ DIOCGETSTATES_full: if (pca->addr.addr.type != PF_ADDR_ADDRMASK && pca->addr.addr.type != PF_ADDR_DYNIFTL && pca->addr.addr.type != PF_ADDR_TABLE) { + error = EINVAL; + break; + } + if (pca->addr.addr.p.dyn != NULL) { error = EINVAL; break; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360097 - head/sbin/pfctl
Author: kp Date: Sun Apr 19 15:37:13 2020 New Revision: 360097 URL: https://svnweb.freebsd.org/changeset/base/360097 Log: pfctl: Call ifa_load() before ifa_grouplookup() ifa_grouplookup() uses the data loaded in ifa_load() (through is_a_group()), so we must call ifa_load() before we can rely on any of the data it populates. Submitted by: Nick Rogers MFC after:1 week Sponsored by: RG Nets Modified: head/sbin/pfctl/pfctl_parser.c Modified: head/sbin/pfctl/pfctl_parser.c == --- head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:32:14 2020 (r360096) +++ head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:37:13 2020 (r360097) @@ -1436,14 +1436,15 @@ ifa_lookup(char *ifa_name, int flags) int got4 = 0, got6 = 0; const char *last_if = NULL; + /* first load iftab and isgroup_map */ + if (iftab == NULL) + ifa_load(); + if ((h = ifa_grouplookup(ifa_name, flags)) != NULL) return (h); if (!strncmp(ifa_name, "self", IFNAMSIZ)) ifa_name = NULL; - - if (iftab == NULL) - ifa_load(); for (p = iftab; p; p = p->next) { if (ifa_skip_if(ifa_name, p)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360096 - head/sbin/pfctl
Author: kp Date: Sun Apr 19 15:32:14 2020 New Revision: 360096 URL: https://svnweb.freebsd.org/changeset/base/360096 Log: pfctl: Remove unused variable Submitted by: Nick Rogers MFC after:1 week Sponsored by: RG Nets Modified: head/sbin/pfctl/pfctl_parser.c Modified: head/sbin/pfctl/pfctl_parser.c == --- head/sbin/pfctl/pfctl_parser.c Sun Apr 19 14:25:56 2020 (r360095) +++ head/sbin/pfctl/pfctl_parser.c Sun Apr 19 15:32:14 2020 (r360096) @@ -1370,13 +1370,11 @@ struct node_host * ifa_exists(char *ifa_name) { struct node_host*n; - int s; if (iftab == NULL) ifa_load(); /* check whether this is a group */ - s = get_query_socket(); if (is_a_group(ifa_name)) { /* fake a node_host */ if ((n = calloc(1, sizeof(*n))) == NULL) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360068 - in head/sys: kern net sys
On 19 Apr 2020, at 15:33, Ronald Klop wrote: On Sat, 18 Apr 2020 09:50:30 +0200, Kristof Provost wrote: Author: kp Date: Sat Apr 18 07:50:30 2020 New Revision: 360068 URL: https://svnweb.freebsd.org/changeset/base/360068 Log: ethersubr: Make the mac address generation more robust If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails. Mitigate this problem by including the jail name in the mac address. Reviewed by: kevans, melifaro MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24383 Modified: head/sys/kern/kern_jail.c head/sys/net/if_ethersubr.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Sat Apr 18 03:14:16 2020(r360067) +++ head/sys/kern/kern_jail.c Sat Apr 18 07:50:30 2020(r360068) @@ -2920,6 +2920,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti mtx_unlock(>cr_prison->pr_mtx); } +void +getjailname(struct ucred *cred, char *name, size_t len) +{ + + mtx_lock(>cr_prison->pr_mtx); + strlcpy(name, cred->cr_prison->pr_name, len); + mtx_unlock(>cr_prison->pr_mtx); +} + #ifdef VIMAGE /* * Determine whether the prison represented by cred owns Modified: head/sys/net/if_ethersubr.c == --- head/sys/net/if_ethersubr.c Sat Apr 18 03:14:16 2020(r360067) +++ head/sys/net/if_ethersubr.c Sat Apr 18 07:50:30 2020(r360068) @@ -1419,27 +1419,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife, /* * Allocate an address from the FreeBSD Foundation OUI. This uses a - * cryptographic hash function on the containing jail's UUID and the interface - * name to attempt to provide a unique but stable address. Pseudo-interfaces - * which require a MAC address should use this function to allocate - * non-locally-administered addresses. + * cryptographic hash function on the containing jail's name, UUID and the + * interface name to attempt to provide a unique but stable address. + * Pseudo-interfaces which require a MAC address should use this function to + * allocate non-locally-administered addresses. */ void ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) { -#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 SHA1_CTX ctx; - char buf[ETHER_GEN_ADDR_BUFSIZ]; + char *buf; char uuid[HOSTUUIDLEN + 1]; uint64_t addr; int i, sz; char digest[SHA1_RESULTLEN]; + char jailname[MAXHOSTNAMELEN]; getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname); + /* If each (vnet) jail would also have a unique hostuuid this would not +* be necessary. */ + getjailname(curthread->td_ucred, jailname, sizeof(jailname)); + sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), + jailname); + if (sz < 0) { + /* Fall back to a random mac address. */ I was wondering if it would be valuable to give this fall back something like: printf("%s: unable to create fixed mac address; using random mac address", if_name(ifp)); This will only be printed in rare circumstances. But in that case will provide valuable information. That would potentially be valuable, yes. On the other hand, we traditionally don’t sprinkle a lot of printf()s around in the kernel. This is extremely unlikely to happen, and if it does odds are attaching the interface will fail at an earlier or later point, you may struggle to pass packets and run into any number of other issues. It’s also possible to diagnose absent the printf(), because the MAC address will be locally administered rather than within the FreeBSD OUI. So, in short: not a bad idea. You can argue it both ways, and I find myself (weakly) on the opposite side. Best regards, Kristof ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360069 - head/sys/net
Author: kp Date: Sat Apr 18 08:00:58 2020 New Revision: 360069 URL: https://svnweb.freebsd.org/changeset/base/360069 Log: bridge: Simplify mac address generation Unconditionally use ether_gen_addr() to generate bridge mac addresses. This function is now less likely to generate duplicate mac addresses across jails. The old hand rolled hostid based code adds no value. Reviewed by: bz Differential Revision:https://reviews.freebsd.org/D24432 Modified: head/sys/net/if_bridge.c Modified: head/sys/net/if_bridge.c == --- head/sys/net/if_bridge.cSat Apr 18 07:50:30 2020(r360068) +++ head/sys/net/if_bridge.cSat Apr 18 08:00:58 2020(r360069) @@ -676,10 +676,8 @@ SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, static int bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) { - struct bridge_softc *sc, *sc2; - struct ifnet *bifp, *ifp; - int fb, retry; - unsigned long hostid; + struct bridge_softc *sc; + struct ifnet *ifp; sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); ifp = sc->sc_ifp = if_alloc(IFT_ETHER); @@ -709,41 +707,7 @@ bridge_clone_create(struct if_clone *ifc, int unit, ca ifp->if_init = bridge_init; ifp->if_type = IFT_BRIDGE; - /* -* Generate an ethernet address with a locally administered address. -* -* Since we are using random ethernet addresses for the bridge, it is -* possible that we might have address collisions, so make sure that -* this hardware address isn't already in use on another bridge. -* The first try uses the hostid and falls back to arc4rand(). -*/ - fb = 0; - getcredhostid(curthread->td_ucred, ); - do { - if (fb || hostid == 0) { - ether_gen_addr(ifp, >sc_defaddr); - } else { - sc->sc_defaddr.octet[0] = 0x2; - sc->sc_defaddr.octet[1] = (hostid >> 24) & 0xff; - sc->sc_defaddr.octet[2] = (hostid >> 16) & 0xff; - sc->sc_defaddr.octet[3] = (hostid >> 8 ) & 0xff; - sc->sc_defaddr.octet[4] = hostid& 0xff; - sc->sc_defaddr.octet[5] = ifp->if_dunit & 0xff; - } - - fb = 1; - retry = 0; - BRIDGE_LIST_LOCK(); - LIST_FOREACH(sc2, _bridge_list, sc_list) { - bifp = sc2->sc_ifp; - if (memcmp(sc->sc_defaddr.octet, - IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { - retry = 1; - break; - } - } - BRIDGE_LIST_UNLOCK(); - } while (retry == 1); + ether_gen_addr(ifp, >sc_defaddr); bstp_attach(>sc_stp, _ops); ether_ifattach(ifp, sc->sc_defaddr.octet); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360068 - in head/sys: kern net sys
Author: kp Date: Sat Apr 18 07:50:30 2020 New Revision: 360068 URL: https://svnweb.freebsd.org/changeset/base/360068 Log: ethersubr: Make the mac address generation more robust If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails. Mitigate this problem by including the jail name in the mac address. Reviewed by: kevans, melifaro MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24383 Modified: head/sys/kern/kern_jail.c head/sys/net/if_ethersubr.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Sat Apr 18 03:14:16 2020(r360067) +++ head/sys/kern/kern_jail.c Sat Apr 18 07:50:30 2020(r360068) @@ -2920,6 +2920,15 @@ getcredhostid(struct ucred *cred, unsigned long *hosti mtx_unlock(>cr_prison->pr_mtx); } +void +getjailname(struct ucred *cred, char *name, size_t len) +{ + + mtx_lock(>cr_prison->pr_mtx); + strlcpy(name, cred->cr_prison->pr_name, len); + mtx_unlock(>cr_prison->pr_mtx); +} + #ifdef VIMAGE /* * Determine whether the prison represented by cred owns Modified: head/sys/net/if_ethersubr.c == --- head/sys/net/if_ethersubr.c Sat Apr 18 03:14:16 2020(r360067) +++ head/sys/net/if_ethersubr.c Sat Apr 18 07:50:30 2020(r360068) @@ -1419,27 +1419,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet *ife, /* * Allocate an address from the FreeBSD Foundation OUI. This uses a - * cryptographic hash function on the containing jail's UUID and the interface - * name to attempt to provide a unique but stable address. Pseudo-interfaces - * which require a MAC address should use this function to allocate - * non-locally-administered addresses. + * cryptographic hash function on the containing jail's name, UUID and the + * interface name to attempt to provide a unique but stable address. + * Pseudo-interfaces which require a MAC address should use this function to + * allocate non-locally-administered addresses. */ void ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) { -#defineETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 SHA1_CTX ctx; - char buf[ETHER_GEN_ADDR_BUFSIZ]; + char *buf; char uuid[HOSTUUIDLEN + 1]; uint64_t addr; int i, sz; char digest[SHA1_RESULTLEN]; + char jailname[MAXHOSTNAMELEN]; getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname); + /* If each (vnet) jail would also have a unique hostuuid this would not +* be necessary. */ + getjailname(curthread->td_ucred, jailname, sizeof(jailname)); + sz = asprintf(, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), + jailname); + if (sz < 0) { + /* Fall back to a random mac address. */ + arc4rand(hwaddr, sizeof(*hwaddr), 0); + hwaddr->octet[0] = 0x02; + return; + } + SHA1Init(); SHA1Update(, buf, sz); SHA1Final(digest, ); + free(buf, M_TEMP); addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) & OUI_FREEBSD_GENERATED_MASK; Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Sat Apr 18 03:14:16 2020(r360067) +++ head/sys/sys/jail.h Sat Apr 18 07:50:30 2020(r360068) @@ -382,6 +382,7 @@ void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); +void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360043 - head/tests/sys/net
Author: kp Date: Fri Apr 17 14:57:15 2020 New Revision: 360043 URL: https://svnweb.freebsd.org/changeset/base/360043 Log: bridge tests: Test deleting a bridge with members Reviewed by: philip, emaste Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D24337 Modified: head/tests/sys/net/if_bridge_test.sh Modified: head/tests/sys/net/if_bridge_test.sh == --- head/tests/sys/net/if_bridge_test.shFri Apr 17 14:35:11 2020 (r360042) +++ head/tests/sys/net/if_bridge_test.shFri Apr 17 14:57:15 2020 (r360043) @@ -245,10 +245,37 @@ span_cleanup() vnet_cleanup } +atf_test_case "delete_with_members" "cleanup" +delete_with_members_head() +{ + atf_set descr 'Delete a bridge which still has member interfaces' + atf_set require.user root +} + +delete_with_members_body() +{ + vnet_init + + bridge=$(vnet_mkbridge) + epair=$(vnet_mkepair) + + ifconfig ${bridge} 192.0.2.1/24 up + ifconfig ${epair}a up + ifconfig ${bridge} addm ${epair}a + + ifconfig ${bridge} destroy +} + +delete_with_members_cleanup() +{ + vnet_cleanup +} + atf_init_test_cases() { atf_add_test_case "bridge_transmit_ipv4_unicast" atf_add_test_case "stp" atf_add_test_case "static" atf_add_test_case "span" + atf_add_test_case "delete_with_members" } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"