CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:30:06 UTC 2024 Modified Files: src/sys/net [netbsd-9]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1815): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.156 -r1.156.2.1 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tun.c diff -u src/sys/net/if_tun.c:1.156 src/sys/net/if_tun.c:1.156.2.1 --- src/sys/net/if_tun.c:1.156 Fri Apr 26 08:38:25 2019 +++ src/sys/net/if_tun.c Mon Mar 11 19:30:06 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tun.c,v 1.156 2019/04/26 08:38:25 pgoyette Exp $ */ +/* $NetBSD: if_tun.c,v 1.156.2.1 2024/03/11 19:30:06 martin Exp $ */ /* * Copyright (c) 1988, Julian Onions @@ -19,7 +19,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.156 2019/04/26 08:38:25 pgoyette Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.156.2.1 2024/03/11 19:30:06 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -586,9 +586,7 @@ tun_output(struct ifnet *ifp, struct mbu goto out; } memcpy(mtod(m0, char *), dst, dst->sa_len); - } - - if (tp->tun_flags & TUN_IFHEAD) { + } else if (tp->tun_flags & TUN_IFHEAD) { /* Prepend the address family */ M_PREPEND(m0, sizeof(*af), M_DONTWAIT); if (m0 == NULL) {
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:30:06 UTC 2024 Modified Files: src/sys/net [netbsd-9]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1815): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.156 -r1.156.2.1 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:22:51 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1725): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.48.2.3 -r1.48.2.4 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:22:51 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1725): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.48.2.3 -r1.48.2.4 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_ruleset.c diff -u src/sys/net/npf/npf_ruleset.c:1.48.2.3 src/sys/net/npf/npf_ruleset.c:1.48.2.4 --- src/sys/net/npf/npf_ruleset.c:1.48.2.3 Sat Jun 20 15:46:48 2020 +++ src/sys/net/npf/npf_ruleset.c Wed Aug 23 18:22:51 2023 @@ -34,7 +34,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.48.2.3 2020/06/20 15:46:48 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.48.2.4 2023/08/23 18:22:51 martin Exp $"); #include #include @@ -891,7 +891,7 @@ npf_ruleset_inspect(npf_cache_t *npc, co KASSERT(n < skip_to); /* Group is a barrier: return a matching if found any. */ - if ((attr & NPF_RULE_GROUP) != 0 && final_rl) { + if ((attr & NPF_DYNAMIC_GROUP) == NPF_RULE_GROUP && final_rl) { break; }
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Mon Aug 21 12:20:07 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf_tableset.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1718): sys/net/npf/npf_tableset.c: revision 1.41 npf(9): Drop table lock around copyout. It is forbidden to hold a spin lock around copyout, and t_lock is a spin lock. We need t_lock in order to iterate over the list of entries. However, during copyout itself, we only need to ensure that the object we're copying out isn't freed by npf_table_remove or npf_table_gc. Fortunately, the only caller of npf_table_list, npf_table_remove, and npf_table_gc is npfctl_table, and it serializes all of them by the npf config lock. So we can safely drop t_lock across copyout. PR kern/57136 PR kern/57181 To generate a diff of this commit: cvs rdiff -u -r1.33.2.2 -r1.33.2.3 src/sys/net/npf/npf_tableset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Mon Aug 21 12:20:07 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf_tableset.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1718): sys/net/npf/npf_tableset.c: revision 1.41 npf(9): Drop table lock around copyout. It is forbidden to hold a spin lock around copyout, and t_lock is a spin lock. We need t_lock in order to iterate over the list of entries. However, during copyout itself, we only need to ensure that the object we're copying out isn't freed by npf_table_remove or npf_table_gc. Fortunately, the only caller of npf_table_list, npf_table_remove, and npf_table_gc is npfctl_table, and it serializes all of them by the npf config lock. So we can safely drop t_lock across copyout. PR kern/57136 PR kern/57181 To generate a diff of this commit: cvs rdiff -u -r1.33.2.2 -r1.33.2.3 src/sys/net/npf/npf_tableset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_tableset.c diff -u src/sys/net/npf/npf_tableset.c:1.33.2.2 src/sys/net/npf/npf_tableset.c:1.33.2.3 --- src/sys/net/npf/npf_tableset.c:1.33.2.2 Sat Jun 20 15:46:47 2020 +++ src/sys/net/npf/npf_tableset.c Mon Aug 21 12:20:07 2023 @@ -46,7 +46,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.33.2.2 2020/06/20 15:46:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.33.2.3 2023/08/21 12:20:07 martin Exp $"); #include #include @@ -758,15 +758,17 @@ table_ent_copyout(const npf_addr_t *addr } static int -table_generic_list(const npf_table_t *t, void *ubuf, size_t len) +table_generic_list(npf_table_t *t, void *ubuf, size_t len) { npf_tblent_t *ent; size_t off = 0; int error = 0; LIST_FOREACH(ent, >t_list, te_listent) { + mutex_exit(>t_lock); error = table_ent_copyout(>te_addr, ent->te_alen, ent->te_preflen, ubuf, len, ); + mutex_enter(>t_lock); if (error) break; }
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 14:57:52 UTC 2023 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1708: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.229.2.2 -r1.229.2.3 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.229.2.2 src/sys/net/bpf.c:1.229.2.3 --- src/sys/net/bpf.c:1.229.2.2 Wed Feb 22 19:50:33 2023 +++ src/sys/net/bpf.c Fri Aug 4 14:57:52 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.229.2.2 2023/02/22 19:50:33 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.229.2.3 2023/08/04 14:57:52 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.2 2023/02/22 19:50:33 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.3 2023/08/04 14:57:52 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1628,6 +1628,8 @@ bpf_deliver(struct bpf_if *bp, void *(*c else slen = bpf_filter_ext(NULL, filter->bf_insn, ); + } else { + slen = (u_int)-1; /* No filter means accept all */ } if (!slen) {
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 14:57:52 UTC 2023 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1708: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.229.2.2 -r1.229.2.3 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:17:18 UTC 2023 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1642): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.219.2.3 -r1.219.2.4 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.219.2.3 src/sys/net/route.c:1.219.2.4 --- src/sys/net/route.c:1.219.2.3 Wed Feb 22 18:53:56 2023 +++ src/sys/net/route.c Thu Jun 8 11:17:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $ */ +/* $NetBSD: route.c,v 1.219.2.4 2023/06/08 11:17:18 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.4 2023/06/08 11:17:18 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -229,12 +229,14 @@ static krwlock_t rt_lock __cacheline_al #define RT_UNLOCK() rw_exit(_lock) #define RT_WLOCKED() rw_write_held(_lock) #define RT_ASSERT_WLOCK() KASSERT(rw_write_held(_lock)) +#define RT_WQ_FLAGS WQ_MPSAFE #else #define RT_RLOCK() do {} while (0) #define RT_WLOCK() do {} while (0) #define RT_UNLOCK() do {} while (0) #define RT_WLOCKED() true #define RT_ASSERT_WLOCK() do {} while (0) +#define RT_WQ_FLAGS 0 #endif static uint64_t rtcache_generation; @@ -479,7 +481,7 @@ rt_init(void) rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET); error = workqueue_create(_free_global.wq, "rt_free", - rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); @@ -1802,7 +1804,7 @@ rt_timer_init(void) LIST_INIT(_queue_head); callout_init(_timer_ch, CALLOUT_MPSAFE); error = workqueue_create(_timer_wq, "rt_timer", - rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); callout_reset(_timer_ch, hz, rt_timer_timer, NULL);
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:17:18 UTC 2023 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1642): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.219.2.3 -r1.219.2.4 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Tue Mar 14 17:11:13 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf.h npf_mbuf.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by kardel in ticket #119): sys/net/npf/npf_mbuf.c: revision 1.25 sys/net/npf/npf.h: revision 1.64 sys/net/npf/npf_sendpkt.c: revision 1.23 PR kern/56052: allow block-return packets passed through without rule matching. Included up-stream ashttps://github.com/rmind/npf/pull/115 To generate a diff of this commit: cvs rdiff -u -r1.60.2.3 -r1.60.2.4 src/sys/net/npf/npf.h cvs rdiff -u -r1.22.4.1 -r1.22.4.2 src/sys/net/npf/npf_mbuf.c cvs rdiff -u -r1.21.4.1 -r1.21.4.2 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf.h diff -u src/sys/net/npf/npf.h:1.60.2.3 src/sys/net/npf/npf.h:1.60.2.4 --- src/sys/net/npf/npf.h:1.60.2.3 Sat Jun 20 15:46:47 2020 +++ src/sys/net/npf/npf.h Tue Mar 14 17:11:13 2023 @@ -122,6 +122,7 @@ void * nbuf_ensure_writable(nbuf_t *, s bool nbuf_cksum_barrier(nbuf_t *, int); int nbuf_add_tag(nbuf_t *, uint32_t); +int npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t); int nbuf_find_tag(nbuf_t *, uint32_t *); /* Index: src/sys/net/npf/npf_mbuf.c diff -u src/sys/net/npf/npf_mbuf.c:1.22.4.1 src/sys/net/npf/npf_mbuf.c:1.22.4.2 --- src/sys/net/npf/npf_mbuf.c:1.22.4.1 Sat Jun 20 15:46:47 2020 +++ src/sys/net/npf/npf_mbuf.c Tue Mar 14 17:11:13 2023 @@ -36,7 +36,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.1 2020/06/20 15:46:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.2 2023/03/14 17:11:13 martin Exp $"); #include #include @@ -297,14 +297,13 @@ nbuf_cksum_barrier(nbuf_t *nbuf, int di) } /* - * nbuf_add_tag: associate a tag with the network buffer. + * npf_mbuf_add_tag: associate a tag with the network buffer. * * => Returns 0 on success or error number on failure. */ int -nbuf_add_tag(nbuf_t *nbuf, uint32_t val) +npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val) { - struct mbuf *m = nbuf->nb_mbuf0; #ifdef _KERNEL struct m_tag *mt; uint32_t *dat; @@ -328,6 +327,18 @@ nbuf_add_tag(nbuf_t *nbuf, uint32_t val) } /* + * nbuf_add_tag: associate a tag with the network buffer. + * + * => Returns 0 on success or error number on failure. + */ +int +nbuf_add_tag(nbuf_t *nbuf, uint32_t val) +{ + struct mbuf *m = nbuf->nb_mbuf0; + return npf_mbuf_add_tag(nbuf, m, val); +} + +/* * nbuf_find_tag: find a tag associated with a network buffer. * * => Returns 0 on success or error number on failure. Index: src/sys/net/npf/npf_sendpkt.c diff -u src/sys/net/npf/npf_sendpkt.c:1.21.4.1 src/sys/net/npf/npf_sendpkt.c:1.21.4.2 --- src/sys/net/npf/npf_sendpkt.c:1.21.4.1 Sat Jun 20 15:46:47 2020 +++ src/sys/net/npf/npf_sendpkt.c Tue Mar 14 17:11:13 2023 @@ -33,7 +33,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.1 2020/06/20 15:46:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.2 2023/03/14 17:11:13 martin Exp $"); #include #include @@ -197,6 +197,9 @@ npf_return_tcp(npf_cache_t *npc) } } + /* don't look at our generated reject packets going out */ + (void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS); + /* Pass to IP layer. */ if (npf_iscached(npc, NPC_IP4)) { return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); @@ -215,6 +218,9 @@ npf_return_icmp(const npf_cache_t *npc) { struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf); + /* don't look at our generated reject packets going out */ + (void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS); + if (npf_iscached(npc, NPC_IP4)) { icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0); return 0;
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Tue Mar 14 17:11:13 UTC 2023 Modified Files: src/sys/net/npf [netbsd-9]: npf.h npf_mbuf.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by kardel in ticket #119): sys/net/npf/npf_mbuf.c: revision 1.25 sys/net/npf/npf.h: revision 1.64 sys/net/npf/npf_sendpkt.c: revision 1.23 PR kern/56052: allow block-return packets passed through without rule matching. Included up-stream ashttps://github.com/rmind/npf/pull/115 To generate a diff of this commit: cvs rdiff -u -r1.60.2.3 -r1.60.2.4 src/sys/net/npf/npf.h cvs rdiff -u -r1.22.4.1 -r1.22.4.2 src/sys/net/npf/npf_mbuf.c cvs rdiff -u -r1.21.4.1 -r1.21.4.2 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:50:33 UTC 2023 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1605): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.229.2.1 -r1.229.2.2 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.229.2.1 src/sys/net/bpf.c:1.229.2.2 --- src/sys/net/bpf.c:1.229.2.1 Wed Oct 16 09:46:55 2019 +++ src/sys/net/bpf.c Wed Feb 22 19:50:33 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.229.2.2 2023/02/22 19:50:33 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.2 2023/02/22 19:50:33 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1092,7 +1092,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { +d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break; @@ -1121,7 +1130,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval50 *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { + d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break;
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:50:33 UTC 2023 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1605): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.229.2.1 -r1.229.2.2 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:53:56 UTC 2023 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1602): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.219.2.2 -r1.219.2.3 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.219.2.2 src/sys/net/route.c:1.219.2.3 --- src/sys/net/route.c:1.219.2.2 Thu Oct 3 17:12:53 2019 +++ src/sys/net/route.c Wed Feb 22 18:53:56 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.219.2.2 2019/10/03 17:12:53 martin Exp $ */ +/* $NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.2 2019/10/03 17:12:53 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -644,8 +644,17 @@ static bool rt_wait_ok(void) { + /* + * This originally returned !cpu_softintr_p(), but that doesn't + * work: the caller may hold a lock (probably softnet lock) + * that a softint is waiting for, in which case waiting here + * would cause a deadlock. See https://gnats.netbsd.org/56844 + * for details. For now, until the locking paths are sorted + * out, we just disable the waiting option altogether and + * always defer to workqueue. + */ KASSERT(!cpu_intr_p()); - return !cpu_softintr_p(); + return false; } void
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:53:56 UTC 2023 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1602): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.219.2.2 -r1.219.2.3 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:08:47 UTC 2022 Modified Files: src/sys/net [netbsd-9]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1442): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.147.4.1 -r1.147.4.2 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.147.4.1 src/sys/net/if_pppoe.c:1.147.4.2 --- src/sys/net/if_pppoe.c:1.147.4.1 Thu Feb 13 19:40:05 2020 +++ src/sys/net/if_pppoe.c Wed May 4 15:08:47 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.147.4.1 2020/02/13 19:40:05 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.147.4.2 2022/05/04 15:08:47 sborrill Exp $ */ /* * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.147.4.1 2020/02/13 19:40:05 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.147.4.2 2022/05/04 15:08:47 sborrill Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -887,6 +887,10 @@ breakbreak:; } sc->sc_ac_cookie_len = ac_cookie_len; memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); + } else if (sc->sc_ac_cookie) { + free(sc->sc_ac_cookie, M_DEVBUF); + sc->sc_ac_cookie = NULL; + sc->sc_ac_cookie_len = 0; } if (relay_sid) { if (sc->sc_relay_sid) @@ -902,6 +906,10 @@ breakbreak:; } sc->sc_relay_sid_len = relay_sid_len; memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); + } else if (sc->sc_relay_sid) { + free(sc->sc_relay_sid, M_DEVBUF); + sc->sc_relay_sid = NULL; + sc->sc_relay_sid_len = 0; } memcpy(>sc_dest, eh->ether_shost, sizeof sc->sc_dest); callout_stop(>sc_timeout); @@ -1324,6 +1332,9 @@ pppoe_get_mbuf(size_t len) { struct mbuf *m; + if (len + sizeof(struct ether_header) > MCLBYTES) + return NULL; + MGETHDR(m, M_DONTWAIT, MT_DATA); if (m == NULL) return NULL;
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:08:47 UTC 2022 Modified Files: src/sys/net [netbsd-9]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1442): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.147.4.1 -r1.147.4.2 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:03:53 UTC 2022 Modified Files: src/sys/net [netbsd-9]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1411): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.65.4.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/ppp_tty.c diff -u src/sys/net/ppp_tty.c:1.65 src/sys/net/ppp_tty.c:1.65.4.1 --- src/sys/net/ppp_tty.c:1.65 Thu Jan 24 09:31:09 2019 +++ src/sys/net/ppp_tty.c Sat Jan 29 17:03:53 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: ppp_tty.c,v 1.65 2019/01/24 09:31:09 knakahara Exp $ */ +/* $NetBSD: ppp_tty.c,v 1.65.4.1 2022/01/29 17:03:53 martin Exp $ */ /* Id: ppp_tty.c,v 1.3 1996/07/01 01:04:11 paulus Exp */ /* @@ -93,7 +93,7 @@ /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ #include -__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.65 2019/01/24 09:31:09 knakahara Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.65.4.1 2022/01/29 17:03:53 martin Exp $"); #ifdef _KERNEL_OPT #include "ppp.h" @@ -181,7 +181,7 @@ static void pppdumpframe(struct ppp_soft /* * Does c need to be escaped? */ -#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1 << ((c) & 0x1F))) +#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1U << ((c) & 0x1F))) /* * Procedures for using an async tty interface for PPP. @@ -1021,7 +1021,7 @@ pppinput(int c, struct tty *tp) sc->sc_flags |= SC_RCV_B7_1; else sc->sc_flags |= SC_RCV_B7_0; -if (paritytab[c >> 5] & (1 << (c & 0x1F))) +if (paritytab[c >> 5] & (1U << (c & 0x1F))) sc->sc_flags |= SC_RCV_ODDP; else sc->sc_flags |= SC_RCV_EVNP; @@ -1102,7 +1102,7 @@ pppinput(int c, struct tty *tp) return 0; } -if (c < 0x20 && (sc->sc_rasyncmap & (1 << c))) +if (c < 0x20 && (sc->sc_rasyncmap & (1U << c))) return 0; s = spltty();
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:03:53 UTC 2022 Modified Files: src/sys/net [netbsd-9]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1411): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.65.4.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:11:02 UTC 2021 Modified Files: src/sys/net [netbsd-9]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1369): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.276.2.1 -r1.276.2.2 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.276.2.1 src/sys/net/if_ethersubr.c:1.276.2.2 --- src/sys/net/if_ethersubr.c:1.276.2.1 Tue Oct 8 17:02:24 2019 +++ src/sys/net/if_ethersubr.c Mon Oct 25 18:11:02 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.276.2.1 2019/10/08 17:02:24 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.276.2.2 2021/10/25 18:11:02 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.276.2.1 2019/10/08 17:02:24 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.276.2.2 2021/10/25 18:11:02 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -727,7 +727,7 @@ ether_input(struct ifnet *ifp, struct mb * type, and if IP or IPV6, let them deal with it. */ if (m->m_len >= sizeof(*evl) && - EVL_VLANOFTAG(evl->evl_tag) == 0) { + EVL_VLANOFTAG(ntohs(evl->evl_tag)) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); if ((m->m_flags & M_PROMISC) == 0 &&
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:11:02 UTC 2021 Modified Files: src/sys/net [netbsd-9]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1369): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.276.2.1 -r1.276.2.2 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 15:34:35 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_loop.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #424): sys/net/if_loop.c: revision 1.108 sys/net/if_loop.c: revision 1.109 Fix IP broadcast + checksum offload problem. When a machine sends a IP broadcast packet to an Ethernet interface that the checksum offload flags are set, the packet goes through ether_output() -> looutput() and the offload flags is cleared without calculating the checksum. And then, ip_input() calculate the packet's checksum because it's csum_flags is zero. It regard as bad checksum and it's dropped because the packet's ifp is s not lo0's. Fixes this bug by passing csum_flags as "calculated and good" when IN_LOOPBACK_NEED_CHECKSUM() is false. Advised by ryo@. This problem was seen when "routed -s" was used and the machine's interface's offload flags were set. bad checksum field of "netstat -s" was increased every 30 seconds. Fix comment. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 15:34:35 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_loop.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #424): sys/net/if_loop.c: revision 1.108 sys/net/if_loop.c: revision 1.109 Fix IP broadcast + checksum offload problem. When a machine sends a IP broadcast packet to an Ethernet interface that the checksum offload flags are set, the packet goes through ether_output() -> looutput() and the offload flags is cleared without calculating the checksum. And then, ip_input() calculate the packet's checksum because it's csum_flags is zero. It regard as bad checksum and it's dropped because the packet's ifp is s not lo0's. Fixes this bug by passing csum_flags as "calculated and good" when IN_LOOPBACK_NEED_CHECKSUM() is false. Advised by ryo@. This problem was seen when "routed -s" was used and the machine's interface's offload flags were set. bad checksum field of "netstat -s" was increased every 30 seconds. Fix comment. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_loop.c diff -u src/sys/net/if_loop.c:1.107 src/sys/net/if_loop.c:1.107.2.1 --- src/sys/net/if_loop.c:1.107 Fri Apr 26 08:38:25 2019 +++ src/sys/net/if_loop.c Thu Nov 14 15:34:35 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_loop.c,v 1.107 2019/04/26 08:38:25 pgoyette Exp $ */ +/* $NetBSD: if_loop.c,v 1.107.2.1 2019/11/14 15:34:35 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.107 2019/04/26 08:38:25 pgoyette Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.107.2.1 2019/11/14 15:34:35 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -321,8 +321,13 @@ looutput(struct ifnet *ifp, struct mbuf KASSERT((csum_flags & ~(M_CSUM_IPv4|M_CSUM_UDPv4)) == 0); if (csum_flags != 0 && IN_LOOPBACK_NEED_CHECKSUM(csum_flags)) { in_undefer_cksum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_IPv4 and M_CSUM_UDPv4 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; pktq = ip_pktq; break; #endif @@ -333,8 +338,13 @@ looutput(struct ifnet *ifp, struct mbuf if (csum_flags != 0 && IN6_LOOPBACK_NEED_CHECKSUM(csum_flags)) { in6_undefer_cksum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_UDPv6 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; m->m_flags |= M_LOOP; pktq = ip6_pktq; break;
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 23 19:28:49 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #367): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.141.2.1 -r1.141.2.2 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 23 19:28:49 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #367): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.141.2.1 -r1.141.2.2 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.141.2.1 src/sys/net/if_vlan.c:1.141.2.2 --- src/sys/net/if_vlan.c:1.141.2.1 Sun Sep 1 11:07:06 2019 +++ src/sys/net/if_vlan.c Wed Oct 23 19:28:49 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.141.2.1 2019/09/01 11:07:06 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.141.2.2 2019/10/23 19:28:49 martin Exp $ */ /* * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.141.2.1 2019/09/01 11:07:06 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.141.2.2 2019/10/23 19:28:49 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1656,7 +1656,6 @@ vlan_input(struct ifnet *ifp, struct mbu } m_set_rcvif(m, >ifv_if); - ifv->ifv_if.if_ipackets++; if (pfil_run_hooks(ifp->if_pfil, , ifp, PFIL_IN) != 0) goto out;
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 16 09:46:55 UTC 2019 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #335): sys/net/bpf.c: revision 1.230 sys/net/bpf.c: revision 1.231 Add KASSERT to catch bugs. Something tells me it could easily fire. - As I suspected, the KASSERT I added yesterday can fire if we try to process zero-sized packets. Skip them to prevent a type confusion that can trigger random page faults later. To generate a diff of this commit: cvs rdiff -u -r1.229 -r1.229.2.1 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 16 09:46:55 UTC 2019 Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #335): sys/net/bpf.c: revision 1.230 sys/net/bpf.c: revision 1.231 Add KASSERT to catch bugs. Something tells me it could easily fire. - As I suspected, the KASSERT I added yesterday can fire if we try to process zero-sized packets. Skip them to prevent a type confusion that can trigger random page faults later. To generate a diff of this commit: cvs rdiff -u -r1.229 -r1.229.2.1 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.229 src/sys/net/bpf.c:1.229.2.1 --- src/sys/net/bpf.c:1.229 Wed Jul 10 17:55:33 2019 +++ src/sys/net/bpf.c Wed Oct 16 09:46:55 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $ */ +/* $NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1676,10 +1676,16 @@ _bpf_mtap(struct bpf_if *bp, struct mbuf pktlen = m_length(m); + /* Skip zero-sized packets. */ + if (__predict_false(pktlen == 0)) { + return; + } + if (pktlen == m->m_len) { cpfn = (void *)memcpy; marg = mtod(m, void *); buflen = pktlen; + KASSERT(buflen != 0); } else { cpfn = bpf_mcpy; marg = m;
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 17:02:25 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #292): sys/net/if_ethersubr.c: revision 1.277 sys/net/if_ethersubr.c: revision 1.278 Increment if_iqdrops when dropping an oversized frame. - Print oversized frame's message only when DIAGNOSTIC is set. The message is not so important because we increment if_iqdrops now. To generate a diff of this commit: cvs rdiff -u -r1.276 -r1.276.2.1 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.276 src/sys/net/if_ethersubr.c:1.276.2.1 --- src/sys/net/if_ethersubr.c:1.276 Wed Jul 17 03:26:24 2019 +++ src/sys/net/if_ethersubr.c Tue Oct 8 17:02:24 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.276 2019/07/17 03:26:24 msaitoh Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.276.2.1 2019/10/08 17:02:24 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.276 2019/07/17 03:26:24 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.276.2.1 2019/10/08 17:02:24 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -164,10 +164,12 @@ extern u_char aarp_org_code[3]; #include #endif +#ifdef DIAGNOSTIC static struct timeval bigpktppslim_last; static int bigpktppslim = 2; /* XXX */ static int bigpktpps_count; static kmutex_t bigpktpps_lock __cacheline_aligned; +#endif const uint8_t etherbroadcastaddr[ETHER_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; @@ -612,6 +614,7 @@ ether_input(struct ifnet *ifp, struct mb */ if (etype != ETHERTYPE_MPLS && m->m_pkthdr.len > ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS)) { +#ifdef DIAGNOSTIC mutex_enter(_lock); if (ppsratecheck(_last, _count, bigpktppslim)) { @@ -619,6 +622,8 @@ ether_input(struct ifnet *ifp, struct mb ifp->if_xname, m->m_pkthdr.len); } mutex_exit(_lock); +#endif + ifp->if_iqdrops++; m_freem(m); return; } @@ -1717,6 +1722,8 @@ void etherinit(void) { +#ifdef DIAGNOSTIC mutex_init(_lock, MUTEX_DEFAULT, IPL_NET); +#endif ether_sysctl_setup(NULL); }
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 17:02:25 UTC 2019 Modified Files: src/sys/net [netbsd-9]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #292): sys/net/if_ethersubr.c: revision 1.277 sys/net/if_ethersubr.c: revision 1.278 Increment if_iqdrops when dropping an oversized frame. - Print oversized frame's message only when DIAGNOSTIC is set. The message is not so important because we increment if_iqdrops now. To generate a diff of this commit: cvs rdiff -u -r1.276 -r1.276.2.1 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 3 17:12:53 UTC 2019 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #272): sys/net/route.c: revision 1.222 sys/net/route.c: revision 1.224 sys/net/route.c: revision 1.225 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r - Fix a ifa_release() leak for a specific struct rt_addrinfo. ok by ozaki-r@n.o - Revert route.c:r1.224 to fix net/arp/t_arp and net/ndp/t_ndp failure. And refactor a little. Discussed with ozaki-r@n.o. To generate a diff of this commit: cvs rdiff -u -r1.219.2.1 -r1.219.2.2 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.219.2.1 src/sys/net/route.c:1.219.2.2 --- src/sys/net/route.c:1.219.2.1 Tue Sep 24 03:10:35 2019 +++ src/sys/net/route.c Thu Oct 3 17:12:53 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.219.2.1 2019/09/24 03:10:35 martin Exp $ */ +/* $NetBSD: route.c,v 1.219.2.2 2019/10/03 17:12:53 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.1 2019/09/24 03:10:35 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.2 2019/10/03 17:12:53 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -1387,47 +1387,48 @@ rt_setgate(struct rtentry *rt, const str } static struct ifaddr * -rt_update_get_ifa(const struct rt_addrinfo info, const struct rtentry *rt, +rt_update_get_ifa(const struct rt_addrinfo *info, const struct rtentry *rt, struct ifnet **ifp, struct psref *psref_ifp, struct psref *psref) { struct ifaddr *ifa = NULL; *ifp = NULL; - if (info.rti_info[RTAX_IFP] != NULL) { - ifa = ifa_ifwithnet_psref(info.rti_info[RTAX_IFP], psref); + if (info->rti_info[RTAX_IFP] != NULL) { + ifa = ifa_ifwithnet_psref(info->rti_info[RTAX_IFP], psref); if (ifa == NULL) goto next; *ifp = ifa->ifa_ifp; if_acquire(*ifp, psref_ifp); - if (info.rti_info[RTAX_IFA] == NULL && - info.rti_info[RTAX_GATEWAY] == NULL) - goto next; + if (info->rti_info[RTAX_IFA] == NULL && + info->rti_info[RTAX_GATEWAY] == NULL) + goto out; ifa_release(ifa, psref); - if (info.rti_info[RTAX_IFA] == NULL) { + if (info->rti_info[RTAX_IFA] == NULL) { /* route change -ifp */ - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_GATEWAY], - *ifp, psref); + ifa = ifaof_ifpforaddr_psref( + info->rti_info[RTAX_GATEWAY], *ifp, psref); } else { /* route change -ifp -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], + psref); if (ifa != NULL) goto out; - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_IFA], + ifa = ifaof_ifpforaddr_psref(info->rti_info[RTAX_IFA], *ifp, psref); } goto out; } next: - if (info.rti_info[RTAX_IFA] != NULL) { + if (info->rti_info[RTAX_IFA] != NULL) { /* route change -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], psref); if (ifa != NULL) goto out; } - if (info.rti_info[RTAX_GATEWAY] != NULL) { + if (info->rti_info[RTAX_GATEWAY] != NULL) { /* route change */ ifa = ifa_ifwithroute_psref(rt->rt_flags, rt_getkey(rt), - info.rti_info[RTAX_GATEWAY], psref); + info->rti_info[RTAX_GATEWAY], psref); } out: if (ifa != NULL && *ifp == NULL) { @@ -1487,7 +1488,7 @@ rt_update(struct rtentry *rt, struct rt_ * flags may also be different; ifp may be specified * by ll sockaddr when protocol address is ambiguous */ - new_ifa = rt_update_get_ifa(*info, rt, _ifp, _new_ifp, + new_ifa = rt_update_get_ifa(info, rt, _ifp, _new_ifp, _new_ifa); if (new_ifa != NULL) { ifa_release(ifa, _ifa);
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 3 17:12:53 UTC 2019 Modified Files: src/sys/net [netbsd-9]: route.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #272): sys/net/route.c: revision 1.222 sys/net/route.c: revision 1.224 sys/net/route.c: revision 1.225 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r - Fix a ifa_release() leak for a specific struct rt_addrinfo. ok by ozaki-r@n.o - Revert route.c:r1.224 to fix net/arp/t_arp and net/ndp/t_ndp failure. And refactor a little. Discussed with ozaki-r@n.o. To generate a diff of this commit: cvs rdiff -u -r1.219.2.1 -r1.219.2.2 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 7 08:28:37 UTC 2019 Modified Files: src/sys/net/npf [netbsd-9]: npf.c npf_conn.c npf_conn.h Log Message: Pull up following revision(s) (requested by rmind in ticket #25): sys/net/npf/npf_conn.h: revision 1.17 sys/net/npf/npf.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.28 sys/net/npf/npf_conn.c: revision 1.29 Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures. - npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@) To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.38.2.1 src/sys/net/npf/npf.c cvs rdiff -u -r1.27 -r1.27.2.1 src/sys/net/npf/npf_conn.c cvs rdiff -u -r1.16 -r1.16.2.1 src/sys/net/npf/npf_conn.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf.c diff -u src/sys/net/npf/npf.c:1.38 src/sys/net/npf/npf.c:1.38.2.1 --- src/sys/net/npf/npf.c:1.38 Tue Jul 23 00:52:01 2019 +++ src/sys/net/npf/npf.c Wed Aug 7 08:28:37 2019 @@ -33,7 +33,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.38 2019/07/23 00:52:01 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.38.2.1 2019/08/07 08:28:37 martin Exp $"); #include #include @@ -79,13 +79,17 @@ npf_create(int flags, const npf_mbufops_ npf_param_init(npf); npf_state_sysinit(npf); npf_ifmap_init(npf, ifops); - npf_conn_init(npf, flags); + npf_conn_init(npf); npf_portmap_init(npf); npf_alg_init(npf); npf_ext_init(npf); /* Load an empty configuration. */ npf_config_init(npf); + + if ((flags & NPF_NO_GC) == 0) { + npf_worker_register(npf, npf_conn_worker); + } return npf; } Index: src/sys/net/npf/npf_conn.c diff -u src/sys/net/npf/npf_conn.c:1.27 src/sys/net/npf/npf_conn.c:1.27.2.1 --- src/sys/net/npf/npf_conn.c:1.27 Tue Jul 23 00:52:01 2019 +++ src/sys/net/npf/npf_conn.c Wed Aug 7 08:28:37 2019 @@ -107,7 +107,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.27 2019/07/23 00:52:01 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.27.2.1 2019/08/07 08:28:37 martin Exp $"); #include #include @@ -149,7 +149,7 @@ static nvlist_t *npf_conn_export(npf_t * */ void -npf_conn_init(npf_t *npf, int flags) +npf_conn_init(npf_t *npf) { npf->conn_cache[0] = pool_cache_init( offsetof(npf_conn_t, c_keys[NPF_CONNKEY_V4WORDS * 2]), @@ -161,10 +161,6 @@ npf_conn_init(npf_t *npf, int flags) mutex_init(>conn_lock, MUTEX_DEFAULT, IPL_NONE); npf->conn_tracking = CONN_TRACKING_OFF; npf->conn_db = npf_conndb_create(); - - if ((flags & NPF_NO_GC) == 0) { - npf_worker_register(npf, npf_conn_worker); - } npf_conndb_sysinit(npf); } @@ -429,6 +425,7 @@ npf_conn_establish(npf_cache_t *npc, int con->c_proto = npc->npc_proto; CTASSERT(sizeof(con->c_proto) >= sizeof(npc->npc_proto)); + con->c_alen = alen; /* Initialize the protocol state. */ if (!npf_state_init(npc, >c_state)) { @@ -499,9 +496,7 @@ err: void npf_conn_destroy(npf_t *npf, npf_conn_t *con) { - const npf_connkey_t *key = npf_conn_getforwkey(con); - const unsigned alen = NPF_CONNKEY_ALEN(key); - const unsigned idx __unused = NPF_CONNCACHE(alen); + const unsigned idx __unused = NPF_CONNCACHE(con->c_alen); KASSERT(con->c_refcnt == 0); @@ -794,6 +789,7 @@ npf_conn_export(npf_t *npf, npf_conn_t * fw = npf_conn_getforwkey(con); alen = NPF_CONNKEY_ALEN(fw); + KASSERT(alen == con->c_alen); bk = npf_conn_getbackkey(con, alen); kdict = npf_connkey_export(fw); Index: src/sys/net/npf/npf_conn.h diff -u src/sys/net/npf/npf_conn.h:1.16 src/sys/net/npf/npf_conn.h:1.16.2.1 --- src/sys/net/npf/npf_conn.h:1.16 Tue Jul 23 00:52:01 2019 +++ src/sys/net/npf/npf_conn.h Wed Aug 7 08:28:37 2019 @@ -50,7 +50,8 @@ struct npf_conn { * Protocol, address length, the interface ID (if zero, * then the state is global) and connection flags. */ - unsigned c_proto; + uint16_t c_proto; + uint16_t c_alen; unsigned c_ifid; unsigned c_flags; @@ -123,7 +124,7 @@ void npf_connkey_print(const npf_connke /* * Connection tracking interface. */ -void npf_conn_init(npf_t *, int); +void npf_conn_init(npf_t *); void npf_conn_fini(npf_t *); void npf_conn_tracking(npf_t *, bool); void npf_conn_load(npf_t *, npf_conndb_t *, bool);
CVS commit: [netbsd-9] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 7 08:28:37 UTC 2019 Modified Files: src/sys/net/npf [netbsd-9]: npf.c npf_conn.c npf_conn.h Log Message: Pull up following revision(s) (requested by rmind in ticket #25): sys/net/npf/npf_conn.h: revision 1.17 sys/net/npf/npf.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.28 sys/net/npf/npf_conn.c: revision 1.29 Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures. - npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@) To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.38.2.1 src/sys/net/npf/npf.c cvs rdiff -u -r1.27 -r1.27.2.1 src/sys/net/npf/npf_conn.c cvs rdiff -u -r1.16 -r1.16.2.1 src/sys/net/npf/npf_conn.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:40:11 UTC 2019 Modified Files: src/sys/net [netbsd-9]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #7): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.62 -r1.62.4.1 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/raw_usrreq.c diff -u src/sys/net/raw_usrreq.c:1.62 src/sys/net/raw_usrreq.c:1.62.4.1 --- src/sys/net/raw_usrreq.c:1.62 Fri Sep 7 06:13:14 2018 +++ src/sys/net/raw_usrreq.c Sun Aug 4 11:40:11 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_usrreq.c,v 1.62 2018/09/07 06:13:14 maxv Exp $ */ +/* $NetBSD: raw_usrreq.c,v 1.62.4.1 2019/08/04 11:40:11 martin Exp $ */ /* * Copyright (c) 1980, 1986, 1993 @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.62 2018/09/07 06:13:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.62.4.1 2019/08/04 11:40:11 martin Exp $"); #include #include @@ -110,12 +110,12 @@ raw_input(struct mbuf *m0, struct sockpr } if (last != NULL) { if (sbappendaddr(>so_rcv, src, m, NULL) == 0) { - m_free(m); + m_freem(m); soroverflow(last); } else sorwakeup(last); } else { - m_free(m); + m_freem(m); } }
CVS commit: [netbsd-9] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:40:11 UTC 2019 Modified Files: src/sys/net [netbsd-9]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #7): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.62 -r1.62.4.1 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.