svn commit: r360772 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:50:34 2020
New Revision: 360772
URL: https://svnweb.freebsd.org/changeset/base/360772
Log:
MFC r360671: Avoid integer underflow
Avoid underflowing a variable, which would result in taking more
data from the stream queues then needed.
Thanks to Timo Voelker for finding this bug and providing a fix.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 03:48:59 2020
(r360771)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:50:34 2020
(r360772)
@@ -7763,7 +7763,11 @@ sctp_fill_outqueue(struct sctp_tcb *stcb,
}
strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net,
asoc);
total_moved += moved;
- space_left -= moved;
+ if (space_left >= moved) {
+ space_left -= moved;
+ } else {
+ space_left = 0;
+ }
if (space_left >= SCTP_DATA_CHUNK_OVERHEAD(stcb)) {
space_left -= SCTP_DATA_CHUNK_OVERHEAD(stcb);
} else {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360771 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:48:59 2020
New Revision: 360771
URL: https://svnweb.freebsd.org/changeset/base/360771
Log:
MFC r360662: Fix a bug in SCTP SACK generation
Fix the computation of the numbers of entries of the mapping array to
look at when generating a SACK. This was wrong in case of sequence
numbers wrap arounds.
Thanks to Gwenael FOURRE for reporting the issue for the userland stack:
https://github.com/sctplab/usrsctp/issues/462
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 03:44:35 2020
(r360770)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:48:59 2020
(r360771)
@@ -10713,7 +10713,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked
if (highest_tsn > asoc->mapping_array_base_tsn) {
siz = (((highest_tsn - asoc->mapping_array_base_tsn) +
1) + 7) / 8;
} else {
- siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7)
/ 8;
+ siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) +
highest_tsn + 7) / 8;
}
} else {
sack = NULL;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360770 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:44:35 2020
New Revision: 360770
URL: https://svnweb.freebsd.org/changeset/base/360770
Log:
MFC r360193, r360209: Improve input validation ofor AUTH chunks
Improve input validation when processing AUTH chunks.
Thanks to Natalie Silvanovich from Google for finding and reporting the
issue found by her in the SCTP userland stack.
Modified:
stable/11/sys/netinet/sctp_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==
--- stable/11/sys/netinet/sctp_input.c Thu May 7 03:37:22 2020
(r360769)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 03:44:35 2020
(r360770)
@@ -2098,7 +2098,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in
int init_offset, initack_offset, initack_limit;
int retval;
int error = 0;
- uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE];
+ uint8_t auth_chunk_buf[SCTP_CHUNK_BUFFER_SIZE];
#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
struct socket *so;
@@ -2277,8 +2277,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in
if (auth_skipped) {
struct sctp_auth_chunk *auth;
- auth = (struct sctp_auth_chunk *)
- sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
+ if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) {
+ auth = (struct sctp_auth_chunk *)sctp_m_getptr(m,
auth_offset, auth_len, auth_chunk_buf);
+ } else {
+ auth = NULL;
+ }
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m,
auth_offset)) {
/* auth HMAC failed, dump the assoc and packet */
SCTPDBG(SCTP_DEBUG_AUTH1,
@@ -4671,11 +4674,13 @@ sctp_process_control(struct mbuf *m, int iphlen, int *
if (auth_skipped && (stcb != NULL)) {
struct sctp_auth_chunk *auth;
- auth = (struct sctp_auth_chunk *)
- sctp_m_getptr(m, auth_offset,
- auth_len, chunk_buf);
- got_auth = 1;
- auth_skipped = 0;
+ if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) {
+ auth = (struct sctp_auth_chunk
*)sctp_m_getptr(m, auth_offset, auth_len, chunk_buf);
+ got_auth = 1;
+ auth_skipped = 0;
+ } else {
+ auth = NULL;
+ }
if ((auth == NULL) || sctp_handle_auth(stcb,
auth, m,
auth_offset)) {
/* auth HMAC failed so dump it */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360769 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:37:22 2020
New Revision: 360769
URL: https://svnweb.freebsd.org/changeset/base/360769
Log:
MFC r359131: Fix MTU candidates
The MTU candidates MUST be a multiple of 4, so make them so.
Modified:
stable/11/sys/netinet/sctputil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctputil.c
==
--- stable/11/sys/netinet/sctputil.cThu May 7 03:29:18 2020
(r360768)
+++ stable/11/sys/netinet/sctputil.cThu May 7 03:37:22 2020
(r360769)
@@ -859,7 +859,7 @@ static uint32_t sctp_mtu_sizes[] = {
2048,
4352,
4464,
- 8166,
+ 8168,
17912,
32000,
65532
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360768 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:29:18 2020 New Revision: 360768 URL: https://svnweb.freebsd.org/changeset/base/360768 Log: MFC r358621: When using automatically generated flow labels and using TCP SYN cookies, use the same flow label for the segments sent during the handshake and after the handshake. This fixes a bug by making sure that sc_flowlabel is always stored in network byte order. Reviewed by: bz Sponsored by: Netflix, Inc. Differential Revision:https://reviews.freebsd.org/D23957 Modified: stable/11/sys/netinet/tcp_syncache.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/tcp_syncache.c == --- stable/11/sys/netinet/tcp_syncache.cThu May 7 03:27:10 2020 (r360767) +++ stable/11/sys/netinet/tcp_syncache.cThu May 7 03:29:18 2020 (r360768) @@ -2110,7 +2110,8 @@ syncookie_lookup(struct in_conninfo *inc, struct synca #ifdef INET6 case INC_ISIPV6: if (sotoinpcb(lso)->inp_flags & IN6P_AUTOFLOWLABEL) - sc->sc_flowlabel = sc->sc_iss & IPV6_FLOWLABEL_MASK; + sc->sc_flowlabel = + htonl(sc->sc_iss) & IPV6_FLOWLABEL_MASK; break; #endif } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360767 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:27:10 2020
New Revision: 360767
URL: https://svnweb.freebsd.org/changeset/base/360767
Log:
MFC r358169: Remove an unused timer type.
Modified:
stable/11/sys/netinet/sctp_constants.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_constants.h
==
--- stable/11/sys/netinet/sctp_constants.h Thu May 7 03:24:34 2020
(r360766)
+++ stable/11/sys/netinet/sctp_constants.h Thu May 7 03:27:10 2020
(r360767)
@@ -541,14 +541,13 @@ __FBSDID("$FreeBSD$");
#define SCTP_TIMER_TYPE_ASCONF 10
#define SCTP_TIMER_TYPE_SHUTDOWNGUARD 11
#define SCTP_TIMER_TYPE_AUTOCLOSE 12
-#define SCTP_TIMER_TYPE_EVENTWAKE 13
-#define SCTP_TIMER_TYPE_STRRESET14
-#define SCTP_TIMER_TYPE_INPKILL 15
-#define SCTP_TIMER_TYPE_ASOCKILL16
-#define SCTP_TIMER_TYPE_ADDR_WQ 17
-#define SCTP_TIMER_TYPE_PRIM_DELETED18
+#define SCTP_TIMER_TYPE_STRRESET 13
+#define SCTP_TIMER_TYPE_INPKILL14
+#define SCTP_TIMER_TYPE_ASOCKILL 15
+#define SCTP_TIMER_TYPE_ADDR_WQ16
+#define SCTP_TIMER_TYPE_PRIM_DELETED 17
/* add new timers here - and increment LAST */
-#define SCTP_TIMER_TYPE_LAST19
+#define SCTP_TIMER_TYPE_LAST 18
#define SCTP_IS_TIMER_TYPE_VALID(t)(((t) > SCTP_TIMER_TYPE_NONE) && \
((t) < SCTP_TIMER_TYPE_LAST))
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360766 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:24:34 2020
New Revision: 360766
URL: https://svnweb.freebsd.org/changeset/base/360766
Log:
MFC r358028: Fix SCTP stream scheduler bug
Fix the non-default stream schedulers such that do not interleave
user messages when it is now allowed.
Thanks to Christian Wright for reporting the issue for the userland
stack and providing a fix for the priority scheduler.
Modified:
stable/11/sys/netinet/sctp_ss_functions.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_ss_functions.c
==
--- stable/11/sys/netinet/sctp_ss_functions.c Thu May 7 03:22:57 2020
(r360765)
+++ stable/11/sys/netinet/sctp_ss_functions.c Thu May 7 03:24:34 2020
(r360766)
@@ -515,6 +515,9 @@ sctp_ss_prio_select(struct sctp_tcb *stcb SCTP_UNUSED,
{
struct sctp_stream_out *strq, *strqt, *strqn;
+ if (asoc->ss_data.locked_on_sending) {
+ return (asoc->ss_data.locked_on_sending);
+ }
strqt = asoc->ss_data.last_out_stream;
prio_again:
/* Find the next stream to use */
@@ -692,6 +695,9 @@ sctp_ss_fb_select(struct sctp_tcb *stcb SCTP_UNUSED, s
{
struct sctp_stream_out *strq = NULL, *strqt;
+ if (asoc->ss_data.locked_on_sending) {
+ return (asoc->ss_data.locked_on_sending);
+ }
if (asoc->ss_data.last_out_stream == NULL ||
TAILQ_FIRST(>ss_data.out.wheel) ==
TAILQ_LAST(>ss_data.out.wheel, sctpwheel_listhead)) {
strqt = TAILQ_FIRST(>ss_data.out.wheel);
@@ -898,6 +904,9 @@ sctp_ss_fcfs_select(struct sctp_tcb *stcb SCTP_UNUSED,
struct sctp_stream_out *strq;
struct sctp_stream_queue_pending *sp;
+ if (asoc->ss_data.locked_on_sending) {
+ return (asoc->ss_data.locked_on_sending);
+ }
sp = TAILQ_FIRST(>ss_data.out.list);
default_again:
if (sp != NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360765 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:22:57 2020
New Revision: 360765
URL: https://svnweb.freebsd.org/changeset/base/360765
Log:
MFC r358023: Don't use uninitialized memory
Don't use uninitialised stack memory if the sysctl variable
net.inet.tcp.hostcache.enable is set to 0.
The bug resulted in using possibly a too small MSS value or wrong
initial retransmission timer settings. Possibly the value used
for ssthresh was also wrong.
Submitted by: rscheff
Reviewed by: Cheng Cui, rgrimes@, tuexen@
Differential Revision:https://reviews.freebsd.org/D23687
Modified:
stable/11/sys/netinet/tcp_hostcache.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/tcp_hostcache.c
==
--- stable/11/sys/netinet/tcp_hostcache.c Thu May 7 03:20:01 2020
(r360764)
+++ stable/11/sys/netinet/tcp_hostcache.c Thu May 7 03:22:57 2020
(r360765)
@@ -435,8 +435,10 @@ tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_
{
struct hc_metrics *hc_entry;
- if (!V_tcp_use_hostcache)
+ if (!V_tcp_use_hostcache) {
+ bzero(hc_metrics_lite, sizeof(*hc_metrics_lite));
return;
+ }
/*
* Find the right bucket.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360764 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:20:01 2020
New Revision: 360764
URL: https://svnweb.freebsd.org/changeset/base/360764
Log:
MFC r357830: Improve handling of memory allocation failure
Don't panic under INVARIANTS when we can't allocate memory for storing
a vtag in time wait.
This issue was found by running syzkaller.
Modified:
stable/11/sys/netinet/sctp_pcb.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:17:52 2020
(r360763)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:20:01 2020
(r360764)
@@ -4637,9 +4637,6 @@ sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time,
SCTP_MALLOC(twait_block, struct sctp_tagblock *,
sizeof(struct sctp_tagblock), SCTP_M_TIMW);
if (twait_block == NULL) {
-#ifdef INVARIANTS
- panic("Can not alloc tagblock");
-#endif
return;
}
memset(twait_block, 0, sizeof(struct sctp_tagblock));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360763 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:17:52 2020
New Revision: 360763
URL: https://svnweb.freebsd.org/changeset/base/360763
Log:
MFC r357768: Optimize timer starting
Don't start an SCTP timer using a net, which has been removed.
Submitted by: Taylor Brandstetter
Modified:
stable/11/sys/netinet/sctp_pcb.c
stable/11/sys/netinet/sctputil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:15:59 2020
(r360762)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:17:52 2020
(r360763)
@@ -4483,6 +4483,7 @@ out:
SCTP_FROM_SCTP_PCB + SCTP_LOC_9);
sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net,
SCTP_FROM_SCTP_PCB + SCTP_LOC_10);
+ net->dest_state |= SCTP_ADDR_BEING_DELETED;
sctp_free_remote_addr(net);
}
Modified: stable/11/sys/netinet/sctputil.c
==
--- stable/11/sys/netinet/sctputil.cThu May 7 03:15:59 2020
(r360762)
+++ stable/11/sys/netinet/sctputil.cThu May 7 03:17:52 2020
(r360763)
@@ -2047,6 +2047,10 @@ sctp_timer_start(int t_type, struct sctp_inpcb *inp, s
if (stcb) {
SCTP_TCB_LOCK_ASSERT(stcb);
}
+ /* Don't restart timer on net that's been removed. */
+ if (net != NULL && (net->dest_state & SCTP_ADDR_BEING_DELETED)) {
+ return;
+ }
switch (t_type) {
case SCTP_TIMER_TYPE_ADDR_WQ:
/* Only 1 tick away :-) */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360762 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:15:59 2020
New Revision: 360762
URL: https://svnweb.freebsd.org/changeset/base/360762
Log:
MFC r357708: More timer cleanups
Stop the PMTU and HB timer when removing a net, not when freeing it.
Submitted by: Taylor Brandstetter
Modified:
stable/11/sys/netinet/sctp_pcb.c
stable/11/sys/netinet/sctp_var.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:14:00 2020
(r360761)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:15:59 2020
(r360762)
@@ -4428,8 +4428,10 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockadd
void
sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
{
+ struct sctp_inpcb *inp;
struct sctp_association *asoc;
+ inp = stcb->sctp_ep;
asoc = >asoc;
asoc->numnets--;
TAILQ_REMOVE(>nets, net, sctp_next);
@@ -4477,6 +4479,10 @@ out:
sctp_free_remote_addr(stcb->asoc.alternate);
stcb->asoc.alternate = NULL;
}
+ sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
+ SCTP_FROM_SCTP_PCB + SCTP_LOC_9);
+ sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net,
+ SCTP_FROM_SCTP_PCB + SCTP_LOC_10);
sctp_free_remote_addr(net);
}
@@ -6997,7 +7003,7 @@ sctp_drain_mbufs(struct sctp_tcb *stcb)
*/
asoc->last_revoke_count = cnt;
sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL,
- SCTP_FROM_SCTP_PCB + SCTP_LOC_16);
+ SCTP_FROM_SCTP_PCB + SCTP_LOC_11);
/* sa_ignore NO_NULL_CHK */
sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN,
SCTP_SO_NOT_LOCKED);
Modified: stable/11/sys/netinet/sctp_var.h
==
--- stable/11/sys/netinet/sctp_var.hThu May 7 03:14:00 2020
(r360761)
+++ stable/11/sys/netinet/sctp_var.hThu May 7 03:15:59 2020
(r360762)
@@ -185,8 +185,6 @@ extern struct pr_usrreqs sctp_usrreqs;
if ((__net)) { \
if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&(__net)->ref_count)) { \
(void)SCTP_OS_TIMER_STOP(&(__net)->rxt_timer.timer); \
- (void)SCTP_OS_TIMER_STOP(&(__net)->pmtu_timer.timer); \
- (void)SCTP_OS_TIMER_STOP(&(__net)->hb_timer.timer); \
if ((__net)->ro.ro_rt) { \
RTFREE((__net)->ro.ro_rt); \
(__net)->ro.ro_rt = NULL; \
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360761 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:14:00 2020
New Revision: 360761
URL: https://svnweb.freebsd.org/changeset/base/360761
Log:
MFC r357705: Cleanup timer handling
Submitted by: Taylor Brandstetter
Modified:
stable/11/sys/netinet/sctp_indata.c
stable/11/sys/netinet/sctp_output.c
stable/11/sys/netinet/sctp_pcb.c
stable/11/sys/netinet/sctputil.c
stable/11/sys/netinet/sctputil.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 03:12:07 2020
(r360760)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 03:14:00 2020
(r360761)
@@ -2661,7 +2661,8 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
* is pending, we got our first packet OR
* there are gaps or duplicates.
*/
-
(void)SCTP_OS_TIMER_STOP(>asoc.dack_timer.timer);
+ sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL,
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_19);
sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
}
} else {
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 03:12:07 2020
(r360760)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:14:00 2020
(r360761)
@@ -10068,7 +10068,8 @@ do_it_again:
*/
if (SCTP_OS_TIMER_PENDING(>asoc.dack_timer.timer)) {
sctp_send_sack(stcb, so_locked);
- (void)SCTP_OS_TIMER_STOP(>asoc.dack_timer.timer);
+ sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL,
+ SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3);
}
while (asoc->sent_queue_retran_cnt) {
/*-
@@ -10597,7 +10598,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked
if (stcb->asoc.delayed_ack) {
sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL,
- SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3);
+ SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4);
sctp_timer_start(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL);
} else {
@@ -10666,7 +10667,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked
if (stcb->asoc.delayed_ack) {
sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL,
- SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4);
+ SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5);
sctp_timer_start(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL);
} else {
@@ -12824,7 +12825,7 @@ sctp_lower_sosend(struct socket *so,
if (control) {
if (sctp_process_cmsgs_for_init(stcb, control,
)) {
sctp_free_assoc(inp, stcb,
SCTP_PCBFREE_FORCE,
- SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5);
+ SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6);
hold_tcblock = 0;
stcb = NULL;
goto out_unlocked;
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:12:07 2020
(r360760)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:14:00 2020
(r360761)
@@ -3547,7 +3547,6 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate,
}
if (cnt) {
/* Ok we have someone out there that will kill us */
- (void)SCTP_OS_TIMER_STOP(>sctp_ep.signature_change.timer);
#ifdef SCTP_LOG_CLOSING
sctp_log_closing(inp, NULL, 3);
#endif
@@ -3566,7 +3565,6 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate,
if ((inp->refcount) ||
(being_refed) ||
(inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
- (void)SCTP_OS_TIMER_STOP(>sctp_ep.signature_change.timer);
#ifdef SCTP_LOG_CLOSING
sctp_log_closing(inp, NULL, 4);
#endif
@@ -4764,35 +4762,8 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc
return (0);
}
}
- /* now clean up any other timers */
-
svn commit: r360760 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:12:07 2020
New Revision: 360760
URL: https://svnweb.freebsd.org/changeset/base/360760
Log:
MFC r357501: Remote unused timer.
Submitted by: Taylor Brandstetter
Modified:
stable/11/sys/netinet/sctp_pcb.c
stable/11/sys/netinet/sctp_structs.h
stable/11/sys/netinet/sctputil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:08:00 2020
(r360759)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:12:07 2020
(r360760)
@@ -2745,7 +2745,6 @@ sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, st
stcb->asoc.strreset_timer.ep = (void *)new_inp;
stcb->asoc.shut_guard_timer.ep = (void *)new_inp;
stcb->asoc.autoclose_timer.ep = (void *)new_inp;
- stcb->asoc.delayed_event_timer.ep = (void *)new_inp;
stcb->asoc.delete_prim_timer.ep = (void *)new_inp;
/* now what about the nets? */
TAILQ_FOREACH(net, >asoc.nets, sctp_next) {
@@ -4410,7 +4409,6 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockadd
SCTP_OS_TIMER_INIT(>asconf_timer.timer);
SCTP_OS_TIMER_INIT(>shut_guard_timer.timer);
SCTP_OS_TIMER_INIT(>autoclose_timer.timer);
- SCTP_OS_TIMER_INIT(>delayed_event_timer.timer);
SCTP_OS_TIMER_INIT(>delete_prim_timer.timer);
LIST_INSERT_HEAD(>sctp_asoc_list, stcb, sctp_tcblist);
@@ -4784,8 +4782,6 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc
asoc->autoclose_timer.self = NULL;
(void)SCTP_OS_TIMER_STOP(>shut_guard_timer.timer);
asoc->shut_guard_timer.self = NULL;
- (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer);
- asoc->delayed_event_timer.self = NULL;
/* Mobility adaptation */
(void)SCTP_OS_TIMER_STOP(>delete_prim_timer.timer);
asoc->delete_prim_timer.self = NULL;
@@ -4970,7 +4966,6 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc
(void)SCTP_OS_TIMER_STOP(>asconf_timer.timer);
(void)SCTP_OS_TIMER_STOP(>shut_guard_timer.timer);
(void)SCTP_OS_TIMER_STOP(>autoclose_timer.timer);
- (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer);
TAILQ_FOREACH(net, >nets, sctp_next) {
(void)SCTP_OS_TIMER_STOP(>rxt_timer.timer);
(void)SCTP_OS_TIMER_STOP(>pmtu_timer.timer);
Modified: stable/11/sys/netinet/sctp_structs.h
==
--- stable/11/sys/netinet/sctp_structs.hThu May 7 03:08:00 2020
(r360759)
+++ stable/11/sys/netinet/sctp_structs.hThu May 7 03:12:07 2020
(r360760)
@@ -804,7 +804,6 @@ struct sctp_association {
struct sctp_timer strreset_timer; /* stream reset */
struct sctp_timer shut_guard_timer; /* shutdown guard */
struct sctp_timer autoclose_timer; /* automatic close timer */
- struct sctp_timer delayed_event_timer; /* timer for delayed events */
struct sctp_timer delete_prim_timer;/* deleting primary dst */
/* list of restricted local addresses */
Modified: stable/11/sys/netinet/sctputil.c
==
--- stable/11/sys/netinet/sctputil.cThu May 7 03:08:00 2020
(r360759)
+++ stable/11/sys/netinet/sctputil.cThu May 7 03:12:07 2020
(r360760)
@@ -786,7 +786,6 @@ sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb)
(void)SCTP_OS_TIMER_STOP(>strreset_timer.timer);
(void)SCTP_OS_TIMER_STOP(>asconf_timer.timer);
(void)SCTP_OS_TIMER_STOP(>autoclose_timer.timer);
- (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer);
TAILQ_FOREACH(net, >nets, sctp_next) {
(void)SCTP_OS_TIMER_STOP(>pmtu_timer.timer);
(void)SCTP_OS_TIMER_STOP(>hb_timer.timer);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360759 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:08:00 2020
New Revision: 360759
URL: https://svnweb.freebsd.org/changeset/base/360759
Log:
MFC r357500: Improve dubug information
Improve numbering of debug information.
Submitted by: Taylor Brandstetter
Modified:
stable/11/sys/netinet/sctp_constants.h
stable/11/sys/netinet/sctp_indata.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_constants.h
==
--- stable/11/sys/netinet/sctp_constants.h Thu May 7 03:01:01 2020
(r360758)
+++ stable/11/sys/netinet/sctp_constants.h Thu May 7 03:08:00 2020
(r360759)
@@ -805,7 +805,7 @@ __FBSDID("$FreeBSD$");
#define SCTP_LOC_33 0x0021
#define SCTP_LOC_34 0x0022
#define SCTP_LOC_35 0x0023
-
+#define SCTP_LOC_36 0x0024
/* Free assoc codes */
#define SCTP_NORMAL_PROC 0
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 03:01:01 2020
(r360758)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 03:08:00 2020
(r360759)
@@ -1752,7 +1752,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc
* Need to send an abort since we had a empty data chunk.
*/
op_err = sctp_generate_no_user_data_cause(tsn);
- stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA +
SCTP_LOC_14;
+ stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA +
SCTP_LOC_15;
sctp_abort_an_association(stcb->sctp_ep, stcb, op_err,
SCTP_SO_NOT_LOCKED);
*abort_flag = 1;
return (0);
@@ -1890,7 +1890,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc
snprintf(msg, sizeof(msg), "Reassembly problem
(MID=%8.8x)", mid);
err_out:
op_err =
sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
- stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
+ stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
sctp_abort_an_association(stcb->sctp_ep, stcb,
op_err, SCTP_SO_NOT_LOCKED);
*abort_flag = 1;
return (0);
@@ -2039,7 +2039,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc
(uint16_t)mid);
}
op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION,
msg);
- stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA +
SCTP_LOC_16;
+ stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA +
SCTP_LOC_17;
sctp_abort_an_association(stcb->sctp_ep, stcb, op_err,
SCTP_SO_NOT_LOCKED);
*abort_flag = 1;
return (0);
@@ -2611,7 +2611,7 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
if (SCTP_OS_TIMER_PENDING(>asoc.dack_timer.timer)) {
sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
stcb->sctp_ep, stcb, NULL,
- SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_18);
}
sctp_send_shutdown(stcb,
((stcb->asoc.alternate) ? stcb->asoc.alternate :
stcb->asoc.primary_destination));
@@ -2764,7 +2764,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o
snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received
when DATA was negotiated");
op_err =
sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
- stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA
+ SCTP_LOC_18;
+ stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA
+ SCTP_LOC_20;
sctp_abort_an_association(inp, stcb, op_err,
SCTP_SO_NOT_LOCKED);
return (2);
}
@@ -2775,7 +2775,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o
snprintf(msg, sizeof(msg), "%s", "DATA chunk received
when I-DATA was negotiated");
op_err =
sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
- stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA
+ SCTP_LOC_19;
+ stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA
+ SCTP_LOC_21;
sctp_abort_an_association(inp, stcb, op_err,
SCTP_SO_NOT_LOCKED);
return (2);
}
@@ -2800,7 +2800,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o
ch->chunk_type == SCTP_DATA ? "DATA" :
svn commit: r360758 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 03:01:01 2020
New Revision: 360758
URL: https://svnweb.freebsd.org/changeset/base/360758
Log:
MFC r356660: Avoid division by zero
Fix division by zero issue.
Thanks to Stas Denisov for reporting the issue for the userland stack
and providing a fix.
Modified:
stable/11/sys/netinet/sctp_cc_functions.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_cc_functions.c
==
--- stable/11/sys/netinet/sctp_cc_functions.c Thu May 7 02:57:33 2020
(r360757)
+++ stable/11/sys/netinet/sctp_cc_functions.c Thu May 7 03:01:01 2020
(r360758)
@@ -1874,7 +1874,7 @@ htcp_cong_time(struct htcp *ca)
static inline uint32_t
htcp_ccount(struct htcp *ca)
{
- return (htcp_cong_time(ca) / ca->minRTT);
+ return (ca->minRTT == 0 ? htcp_cong_time(ca) : htcp_cong_time(ca) /
ca->minRTT);
}
static inline void
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360757 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:57:33 2020
New Revision: 360757
URL: https://svnweb.freebsd.org/changeset/base/360757
Log:
MFC r356378: Improve SCTP iterator
Don't make the sendall iterator as being up if it could not be started.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 02:55:08 2020
(r360756)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:57:33 2020
(r360757)
@@ -6926,7 +6926,7 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio,
(void *)ca, 0,
sctp_sendall_completes, inp, 1);
if (ret) {
- SCTP_PRINTF("Failed to initiate iterator for sendall\n");
+ inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP;
SCTP_FREE(ca, SCTP_M_COPYAL);
SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL,
SCTP_FROM_SCTP_OUTPUT, EFAULT);
return (EFAULT);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360756 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:55:08 2020
New Revision: 360756
URL: https://svnweb.freebsd.org/changeset/base/360756
Log:
MFC r356377: Improve consistency
Return -1 consistently if an error occurs.
Modified:
stable/11/sys/netinet/sctp_pcb.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 02:53:02 2020
(r360755)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 02:55:08 2020
(r360756)
@@ -7134,7 +7134,7 @@ sctp_initiate_iterator(inp_func inpf,
SCTP_M_ITER);
if (it == NULL) {
SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB,
ENOMEM);
- return (ENOMEM);
+ return (-1);
}
memset(it, 0, sizeof(*it));
it->function_assoc = af;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360755 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:53:02 2020
New Revision: 360755
URL: https://svnweb.freebsd.org/changeset/base/360755
Log:
MFC r356376: Fix SCTP iterator issue
Ensure that we don't miss a trigger for kicking off the SCTP iterator.
Reported by: nwhitehorn
Modified:
stable/11/sys/netinet/sctputil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctputil.c
==
--- stable/11/sys/netinet/sctputil.cThu May 7 02:46:57 2020
(r360754)
+++ stable/11/sys/netinet/sctputil.cThu May 7 02:53:02 2020
(r360755)
@@ -1472,12 +1472,11 @@ no_stcb:
void
sctp_iterator_worker(void)
{
- struct sctp_iterator *it, *nit;
+ struct sctp_iterator *it;
/* This function is called with the WQ lock in place */
-
sctp_it_ctl.iterator_running = 1;
- TAILQ_FOREACH_SAFE(it, _it_ctl.iteratorhead, sctp_nxt_itr, nit) {
+ while ((it = TAILQ_FIRST(_it_ctl.iteratorhead)) != NULL) {
/* now lets work on this one */
TAILQ_REMOVE(_it_ctl.iteratorhead, it, sctp_nxt_itr);
SCTP_IPI_ITERATOR_WQ_UNLOCK();
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360754 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:46:57 2020 New Revision: 360754 URL: https://svnweb.freebsd.org/changeset/base/360754 Log: MFC r356271: Whitespace change Remove empty line which was added in r356270 by accident. Modified: stable/11/sys/netinet/sctp.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp.h == --- stable/11/sys/netinet/sctp.hThu May 7 02:45:42 2020 (r360753) +++ stable/11/sys/netinet/sctp.hThu May 7 02:46:57 2020 (r360754) @@ -1,4 +1,3 @@ - /*- * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360753 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:45:42 2020
New Revision: 360753
URL: https://svnweb.freebsd.org/changeset/base/360753
Log:
MFC r356270: Improve input validation
Improve input validation of the spp_pathmtu field in the
SCTP_PEER_ADDR_PARAMS socket option. The code in the stack assumes
sane values for the MTU.
This issue was found by running an instance of syzkaller.
Modified:
stable/11/sys/netinet/sctp.h
stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp.h
==
--- stable/11/sys/netinet/sctp.hThu May 7 02:40:08 2020
(r360752)
+++ stable/11/sys/netinet/sctp.hThu May 7 02:45:42 2020
(r360753)
@@ -1,3 +1,4 @@
+
/*-
* Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
* Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
@@ -583,8 +584,10 @@ struct sctp_error_auth_invalid_hmac {
#define SCTP_MOBILITY_PRIM_DELETED 0x0004
-#define SCTP_SMALLEST_PMTU 512 /* smallest pmtu allowed when disabling PMTU
-* discovery */
+/* Smallest PMTU allowed when disabling PMTU discovery */
+#define SCTP_SMALLEST_PMTU 512
+/* Largest PMTU allowed when disabling PMTU discovery */
+#define SCTP_LARGEST_PMTU 65536
#undef SCTP_PACKED
Modified: stable/11/sys/netinet/sctp_usrreq.c
==
--- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:40:08 2020
(r360752)
+++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:45:42 2020
(r360753)
@@ -5363,6 +5363,14 @@ sctp_setopt(struct socket *so, int optname, void *optv
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
return (EINVAL);
}
+ if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) &&
+ ((paddrp->spp_pathmtu < SCTP_SMALLEST_PMTU) ||
+ (paddrp->spp_pathmtu > SCTP_LARGEST_PMTU))) {
+ if (stcb)
+ SCTP_TCB_UNLOCK(stcb);
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ return (EINVAL);
+ }
if (stcb != NULL) {
/TCB SPECIFIC SET
**/
@@ -5394,7 +5402,7 @@ sctp_setopt(struct socket *so, int optname, void *optv
sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
}
}
- if ((paddrp->spp_flags &
SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) {
+ if (paddrp->spp_flags &
SPP_PMTUD_DISABLE) {
if
(SCTP_OS_TIMER_PENDING(>pmtu_timer.timer)) {
sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
SCTP_FROM_SCTP_USRREQ + SCTP_LOC_11);
@@ -5536,7 +5544,7 @@ sctp_setopt(struct socket *so, int optname, void *optv
}
sctp_stcb_feature_on(inp, stcb,
SCTP_PCB_FLAGS_DONOT_HEARTBEAT);
}
- if ((paddrp->spp_flags &
SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) {
+ if (paddrp->spp_flags &
SPP_PMTUD_DISABLE) {
TAILQ_FOREACH(net,
>asoc.nets, sctp_next) {
if
(SCTP_OS_TIMER_PENDING(>pmtu_timer.timer)) {
sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
@@ -5635,9 +5643,7 @@ sctp_setopt(struct socket *so, int optname, void *optv
inp->sctp_ep.default_mtu = 0;
sctp_feature_off(inp,
SCTP_PCB_FLAGS_DO_NOT_PMTUD);
} else if (paddrp->spp_flags &
SPP_PMTUD_DISABLE) {
- if (paddrp->spp_pathmtu >=
SCTP_SMALLEST_PMTU) {
-
inp->sctp_ep.default_mtu = paddrp->spp_pathmtu;
- }
+ inp->sctp_ep.default_mtu =
paddrp->spp_pathmtu;
svn commit: r360752 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:40:08 2020
New Revision: 360752
URL: https://svnweb.freebsd.org/changeset/base/360752
Log:
MFC r355931: Improve input validation
Improve input validation for some parameters having a too small
reported length.
Thanks to Natalie Silvanovich from Google for finding one of these
issues in the SCTP userland stack and reporting it.
Modified:
stable/11/sys/netinet/sctp_auth.c
stable/11/sys/netinet/sctp_pcb.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_auth.c
==
--- stable/11/sys/netinet/sctp_auth.c Thu May 7 02:34:58 2020
(r360751)
+++ stable/11/sys/netinet/sctp_auth.c Thu May 7 02:40:08 2020
(r360752)
@@ -1429,7 +1429,8 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, str
ptype = ntohs(phdr->param_type);
plen = ntohs(phdr->param_length);
- if ((plen == 0) || (offset + plen > length))
+ if ((plen < sizeof(struct sctp_paramhdr)) ||
+ (offset + plen > length))
break;
if (ptype == SCTP_RANDOM) {
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 02:34:58 2020
(r360751)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 02:40:08 2020
(r360752)
@@ -6205,7 +6205,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s
if (offset + plen > limit) {
break;
}
- if (plen == 0) {
+ if (plen < sizeof(struct sctp_paramhdr)) {
break;
}
#ifdef INET
@@ -6430,6 +6430,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s
}
if (plen > sizeof(lstore)) {
return (-23);
+ }
+ if (plen < sizeof(struct sctp_asconf_addrv4_param)) {
+ return (-101);
}
phdr = sctp_get_next_param(m, offset,
(struct sctp_paramhdr *),
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360751 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:34:58 2020
New Revision: 360751
URL: https://svnweb.freebsd.org/changeset/base/360751
Log:
MFC r355265: Restart RTT measurement
When changing the MTU of an SCTP path, not only cancel all ongoing
RTT measurements, but also scheldule new ones for the future.
Submitted by: Julius Flohr
Differential Revision:https://reviews.freebsd.org/D22547
Modified:
stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_usrreq.c
==
--- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:31:24 2020
(r360750)
+++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:34:58 2020
(r360751)
@@ -138,7 +138,10 @@ sctp_pathmtu_adjustment(struct sctp_tcb *stcb, uint16_
chk->rec.data.tsn);
}
/* Clear any time so NO RTT is being done */
- chk->do_rtt = 0;
+ if (chk->do_rtt == 1) {
+ chk->do_rtt = 0;
+ chk->whoTo->rto_needed = 1;
+ }
}
}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360750 - stable/11/sys/netinet6
Author: tuexen
Date: Thu May 7 02:31:24 2020
New Revision: 360750
URL: https://svnweb.freebsd.org/changeset/base/360750
Log:
MFC r355264: Handle PTB message consistent for SCTP/IPv[46]
Update the hostcache also for PTB messages received for SCTP/IPv6.
The corresponding code for SCTP/IPv4 was introduced in
https://svnweb.freebsd.org/base?view=revision=317597
Submitted by: Julius Flohr
Differential Revision:https://reviews.freebsd.org/D22605
Modified:
stable/11/sys/netinet6/sctp6_usrreq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet6/sctp6_usrreq.c
==
--- stable/11/sys/netinet6/sctp6_usrreq.c Thu May 7 02:28:30 2020
(r360749)
+++ stable/11/sys/netinet6/sctp6_usrreq.c Thu May 7 02:31:24 2020
(r360750)
@@ -238,6 +238,11 @@ sctp6_notify(struct sctp_inpcb *inp,
}
if (net->mtu > next_mtu) {
net->mtu = next_mtu;
+ if (net->port) {
+ sctp_hc_set_mtu(>ro._l_addr, inp->fibnum,
next_mtu + sizeof(struct udphdr));
+ } else {
+ sctp_hc_set_mtu(>ro._l_addr, inp->fibnum,
next_mtu);
+ }
}
/* Update the association MTU */
if (stcb->asoc.smallest_mtu > next_mtu) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360749 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:28:30 2020
New Revision: 360749
URL: https://svnweb.freebsd.org/changeset/base/360749
Log:
MFC r355172: Ignore assoc IDs on 1-to-1 style SCTP sockets.
Really ignore the SCTP association identifier on 1-to-1 style sockets
as requiresd by the socket API specification.
Thanks to Inaki Baz Castillo, who found this bug running the userland
stack with valgrind and reported the issue in
https://github.com/sctplab/usrsctp/issues/408
Modified:
stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_usrreq.c
==
--- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:25:58 2020
(r360748)
+++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:28:30 2020
(r360749)
@@ -1675,7 +1675,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (av->assoc_id == SCTP_FUTURE_ASSOC)) {
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (av->assoc_id == SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
if (inp->idata_supported) {
av->assoc_value = 1;
@@ -1705,7 +1706,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (av->assoc_id == SCTP_FUTURE_ASSOC)) {
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (av->assoc_id == SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
av->assoc_value = inp->sctp_cmt_on_off;
SCTP_INP_RUNLOCK(inp);
@@ -1731,7 +1733,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (av->assoc_id == SCTP_FUTURE_ASSOC)) {
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (av->assoc_id == SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
av->assoc_value =
inp->sctp_ep.sctp_default_cc_module;
SCTP_INP_RUNLOCK(inp);
@@ -1776,7 +1779,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (av->assoc_id == SCTP_FUTURE_ASSOC)) {
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (av->assoc_id == SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
av->assoc_value =
inp->sctp_ep.sctp_default_ss_module;
SCTP_INP_RUNLOCK(inp);
@@ -1914,7 +1918,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (av->assoc_id == SCTP_FUTURE_ASSOC)) {
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (av->assoc_id == SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
av->assoc_value = inp->sctp_context;
SCTP_INP_RUNLOCK(inp);
@@ -1990,7 +1995,8 @@ flags_out:
} else {
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)
||
(inp->sctp_flags &
SCTP_PCB_FLAGS_IN_TCPPOOL) ||
- (sack->sack_assoc_id == SCTP_FUTURE_ASSOC))
{
+ ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)
&&
+ (sack->sack_assoc_id ==
SCTP_FUTURE_ASSOC))) {
SCTP_INP_RLOCK(inp);
sack->sack_delay =
TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]);
sack->sack_freq =
svn commit: r360748 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:25:58 2020
New Revision: 360748
URL: https://svnweb.freebsd.org/changeset/base/360748
Log:
MFC r355135: Plug memory leaks
Plug two mbuf leaks during INIT-ACK handling.
One leak happens when there is not enough memory to allocate the
the resources for streams. The other leak happens if the are
unknown parameters in the received INIT-ACK chunk which require
reporting and the INIT-ACK requires sending an ABORT due to illegal
parameter combinations.
Hopefully this fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083
Modified:
stable/11/sys/netinet/sctp_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==
--- stable/11/sys/netinet/sctp_input.c Thu May 7 02:18:36 2020
(r360747)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 02:25:58 2020
(r360748)
@@ -494,6 +494,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
/* process the peer's parameters in the INIT-ACK */
retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb);
if (retval < 0) {
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
return (retval);
}
initack_limit = offset + ntohs(cp->ch.chunk_length);
@@ -501,6 +504,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
if ((retval = sctp_load_addresses_from_init(stcb, m,
(offset + sizeof(struct sctp_init_chunk)), initack_limit,
src, dst, NULL, stcb->asoc.port))) {
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
op_err =
sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
"Problem with address parameters");
SCTPDBG(SCTP_DEBUG_INPUT1,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360747 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:18:36 2020
New Revision: 360747
URL: https://svnweb.freebsd.org/changeset/base/360747
Log:
MFC r353452: Improve remote address scanning in SCTP
Ensure that local variables are reset to their initial value when
dealing with error cases in a loop over all remote addresses.
This issue was found and reported by OSS_Fuzz in:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18080
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18121
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18163
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 02:16:25 2020
(r360746)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:18:36 2020
(r360747)
@@ -7866,8 +7866,8 @@ sctp_med_chunk_output(struct sctp_inpcb *inp,
int bundle_at, ctl_cnt, no_data_chunks, eeor_mode;
unsigned int mtu, r_mtu, omtu, mx_mtu, to_out;
int tsns_sent = 0;
- uint32_t auth_offset = 0;
- struct sctp_auth_chunk *auth = NULL;
+ uint32_t auth_offset;
+ struct sctp_auth_chunk *auth;
uint16_t auth_keyid;
int override_ok = 1;
int skip_fill_up = 0;
@@ -8062,6 +8062,8 @@ again_one_more_time:
}
bundle_at = 0;
endoutchain = outchain = NULL;
+ auth = NULL;
+ auth_offset = 0;
no_fragmentflg = 1;
one_chunk = 0;
if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360746 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:16:25 2020
New Revision: 360746
URL: https://svnweb.freebsd.org/changeset/base/360746
Log:
MFC r353303: Improve SCTP packet handling
Validate length before use it, not vice versa.
r353060 should have contained this...
This fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18070
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:13:28 2020
(r360745)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:16:25 2020
(r360746)
@@ -332,11 +332,11 @@ sctp_process_asconf_delete_ip(struct sockaddr *src,
#endif
aparam_length = ntohs(aph->ph.param_length);
- ph = (struct sctp_paramhdr *)(aph + 1);
- param_type = ntohs(ph->param_type);
if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct
sctp_paramhdr)) {
return (NULL);
}
+ ph = (struct sctp_paramhdr *)(aph + 1);
+ param_type = ntohs(ph->param_type);
#if defined(INET) || defined(INET6)
param_length = ntohs(ph->param_length);
if (param_length + sizeof(struct sctp_asconf_paramhdr) !=
aparam_length) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360745 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:13:28 2020
New Revision: 360745
URL: https://svnweb.freebsd.org/changeset/base/360745
Log:
MFC r353145: Plump a memory leak
Plumb an mbuf leak in a code path that should not be taken. Also avoid
that this path is taken by setting the tail pointer correctly.
There is still bug related to handling unordered unfragmented messages
which were delayed in deferred handling.
This issue was found by OSS-Fuzz testing the usrsctp stack and reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17794
Modified:
stable/11/sys/netinet/sctp_indata.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 02:10:44 2020
(r360744)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 02:13:28 2020
(r360745)
@@ -714,6 +714,7 @@ sctp_add_to_tail_pointer(struct sctp_queued_to_read *c
}
if (control->tail_mbuf == NULL) {
/* TSNH */
+ sctp_m_freem(control->data);
control->data = m;
sctp_setup_tail_pointer(control);
return;
@@ -2117,10 +2118,13 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc
struct mbuf *mm;
control->data = dmbuf;
+ control->tail_mbuf = NULL;
for (mm = control->data; mm; mm = mm->m_next) {
control->length += SCTP_BUF_LEN(mm);
+ if (SCTP_BUF_NEXT(mm) == NULL) {
+ control->tail_mbuf = mm;
+ }
}
- control->tail_mbuf = NULL;
control->end_added = 1;
control->last_frag_seen = 1;
control->first_frag_seen = 1;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360744 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:10:44 2020
New Revision: 360744
URL: https://svnweb.freebsd.org/changeset/base/360744
Log:
MFC r353123: Fix use afterfreee.
Fix a use after free bug when removing remote addresses.
This bug was found by OSS-Fuzz and reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18004
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:08:44 2020
(r360743)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:10:44 2020
(r360744)
@@ -281,7 +281,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
static int
sctp_asconf_del_remote_addrs_except(struct sctp_tcb *stcb, struct sockaddr
*src)
{
- struct sctp_nets *src_net, *net;
+ struct sctp_nets *src_net, *net, *nnet;
/* make sure the source address exists as a destination net */
src_net = sctp_findnet(stcb, src);
@@ -291,10 +291,9 @@ sctp_asconf_del_remote_addrs_except(struct sctp_tcb *s
}
/* delete all destination addresses except the source */
- TAILQ_FOREACH(net, >asoc.nets, sctp_next) {
+ TAILQ_FOREACH_SAFE(net, >asoc.nets, sctp_next, nnet) {
if (net != src_net) {
/* delete this address */
- sctp_remove_net(stcb, net);
SCTPDBG(SCTP_DEBUG_ASCONF1,
"asconf_del_remote_addrs_except: deleting ");
SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1,
@@ -302,6 +301,7 @@ sctp_asconf_del_remote_addrs_except(struct sctp_tcb *s
/* notify upper layer */
sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0,
(struct sockaddr *)>ro._l_addr,
SCTP_SO_NOT_LOCKED);
+ sctp_remove_net(stcb, net);
}
}
return (0);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360743 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:08:44 2020
New Revision: 360743
URL: https://svnweb.freebsd.org/changeset/base/360743
Log:
MFC r353122: Plump memory leak
Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the
userland stack and reporting it in:
https://github.com/sctplab/usrsctp/issues/396
Modified:
stable/11/sys/netinet/sctp_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==
--- stable/11/sys/netinet/sctp_input.c Thu May 7 02:06:37 2020
(r360742)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 02:08:44 2020
(r360743)
@@ -464,6 +464,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
if (!cookie_found) {
uint16_t len;
+ /* Only report the missing cookie parameter */
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
len = (uint16_t)(sizeof(struct sctp_error_missing_param) +
sizeof(uint16_t));
/* We abort with an error of missing mandatory param */
op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360742 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:06:37 2020
New Revision: 360742
URL: https://svnweb.freebsd.org/changeset/base/360742
Log:
MFC r353119: Fix padding of COOKIE_ECHO chunks
Fix the adding of padding to COOKIE-ECHO chunks.
Thanks to Mark Wodrich who found this issue while fuzz testing the
usrsctp stack and reported the issue in
https://github.com/sctplab/usrsctp/issues/382
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 02:03:25 2020
(r360741)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:06:37 2020
(r360742)
@@ -9053,8 +9053,7 @@ sctp_send_cookie_echo(struct mbuf *m,
pad = 4 - pad;
}
if (pad > 0) {
- cookie = sctp_pad_lastmbuf(cookie, pad, NULL);
- if (cookie == NULL) {
+ if (sctp_pad_lastmbuf(cookie, pad, NULL) ==
NULL) {
return (-8);
}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360741 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:03:25 2020
New Revision: 360741
URL: https://svnweb.freebsd.org/changeset/base/360741
Log:
MFC r353071: Improve address parsing
When skipping the address parameter, take the padding into account.
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:01:04 2020
(r360740)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:03:25 2020
(r360741)
@@ -697,8 +697,8 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset
sctp_m_freem(m_ack);
return;
}
- /* param_length is already validated in process_control... */
- offset += ntohs(p_addr->ph.param_length); /* skip lookup addr */
+ /* skip lookup addr */
+ offset += SCTP_SIZE32(ntohs(p_addr->ph.param_length));
/* get pointer to first asconf param in ASCONF */
aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset,
sizeof(struct sctp_asconf_paramhdr), (uint8_t *)_buf);
if (aph == NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360740 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 02:01:04 2020
New Revision: 360740
URL: https://svnweb.freebsd.org/changeset/base/360740
Log:
MFC r353069: add required padding when sending ASCONF-ACK
Cleanup sctp_asconf_error_response() and ensure that the parameter
is padded as required. This fixes the followig bug reported by
OSS-Fuzz for the usersctp stack:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17790
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:56:49 2020
(r360739)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:01:04 2020
(r360740)
@@ -103,42 +103,47 @@ sctp_asconf_error_response(uint32_t id, uint16_t cause
struct mbuf *m_reply = NULL;
struct sctp_asconf_paramhdr *aph;
struct sctp_error_cause *error;
+ size_t buf_len;
+ uint16_t i, param_length, cause_length, padding_length;
uint8_t *tlv;
- m_reply = sctp_get_mbuf_for_msg((sizeof(struct sctp_asconf_paramhdr) +
- tlv_length +
- sizeof(struct sctp_error_cause)),
- 0, M_NOWAIT, 1, MT_DATA);
+ if (error_tlv == NULL) {
+ tlv_length = 0;
+ }
+ cause_length = sizeof(struct sctp_error_cause) + tlv_length;
+ param_length = sizeof(struct sctp_asconf_paramhdr) + cause_length;
+ padding_length = tlv_length % 4;
+ if (padding_length != 0) {
+ padding_length = 4 - padding_length;
+ }
+ buf_len = param_length + padding_length;
+ if (buf_len > MLEN) {
+ SCTPDBG(SCTP_DEBUG_ASCONF1,
+ "asconf_error_response: tlv_length (%xh) too big\n",
+ tlv_length);
+ return (NULL);
+ }
+ m_reply = sctp_get_mbuf_for_msg(buf_len, 0, M_NOWAIT, 1, MT_DATA);
if (m_reply == NULL) {
SCTPDBG(SCTP_DEBUG_ASCONF1,
"asconf_error_response: couldn't get mbuf!\n");
return (NULL);
}
aph = mtod(m_reply, struct sctp_asconf_paramhdr *);
- error = (struct sctp_error_cause *)(aph + 1);
-
- aph->correlation_id = id;
aph->ph.param_type = htons(SCTP_ERROR_CAUSE_IND);
+ aph->ph.param_length = htons(param_length);
+ aph->correlation_id = id;
+ error = (struct sctp_error_cause *)(aph + 1);
error->code = htons(cause);
- error->length = tlv_length + sizeof(struct sctp_error_cause);
- aph->ph.param_length = error->length +
- sizeof(struct sctp_asconf_paramhdr);
-
- if (aph->ph.param_length > MLEN) {
- SCTPDBG(SCTP_DEBUG_ASCONF1,
- "asconf_error_response: tlv_length (%xh) too big\n",
- tlv_length);
- sctp_m_freem(m_reply); /* discard */
- return (NULL);
- }
+ error->length = htons(cause_length);
if (error_tlv != NULL) {
tlv = (uint8_t *)(error + 1);
memcpy(tlv, error_tlv, tlv_length);
+ for (i = 0; i < padding_length; i++) {
+ tlv[tlv_length + i] = 0;
+ }
}
- SCTP_BUF_LEN(m_reply) = aph->ph.param_length;
- error->length = htons(error->length);
- aph->ph.param_length = htons(aph->ph.param_length);
-
+ SCTP_BUF_LEN(m_reply) = buf_len;
return (m_reply);
}
@@ -778,8 +783,6 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset
if (m_result != NULL) {
SCTP_BUF_NEXT(m_tail) = m_result;
m_tail = m_result;
- /* update lengths, make sure it's aligned too */
- SCTP_BUF_LEN(m_result) =
SCTP_SIZE32(SCTP_BUF_LEN(m_result));
ack_cp->ch.chunk_length += SCTP_BUF_LEN(m_result);
/* set flag to force success reports */
error = 1;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360739 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:56:49 2020
New Revision: 360739
URL: https://svnweb.freebsd.org/changeset/base/360739
Log:
MFC r353060: Improve input validation
Add missing input validation. This could result in reading from
uninitialized memory.
The issue was found by OSS-Fuzz for usrsctp and reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17780
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:55:08 2020
(r360738)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:56:49 2020
(r360739)
@@ -167,10 +167,16 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
#endif
aparam_length = ntohs(aph->ph.param_length);
+ if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct
sctp_paramhdr)) {
+ return (NULL);
+ }
ph = (struct sctp_paramhdr *)(aph + 1);
param_type = ntohs(ph->param_type);
#if defined(INET) || defined(INET6)
param_length = ntohs(ph->param_length);
+ if (param_length + sizeof(struct sctp_asconf_paramhdr) !=
aparam_length) {
+ return (NULL);
+ }
#endif
sa =
switch (param_type) {
@@ -323,8 +329,14 @@ sctp_process_asconf_delete_ip(struct sockaddr *src,
aparam_length = ntohs(aph->ph.param_length);
ph = (struct sctp_paramhdr *)(aph + 1);
param_type = ntohs(ph->param_type);
+ if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct
sctp_paramhdr)) {
+ return (NULL);
+ }
#if defined(INET) || defined(INET6)
param_length = ntohs(ph->param_length);
+ if (param_length + sizeof(struct sctp_asconf_paramhdr) !=
aparam_length) {
+ return (NULL);
+ }
#endif
sa =
switch (param_type) {
@@ -452,10 +464,16 @@ sctp_process_asconf_set_primary(struct sockaddr *src,
#endif
aparam_length = ntohs(aph->ph.param_length);
+ if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct
sctp_paramhdr)) {
+ return (NULL);
+ }
ph = (struct sctp_paramhdr *)(aph + 1);
param_type = ntohs(ph->param_type);
#if defined(INET) || defined(INET6)
param_length = ntohs(ph->param_length);
+ if (param_length + sizeof(struct sctp_asconf_paramhdr) !=
aparam_length) {
+ return (NULL);
+ }
#endif
sa =
switch (param_type) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360738 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:55:08 2020
New Revision: 360738
URL: https://svnweb.freebsd.org/changeset/base/360738
Log:
MFC r352894: Don't use uninitialized memory.
Don't use stack memory which is not initialized.
Thanks to Mark Wodrich for reporting this issue for the userland stack in
https://github.com/sctplab/usrsctp/issues/380
This issue was also found for usrsctp by OSS-fuzz in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:43:21 2020
(r360737)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:55:08 2020
(r360738)
@@ -234,6 +234,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
"process_asconf_add_ip: using source addr ");
SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src);
}
+ net = NULL;
/* add the address */
if (bad_address) {
m_reply = sctp_asconf_error_response(aph->correlation_id,
@@ -248,17 +249,19 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph,
aparam_length);
} else {
- /* notify upper layer */
- sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa,
SCTP_SO_NOT_LOCKED);
if (response_required) {
m_reply =
sctp_asconf_success_response(aph->correlation_id);
}
- sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep,
stcb, net);
- sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
- stcb, net);
- if (send_hb) {
- sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ if (net != NULL) {
+ /* notify upper layer */
+ sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa,
SCTP_SO_NOT_LOCKED);
+ sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE,
stcb->sctp_ep, stcb, net);
+ sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT,
stcb->sctp_ep,
+ stcb, net);
+ if (send_hb) {
+ sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ }
}
}
return (m_reply);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360737 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:43:21 2020
New Revision: 360737
URL: https://svnweb.freebsd.org/changeset/base/360737
Log:
MFC r352652: Fix memory leak
Plumb a memory leak.
Thnanks to Felix Weinrank for finding this issue using fuzz testing
and reporting it for the userland stack:
https://github.com/sctplab/usrsctp/issues/378
Modified:
stable/11/sys/netinet/sctp_indata.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 01:37:42 2020
(r360736)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:43:21 2020
(r360737)
@@ -470,6 +470,11 @@ sctp_clean_up_control(struct sctp_tcb *stcb, struct sc
chk->data = NULL;
sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
}
+ sctp_free_remote_addr(control->whoFrom);
+ if (control->data) {
+ sctp_m_freem(control->data);
+ control->data = NULL;
+ }
sctp_free_a_readq(stcb, control);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360736 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:37:42 2020
New Revision: 360736
URL: https://svnweb.freebsd.org/changeset/base/360736
Log:
MFC r352594: Improve SCTP locking
Don't hold the info lock when calling sctp_select_a_tag().
This avoids a double lock bug in the NAT colliding state processing
of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in
https://github.com/sctplab/usrsctp/issues/374
He found this bug using fuzz testing.
Modified:
stable/11/sys/netinet/sctp_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==
--- stable/11/sys/netinet/sctp_input.c Thu May 7 01:34:41 2020
(r360735)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 01:37:42 2020
(r360736)
@@ -702,34 +702,37 @@ static int
sctp_handle_nat_colliding_state(struct sctp_tcb *stcb)
{
/*
-* return 0 means we want you to proceed with the abort non-zero
-* means no abort processing
+* Return 0 means we want you to proceed with the abort non-zero
+* means no abort processing.
*/
+ uint32_t new_vtag;
struct sctpasochead *head;
if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
(SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
+ new_vtag = sctp_select_a_tag(stcb->sctp_ep,
stcb->sctp_ep->sctp_lport, stcb->rport, 1);
atomic_add_int(>asoc.refcnt, 1);
SCTP_TCB_UNLOCK(stcb);
SCTP_INP_INFO_WLOCK();
SCTP_TCB_LOCK(stcb);
atomic_subtract_int(>asoc.refcnt, 1);
+ } else {
+ return (0);
}
if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) {
/* generate a new vtag and send init */
LIST_REMOVE(stcb, sctp_asocs);
- stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep,
stcb->sctp_ep->sctp_lport, stcb->rport, 1);
+ stcb->asoc.my_vtag = new_vtag;
head =
_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
SCTP_BASE_INFO(hashasocmark))];
/*
* put it in the bucket in the vtag hash of assoc's for the
* system
*/
LIST_INSERT_HEAD(head, stcb, sctp_asocs);
- sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
SCTP_INP_INFO_WUNLOCK();
+ sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
return (1);
- }
- if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
+ } else {
/*
* treat like a case where the cookie expired i.e.: - dump
* current cookie. - generate a new vtag. - resend init.
@@ -739,15 +742,15 @@ sctp_handle_nat_colliding_state(struct sctp_tcb *stcb)
SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT);
sctp_stop_all_cookie_timers(stcb);
sctp_toss_old_cookies(stcb, >asoc);
- stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep,
stcb->sctp_ep->sctp_lport, stcb->rport, 1);
+ stcb->asoc.my_vtag = new_vtag;
head =
_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
SCTP_BASE_INFO(hashasocmark))];
/*
* put it in the bucket in the vtag hash of assoc's for the
* system
*/
LIST_INSERT_HEAD(head, stcb, sctp_asocs);
- sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
SCTP_INP_INFO_WUNLOCK();
+ sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
return (1);
}
return (0);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360735 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:34:41 2020
New Revision: 360735
URL: https://svnweb.freebsd.org/changeset/base/360735
Log:
MFC r352592:
Cleanup the RTO calculation and perform some consistency checks
before computing the RTO.
This should fix an overflow issue reported by Felix Weinrank in
https://github.com/sctplab/usrsctp/issues/375
for the userland stack and found by running a fuzz tester.
Modified:
stable/11/sys/netinet/sctp_indata.c
stable/11/sys/netinet/sctp_input.c
stable/11/sys/netinet/sctputil.c
stable/11/sys/netinet/sctputil.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 01:31:21 2020
(r360734)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:34:41 2020
(r360735)
@@ -3106,13 +3106,12 @@ sctp_process_segment_range(struct sctp_tcb *stcb, stru
* update RTO too ?
*/
if (tp1->do_rtt) {
- if (*rto_ok) {
-
tp1->whoTo->RTO =
-
sctp_calculate_rto(stcb,
-
>asoc,
-
tp1->whoTo,
-
>sent_rcv_time,
-
SCTP_RTT_FROM_DATA);
+ if (*rto_ok &&
+
sctp_calculate_rto(stcb,
+ >asoc,
+ tp1->whoTo,
+
>sent_rcv_time,
+
SCTP_RTT_FROM_DATA)) {
*rto_ok
= 0;
}
if
(tp1->whoTo->rto_needed == 0) {
@@ -4084,16 +4083,12 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32
/* update RTO too? */
if (tp1->do_rtt) {
- if (rto_ok) {
- tp1->whoTo->RTO
=
- /*
-* sa_ignore
-* NO_NULL_CHK
-*/
-
sctp_calculate_rto(stcb,
- asoc,
tp1->whoTo,
-
>sent_rcv_time,
-
SCTP_RTT_FROM_DATA);
+ if (rto_ok &&
+
sctp_calculate_rto(stcb,
+ >asoc,
+ tp1->whoTo,
+ >sent_rcv_time,
+
SCTP_RTT_FROM_DATA)) {
rto_ok = 0;
}
if
(tp1->whoTo->rto_needed == 0) {
@@ -4704,12 +4699,12 @@ hopeless_peer:
/* update RTO too? */
if (tp1->do_rtt) {
- if (rto_ok) {
- tp1->whoTo->RTO
=
-
sctp_calculate_rto(stcb,
- asoc,
tp1->whoTo,
-
>sent_rcv_time,
-
SCTP_RTT_FROM_DATA);
+
svn commit: r360734 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:31:21 2020
New Revision: 360734
URL: https://svnweb.freebsd.org/changeset/base/360734
Log:
MFC r352550: Fix invalid handling of ASCONF chunks
Fix the handling of invalid parameters in ASCONF chunks.
Thanks to Mark Wodrich from Google for reproting the issue in
https://github.com/sctplab/usrsctp/issues/376
for the userland stack.
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:28:59 2020
(r360733)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:31:21 2020
(r360734)
@@ -701,6 +701,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset
if (param_length <= sizeof(struct sctp_paramhdr)) {
SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param
length (%u) too short\n", param_length);
sctp_m_freem(m_ack);
+ return;
}
/* get the entire parameter */
aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset,
param_length, aparam_buf);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360733 - stable/11/sys/netinet6
Author: tuexen
Date: Thu May 7 01:28:59 2020
New Revision: 360733
URL: https://svnweb.freebsd.org/changeset/base/360733
Log:
MFC r352511: Improve IPv6 handling over the loopback interface
When processing an incoming IPv6 packet over the loopback interface which
contains Hop-by-Hop options, the mbuf chain is potentially changed in
ip6_hopopts_input(), called by ip6_input_hbh().
This can happen, because of the the use of IP6_EXTHDR_CHECK, which might
call m_pullup().
So provide the updated pointer back to the called of ip6_input_hbh() to
avoid using a freed mbuf chain in`ip6_input()`.
Reviewed by: markj
Sponsored by: Netflix, Inc.
Differential Revision:https://reviews.freebsd.org/D21664
Modified:
stable/11/sys/netinet6/ip6_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet6/ip6_input.c
==
--- stable/11/sys/netinet6/ip6_input.c Thu May 7 01:16:32 2020
(r360732)
+++ stable/11/sys/netinet6/ip6_input.c Thu May 7 01:28:59 2020
(r360733)
@@ -402,20 +402,22 @@ VNET_SYSUNINIT(inet6, SI_SUB_PROTO_DOMAIN, SI_ORDER_TH
#endif
static int
-ip6_input_hbh(struct mbuf *m, uint32_t *plen, uint32_t *rtalert, int *off,
+ip6_input_hbh(struct mbuf **mp, uint32_t *plen, uint32_t *rtalert, int *off,
int *nxt, int *ours)
{
+ struct mbuf *m;
struct ip6_hdr *ip6;
struct ip6_hbh *hbh;
- if (ip6_hopopts_input(plen, rtalert, , off)) {
+ if (ip6_hopopts_input(plen, rtalert, mp, off)) {
#if 0 /*touches NULL pointer*/
- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
+ in6_ifstat_inc((*mp)->m_pkthdr.rcvif, ifs6_in_discard);
#endif
goto out; /* m have already been freed */
}
/* adjust pointer */
+ m = *mp;
ip6 = mtod(m, struct ip6_hdr *);
/*
@@ -855,7 +857,7 @@ passin:
*/
plen = (u_int32_t)ntohs(ip6->ip6_plen);
if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
- if (ip6_input_hbh(m, , , , , ) != 0)
+ if (ip6_input_hbh(, , , , , ) != 0)
return;
} else
nxt = ip6->ip6_nxt;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360732 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:16:32 2020 New Revision: 360732 URL: https://svnweb.freebsd.org/changeset/base/360732 Log: MFC r351655: Fix initialization of top_fsn. Modified: stable/11/sys/netinet/sctp_indata.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.h == --- stable/11/sys/netinet/sctp_indata.h Thu May 7 01:13:02 2020 (r360731) +++ stable/11/sys/netinet/sctp_indata.h Thu May 7 01:16:32 2020 (r360732) @@ -59,7 +59,6 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, (_ctl)->sinfo_ppid = ppid; \ (_ctl)->sinfo_context = context; \ (_ctl)->fsn_included = 0x; \ - (_ctl)->top_fsn = 0x; \ (_ctl)->sinfo_tsn = tsn; \ (_ctl)->sinfo_cumtsn = tsn; \ (_ctl)->sinfo_assoc_id = sctp_get_associd((in_it)); \ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360731 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:13:02 2020
New Revision: 360731
URL: https://svnweb.freebsd.org/changeset/base/360731
Log:
MFC r351654: Improve handling of cookie parameters in INIT-ACK chunks
Improve the handling of state cookie parameters in INIT-ACK chunks.
This fixes problem with parameters indicating a zero length or partial
parameters after an unknown parameter indicating to stop processing. It
also fixes a problem with state cookie parameters after unknown
parametes indicating to stop porcessing.
Thanks to Mark Wodrich from Google for finding two of these issues
by fuzz testing the userland stack and reporting them in
https://github.com/sctplab/usrsctp/issues/355
and
https://github.com/sctplab/usrsctp/issues/352
Modified:
stable/11/sys/netinet/sctp_input.c
stable/11/sys/netinet/sctp_output.c
stable/11/sys/netinet/sctp_output.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==
--- stable/11/sys/netinet/sctp_input.c Thu May 7 01:09:17 2020
(r360730)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 01:13:02 2020
(r360731)
@@ -443,22 +443,48 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
{
struct sctp_association *asoc;
struct mbuf *op_err;
- int retval, abort_flag;
- uint32_t initack_limit;
+ int retval, abort_flag, cookie_found;
+ int initack_limit;
int nat_friendly = 0;
/* First verify that we have no illegal param's */
abort_flag = 0;
+ cookie_found = 0;
op_err = sctp_arethere_unrecognized_parameters(m,
(offset + sizeof(struct sctp_init_chunk)),
- _flag, (struct sctp_chunkhdr *)cp, _friendly);
+ _flag, (struct sctp_chunkhdr *)cp,
+ _friendly, _found);
if (abort_flag) {
/* Send an abort and notify peer */
sctp_abort_an_association(stcb->sctp_ep, stcb, op_err,
SCTP_SO_NOT_LOCKED);
*abort_no_unlock = 1;
return (-1);
}
+ if (!cookie_found) {
+ uint16_t len;
+
+ len = (uint16_t)(sizeof(struct sctp_error_missing_param) +
sizeof(uint16_t));
+ /* We abort with an error of missing mandatory param */
+ op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
+ if (op_err != NULL) {
+ struct sctp_error_missing_param *cause;
+
+ SCTP_BUF_LEN(op_err) = len;
+ cause = mtod(op_err, struct sctp_error_missing_param *);
+ /* Subtract the reserved param */
+ cause->cause.code = htons(SCTP_CAUSE_MISSING_PARAM);
+ cause->cause.length = htons(len);
+ cause->num_missing_params = htonl(1);
+ cause->type[0] = htons(SCTP_STATE_COOKIE);
+ }
+ sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
+ src, dst, sh, op_err,
+ mflowtype, mflowid,
+ vrf_id, net->port);
+ *abort_no_unlock = 1;
+ return (-3);
+ }
asoc = >asoc;
asoc->peer_supports_nat = (uint8_t)nat_friendly;
/* process the peer's parameters in the INIT-ACK */
@@ -523,40 +549,8 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
/* calculate the RTO */
net->RTO = sctp_calculate_rto(stcb, asoc, net, >time_entered,
SCTP_RTT_FROM_NON_DATA);
- retval = sctp_send_cookie_echo(m, offset, stcb, net);
- if (retval < 0) {
- /*
-* No cookie, we probably should send a op error. But in any
-* case if there is no cookie in the INIT-ACK, we can
-* abandon the peer, its broke.
-*/
- if (retval == -3) {
- uint16_t len;
-
- len = (uint16_t)(sizeof(struct
sctp_error_missing_param) + sizeof(uint16_t));
- /* We abort with an error of missing mandatory param */
- op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1,
MT_DATA);
- if (op_err != NULL) {
- struct sctp_error_missing_param *cause;
-
- SCTP_BUF_LEN(op_err) = len;
- cause = mtod(op_err, struct
sctp_error_missing_param *);
- /* Subtract the reserved param */
- cause->cause.code =
htons(SCTP_CAUSE_MISSING_PARAM);
- cause->cause.length = htons(len);
- cause->num_missing_params = htonl(1);
- cause->type[0] = htons(SCTP_STATE_COOKIE);
- }
-
svn commit: r360730 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:09:17 2020
New Revision: 360730
URL: https://svnweb.freebsd.org/changeset/base/360730
Log:
MFC r351641: Improve function definition.
Modified:
stable/11/sys/netinet/sctp_pcb.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cThu May 7 01:07:47 2020
(r360729)
+++ stable/11/sys/netinet/sctp_pcb.cThu May 7 01:09:17 2020
(r360730)
@@ -5773,7 +5773,7 @@ sctp_startup_mcore_threads(void)
#endif
void
-sctp_pcb_init()
+sctp_pcb_init(void)
{
/*
* SCTP initialization for the PCB structures should be called by
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360729 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 01:07:47 2020
New Revision: 360729
URL: https://svnweb.freebsd.org/changeset/base/360729
Log:
MFC r351638: Improve handling DATA chunks.
Improve the handling of illegal sequence number combinations in received
data chunks. Abort the association if there are data chunks with larger
fragement sequence numbers than the fragement sequence of the last
fragment.
Thanks to Mark Wodrich from Google who found this issue by fuzz testing
the userland stack and reporting this issue in
https://github.com/sctplab/usrsctp/issues/355
Modified:
stable/11/sys/netinet/sctp_indata.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Thu May 7 00:56:24 2020
(r360728)
+++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:07:47 2020
(r360729)
@@ -1477,6 +1477,16 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
"The last fsn is now in place fsn: %u\n",
chk->rec.data.fsn);
control->last_frag_seen = 1;
+ if (SCTP_TSN_GT(control->top_fsn,
chk->rec.data.fsn)) {
+ SCTPDBG(SCTP_DEBUG_XXX,
+ "New fsn: %u is not at top_fsn: %u
-- abort\n",
+ chk->rec.data.fsn,
+ control->top_fsn);
+ sctp_abort_in_reasm(stcb, control, chk,
+ abort_flag,
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
+ return;
+ }
}
if (asoc->idata_supported || control->first_frag_seen) {
/*
@@ -1492,7 +1502,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
*/
sctp_abort_in_reasm(stcb, control, chk,
abort_flag,
- SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
+ SCTP_FROM_SCTP_INDATA +
SCTP_LOC_10);
return;
}
}
@@ -1504,7 +1514,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
chk->rec.data.fsn, control->top_fsn);
sctp_abort_in_reasm(stcb, control,
chk, abort_flag,
- SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
return;
}
if (asoc->idata_supported || control->first_frag_seen) {
@@ -1525,7 +1535,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
chk->rec.data.fsn,
control->fsn_included);
sctp_abort_in_reasm(stcb, control, chk,
abort_flag,
- SCTP_FROM_SCTP_INDATA +
SCTP_LOC_11);
+ SCTP_FROM_SCTP_INDATA +
SCTP_LOC_12);
return;
}
}
@@ -1540,7 +1550,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
control->top_fsn);
sctp_abort_in_reasm(stcb, control, chk,
abort_flag,
- SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
return;
}
}
@@ -1583,7 +1593,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc
at->rec.data.fsn);
sctp_abort_in_reasm(stcb, control,
chk, abort_flag,
- SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
+ SCTP_FROM_SCTP_INDATA + SCTP_LOC_14);
return;
}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360728 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 00:56:24 2020
New Revision: 360728
URL: https://svnweb.freebsd.org/changeset/base/360728
Log:
MFC r350745: Fix typo.
Modified:
stable/11/sys/netinet/sctp_asconf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_asconf.c
==
--- stable/11/sys/netinet/sctp_asconf.c Thu May 7 00:50:50 2020
(r360727)
+++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 00:56:24 2020
(r360728)
@@ -1364,7 +1364,7 @@ sctp_asconf_queue_add(struct sctp_tcb *stcb, struct sc
if (sctp_asconf_queue_mgmt(stcb,
stcb->asoc.asconf_addr_del_pending,
SCTP_DEL_IP_ADDRESS) == 0) {
- SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queing
pending delete\n");
+ SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queuing
pending delete\n");
pending_delete_queued = 1;
/* clear out the pending delete info */
stcb->asoc.asconf_del_pending = 0;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360727 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 00:50:50 2020
New Revision: 360727
URL: https://svnweb.freebsd.org/changeset/base/360727
Log:
MFC r350626: Fix a locking issue in SCTP
Fix a locking issue in sctp_accept.
PR: 238520
Reported by: pho
Modified:
stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_usrreq.c
==
--- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 00:44:15 2020
(r360726)
+++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 00:50:50 2020
(r360727)
@@ -7229,28 +7229,56 @@ sctp_accept(struct socket *so, struct sockaddr **addr)
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ,
EINVAL);
return (ECONNRESET);
}
- SCTP_INP_RLOCK(inp);
+ SCTP_INP_WLOCK(inp);
if (inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) {
- SCTP_INP_RUNLOCK(inp);
+ SCTP_INP_WUNLOCK(inp);
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ,
EOPNOTSUPP);
return (EOPNOTSUPP);
}
if (so->so_state & SS_ISDISCONNECTED) {
- SCTP_INP_RUNLOCK(inp);
+ SCTP_INP_WUNLOCK(inp);
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ,
ECONNABORTED);
return (ECONNABORTED);
}
stcb = LIST_FIRST(>sctp_asoc_list);
if (stcb == NULL) {
- SCTP_INP_RUNLOCK(inp);
+ SCTP_INP_WUNLOCK(inp);
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ,
EINVAL);
return (ECONNRESET);
}
SCTP_TCB_LOCK(stcb);
- SCTP_INP_RUNLOCK(inp);
store = stcb->asoc.primary_destination->ro._l_addr;
SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE);
- SCTP_TCB_UNLOCK(stcb);
+ /* Wake any delayed sleep action */
+ if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) {
+ inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE;
+ if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) {
+ inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
+ SOCKBUF_LOCK(>sctp_socket->so_snd);
+ if (sowriteable(inp->sctp_socket)) {
+ sowwakeup_locked(inp->sctp_socket);
+ } else {
+ SOCKBUF_UNLOCK(>sctp_socket->so_snd);
+ }
+ }
+ if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) {
+ inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
+ SOCKBUF_LOCK(>sctp_socket->so_rcv);
+ if (soreadable(inp->sctp_socket)) {
+ sctp_defered_wakeup_cnt++;
+ sorwakeup_locked(inp->sctp_socket);
+ } else {
+ SOCKBUF_UNLOCK(>sctp_socket->so_rcv);
+ }
+ }
+ }
+ SCTP_INP_WUNLOCK(inp);
+ if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
+ sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
+ SCTP_FROM_SCTP_USRREQ + SCTP_LOC_19);
+ } else {
+ SCTP_TCB_UNLOCK(stcb);
+ }
switch (store.sa.sa_family) {
#ifdef INET
case AF_INET:
@@ -7291,40 +7319,6 @@ sctp_accept(struct socket *so, struct sockaddr **addr)
default:
/* TSNH */
break;
- }
- /* Wake any delayed sleep action */
- if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) {
- SCTP_INP_WLOCK(inp);
- inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE;
- if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) {
- inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
- SCTP_INP_WUNLOCK(inp);
- SOCKBUF_LOCK(>sctp_socket->so_snd);
- if (sowriteable(inp->sctp_socket)) {
- sowwakeup_locked(inp->sctp_socket);
- } else {
- SOCKBUF_UNLOCK(>sctp_socket->so_snd);
- }
- SCTP_INP_WLOCK(inp);
- }
- if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) {
- inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
- SCTP_INP_WUNLOCK(inp);
- SOCKBUF_LOCK(>sctp_socket->so_rcv);
- if (soreadable(inp->sctp_socket)) {
- sctp_defered_wakeup_cnt++;
- sorwakeup_locked(inp->sctp_socket);
- } else {
- SOCKBUF_UNLOCK(>sctp_socket->so_rcv);
- }
-
svn commit: r360726 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 00:44:15 2020
New Revision: 360726
URL: https://svnweb.freebsd.org/changeset/base/360726
Log:
MFC r350625: Improve compilation on 32-bit OS/
Fix build issues for the userland stack on Raspbian.
Modified:
stable/11/sys/netinet/sctp_output.c
stable/11/sys/netinet/sctputil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 00:26:13 2020
(r360725)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:44:15 2020
(r360726)
@@ -12526,7 +12526,7 @@ sctp_lower_sosend(struct socket *so,
struct thread *p
)
{
- ssize_t sndlen = 0, max_len;
+ ssize_t sndlen = 0, max_len, local_add_more;
int error, len;
struct mbuf *top = NULL;
int queue_only = 0, queue_only_for_init = 0;
@@ -12548,7 +12548,6 @@ sctp_lower_sosend(struct socket *so,
int got_all_of_the_send = 0;
int hold_tcblock = 0;
int non_blocking = 0;
- uint32_t local_add_more;
ssize_t local_soresv = 0;
uint16_t port;
uint16_t sinfo_flags;
@@ -12850,7 +12849,7 @@ sctp_lower_sosend(struct socket *so,
free_cnt_applied = 1;
if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) {
- if (sndlen > asoc->smallest_mtu) {
+ if (sndlen > (ssize_t)asoc->smallest_mtu) {
SCTP_LTRACE_ERR_RET(inp, stcb, net,
SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
error = EMSGSIZE;
goto out_unlocked;
@@ -12878,7 +12877,7 @@ sctp_lower_sosend(struct socket *so,
if ((SCTP_SB_LIMIT_SND(so) < (amount + inqueue_bytes +
stcb->asoc.sb_send_resv)) ||
(stcb->asoc.chunks_on_out_queue >=
SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
SCTP_LTRACE_ERR_RET(inp, stcb, net,
SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK);
- if (sndlen > SCTP_SB_LIMIT_SND(so))
+ if (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(so))
error = EMSGSIZE;
else
error = EWOULDBLOCK;
@@ -13060,7 +13059,7 @@ sctp_lower_sosend(struct socket *so,
/* Unless E_EOR mode is on, we must make a send FIT in one call. */
if ((user_marks_eor == 0) &&
- (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
+ (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
/* It will NEVER fit */
SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT,
EMSGSIZE);
error = EMSGSIZE;
@@ -13077,20 +13076,20 @@ sctp_lower_sosend(struct socket *so,
}
if (user_marks_eor) {
- local_add_more = min(SCTP_SB_LIMIT_SND(so),
SCTP_BASE_SYSCTL(sctp_add_more_threshold));
+ local_add_more = (ssize_t)min(SCTP_SB_LIMIT_SND(so),
SCTP_BASE_SYSCTL(sctp_add_more_threshold));
} else {
/*-
* For non-eeor the whole message must fit in
* the socket send buffer.
*/
- local_add_more = (uint32_t)sndlen;
+ local_add_more = sndlen;
}
len = 0;
if (non_blocking) {
goto skip_preblock;
}
if (((max_len <= local_add_more) &&
- (SCTP_SB_LIMIT_SND(so) >= local_add_more)) ||
+ ((ssize_t)SCTP_SB_LIMIT_SND(so) >= local_add_more)) ||
(max_len == 0) ||
((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >=
SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
/* No room right now ! */
@@ -13098,7 +13097,7 @@ sctp_lower_sosend(struct socket *so,
inqueue_bytes = stcb->asoc.total_output_queue_size -
(stcb->asoc.chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes +
local_add_more)) ||
((stcb->asoc.stream_queue_cnt +
stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)))
{
- SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u
<(inq:%d + %d) || (%d+%d > %d)\n",
+ SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u
<(inq:%d + %zd) || (%d+%d > %d)\n",
(unsigned int)SCTP_SB_LIMIT_SND(so),
inqueue_bytes,
local_add_more,
@@ -13231,7 +13230,7 @@ skip_preblock:
else
max_len = 0;
- if ((max_len >
SCTP_BASE_SYSCTL(sctp_add_more_threshold)) ||
+ if ((max_len >
(ssize_t)SCTP_BASE_SYSCTL(sctp_add_more_threshold)) ||
(max_len && (SCTP_SB_LIMIT_SND(so) <
svn commit: r360725 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 00:26:13 2020
New Revision: 360725
URL: https://svnweb.freebsd.org/changeset/base/360725
Log:
MFC r350520: Fix reporting of unknown paramters in an INIT chunk
Fix the reporting of multiple unknown parameters in an received INIT
chunk. This also plugs an potential mbuf leak.
Thanks to Felix Weinrank for reporting this issue found by fuzz-testing
the userland stack.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Thu May 7 00:23:07 2020
(r360724)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:26:13 2020
(r360725)
@@ -4981,17 +4981,17 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
*/
struct sctp_paramhdr *phdr, params;
- struct mbuf *mat, *op_err;
+ struct mbuf *mat, *m_tmp, *op_err, *op_err_last;
int at, limit, pad_needed;
uint16_t ptype, plen, padded_size;
- int err_at;
*abort_processing = 0;
mat = in_initpkt;
- err_at = 0;
limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk);
at = param_offset;
op_err = NULL;
+ op_err_last = NULL;
+ pad_needed = 0;
SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n");
phdr = sctp_get_next_param(mat, at, , sizeof(params));
while ((phdr != NULL) && ((size_t)limit >= sizeof(struct
sctp_paramhdr))) {
@@ -5116,6 +5116,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
*abort_processing = 1;
sctp_m_freem(op_err);
op_err = NULL;
+ op_err_last = NULL;
#ifdef INET6
l_len = SCTP_MIN_OVERHEAD;
#else
@@ -5124,7 +5125,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
l_len += sizeof(struct sctp_chunkhdr);
l_len += sizeof(struct sctp_gen_error_cause);
op_err = sctp_get_mbuf_for_msg(l_len, 0,
M_NOWAIT, 1, MT_DATA);
- if (op_err) {
+ if (op_err != NULL) {
/*
* Pre-reserve space for IP, SCTP,
* and chunk header.
@@ -5144,6 +5145,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
if (SCTP_BUF_NEXT(op_err) == NULL) {
sctp_m_freem(op_err);
op_err = NULL;
+ op_err_last = NULL;
}
}
return (op_err);
@@ -5179,37 +5181,55 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
#endif
SCTP_BUF_RESV_UF(op_err,
sizeof(struct sctphdr));
SCTP_BUF_RESV_UF(op_err,
sizeof(struct sctp_chunkhdr));
+ op_err_last = op_err;
}
}
- if (op_err) {
+ if (op_err != NULL) {
/* If we have space */
- struct sctp_paramhdr s;
+ struct sctp_paramhdr *param;
- if (err_at % 4) {
- uint32_t cpthis = 0;
-
- pad_needed = 4 - (err_at % 4);
- m_copyback(op_err, err_at,
pad_needed, (caddr_t));
- err_at += pad_needed;
+ if (pad_needed > 0) {
+ op_err_last =
sctp_add_pad_tombuf(op_err_last, pad_needed);
}
- s.param_type =
htons(SCTP_UNRECOG_PARAM);
- s.param_length =
htons((uint16_t)sizeof(struct sctp_paramhdr) + plen);
- m_copyback(op_err, err_at,
sizeof(struct sctp_paramhdr), (caddr_t));
- err_at += sizeof(struct sctp_paramhdr);
- SCTP_BUF_NEXT(op_err) =
SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
- if (SCTP_BUF_NEXT(op_err) == NULL) {
+ if
svn commit: r360724 - stable/11/sys/netinet
Author: tuexen
Date: Thu May 7 00:23:07 2020
New Revision: 360724
URL: https://svnweb.freebsd.org/changeset/base/360724
Log:
MFC r350508: Improve sending of ABORT message in SCTP
When responding with an ABORT to an INIT chunk containing a
HOSTNAME parameter or a parameter with an illegal length, only
include an error cause indicating why the ABORT was sent.
This also fixes an mbuf leak which could occur.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Wed May 6 23:31:30 2020
(r360723)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:23:07 2020
(r360724)
@@ -5108,55 +5108,42 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_
break;
case SCTP_HOSTNAME_ADDRESS:
{
- /* We can NOT handle HOST NAME addresses!! */
+ /* Hostname parameters are deprecated. */
+ struct sctp_gen_error_cause *cause;
int l_len;
SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle
hostname addresses.. abort processing\n");
*abort_processing = 1;
- if (op_err == NULL) {
- /* Ok need to try to get a mbuf */
+ sctp_m_freem(op_err);
+ op_err = NULL;
#ifdef INET6
- l_len = SCTP_MIN_OVERHEAD;
+ l_len = SCTP_MIN_OVERHEAD;
#else
- l_len = SCTP_MIN_V4_OVERHEAD;
+ l_len = SCTP_MIN_V4_OVERHEAD;
#endif
- l_len += sizeof(struct sctp_chunkhdr);
- l_len += sizeof(struct
sctp_gen_error_cause);
- op_err = sctp_get_mbuf_for_msg(l_len,
0, M_NOWAIT, 1, MT_DATA);
- if (op_err) {
- SCTP_BUF_LEN(op_err) = 0;
- /*
-* Pre-reserve space for IP,
-* SCTP, and chunk header.
-*/
+ l_len += sizeof(struct sctp_chunkhdr);
+ l_len += sizeof(struct sctp_gen_error_cause);
+ op_err = sctp_get_mbuf_for_msg(l_len, 0,
M_NOWAIT, 1, MT_DATA);
+ if (op_err) {
+ /*
+* Pre-reserve space for IP, SCTP,
+* and chunk header.
+*/
#ifdef INET6
- SCTP_BUF_RESV_UF(op_err,
sizeof(struct ip6_hdr));
+ SCTP_BUF_RESV_UF(op_err, sizeof(struct
ip6_hdr));
#else
- SCTP_BUF_RESV_UF(op_err,
sizeof(struct ip));
+ SCTP_BUF_RESV_UF(op_err, sizeof(struct
ip));
#endif
- SCTP_BUF_RESV_UF(op_err,
sizeof(struct sctphdr));
- SCTP_BUF_RESV_UF(op_err,
sizeof(struct sctp_chunkhdr));
- }
- }
- if (op_err) {
- /* If we have space */
- struct sctp_gen_error_cause cause;
-
- if (err_at % 4) {
- uint32_t cpthis = 0;
-
- pad_needed = 4 - (err_at % 4);
- m_copyback(op_err, err_at,
pad_needed, (caddr_t));
- err_at += pad_needed;
- }
- cause.code =
htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
- cause.length =
htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen));
- m_copyback(op_err, err_at,
sizeof(struct sctp_gen_error_cause), (caddr_t));
- err_at += sizeof(struct
sctp_gen_error_cause);
+ SCTP_BUF_RESV_UF(op_err, sizeof(struct
sctphdr));
+ SCTP_BUF_RESV_UF(op_err, sizeof(struct
svn commit: r360723 - in head/sys/dev/virtio: balloon console random scsi
Author: jrtc27
Date: Wed May 6 23:31:30 2020
New Revision: 360723
URL: https://svnweb.freebsd.org/changeset/base/360723
Log:
virtio: Support MMIO bus for all devices
The bus is independent of the device, so all devices can be attached to
either a PCI bus or an MMIO bus. For example, QEMU's virtio-rng-device
gives the MMIO variant of virtio-rng-pci, and is now detected.
Reviewed by: andrew, br, brooks (mentor)
Approved by: andrew, br, brooks (mentor)
Differential Revision:https://reviews.freebsd.org/D24730
Modified:
head/sys/dev/virtio/balloon/virtio_balloon.c
head/sys/dev/virtio/console/virtio_console.c
head/sys/dev/virtio/random/virtio_random.c
head/sys/dev/virtio/scsi/virtio_scsi.c
Modified: head/sys/dev/virtio/balloon/virtio_balloon.c
==
--- head/sys/dev/virtio/balloon/virtio_balloon.cWed May 6 23:28:51
2020(r360722)
+++ head/sys/dev/virtio/balloon/virtio_balloon.cWed May 6 23:31:30
2020(r360723)
@@ -153,6 +153,8 @@ static driver_t vtballoon_driver = {
};
static devclass_t vtballoon_devclass;
+DRIVER_MODULE(virtio_balloon, virtio_mmio, vtballoon_driver,
+vtballoon_devclass, 0, 0);
DRIVER_MODULE(virtio_balloon, virtio_pci, vtballoon_driver,
vtballoon_devclass, 0, 0);
MODULE_VERSION(virtio_balloon, 1);
@@ -160,6 +162,7 @@ MODULE_DEPEND(virtio_balloon, virtio, 1, 1, 1);
VIRTIO_SIMPLE_PNPTABLE(virtio_balloon, VIRTIO_ID_BALLOON,
"VirtIO Balloon Adapter");
+VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_balloon);
VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_balloon);
static int
Modified: head/sys/dev/virtio/console/virtio_console.c
==
--- head/sys/dev/virtio/console/virtio_console.cWed May 6 23:28:51
2020(r360722)
+++ head/sys/dev/virtio/console/virtio_console.cWed May 6 23:31:30
2020(r360723)
@@ -256,6 +256,8 @@ static driver_t vtcon_driver = {
};
static devclass_t vtcon_devclass;
+DRIVER_MODULE(virtio_console, virtio_mmio, vtcon_driver, vtcon_devclass,
+vtcon_modevent, 0);
DRIVER_MODULE(virtio_console, virtio_pci, vtcon_driver, vtcon_devclass,
vtcon_modevent, 0);
MODULE_VERSION(virtio_console, 1);
@@ -263,6 +265,7 @@ MODULE_DEPEND(virtio_console, virtio, 1, 1, 1);
VIRTIO_SIMPLE_PNPTABLE(virtio_console, VIRTIO_ID_CONSOLE,
"VirtIO Console Adapter");
+VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_console);
VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_console);
static int
Modified: head/sys/dev/virtio/random/virtio_random.c
==
--- head/sys/dev/virtio/random/virtio_random.c Wed May 6 23:28:51 2020
(r360722)
+++ head/sys/dev/virtio/random/virtio_random.c Wed May 6 23:31:30 2020
(r360723)
@@ -96,6 +96,8 @@ static driver_t vtrnd_driver = {
};
static devclass_t vtrnd_devclass;
+DRIVER_MODULE(virtio_random, virtio_mmio, vtrnd_driver, vtrnd_devclass,
+vtrnd_modevent, 0);
DRIVER_MODULE(virtio_random, virtio_pci, vtrnd_driver, vtrnd_devclass,
vtrnd_modevent, 0);
MODULE_VERSION(virtio_random, 1);
@@ -104,6 +106,7 @@ MODULE_DEPEND(virtio_random, random_device, 1, 1, 1);
VIRTIO_SIMPLE_PNPTABLE(virtio_random, VIRTIO_ID_ENTROPY,
"VirtIO Entropy Adapter");
+VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_random);
VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_random);
static int
Modified: head/sys/dev/virtio/scsi/virtio_scsi.c
==
--- head/sys/dev/virtio/scsi/virtio_scsi.c Wed May 6 23:28:51 2020
(r360722)
+++ head/sys/dev/virtio/scsi/virtio_scsi.c Wed May 6 23:31:30 2020
(r360723)
@@ -228,6 +228,8 @@ static driver_t vtscsi_driver = {
};
static devclass_t vtscsi_devclass;
+DRIVER_MODULE(virtio_scsi, virtio_mmio, vtscsi_driver, vtscsi_devclass,
+vtscsi_modevent, 0);
DRIVER_MODULE(virtio_scsi, virtio_pci, vtscsi_driver, vtscsi_devclass,
vtscsi_modevent, 0);
MODULE_VERSION(virtio_scsi, 1);
@@ -235,6 +237,7 @@ MODULE_DEPEND(virtio_scsi, virtio, 1, 1, 1);
MODULE_DEPEND(virtio_scsi, cam, 1, 1, 1);
VIRTIO_SIMPLE_PNPTABLE(virtio_scsi, VIRTIO_ID_SCSI, "VirtIO SCSI Adapter");
+VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_scsi);
VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_scsi);
static int
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360722 - head/sys/dev/virtio/mmio
Author: jrtc27
Date: Wed May 6 23:28:51 2020
New Revision: 360722
URL: https://svnweb.freebsd.org/changeset/base/360722
Log:
virtio_mmio: Support non-transitional version 2 devices
The non-legacy virtio MMIO specification drops the use of PFNs and
replaces them with physical addresses. Whilst many implementations are
so-called transitional devices, also implementing the legacy
specification, TinyEMU[1] does not. Device-specific configuration
registers have also changed to being little-endian, and must be accessed
using a single aligned access for registers up to 32 bits, and two
32-bit aligned accesses for 64-bit registers.
[1] https://bellard.org/tinyemu/
Reviewed by: br, brooks (mentor)
Approved by: br, brooks (mentor)
Differential Revision:https://reviews.freebsd.org/D24681
Modified:
head/sys/dev/virtio/mmio/virtio_mmio.c
head/sys/dev/virtio/mmio/virtio_mmio.h
Modified: head/sys/dev/virtio/mmio/virtio_mmio.c
==
--- head/sys/dev/virtio/mmio/virtio_mmio.c Wed May 6 23:23:22 2020
(r360721)
+++ head/sys/dev/virtio/mmio/virtio_mmio.c Wed May 6 23:28:51 2020
(r360722)
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include
#include
#include
+#include
#include
#include
@@ -76,6 +77,8 @@ static intvtmmio_read_ivar(device_t, device_t, int, u
static int vtmmio_write_ivar(device_t, device_t, int, uintptr_t);
static uint64_tvtmmio_negotiate_features(device_t, uint64_t);
static int vtmmio_with_feature(device_t, uint64_t);
+static voidvtmmio_set_virtqueue(struct vtmmio_softc *sc,
+ struct virtqueue *vq, uint32_t size);
static int vtmmio_alloc_virtqueues(device_t, int, int,
struct vq_alloc_info *);
static int vtmmio_setup_intr(device_t, enum intr_type);
@@ -223,6 +226,16 @@ vtmmio_attach(device_t dev)
return (ENXIO);
}
+ sc->vtmmio_version = vtmmio_read_config_4(sc, VIRTIO_MMIO_VERSION);
+ if (sc->vtmmio_version < 1 || sc->vtmmio_version > 2) {
+ device_printf(dev, "Unsupported version: %x\n",
+ sc->vtmmio_version);
+ bus_release_resource(dev, SYS_RES_MEMORY, 0,
+ sc->res[0]);
+ sc->res[0] = NULL;
+ return (ENXIO);
+ }
+
vtmmio_reset(sc);
/* Tell the host we've noticed this device. */
@@ -404,6 +417,46 @@ vtmmio_with_feature(device_t dev, uint64_t feature)
return ((sc->vtmmio_features & feature) != 0);
}
+static void
+vtmmio_set_virtqueue(struct vtmmio_softc *sc, struct virtqueue *vq,
+uint32_t size)
+{
+ vm_paddr_t paddr;
+
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_NUM, size);
+#if 0
+ device_printf(dev, "virtqueue paddr 0x%08lx\n",
+ (uint64_t)paddr);
+#endif
+ if (sc->vtmmio_version == 1) {
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_ALIGN,
+ VIRTIO_MMIO_VRING_ALIGN);
+ paddr = virtqueue_paddr(vq);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_PFN,
+ paddr >> PAGE_SHIFT);
+ } else {
+ paddr = virtqueue_desc_paddr(vq);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_DESC_LOW,
+ paddr);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_DESC_HIGH,
+ paddr >> 32);
+
+ paddr = virtqueue_avail_paddr(vq);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_AVAIL_LOW,
+ paddr);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_AVAIL_HIGH,
+ paddr >> 32);
+
+ paddr = virtqueue_used_paddr(vq);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_USED_LOW,
+ paddr);
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_USED_HIGH,
+ paddr >> 32);
+
+ vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_READY, 1);
+ }
+}
+
static int
vtmmio_alloc_virtqueues(device_t dev, int flags, int nvqs,
struct vq_alloc_info *vq_info)
@@ -448,15 +501,7 @@ vtmmio_alloc_virtqueues(device_t dev, int flags, int n
break;
}
- vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_NUM, size);
- vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_ALIGN,
- VIRTIO_MMIO_VRING_ALIGN);
-#if 0
- device_printf(dev, "virtqueue paddr 0x%08lx\n",
- (uint64_t)virtqueue_paddr(vq));
-#endif
- vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_PFN,
- virtqueue_paddr(vq) >> PAGE_SHIFT);
+ vtmmio_set_virtqueue(sc, vq, size);
vqx->vtv_vq = *info->vqai_vq = vq;
vqx->vtv_no_intr = info->vqai_intr == NULL;
@@ -568,10 +613,54 @@ vtmmio_read_dev_config(device_t
svn commit: r360721 - in stable: 11/sys/netipsec 12/sys/netipsec
Author: jhb Date: Wed May 6 23:23:22 2020 New Revision: 360721 URL: https://svnweb.freebsd.org/changeset/base/360721 Log: MFC 360202,360206: Deprecate 3des support in IPsec for FreeBSD 13. 360202: Deprecate 3des support in IPsec for FreeBSD 13. RFC 8221 does not outright ban 3des as the algorithms deprecated for 13 in r348205, but it is listed as a SHOULD NOT and will likely be a MUST NOT by the time 13 ships. 360206: Fix name of 3DES cipher in deprecation warning. Sponsored by: Chelsio Communications Modified: stable/11/sys/netipsec/xform_esp.c Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Modified: stable/12/sys/netipsec/xform_esp.c Directory Properties: stable/12/ (props changed) Modified: stable/11/sys/netipsec/xform_esp.c == --- stable/11/sys/netipsec/xform_esp.c Wed May 6 23:03:40 2020 (r360720) +++ stable/11/sys/netipsec/xform_esp.c Wed May 6 23:23:22 2020 (r360721) @@ -94,7 +94,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); -static struct timeval deswarn, blfwarn, castwarn, camelliawarn; +static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -163,6 +163,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) case SADB_EALG_DESCBC: if (ratecheck(, _warn_interval)) gone_in(13, "DES cipher for IPsec"); + break; + case SADB_EALG_3DESCBC: + if (ratecheck(, _warn_interval)) + gone_in(13, "3DES cipher for IPsec"); break; case SADB_X_EALG_BLOWFISHCBC: if (ratecheck(, _warn_interval)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360721 - in stable: 11/sys/netipsec 12/sys/netipsec
Author: jhb Date: Wed May 6 23:23:22 2020 New Revision: 360721 URL: https://svnweb.freebsd.org/changeset/base/360721 Log: MFC 360202,360206: Deprecate 3des support in IPsec for FreeBSD 13. 360202: Deprecate 3des support in IPsec for FreeBSD 13. RFC 8221 does not outright ban 3des as the algorithms deprecated for 13 in r348205, but it is listed as a SHOULD NOT and will likely be a MUST NOT by the time 13 ships. 360206: Fix name of 3DES cipher in deprecation warning. Sponsored by: Chelsio Communications Modified: stable/12/sys/netipsec/xform_esp.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/netipsec/xform_esp.c Directory Properties: stable/11/ (props changed) Modified: stable/12/sys/netipsec/xform_esp.c == --- stable/12/sys/netipsec/xform_esp.c Wed May 6 23:03:40 2020 (r360720) +++ stable/12/sys/netipsec/xform_esp.c Wed May 6 23:23:22 2020 (r360721) @@ -94,7 +94,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); -static struct timeval deswarn, blfwarn, castwarn, camelliawarn; +static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -163,6 +163,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) case SADB_EALG_DESCBC: if (ratecheck(, _warn_interval)) gone_in(13, "DES cipher for IPsec"); + break; + case SADB_EALG_3DESCBC: + if (ratecheck(, _warn_interval)) + gone_in(13, "3DES cipher for IPsec"); break; case SADB_X_EALG_BLOWFISHCBC: if (ratecheck(, _warn_interval)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360718 - in stable/12/sys/dev/cxgbe: . tom
Author: jhb
Date: Wed May 6 22:49:21 2020
New Revision: 360718
URL: https://svnweb.freebsd.org/changeset/base/360718
Log:
MFC 358415: Rename TOE TLS stats from [rt]x_tls_* to [rt]x_toe_tls_*.
This more clearly differentiates TLS records encrypted and decrypted
in TOE connections from those encrypted via NIC TLS.
Sponsored by: Chelsio Communications
Modified:
stable/12/sys/dev/cxgbe/adapter.h
stable/12/sys/dev/cxgbe/t4_main.c
stable/12/sys/dev/cxgbe/tom/t4_tls.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/dev/cxgbe/adapter.h
==
--- stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:44:53 2020
(r360717)
+++ stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:49:21 2020
(r360718)
@@ -304,10 +304,10 @@ struct port_info {
struct port_stats stats;
u_int tnl_cong_drops;
u_int tx_parse_error;
- u_long tx_tls_records;
- u_long tx_tls_octets;
- u_long rx_tls_records;
- u_long rx_tls_octets;
+ u_long tx_toe_tls_records;
+ u_long tx_toe_tls_octets;
+ u_long rx_toe_tls_records;
+ u_long rx_toe_tls_octets;
struct callout tick;
};
Modified: stable/12/sys/dev/cxgbe/t4_main.c
==
--- stable/12/sys/dev/cxgbe/t4_main.c Wed May 6 22:44:53 2020
(r360717)
+++ stable/12/sys/dev/cxgbe/t4_main.c Wed May 6 22:49:21 2020
(r360718)
@@ -6731,17 +6731,17 @@ cxgbe_sysctls(struct port_info *pi)
#undef SYSCTL_ADD_T4_PORTSTAT
- SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_tls_records",
- CTLFLAG_RD, >tx_tls_records,
+ SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_toe_tls_records",
+ CTLFLAG_RD, >tx_toe_tls_records,
"# of TLS records transmitted");
- SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_tls_octets",
- CTLFLAG_RD, >tx_tls_octets,
+ SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_toe_tls_octets",
+ CTLFLAG_RD, >tx_toe_tls_octets,
"# of payload octets in transmitted TLS records");
- SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_tls_records",
- CTLFLAG_RD, >rx_tls_records,
+ SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_toe_tls_records",
+ CTLFLAG_RD, >rx_toe_tls_records,
"# of TLS records received");
- SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_tls_octets",
- CTLFLAG_RD, >rx_tls_octets,
+ SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_toe_tls_octets",
+ CTLFLAG_RD, >rx_toe_tls_octets,
"# of payload octets in received TLS records");
}
Modified: stable/12/sys/dev/cxgbe/tom/t4_tls.c
==
--- stable/12/sys/dev/cxgbe/tom/t4_tls.cWed May 6 22:44:53 2020
(r360717)
+++ stable/12/sys/dev/cxgbe/tom/t4_tls.cWed May 6 22:49:21 2020
(r360718)
@@ -1368,8 +1368,8 @@ t4_push_tls_records(struct adapter *sc, struct toepcb
}
toep->txsd_avail--;
- atomic_add_long(>vi->pi->tx_tls_records, 1);
- atomic_add_long(>vi->pi->tx_tls_octets, plen);
+ atomic_add_long(>vi->pi->tx_toe_tls_records, 1);
+ atomic_add_long(>vi->pi->tx_toe_tls_octets, plen);
t4_l2t_send(sc, wr, toep->l2te);
}
@@ -1404,7 +1404,7 @@ do_tls_data(struct sge_iq *iq, const struct rss_header
m_adj(m, sizeof(*cpl));
len = m->m_pkthdr.len;
- atomic_add_long(>vi->pi->rx_tls_octets, len);
+ atomic_add_long(>vi->pi->rx_toe_tls_octets, len);
KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)),
("%s: payload length mismatch", __func__));
@@ -1467,7 +1467,7 @@ do_rx_tls_cmp(struct sge_iq *iq, const struct rss_head
m_adj(m, sizeof(*cpl));
len = m->m_pkthdr.len;
- atomic_add_long(>vi->pi->rx_tls_records, 1);
+ atomic_add_long(>vi->pi->rx_toe_tls_records, 1);
KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)),
("%s: payload length mismatch", __func__));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360717 - in stable/12/sys: conf dev/cxgbe dev/cxgbe/crypto modules/cxgbe/if_cxgbe
Author: jhb
Date: Wed May 6 22:44:53 2020
New Revision: 360717
URL: https://svnweb.freebsd.org/changeset/base/360717
Log:
MFC 354667,354686: Share routines for dealing with T6 key contexts.
354667:
Create a file to hold shared routines for dealing with T6 key contexts.
ccr(4) and TLS support in cxgbe(4) construct key contexts used by the
crypto engine in the T6. This consolidates some duplicated code for
helper functions used to build key contexts.
354686:
Add t4_keyctx.c to sys/conf/files for the non-module build.
Missed in r354667.
Sponsored by: Chelsio Communications
Added:
stable/12/sys/dev/cxgbe/crypto/t4_keyctx.c
- copied unchanged from r354667, head/sys/dev/cxgbe/crypto/t4_keyctx.c
Modified:
stable/12/sys/conf/files
stable/12/sys/dev/cxgbe/adapter.h
stable/12/sys/dev/cxgbe/crypto/t4_crypto.c
stable/12/sys/dev/cxgbe/t4_main.c
stable/12/sys/modules/cxgbe/if_cxgbe/Makefile
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/conf/files
==
--- stable/12/sys/conf/filesWed May 6 22:26:23 2020(r360716)
+++ stable/12/sys/conf/filesWed May 6 22:44:53 2020(r360717)
@@ -1429,6 +1429,8 @@ dev/cxgbe/common/t4_hw.c optional cxgbe pci \
compile-with "${NORMAL_C} -I$S/dev/cxgbe"
dev/cxgbe/common/t4vf_hw.c optional cxgbev pci \
compile-with "${NORMAL_C} -I$S/dev/cxgbe"
+dev/cxgbe/crypto/t4_keyctx.c optional cxgbe pci \
+ compile-with "${NORMAL_C} -I$S/dev/cxgbe"
dev/cxgbe/cudbg/cudbg_common.c optional cxgbe \
compile-with "${NORMAL_C} -I$S/dev/cxgbe"
dev/cxgbe/cudbg/cudbg_flash_utils.coptional cxgbe \
Modified: stable/12/sys/dev/cxgbe/adapter.h
==
--- stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:26:23 2020
(r360716)
+++ stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:44:53 2020
(r360717)
@@ -1149,7 +1149,6 @@ void t4_os_link_changed(struct port_info *);
void t4_iterate(void (*)(struct adapter *, void *), void *);
void t4_init_devnames(struct adapter *);
void t4_add_adapter(struct adapter *);
-void t4_aes_getdeckey(void *, const void *, unsigned int);
int t4_detach_common(device_t);
int t4_map_bars_0_and_4(struct adapter *);
int t4_map_bar_2(struct adapter *);
@@ -1177,6 +1176,15 @@ int cxgbe_media_change(struct ifnet *);
void cxgbe_media_status(struct ifnet *, struct ifmediareq *);
bool t4_os_dump_cimla(struct adapter *, int, bool);
void t4_os_dump_devlog(struct adapter *);
+
+/* t4_keyctx.c */
+struct auth_hash;
+union authctx;
+
+void t4_aes_getdeckey(void *, const void *, unsigned int);
+void t4_copy_partial_hash(int, union authctx *, void *);
+void t4_init_gmac_hash(const char *, int, char *);
+void t4_init_hmac_digest(struct auth_hash *, u_int, char *, int, char *);
#ifdef DEV_NETMAP
/* t4_netmap.c */
Modified: stable/12/sys/dev/cxgbe/crypto/t4_crypto.c
==
--- stable/12/sys/dev/cxgbe/crypto/t4_crypto.c Wed May 6 22:26:23 2020
(r360716)
+++ stable/12/sys/dev/cxgbe/crypto/t4_crypto.c Wed May 6 22:44:53 2020
(r360717)
@@ -141,8 +141,7 @@ struct ccr_session_hmac {
unsigned int partial_digest_len;
unsigned int auth_mode;
unsigned int mk_size;
- char ipad[CHCR_HASH_MAX_BLOCK_SIZE_128];
- char opad[CHCR_HASH_MAX_BLOCK_SIZE_128];
+ char pads[CHCR_HASH_MAX_BLOCK_SIZE_128 * 2];
};
struct ccr_session_gmac {
@@ -530,10 +529,7 @@ ccr_hash(struct ccr_softc *sc, struct ccr_session *s,
V_SCMD_LAST_FRAG(0) |
V_SCMD_MORE_FRAGS(crd->crd_len == 0 ? 1 : 0) | V_SCMD_MAC_ONLY(1));
- memcpy(crwr->key_ctx.key, s->hmac.ipad, s->hmac.partial_digest_len);
- if (use_opad)
- memcpy(crwr->key_ctx.key + iopad_size, s->hmac.opad,
- s->hmac.partial_digest_len);
+ memcpy(crwr->key_ctx.key, s->hmac.pads, kctx_len);
/* XXX: F_KEY_CONTEXT_SALT_PRESENT set, but 'salt' not set. */
kctx_flits = (sizeof(struct _key_ctx) + kctx_len) / 16;
@@ -1069,8 +1065,7 @@ ccr_authenc(struct ccr_softc *sc, struct ccr_session *
}
dst = crwr->key_ctx.key + roundup2(s->blkcipher.key_len, 16);
- memcpy(dst, s->hmac.ipad, s->hmac.partial_digest_len);
- memcpy(dst + iopad_size, s->hmac.opad, s->hmac.partial_digest_len);
+ memcpy(dst, s->hmac.pads, iopad_size * 2);
dst = (char *)(crwr + 1) + kctx_len;
ccr_write_phys_dsgl(sc, dst, dsgl_nsegs);
@@ -2212,44 +2207,6 @@ ccr_detach(device_t dev)
}
static void
-ccr_copy_partial_hash(void *dst, int cri_alg, union authctx *auth_ctx)
-{
- uint32_t *u32;
- uint64_t *u64;
- u_int i;
-
- u32 = (uint32_t *)dst;
- u64 = (uint64_t *)dst;
- switch (cri_alg) {
- case
svn commit: r360716 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:26:23 2020
New Revision: 360716
URL: https://svnweb.freebsd.org/changeset/base/360716
Log:
MFC r350488: Cleanup in SCTP code
Small cleanup, no functional change intended.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Wed May 6 22:24:26 2020
(r360715)
+++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:26:23 2020
(r360716)
@@ -9083,7 +9083,6 @@ sctp_send_heartbeat_ack(struct sctp_tcb *stcb,
struct sctp_chunkhdr *chdr;
struct sctp_tmit_chunk *chk;
-
if (net == NULL)
/* must have a net pointer */
return;
@@ -9101,13 +9100,8 @@ sctp_send_heartbeat_ack(struct sctp_tcb *stcb,
chdr = mtod(outchain, struct sctp_chunkhdr *);
chdr->chunk_type = SCTP_HEARTBEAT_ACK;
chdr->chunk_flags = 0;
- if (chk_length % 4) {
- /* need pad */
- uint32_t cpthis = 0;
- int padlen;
-
- padlen = 4 - (chk_length % 4);
- m_copyback(outchain, chk_length, padlen, (caddr_t));
+ if (chk_length % 4 != 0) {
+ sctp_pad_lastmbuf(outchain, 4 - (chk_length % 4), NULL);
}
sctp_alloc_a_chunk(stcb, chk);
if (chk == NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360715 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:24:26 2020
New Revision: 360715
URL: https://svnweb.freebsd.org/changeset/base/360715
Log:
MFC r350487: mbuf cleanup for SCTP
Consistently cleanup mbufs in case of other memory errors.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:53 2020
(r360714)
+++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:24:26 2020
(r360715)
@@ -5579,8 +5579,7 @@ do_a_abort:
m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
if (m == NULL) {
/* No memory, INIT timer will re-attempt. */
- if (op_err)
- sctp_m_freem(op_err);
+ sctp_m_freem(op_err);
return;
}
chunk_len = (uint16_t)sizeof(struct sctp_init_ack_chunk);
@@ -5769,8 +5768,11 @@ do_a_abort:
net->ro._s_addr =
sctp_source_address_selection(inp,
stcb, (sctp_route_t *)>ro,
net, 0, vrf_id);
- if (net->ro._s_addr == NULL)
+ if (net->ro._s_addr == NULL) {
+ sctp_m_freem(op_err);
+ sctp_m_freem(m);
return;
+ }
net->src_addr_selected = 1;
@@ -5799,8 +5801,11 @@ do_a_abort:
net->ro._s_addr =
sctp_source_address_selection(inp,
stcb, (sctp_route_t *)>ro,
net, 0, vrf_id);
- if (net->ro._s_addr == NULL)
+ if (net->ro._s_addr == NULL) {
+ sctp_m_freem(op_err);
+ sctp_m_freem(m);
return;
+ }
net->src_addr_selected = 1;
}
@@ -5871,6 +5876,7 @@ do_a_abort:
so = inp->sctp_socket;
if (so == NULL) {
/* memory problem */
+ sctp_m_freem(op_err);
sctp_m_freem(m);
return;
} else {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360714 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:20:53 2020
New Revision: 360714
URL: https://svnweb.freebsd.org/changeset/base/360714
Log:
MFC r350254: Improve SCTP locking
Don't hold a mutex while calling sbwait. This was found by syzkaller.
Submitted by: rrs
Reported by: markj
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:37 2020
(r360713)
+++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:53 2020
(r360714)
@@ -13399,10 +13399,10 @@ skip_preblock:
stcb,
SCTP_OUTPUT_FROM_USR_SEND,
SCTP_SO_LOCKED);
}
- if (hold_tcblock == 1) {
- SCTP_TCB_UNLOCK(stcb);
- hold_tcblock = 0;
- }
+ }
+ if (hold_tcblock == 1) {
+ SCTP_TCB_UNLOCK(stcb);
+ hold_tcblock = 0;
}
SOCKBUF_LOCK(>so_snd);
/*-
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360713 - in stable/12: lib/libvmmapi sys/amd64/include sys/amd64/vmm/amd sys/amd64/vmm/intel usr.sbin/bhyve
Author: jhb
Date: Wed May 6 22:20:37 2020
New Revision: 360713
URL: https://svnweb.freebsd.org/changeset/base/360713
Log:
MFC 355724,360166: Software breakpoints on Intel CPUs.
355724:
Support software breakpoints in the debug server on Intel CPUs.
- Allow the userland hypervisor to intercept breakpoint exceptions
(BP#) in the guest. A new capability (VM_CAP_BPT_EXIT) is used to
enable this feature. These exceptions are reported to userland via
a new VM_EXITCODE_BPT that includes the length of the original
breakpoint instruction. If userland wishes to pass the exception
through to the guest, it must be explicitly re-injected via
vm_inject_exception().
- Export VMCS_ENTRY_INST_LENGTH as a VM_REG_GUEST_ENTRY_INST_LENGTH
pseudo-register. Injecting a BP# on Intel requires setting this to
the length of the breakpoint instruction. AMD SVM currently ignores
writes to this register (but reports success) and fails to read it.
- Rework the per-vCPU state tracked by the debug server. Rather than
a single 'stepping_vcpu' global, add a structure for each vCPU that
tracks state about that vCPU ('stepping', 'stepped', and
'hit_swbreak'). A global 'stopped_vcpu' tracks which vCPU is
currently reporting an event. Event handlers for MTRAP and
breakpoint exits loop until the associated event is reported to the
debugger.
Breakpoint events are discarded if the breakpoint is not present
when a vCPU resumes in the breakpoint handler to retry submitting
the breakpoint event.
- Maintain a linked-list of active breakpoints in response to the GDB
'Z0' and 'z0' packets.
360166:
Add description string for VM_CAP_BPT_EXIT.
While here, replace the array of mapping structures with an array of
string pointers where the index is the capability value.
Modified:
stable/12/lib/libvmmapi/vmmapi.c
stable/12/sys/amd64/include/vmm.h
stable/12/sys/amd64/vmm/amd/svm.c
stable/12/sys/amd64/vmm/intel/vmcs.c
stable/12/sys/amd64/vmm/intel/vmx.c
stable/12/sys/amd64/vmm/intel/vmx.h
stable/12/usr.sbin/bhyve/bhyve.8
stable/12/usr.sbin/bhyve/bhyverun.c
stable/12/usr.sbin/bhyve/gdb.c
stable/12/usr.sbin/bhyve/gdb.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/lib/libvmmapi/vmmapi.c
==
--- stable/12/lib/libvmmapi/vmmapi.cWed May 6 22:18:24 2020
(r360712)
+++ stable/12/lib/libvmmapi/vmmapi.cWed May 6 22:20:37 2020
(r360713)
@@ -812,16 +812,13 @@ vm_inject_nmi(struct vmctx *ctx, int vcpu)
return (ioctl(ctx->fd, VM_INJECT_NMI, ));
}
-static struct {
- const char *name;
- int type;
-} capstrmap[] = {
- { "hlt_exit", VM_CAP_HALT_EXIT },
- { "mtrap_exit", VM_CAP_MTRAP_EXIT },
- { "pause_exit", VM_CAP_PAUSE_EXIT },
- { "unrestricted_guest", VM_CAP_UNRESTRICTED_GUEST },
- { "enable_invpcid", VM_CAP_ENABLE_INVPCID },
- { 0 }
+static const char *capstrmap[] = {
+ [VM_CAP_HALT_EXIT] = "hlt_exit",
+ [VM_CAP_MTRAP_EXIT] = "mtrap_exit",
+ [VM_CAP_PAUSE_EXIT] = "pause_exit",
+ [VM_CAP_UNRESTRICTED_GUEST] = "unrestricted_guest",
+ [VM_CAP_ENABLE_INVPCID] = "enable_invpcid",
+ [VM_CAP_BPT_EXIT] = "bpt_exit",
};
int
@@ -829,9 +826,9 @@ vm_capability_name2type(const char *capname)
{
int i;
- for (i = 0; capstrmap[i].name != NULL && capname != NULL; i++) {
- if (strcmp(capstrmap[i].name, capname) == 0)
- return (capstrmap[i].type);
+ for (i = 0; i < nitems(capstrmap); i++) {
+ if (strcmp(capstrmap[i], capname) == 0)
+ return (i);
}
return (-1);
@@ -840,12 +837,8 @@ vm_capability_name2type(const char *capname)
const char *
vm_capability_type2name(int type)
{
- int i;
-
- for (i = 0; capstrmap[i].name != NULL; i++) {
- if (capstrmap[i].type == type)
- return (capstrmap[i].name);
- }
+ if (type < nitems(capstrmap))
+ return (capstrmap[type]);
return (NULL);
}
Modified: stable/12/sys/amd64/include/vmm.h
==
--- stable/12/sys/amd64/include/vmm.h Wed May 6 22:18:24 2020
(r360712)
+++ stable/12/sys/amd64/include/vmm.h Wed May 6 22:20:37 2020
(r360713)
@@ -95,6 +95,7 @@ enum vm_reg_name {
VM_REG_GUEST_DR2,
VM_REG_GUEST_DR3,
VM_REG_GUEST_DR6,
+ VM_REG_GUEST_ENTRY_INST_LENGTH,
VM_REG_LAST
};
@@ -434,6 +435,7 @@ enum vm_cap_type {
VM_CAP_PAUSE_EXIT,
VM_CAP_UNRESTRICTED_GUEST,
VM_CAP_ENABLE_INVPCID,
+ VM_CAP_BPT_EXIT,
VM_CAP_MAX
};
@@ -559,6 +561,7 @@ enum vm_exitcode {
svn commit: r360712 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:18:24 2020 New Revision: 360712 URL: https://svnweb.freebsd.org/changeset/base/360712 Log: MFC r350248: Improve SCTP locking. Fix a LOR in SCTP which was found by running syzkaller. Submitted by: rrs Reported by: markj Modified: stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Wed May 6 22:16:14 2020 (r360711) +++ stable/11/sys/netinet/sctp_usrreq.c Wed May 6 22:18:24 2020 (r360712) @@ -965,9 +965,9 @@ sctp_shutdown(struct socket *so) abort_anyway: op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6; + SCTP_INP_RUNLOCK(inp); sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_LOCKED); - SCTP_INP_RUNLOCK(inp); return (0); } } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360711 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:16:14 2020
New Revision: 360711
URL: https://svnweb.freebsd.org/changeset/base/360711
Log:
MFC r350216: Improve PD-API for SCTP
Wakeup the application when doing PD-API for unordered DATA chunks.
Work done with rrs@.
Modified:
stable/11/sys/netinet/sctp_indata.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_indata.c
==
--- stable/11/sys/netinet/sctp_indata.c Wed May 6 22:15:09 2020
(r360710)
+++ stable/11/sys/netinet/sctp_indata.c Wed May 6 22:16:14 2020
(r360711)
@@ -913,6 +913,9 @@ restart:
break;
}
}
+ if (cnt_added && strm->pd_api_started) {
+ sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb,
SCTP_SO_NOT_LOCKED);
+ }
if ((control->length > pd_point) && (strm->pd_api_started == 0)) {
strm->pd_api_started = 1;
control->pdapi_started = 1;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360710 - in head: share/man/man4 sys/dev/ubsec
Author: jhb
Date: Wed May 6 22:15:09 2020
New Revision: 360710
URL: https://svnweb.freebsd.org/changeset/base/360710
Log:
Deprecate ubsec(4) for FreeBSD 13.0.
With the removal of in-tree consumers of DES, Triple DES, and
MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC.
This is not very useful as a standalone algorithm (IPsec AH-only with
SHA1 would be the only user).
This driver has also not been kept up to date with the original driver
in OpenBSD which supports a few more cards and AES-CBC on newer cards.
The newest card currently supported by this driver was released in
2005.
Reviewed by: cem
MFC after:1 week
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision:https://reviews.freebsd.org/D24691
Modified:
head/share/man/man4/ubsec.4
head/sys/dev/ubsec/ubsec.c
Modified: head/share/man/man4/ubsec.4
==
--- head/share/man/man4/ubsec.4 Wed May 6 22:13:08 2020(r360709)
+++ head/share/man/man4/ubsec.4 Wed May 6 22:15:09 2020(r360710)
@@ -48,6 +48,15 @@ module at boot time, place the following line in
.Bd -literal -offset indent
ubsec_load="YES"
.Ed
+.Sh DEPRECATION NOTICE
+The
+.Nm
+driver is not present in
+.Fx 13.0
+and later.
+The majority of crypto algorithms supported by this driver are no longer
+used by the kernel in
+.Fx 13.0 .
.Sh DESCRIPTION
The
.Nm
Modified: head/sys/dev/ubsec/ubsec.c
==
--- head/sys/dev/ubsec/ubsec.c Wed May 6 22:13:08 2020(r360709)
+++ head/sys/dev/ubsec/ubsec.c Wed May 6 22:15:09 2020(r360710)
@@ -472,6 +472,7 @@ skip_rng:
crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0);
#endif
}
+ gone_in_dev(dev, 13, "Does not support modern crypto algorithms");
return (0);
bad4:
while (!SIMPLEQ_EMPTY(>sc_freequeue)) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360709 - stable/11/usr.sbin/traceroute6
Author: tuexen
Date: Wed May 6 22:13:08 2020
New Revision: 360709
URL: https://svnweb.freebsd.org/changeset/base/360709
Log:
MFC r350027, r350028: Let traceroute6 not ignore some ICMPv6 packets
MFC rr350027:
Let packet_op() explicitly return the type and code instead of doing
this implicitly by encoding it in a number space.
No functional change intended.
This is done as a preparation to add support for ICMPv6 mesages
indicating a parameter problem related to the next header.
MFC r350028:
Add support for ICMPv6 messages indicating a parameter problem related
to an unrecognized next header.
Modified:
stable/11/usr.sbin/traceroute6/traceroute6.8
stable/11/usr.sbin/traceroute6/traceroute6.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/usr.sbin/traceroute6/traceroute6.8
==
--- stable/11/usr.sbin/traceroute6/traceroute6.8Wed May 6 22:07:48
2020(r360708)
+++ stable/11/usr.sbin/traceroute6/traceroute6.8Wed May 6 22:13:08
2020(r360709)
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 2, 2018
+.Dd July 16, 2019
.Dt TRACEROUTE6 8
.Os
.\"
@@ -172,6 +172,8 @@ Destination Unreachable - Administratively Prohibited.
Destination Unreachable - Not a Neighbour.
.It !A
Destination Unreachable - Address Unreachable.
+.It !H
+Parameter Problem - Unrecognized Next Header Type.
.It !\&
This is printed if the hop limit is <= 1 on a port unreachable message.
This means that the packet got to the destination,
Modified: stable/11/usr.sbin/traceroute6/traceroute6.c
==
--- stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:07:48
2020(r360708)
+++ stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:13:08
2020(r360709)
@@ -307,7 +307,7 @@ void*get_uphdr(struct ip6_hdr *, u_char *);
intget_hoplim(struct msghdr *);
double deltaT(struct timeval *, struct timeval *);
const char *pr_type(int);
-intpacket_ok(struct msghdr *, int, int);
+intpacket_ok(struct msghdr *, int, int, u_char *, u_char *);
void print(struct msghdr *, int);
const char *inetname(struct sockaddr *);
u_int32_t sctp_crc32c(void *, u_int32_t);
@@ -365,6 +365,7 @@ main(int argc, char *argv[])
struct hostent *hp;
size_t size, minlen;
uid_t uid;
+ u_char type, code;
/*
* Receive ICMP
@@ -935,7 +936,7 @@ main(int argc, char *argv[])
send_probe(++seq, hops);
while ((cc = wait_for_reply(rcvsock, ))) {
(void) gettimeofday(, NULL);
- if ((i = packet_ok(, cc, seq))) {
+ if (packet_ok(, cc, seq, , ))
{
if (!IN6_ARE_ADDR_EQUAL(_addr,
)) {
if (probe > 0)
@@ -944,29 +945,40 @@ main(int argc, char *argv[])
lastaddr = Rcv.sin6_addr;
}
printf(" %.3f ms", deltaT(, ));
- switch (i - 1) {
- case ICMP6_DST_UNREACH_NOROUTE:
- ++unreachable;
- printf(" !N");
- break;
- case ICMP6_DST_UNREACH_ADMIN:
- ++unreachable;
- printf(" !P");
- break;
- case ICMP6_DST_UNREACH_NOTNEIGHBOR:
- ++unreachable;
- printf(" !S");
- break;
- case ICMP6_DST_UNREACH_ADDR:
- ++unreachable;
- printf(" !A");
- break;
- case ICMP6_DST_UNREACH_NOPORT:
+ if (type == ICMP6_DST_UNREACH) {
+ switch (code) {
+ case ICMP6_DST_UNREACH_NOROUTE:
+ ++unreachable;
+ printf(" !N");
+ break;
+ case ICMP6_DST_UNREACH_ADMIN:
+
svn commit: r360708 - stable/11/usr.sbin/traceroute6
Author: tuexen
Date: Wed May 6 22:07:48 2020
New Revision: 360708
URL: https://svnweb.freebsd.org/changeset/base/360708
Log:
MFC r350026: Whitespace cleanup
Whitespace change. No functional change.
Modified:
stable/11/usr.sbin/traceroute6/traceroute6.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/usr.sbin/traceroute6/traceroute6.c
==
--- stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:05:29
2020(r360707)
+++ stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:07:48
2020(r360708)
@@ -1004,7 +1004,7 @@ wait_for_reply(int sock, struct msghdr *mhdr)
if (poll(pfd, 1, waittime * 1000) > 0)
cc = recvmsg(rcvsock, mhdr, 0);
- return(cc);
+ return (cc);
#else
fd_set *fdsp;
struct timeval wait;
@@ -1021,7 +1021,7 @@ wait_for_reply(int sock, struct msghdr *mhdr)
cc = recvmsg(rcvsock, mhdr, 0);
free(fdsp);
- return(cc);
+ return (cc);
#endif
}
@@ -1187,10 +1187,10 @@ get_hoplim(struct msghdr *mhdr)
if (cm->cmsg_level == IPPROTO_IPV6 &&
cm->cmsg_type == IPV6_HOPLIMIT &&
cm->cmsg_len == CMSG_LEN(sizeof(int)))
- return(*(int *)CMSG_DATA(cm));
+ return (*(int *)CMSG_DATA(cm));
}
- return(-1);
+ return (-1);
}
double
@@ -1301,7 +1301,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq)
strlcpy(hbuf, "invalid", sizeof(hbuf));
printf("data too short (%d bytes) from %s\n", cc, hbuf);
}
- return(0);
+ return (0);
}
icp = (struct icmp6_hdr *)buf;
#endif
@@ -1324,7 +1324,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq)
if (rcvpktinfo == NULL || hlimp == NULL) {
warnx("failed to get received hop limit or packet info");
#if 0
- return(0);
+ return (0);
#else
rcvhlim = 0;/*XXX*/
#endif
@@ -1348,7 +1348,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq)
if ((up = get_uphdr(hip, (u_char *)(buf + cc))) == NULL) {
if (verbose)
warnx("failed to get upper layer header");
- return(0);
+ return (0);
}
switch (useproto) {
case IPPROTO_ICMPV6:
@@ -1443,7 +1443,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq)
if (cc % WIDTH != 0)
printf("\n");
}
- return(0);
+ return (0);
}
/*
@@ -1457,7 +1457,7 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim)
static u_char none_hdr[1]; /* Fake pointer for IPPROTO_NONE. */
if (cp + sizeof(*ip6) > lim)
- return(NULL);
+ return (NULL);
nh = ip6->ip6_nxt;
cp += sizeof(struct ip6_hdr);
@@ -1465,15 +1465,15 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim)
while (lim - cp >= (nh == IPPROTO_NONE ? 0 : 8)) {
switch (nh) {
case IPPROTO_ESP:
- return(NULL);
+ return (NULL);
case IPPROTO_ICMPV6:
- return(useproto == nh ? cp : NULL);
+ return (useproto == nh ? cp : NULL);
case IPPROTO_SCTP:
case IPPROTO_TCP:
case IPPROTO_UDP:
- return(useproto == nh ? cp : NULL);
+ return (useproto == nh ? cp : NULL);
case IPPROTO_NONE:
- return(useproto == nh ? none_hdr : NULL);
+ return (useproto == nh ? none_hdr : NULL);
case IPPROTO_FRAGMENT:
hlen = sizeof(struct ip6_frag);
nh = ((struct ip6_frag *)cp)->ip6f_nxt;
@@ -1491,7 +1491,7 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim)
cp += hlen;
}
- return(NULL);
+ return (NULL);
}
void
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360707 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:05:29 2020
New Revision: 360707
URL: https://svnweb.freebsd.org/changeset/base/360707
Log:
MFC r34: Honor MSG_EOR and MSG_EOF in sendmsg() for SCTP sockets
Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.
This is an FreeBSD extension, not covered by Posix.
This issue was found by running syzkaller.
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==
--- stable/11/sys/netinet/sctp_output.c Wed May 6 22:02:01 2020
(r360706)
+++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:05:29 2020
(r360707)
@@ -12644,6 +12644,12 @@ sctp_lower_sosend(struct socket *so,
sinfo_flags = inp->def_send.sinfo_flags;
sinfo_assoc_id = inp->def_send.sinfo_assoc_id;
}
+ if (flags & MSG_EOR) {
+ sinfo_flags |= SCTP_EOR;
+ }
+ if (flags & MSG_EOF) {
+ sinfo_flags |= SCTP_EOF;
+ }
if (sinfo_flags & SCTP_SENDALL) {
/* its a sendall */
error = sctp_sendall(inp, uio, top, srcv);
@@ -12809,9 +12815,17 @@ sctp_lower_sosend(struct socket *so,
}
} else
asoc = >asoc;
- if (srcv == NULL)
+ if (srcv == NULL) {
srcv = (struct sctp_sndrcvinfo *)>def_send;
- if (srcv->sinfo_flags & SCTP_ADDR_OVER) {
+ sinfo_flags = srcv->sinfo_flags;
+ if (flags & MSG_EOR) {
+ sinfo_flags |= SCTP_EOR;
+ }
+ if (flags & MSG_EOF) {
+ sinfo_flags |= SCTP_EOF;
+ }
+ }
+ if (sinfo_flags & SCTP_ADDR_OVER) {
if (addr)
net = sctp_findnet(stcb, addr);
else
@@ -12918,7 +12932,7 @@ sctp_lower_sosend(struct socket *so,
(SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
(SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
(asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
- if (srcv->sinfo_flags & SCTP_ABORT) {
+ if (sinfo_flags & SCTP_ABORT) {
;
} else {
SCTP_LTRACE_ERR_RET(NULL, stcb, NULL,
SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
@@ -12931,7 +12945,7 @@ sctp_lower_sosend(struct socket *so,
p->td_ru.ru_msgsnd++;
}
/* Are we aborting? */
- if (srcv->sinfo_flags & SCTP_ABORT) {
+ if (sinfo_flags & SCTP_ABORT) {
struct mbuf *mm;
ssize_t tot_demand, tot_out = 0, max_out;
@@ -13135,7 +13149,7 @@ skip_preblock:
* case NOTE: uio will be null when top/mbuf is passed
*/
if (sndlen == 0) {
- if (srcv->sinfo_flags & SCTP_EOF) {
+ if (sinfo_flags & SCTP_EOF) {
got_all_of_the_send = 1;
goto dataless_eof;
} else {
@@ -13184,7 +13198,7 @@ skip_preblock:
}
sctp_snd_sb_alloc(stcb, sp->length);
atomic_add_int(>stream_queue_cnt, 1);
- if (srcv->sinfo_flags & SCTP_UNORDERED) {
+ if (sinfo_flags & SCTP_UNORDERED) {
SCTP_STAT_INCR(sctps_sends_with_unord);
}
TAILQ_INSERT_TAIL(>outqueue, sp, next);
@@ -13259,15 +13273,15 @@ skip_preblock:
sctp_snd_sb_alloc(stcb, sndout);
atomic_add_int(>length, sndout);
len += sndout;
- if (srcv->sinfo_flags & SCTP_SACK_IMMEDIATELY) {
+ if (sinfo_flags & SCTP_SACK_IMMEDIATELY) {
sp->sinfo_flags |=
SCTP_SACK_IMMEDIATELY;
}
/* Did we reach EOR? */
if ((uio->uio_resid == 0) &&
((user_marks_eor == 0) ||
- (srcv->sinfo_flags & SCTP_EOF) ||
- (user_marks_eor && (srcv->sinfo_flags &
SCTP_EOR {
+ (sinfo_flags & SCTP_EOF) ||
+ (user_marks_eor && (sinfo_flags &
SCTP_EOR {
sp->msg_is_complete = 1;
} else {
sp->msg_is_complete = 0;
@@ -13469,7 +13483,7 @@ skip_preblock:
/* We send in a 0, since we do NOT have any locks */
error = sctp_msg_append(stcb, net, top, srcv, 0);
top = NULL;
- if
svn commit: r360706 - stable/11/sys/netinet
Author: tuexen
Date: Wed May 6 22:02:01 2020
New Revision: 360706
URL: https://svnweb.freebsd.org/changeset/base/360706
Log:
MFC r349998: Improve SCTP socket state handling
Fix socket state handling when freeing an SCTP endpoint.
This issue was found by runing syzkaller.
Modified:
stable/11/sys/netinet/sctp_pcb.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_pcb.c
==
--- stable/11/sys/netinet/sctp_pcb.cWed May 6 21:59:58 2020
(r360705)
+++ stable/11/sys/netinet/sctp_pcb.cWed May 6 22:02:01 2020
(r360706)
@@ -4911,12 +4911,11 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc
inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
if (so) {
SOCK_LOCK(so);
- if (so->so_rcv.sb_cc == 0) {
- so->so_state &= ~(SS_ISCONNECTING |
- SS_ISDISCONNECTING |
- SS_ISCONFIRMING |
- SS_ISCONNECTED);
- }
+ so->so_state &= ~(SS_ISCONNECTING |
+ SS_ISDISCONNECTING |
+ SS_ISCONFIRMING |
+ SS_ISCONNECTED);
+ so->so_state |= SS_ISDISCONNECTED;
socantrcvmore_locked(so);
socantsendmore(so);
sctp_sowwakeup(inp, so);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360705 - stable/11/sys/kern
Author: tuexen
Date: Wed May 6 21:59:58 2020
New Revision: 360705
URL: https://svnweb.freebsd.org/changeset/base/360705
Log:
MFC r349989: Improve input validation for l_linger
When using the SOL_SOCKET level socket option SO_LINGER, the structure
struct linger is used as the option value. The component l_linger is of
type int, but internally copied to the field so_linger of the structure
struct socket. The type of so_linger is short, but it is assumed to be
non-negative and the value is used to compute ticks to be stored in a
variable of type int.
Therefore, perform input validation on l_linger similar to the one
performed by NetBSD and OpenBSD.
Thanks to syzkaller for making me aware of this issue.
Thanks to markj@ for pointing out that a similar check should be added
to so_linger_set().
Reviewed by: markj
Differential Revision:https://reviews.freebsd.org/D20948
Modified:
stable/11/sys/kern/uipc_socket.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/kern/uipc_socket.c
==
--- stable/11/sys/kern/uipc_socket.cWed May 6 19:58:37 2020
(r360704)
+++ stable/11/sys/kern/uipc_socket.cWed May 6 21:59:58 2020
(r360705)
@@ -2535,7 +2535,12 @@ sosetopt(struct socket *so, struct sockopt *sopt)
error = sooptcopyin(sopt, , sizeof l, sizeof l);
if (error)
goto bad;
-
+ if (l.l_linger < 0 ||
+ l.l_linger > USHRT_MAX ||
+ l.l_linger > (INT_MAX / hz)) {
+ error = EDOM;
+ goto bad;
+ }
SOCK_LOCK(so);
so->so_linger = l.l_linger;
if (l.l_onoff)
@@ -3701,6 +3706,9 @@ so_linger_get(const struct socket *so)
void
so_linger_set(struct socket *so, int val)
{
+
+ KASSERT(val >= 0 && val <= USHRT_MAX && val <= (INT_MAX / hz),
+ ("%s: val %d out of range", __func__, val));
so->so_linger = val;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360704 - stable/12/usr.sbin/binmiscctl
Author: mhorne Date: Wed May 6 19:58:37 2020 New Revision: 360704 URL: https://svnweb.freebsd.org/changeset/base/360704 Log: MFC r360519: Add RISC-V interpreter example Modified: stable/12/usr.sbin/binmiscctl/binmiscctl.8 Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/binmiscctl/binmiscctl.8 == --- stable/12/usr.sbin/binmiscctl/binmiscctl.8 Wed May 6 19:50:27 2020 (r360703) +++ stable/12/usr.sbin/binmiscctl/binmiscctl.8 Wed May 6 19:58:37 2020 (r360704) @@ -27,7 +27,7 @@ .\" .\" Support for miscellaneous binary image activators .\" -.Dd July 21, 2018 +.Dd April 30, 2020 .Dt BINMISCCTL 8 .Os .Sh NAME @@ -280,6 +280,17 @@ Add QEMU bsd-user program as an image activator for SP \ex00\ex00\ex00\ex00\ex00\ex00\ex00\ex02\ex00\ex2b" \e --mask "\exff\exff\exff\exff\exff\exff\exff\ex00\exff\exff\e \exff\exff\exff\exff\exff\exff\exff\exfe\exff\exff" \e + --size 20 --set-enabled +.Ed +.Pp +Add QEMU bsd-user program as an image activator for 64-bit RISC-V binaries: +.Bd -literal -offset indent +# binmiscctl add riscv64 \e + --interpreter "/usr/local/bin/qemu-riscv64-static" \e + --magic "\ex7f\ex45\ex4c\ex46\ex02\ex01\ex01\ex00\ex00\ex00\e + \ex00\ex00\ex00\ex00\ex00\ex00\ex02\ex00\exf3\ex00" \e + --mask "\exff\exff\exff\exff\exff\exff\exff\ex00\exff\exff\e + \exff\exff\exff\exff\exff\exff\exfe\exff\exff\exff" \e --size 20 --set-enabled .Ed .Ss "Create and use an ARMv6 chroot on an AMD64 host" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360703 - in stable/12/sys: arm/arm arm/include arm64/arm64 conf kern sys
Author: mhorne
Date: Wed May 6 19:50:27 2020
New Revision: 360703
URL: https://svnweb.freebsd.org/changeset/base/360703
Log:
MFC r360082:
Convert arm's physmem interface to MI code
Added:
stable/12/sys/kern/subr_physmem.c
- copied, changed from r360702, stable/12/sys/arm/arm/physmem.c
stable/12/sys/sys/physmem.h
- copied unchanged from r360082, head/sys/sys/physmem.h
Deleted:
stable/12/sys/arm/arm/physmem.c
stable/12/sys/arm/include/physmem.h
Modified:
stable/12/sys/arm/arm/machdep.c
stable/12/sys/arm/arm/machdep_boot.c
stable/12/sys/arm/arm/mp_machdep.c
stable/12/sys/arm/arm/pmap-v6.c
stable/12/sys/arm/include/md_var.h
stable/12/sys/arm64/arm64/machdep.c
stable/12/sys/arm64/arm64/pmap.c
stable/12/sys/conf/files.arm
stable/12/sys/conf/files.arm64
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/arm/arm/machdep.c
==
--- stable/12/sys/arm/arm/machdep.c Wed May 6 19:10:39 2020
(r360702)
+++ stable/12/sys/arm/arm/machdep.c Wed May 6 19:50:27 2020
(r360703)
@@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$");
#include
#include
#include
+#include
#include
#include
#include
@@ -82,7 +83,6 @@ __FBSDID("$FreeBSD$");
#include
#include
#include
-#include
#include
#include
#include
@@ -122,6 +122,9 @@ uint32_t cpu_reset_address = 0;
int cold = 1;
vm_offset_t vector_page;
+/* The address at which the kernel was loaded. Set early in initarm(). */
+vm_paddr_t arm_physmem_kernaddr;
+
int (*_arm_memcpy)(void *, void *, int, int) = NULL;
int (*_arm_bzero)(void *, int, int) = NULL;
int _min_memcpy_size = 0;
@@ -159,7 +162,6 @@ static void *delay_arg;
#endif
struct kva_md_info kmi;
-
/*
* arm32_vector_init:
*
@@ -236,7 +238,7 @@ cpu_startup(void *dummy)
(uintmax_t)arm32_ptob(vm_free_count()),
(uintmax_t)arm32_ptob(vm_free_count()) / mbyte);
if (bootverbose) {
- arm_physmem_print_tables();
+ physmem_print_tables();
devmap_print_table();
}
@@ -868,11 +870,11 @@ initarm(struct arm_boot_params *abp)
/* Grab physical memory regions information from device tree. */
if (fdt_get_mem_regions(mem_regions, _regions_sz, ) != 0)
panic("Cannot get physical memory regions");
- arm_physmem_hardware_regions(mem_regions, mem_regions_sz);
+ physmem_hardware_regions(mem_regions, mem_regions_sz);
/* Grab reserved memory regions information from device tree. */
if (fdt_get_reserved_regions(mem_regions, _regions_sz) == 0)
- arm_physmem_exclude_regions(mem_regions, mem_regions_sz,
+ physmem_exclude_regions(mem_regions, mem_regions_sz,
EXFLAG_NODUMP | EXFLAG_NOALLOC);
/* Platform-specific initialisation */
@@ -1079,9 +1081,9 @@ initarm(struct arm_boot_params *abp)
*
* Prepare the list of physical memory available to the vm subsystem.
*/
- arm_physmem_exclude_region(abp->abp_physaddr,
+ physmem_exclude_region(abp->abp_physaddr,
(virtual_avail - KERNVIRTADDR), EXFLAG_NOALLOC);
- arm_physmem_init_kernel_globals();
+ physmem_init_kernel_globals();
init_param2(physmem);
dbg_monitor_init();
@@ -1147,11 +1149,11 @@ initarm(struct arm_boot_params *abp)
if (fdt_get_mem_regions(mem_regions, _regions_sz,NULL) != 0)
panic("Cannot get physical memory regions");
}
- arm_physmem_hardware_regions(mem_regions, mem_regions_sz);
+ physmem_hardware_regions(mem_regions, mem_regions_sz);
/* Grab reserved memory regions information from device tree. */
if (fdt_get_reserved_regions(mem_regions, _regions_sz) == 0)
- arm_physmem_exclude_regions(mem_regions, mem_regions_sz,
+ physmem_exclude_regions(mem_regions, mem_regions_sz,
EXFLAG_NODUMP | EXFLAG_NOALLOC);
/*
@@ -1286,9 +1288,9 @@ initarm(struct arm_boot_params *abp)
*
* Prepare the list of physical memory available to the vm subsystem.
*/
- arm_physmem_exclude_region(abp->abp_physaddr,
+ physmem_exclude_region(abp->abp_physaddr,
pmap_preboot_get_pages(0) - abp->abp_physaddr, EXFLAG_NOALLOC);
- arm_physmem_init_kernel_globals();
+ physmem_init_kernel_globals();
init_param2(physmem);
/* Init message buffer. */
Modified: stable/12/sys/arm/arm/machdep_boot.c
==
--- stable/12/sys/arm/arm/machdep_boot.cWed May 6 19:10:39 2020
(r360702)
+++ stable/12/sys/arm/arm/machdep_boot.cWed May 6 19:50:27 2020
(r360703)
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
#include
#include
#include
+#include
#include
#include
svn commit: r360702 - in head/contrib/llvm-project/clang: include/clang/Driver lib/CodeGen lib/Driver/ToolChains lib/Frontend
Author: dim
Date: Wed May 6 19:10:39 2020
New Revision: 360702
URL: https://svnweb.freebsd.org/changeset/base/360702
Log:
Merge commit 4ca2cad94 from llvm git (by Justin Hibbits):
[PowerPC] Add clang -msvr4-struct-return for 32-bit ELF
Summary:
Change the default ABI to be compatible with GCC. For 32-bit ELF
targets other than Linux, Clang now returns small structs in
registers r3/r4. This affects FreeBSD, NetBSD, OpenBSD. There is no
change for 32-bit Linux, where Clang continues to return all structs
in memory.
Add clang options -maix-struct-return (to return structs in memory)
and -msvr4-struct-return (to return structs in registers) to be
compatible with gcc. These options are only for PPC32; reject them on
PPC64 and other targets. The options are like -fpcc-struct-return and
-freg-struct-return for X86_32, and use similar code.
To actually return a struct in registers, coerce it to an integer of
the same size. LLVM may optimize the code to remove unnecessary
accesses to memory, and will return i32 in r3 or i64 in r3:r4.
Fixes PR#40736
Patch by George Koehler!
Reviewed By: jhibbits, nemanjai
Differential Revision: https://reviews.llvm.org/D73290
Requested by: jhibbits
MFC after:3 days
Modified:
head/contrib/llvm-project/clang/include/clang/Driver/Options.td
head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp
head/contrib/llvm-project/clang/lib/Driver/ToolChains/Clang.cpp
head/contrib/llvm-project/clang/lib/Frontend/CompilerInvocation.cpp
Modified: head/contrib/llvm-project/clang/include/clang/Driver/Options.td
==
--- head/contrib/llvm-project/clang/include/clang/Driver/Options.td Wed May
6 18:43:27 2020(r360701)
+++ head/contrib/llvm-project/clang/include/clang/Driver/Options.td Wed May
6 19:10:39 2020(r360702)
@@ -2439,6 +2439,12 @@ def mlongcall: Flag<["-"], "mlongcall">,
Group;
def mno_longcall : Flag<["-"], "mno-longcall">,
Group;
+def maix_struct_return : Flag<["-"], "maix-struct-return">,
+ Group, Flags<[CC1Option]>,
+ HelpText<"Return all structs in memory (PPC32 only)">;
+def msvr4_struct_return : Flag<["-"], "msvr4-struct-return">,
+ Group, Flags<[CC1Option]>,
+ HelpText<"Return small structs in registers (PPC32 only)">;
def mvx : Flag<["-"], "mvx">, Group;
def mno_vx : Flag<["-"], "mno-vx">, Group;
Modified: head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp
==
--- head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp Wed May 6
18:43:27 2020(r360701)
+++ head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp Wed May 6
19:10:39 2020(r360702)
@@ -4123,22 +4123,39 @@ namespace {
/// PPC32_SVR4_ABIInfo - The 32-bit PowerPC ELF (SVR4) ABI information.
class PPC32_SVR4_ABIInfo : public DefaultABIInfo {
bool IsSoftFloatABI;
+ bool IsRetSmallStructInRegABI;
CharUnits getParamTypeAlignment(QualType Ty) const;
public:
- PPC32_SVR4_ABIInfo(CodeGen::CodeGenTypes , bool SoftFloatABI)
- : DefaultABIInfo(CGT), IsSoftFloatABI(SoftFloatABI) {}
+ PPC32_SVR4_ABIInfo(CodeGen::CodeGenTypes , bool SoftFloatABI,
+ bool RetSmallStructInRegABI)
+ : DefaultABIInfo(CGT), IsSoftFloatABI(SoftFloatABI),
+IsRetSmallStructInRegABI(RetSmallStructInRegABI) {}
+ ABIArgInfo classifyReturnType(QualType RetTy) const;
+
+ void computeInfo(CGFunctionInfo ) const override {
+if (!getCXXABI().classifyReturnType(FI))
+ FI.getReturnInfo() = classifyReturnType(FI.getReturnType());
+for (auto : FI.arguments())
+ I.info = classifyArgumentType(I.type);
+ }
+
Address EmitVAArg(CodeGenFunction , Address VAListAddr,
QualType Ty) const override;
};
class PPC32TargetCodeGenInfo : public TargetCodeGenInfo {
public:
- PPC32TargetCodeGenInfo(CodeGenTypes , bool SoftFloatABI)
- : TargetCodeGenInfo(new PPC32_SVR4_ABIInfo(CGT, SoftFloatABI)) {}
+ PPC32TargetCodeGenInfo(CodeGenTypes , bool SoftFloatABI,
+ bool RetSmallStructInRegABI)
+ : TargetCodeGenInfo(new PPC32_SVR4_ABIInfo(CGT, SoftFloatABI,
+ RetSmallStructInRegABI)) {}
+ static bool isStructReturnInRegABI(const llvm::Triple ,
+ const CodeGenOptions );
+
int getDwarfEHStackPointer(CodeGen::CodeGenModule ) const override {
// This is recovered from gcc output.
return 1; // r1 is the dedicated stack pointer
@@ -4173,6 +4190,34 @@ CharUnits PPC32_SVR4_ABIInfo::getParamTypeAlignment(Qu
return CharUnits::fromQuantity(4);
}
+ABIArgInfo PPC32_SVR4_ABIInfo::classifyReturnType(QualType RetTy) const {
+ uint64_t Size;
+
+ // -msvr4-struct-return puts small aggregates in GPR3 and GPR4.
+ if
svn commit: r360701 - head/share/man/man5
Author: emaste Date: Wed May 6 18:43:27 2020 New Revision: 360701 URL: https://svnweb.freebsd.org/changeset/base/360701 Log: src.conf.5: regen after objdump removal Modified: head/share/man/man5/src.conf.5 Modified: head/share/man/man5/src.conf.5 == --- head/share/man/man5/src.conf.5 Wed May 6 18:40:52 2020 (r360700) +++ head/share/man/man5/src.conf.5 Wed May 6 18:43:27 2020 (r360701) @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd May 4, 2020 +.Dd May 6, 2020 .Dt SRC.CONF 5 .Os .Sh NAME @@ -184,23 +184,19 @@ flag set to indicate that the run-time loader should p processing at process startup rather than on demand. .It Va WITHOUT_BINUTILS Do not build or install GNU -.Xr as 1 and -.Xr objdump 1 +.Xr as 1 as part of the normal system build. .Pp This is a default setting on -arm64/aarch64, riscv/riscv64 and riscv/riscv64sf. +arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_BINUTILS Build and install GNU .Xr as 1 -on i386 and amd64, -and -.Xr objdump 1 as part of the normal system build. .Pp This is a default setting on -amd64/amd64, arm/armv6, arm/armv7, i386/i386, mips/mips, mips/mips64, powerpc/powerpc and powerpc/powerpc64. +amd64/amd64 and i386/i386. .It Va WITHOUT_BINUTILS_BOOTSTRAP Do not build GNU binutils as part of the bootstrap process. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360700 - head/share/mk
Author: emaste
Date: Wed May 6 18:40:52 2020
New Revision: 360700
URL: https://svnweb.freebsd.org/changeset/base/360700
Log:
src.opts.mk: with BINUTILS limited to as it is used on i386 and amd64 only
Modified:
head/share/mk/src.opts.mk
Modified: head/share/mk/src.opts.mk
==
--- head/share/mk/src.opts.mk Wed May 6 18:39:55 2020(r360699)
+++ head/share/mk/src.opts.mk Wed May 6 18:40:52 2020(r360700)
@@ -62,7 +62,6 @@ __DEFAULT_YES_OPTIONS = \
AUTHPF \
AUTOFS \
BHYVE \
-BINUTILS \
BLACKLIST \
BLUETOOTH \
BOOT \
@@ -292,9 +291,9 @@ __DEFAULT_NO_OPTIONS+=LLVM_TARGET_BPF
BROKEN_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP GDB
.endif
.if ${__T} == "amd64" || ${__T} == "i386"
-__DEFAULT_YES_OPTIONS+=BINUTILS_BOOTSTRAP
+__DEFAULT_YES_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP
.else
-__DEFAULT_NO_OPTIONS+=BINUTILS_BOOTSTRAP
+__DEFAULT_NO_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP
.endif
.if ${__T:Mriscv*} != ""
BROKEN_OPTIONS+=OFED
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360699 - head/tools/build/options
Author: emaste Date: Wed May 6 18:39:55 2020 New Revision: 360699 URL: https://svnweb.freebsd.org/changeset/base/360699 Log: update WITH_/WITHOUT_BINUTILS descriptions for objdump removal Modified: head/tools/build/options/WITHOUT_BINUTILS head/tools/build/options/WITH_BINUTILS Modified: head/tools/build/options/WITHOUT_BINUTILS == --- head/tools/build/options/WITHOUT_BINUTILS Wed May 6 18:38:40 2020 (r360698) +++ head/tools/build/options/WITHOUT_BINUTILS Wed May 6 18:39:55 2020 (r360699) @@ -1,6 +1,5 @@ .\" $FreeBSD$ Do not build or install GNU -.Xr as 1 and -.Xr objdump 1 +.Xr as 1 as part of the normal system build. Modified: head/tools/build/options/WITH_BINUTILS == --- head/tools/build/options/WITH_BINUTILS Wed May 6 18:38:40 2020 (r360698) +++ head/tools/build/options/WITH_BINUTILS Wed May 6 18:39:55 2020 (r360699) @@ -1,7 +1,4 @@ .\" $FreeBSD$ Build and install GNU .Xr as 1 -on i386 and amd64, -and -.Xr objdump 1 as part of the normal system build. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360698 - in head: . gnu/usr.bin/binutils
Author: emaste
Date: Wed May 6 18:38:40 2020
New Revision: 360698
URL: https://svnweb.freebsd.org/changeset/base/360698
Log:
binutils: disconnect objdump from the build
The in-tree binutils is old and will not be updated. It does not support
all archs supported by FreeBSD, and for the archs it does support not all
CPU features are supported.
Other tools have migrated to copyfree alternatives. Although llvm-objdump
is nearly a drop-in replacement for GNU objdump it is missing a few options
and has some differences in output format. For now just remove GNU objdump;
ports and developers can use a contemporary, maintained version from ports
or packages. We can revisit installing llvm-objdump as objdump in the
future.
PR: 212319 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision:https://reviews.freebsd.org/D7338
Modified:
head/ObsoleteFiles.inc
head/gnu/usr.bin/binutils/Makefile
Modified: head/ObsoleteFiles.inc
==
--- head/ObsoleteFiles.inc Wed May 6 18:13:00 2020(r360697)
+++ head/ObsoleteFiles.inc Wed May 6 18:38:40 2020(r360698)
@@ -36,6 +36,10 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20200506: GNU objdump 2.17.50 retired
+OLD_FILES+=usr/bin/objdump
+OLD_FILES+=usr/share/man/man1/objdump.1.gz
+
# 20200418: Make libauditd private
OLD_FILES+=usr/lib/libauditd.a
OLD_FILES+=usr/lib/libauditd.so
Modified: head/gnu/usr.bin/binutils/Makefile
==
--- head/gnu/usr.bin/binutils/Makefile Wed May 6 18:13:00 2020
(r360697)
+++ head/gnu/usr.bin/binutils/Makefile Wed May 6 18:38:40 2020
(r360698)
@@ -7,8 +7,6 @@ SUBDIR= libiberty \
libopcodes
SUBDIR.${MK_BINUTILS}+=doc
-SUBDIR.${MK_BINUTILS}+=libbinutils
-SUBDIR.${MK_BINUTILS}+=objdump
# GNU as is used on x86 only, for a few files that cannot be assembled by
# Clang IAS. Other archs either use Clang IAS for every assembly file, or
@@ -17,9 +15,7 @@ SUBDIR.${MK_BINUTILS}+= objdump
SUBDIR.${MK_BINUTILS}+=as
.endif
-SUBDIR_DEPEND_libbinutils=libbfd # for bfdver.h
SUBDIR_DEPEND_as=libbfd libiberty libopcodes
-SUBDIR_DEPEND_objdump=libbfd libiberty libbinutils libopcodes
.if !make(install)
SUBDIR_PARALLEL=
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360697 - head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc
Author: dim
Date: Wed May 6 18:13:00 2020
New Revision: 360697
URL: https://svnweb.freebsd.org/changeset/base/360697
Log:
In r358396 I merged llvm upstream commit 2e24219d3, which fixed "error:
unsupported relocation on symbol" when assembling arm 'adr' pseudo
instructions. However, the upstream commit did not take big-endian arm
into account.
Applying the same changes to the big-endian handling is straightforward,
thanks to Andrew Turner and Peter Smith for the hint. This will also be
submitted upstream.
MFC after:immediately, since this fix is meant for stable/11
Modified:
head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
Modified:
head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
==
---
head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
Wed May 6 17:44:17 2020(r360696)
+++
head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
Wed May 6 18:13:00 2020(r360697)
@@ -116,26 +116,22 @@ const MCFixupKindInfo ::getFixupKindInfo
// ARMFixupKinds.h.
//
// Name Offset (bits) Size (bits) Flags
- {"fixup_arm_ldst_pcrel_12", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
+ {"fixup_arm_ldst_pcrel_12", 0, 32, IsPCRelConstant},
{"fixup_t2_ldst_pcrel_12", 0, 32,
- MCFixupKindInfo::FKF_IsPCRel |
- MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
- {"fixup_arm_pcrel_10_unscaled", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
- {"fixup_arm_pcrel_10", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
+ IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
+ {"fixup_arm_pcrel_10_unscaled", 0, 32, IsPCRelConstant},
+ {"fixup_arm_pcrel_10", 0, 32, IsPCRelConstant},
{"fixup_t2_pcrel_10", 0, 32,
MCFixupKindInfo::FKF_IsPCRel |
MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
{"fixup_arm_pcrel_9", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
{"fixup_t2_pcrel_9", 0, 32,
- MCFixupKindInfo::FKF_IsPCRel |
- MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
+ IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
{"fixup_thumb_adr_pcrel_10", 8, 8,
- MCFixupKindInfo::FKF_IsPCRel |
- MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
- {"fixup_arm_adr_pcrel_12", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
+ IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
+ {"fixup_arm_adr_pcrel_12", 0, 32, IsPCRelConstant},
{"fixup_t2_adr_pcrel_12", 0, 32,
- MCFixupKindInfo::FKF_IsPCRel |
- MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
+ IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits},
{"fixup_arm_condbranch", 8, 24, MCFixupKindInfo::FKF_IsPCRel},
{"fixup_arm_uncondbranch", 8, 24, MCFixupKindInfo::FKF_IsPCRel},
{"fixup_t2_condbranch", 0, 32, MCFixupKindInfo::FKF_IsPCRel},
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360696 - stable/11/sys/dev/urtwn
Author: dim
Date: Wed May 6 17:44:17 2020
New Revision: 360696
URL: https://svnweb.freebsd.org/changeset/base/360696
Log:
Fix misleading indentation warning:
sys/dev/urtwn/if_urtwn.c:4183:4: error: misleading indentation; statement is
not part of the previous 'for' [-Werror,-Wmisleading-indentation]
if (error != USB_ERR_NORMAL_COMPLETION)
^
sys/dev/urtwn/if_urtwn.c:4180:3: note: previous statement is here
for (i = 0; i < nitems(rtl8192cu_mac); i++)
^
Direct commit to stable/11, since urtwn(4) has been merged into rtwn(4)
in FreeBSD 12 and later (and this code is not in rtwn).
Modified:
stable/11/sys/dev/urtwn/if_urtwn.c
Modified: stable/11/sys/dev/urtwn/if_urtwn.c
==
--- stable/11/sys/dev/urtwn/if_urtwn.c Wed May 6 17:42:36 2020
(r360695)
+++ stable/11/sys/dev/urtwn/if_urtwn.c Wed May 6 17:44:17 2020
(r360696)
@@ -4177,11 +4177,12 @@ urtwn_mac_init(struct urtwn_softc *sc)
}
urtwn_write_1(sc, R92C_MAX_AGGR_NUM, 0x07);
} else {
- for (i = 0; i < nitems(rtl8192cu_mac); i++)
+ for (i = 0; i < nitems(rtl8192cu_mac); i++) {
error = urtwn_write_1(sc, rtl8192cu_mac[i].reg,
rtl8192cu_mac[i].val);
if (error != USB_ERR_NORMAL_COMPLETION)
return (EIO);
+ }
}
return (0);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360695 - stable/11/sys/mips/mips
Author: brooks
Date: Wed May 6 17:42:36 2020
New Revision: 360695
URL: https://svnweb.freebsd.org/changeset/base/360695
Log:
MFC r359974:
Don't directly access userspace memory.
Rather then using the racy useracc() followed by direct access to
userspace memory, perform a copyin() and use the result if it succeeds.
Reviewed by: jhb
Sponsored by: DARPA
Differential Revision:https://reviews.freebsd.org/D24410
Modified:
stable/11/sys/mips/mips/trap.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/mips/mips/trap.c
==
--- stable/11/sys/mips/mips/trap.c Wed May 6 17:35:42 2020
(r360694)
+++ stable/11/sys/mips/mips/trap.c Wed May 6 17:42:36 2020
(r360695)
@@ -1443,7 +1443,7 @@ log_illegal_instruction(const char *msg, struct trapfr
{
pt_entry_t *ptep;
pd_entry_t *pdep;
- unsigned int *addr;
+ unsigned int *addr, instr[4];
struct thread *td;
struct proc *p;
register_t pc;
@@ -1470,17 +1470,16 @@ log_illegal_instruction(const char *msg, struct trapfr
* Dump a few words around faulting instruction, if the addres is
* valid.
*/
- if (!(pc & 3) &&
- useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) {
+ addr = (unsigned int *)(intptr_t)pc;
+ if ((pc & 3) == 0 && copyin(addr, instr, sizeof(instr)) == 0) {
/* dump page table entry for faulting instruction */
log(LOG_ERR, "Page table info for pc address %#jx: pde = %p,
pte = %#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
- addr = (unsigned int *)(intptr_t)pc;
log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n",
addr);
log(LOG_ERR, "%08x %08x %08x %08x\n",
- addr[0], addr[1], addr[2], addr[3]);
+ instr[0], instr[1], instr[2], instr[3]);
} else {
log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte =
%#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
@@ -1492,7 +1491,7 @@ log_bad_page_fault(char *msg, struct trapframe *frame,
{
pt_entry_t *ptep;
pd_entry_t *pdep;
- unsigned int *addr;
+ unsigned int *addr, instr[4];
struct thread *td;
struct proc *p;
char *read_or_write;
@@ -1540,18 +1539,18 @@ log_bad_page_fault(char *msg, struct trapframe *frame,
* Dump a few words around faulting instruction, if the addres is
* valid.
*/
- if (!(pc & 3) && (pc != frame->badvaddr) &&
- (trap_type != T_BUS_ERR_IFETCH) &&
- useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) {
+ addr = (unsigned int *)(intptr_t)pc;
+ if ((pc & 3) == 0 && pc != frame->badvaddr &&
+ trap_type != T_BUS_ERR_IFETCH &&
+ copyin((caddr_t)(intptr_t)pc, instr, sizeof(instr)) == 0) {
/* dump page table entry for faulting instruction */
log(LOG_ERR, "Page table info for pc address %#jx: pde = %p,
pte = %#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
- addr = (unsigned int *)(intptr_t)pc;
log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n",
addr);
log(LOG_ERR, "%08x %08x %08x %08x\n",
- addr[0], addr[1], addr[2], addr[3]);
+ instr[0], instr[1], instr[2], instr[3]);
} else {
log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte =
%#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360694 - stable/11/sys/dev/nxge/xgehal
Author: dim Date: Wed May 6 17:35:42 2020 New Revision: 360694 URL: https://svnweb.freebsd.org/changeset/base/360694 Log: Fix misleading indentation warning: sys/dev/nxge/xgehal/xgehal-mgmt.c:1743:6: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] addr = 0xA074; ^ sys/dev/nxge/xgehal/xgehal-mgmt.c:1736:2: note: previous statement is here if(CHECKBIT(val_1, 0x0)) ^ Direct commit to stable/11, since nxge(4) has been removed from FreeBSD 12 and later. Modified: stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Modified: stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c == --- stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Wed May 6 17:12:26 2020 (r360693) +++ stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Wed May 6 17:35:42 2020 (r360694) @@ -1740,9 +1740,9 @@ void __hal_updt_stats_xpak(xge_hal_device_t *hldev) /* * Reading the warning flags */ - addr = 0xA074; - val_1 = 0x0; - val_1 = xge_hal_mdio_read(hldev, XGE_HAL_MDIO_MMD_PMA_DEV_ADDR, addr); + addr = 0xA074; + val_1 = 0x0; + val_1 = xge_hal_mdio_read(hldev, XGE_HAL_MDIO_MMD_PMA_DEV_ADDR, addr); if(CHECKBIT(val_1, 0x7)) hldev->stats.sw_dev_err_stats.stats_xpak. warn_transceiver_temp_high++; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360693 - stable/12/sys/mips/mips
Author: brooks
Date: Wed May 6 17:12:26 2020
New Revision: 360693
URL: https://svnweb.freebsd.org/changeset/base/360693
Log:
MFC r359974:
Don't directly access userspace memory.
Rather then using the racy useracc() followed by direct access to
userspace memory, perform a copyin() and use the result if it succeeds.
Reviewed by: jhb
Sponsored by: DARPA
Differential Revision:https://reviews.freebsd.org/D24410
Modified:
stable/12/sys/mips/mips/trap.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/mips/mips/trap.c
==
--- stable/12/sys/mips/mips/trap.c Wed May 6 15:24:31 2020
(r360692)
+++ stable/12/sys/mips/mips/trap.c Wed May 6 17:12:26 2020
(r360693)
@@ -1404,7 +1404,7 @@ log_illegal_instruction(const char *msg, struct trapfr
{
pt_entry_t *ptep;
pd_entry_t *pdep;
- unsigned int *addr;
+ unsigned int *addr, instr[4];
struct thread *td;
struct proc *p;
register_t pc;
@@ -1431,17 +1431,16 @@ log_illegal_instruction(const char *msg, struct trapfr
* Dump a few words around faulting instruction, if the addres is
* valid.
*/
- if (!(pc & 3) &&
- useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) {
+ addr = (unsigned int *)(intptr_t)pc;
+ if ((pc & 3) == 0 && copyin(addr, instr, sizeof(instr)) == 0) {
/* dump page table entry for faulting instruction */
log(LOG_ERR, "Page table info for pc address %#jx: pde = %p,
pte = %#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
- addr = (unsigned int *)(intptr_t)pc;
log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n",
addr);
log(LOG_ERR, "%08x %08x %08x %08x\n",
- addr[0], addr[1], addr[2], addr[3]);
+ instr[0], instr[1], instr[2], instr[3]);
} else {
log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte =
%#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
@@ -1453,7 +1452,7 @@ log_bad_page_fault(char *msg, struct trapframe *frame,
{
pt_entry_t *ptep;
pd_entry_t *pdep;
- unsigned int *addr;
+ unsigned int *addr, instr[4];
struct thread *td;
struct proc *p;
char *read_or_write;
@@ -1501,18 +1500,18 @@ log_bad_page_fault(char *msg, struct trapframe *frame,
* Dump a few words around faulting instruction, if the addres is
* valid.
*/
- if (!(pc & 3) && (pc != frame->badvaddr) &&
- (trap_type != T_BUS_ERR_IFETCH) &&
- useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) {
+ addr = (unsigned int *)(intptr_t)pc;
+ if ((pc & 3) == 0 && pc != frame->badvaddr &&
+ trap_type != T_BUS_ERR_IFETCH &&
+ copyin((caddr_t)(intptr_t)pc, instr, sizeof(instr)) == 0) {
/* dump page table entry for faulting instruction */
log(LOG_ERR, "Page table info for pc address %#jx: pde = %p,
pte = %#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
- addr = (unsigned int *)(intptr_t)pc;
log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n",
addr);
log(LOG_ERR, "%08x %08x %08x %08x\n",
- addr[0], addr[1], addr[2], addr[3]);
+ instr[0], instr[1], instr[2], instr[3]);
} else {
log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte =
%#jx\n",
(intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ?
*ptep : 0));
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360692 - head/sys/dev/usb
Author: avg
Date: Wed May 6 15:24:31 2020
New Revision: 360692
URL: https://svnweb.freebsd.org/changeset/base/360692
Log:
usbhid: add several missing usages from Digitizer page
This is applicable to HID in general, not just USB HID.
Inspired by: wulf
MFC after:1 week
Modified:
head/sys/dev/usb/usbhid.h
Modified: head/sys/dev/usb/usbhid.h
==
--- head/sys/dev/usb/usbhid.h Wed May 6 15:10:05 2020(r360691)
+++ head/sys/dev/usb/usbhid.h Wed May 6 15:24:31 2020(r360692)
@@ -174,7 +174,10 @@ struct usb_hid_descriptor {
#defineHUD_CONTACTCOUNT0x0054
#defineHUD_CONTACT_MAX 0x0055
#defineHUD_SCAN_TIME 0x0056
+#defineHUD_SURFACE_SWITCH 0x0057
+#defineHUD_BUTTONS_SWITCH 0x0058
#defineHUD_BUTTON_TYPE 0x0059
+#defineHUD_LATENCY_MODE0x0060
/* Usages, Consumer */
#defineHUC_AC_PAN 0x0238
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360691 - head/sys/arm/arm
Author: markj
Date: Wed May 6 15:10:05 2020
New Revision: 360691
URL: https://svnweb.freebsd.org/changeset/base/360691
Log:
arm: Don't enable interrupts in init_secondary().
This has the same reasoning as described in r357048.
Remove a stray declaration while here.
Reported and tested by: trasz
MFC after:1 week
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/arm/arm/mp_machdep.c
Modified: head/sys/arm/arm/mp_machdep.c
==
--- head/sys/arm/arm/mp_machdep.c Wed May 6 15:01:06 2020
(r360690)
+++ head/sys/arm/arm/mp_machdep.c Wed May 6 15:10:05 2020
(r360691)
@@ -138,7 +138,6 @@ cpu_mp_announce(void)
}
-extern vm_paddr_t pmap_pa;
void
init_secondary(int cpu)
{
@@ -202,8 +201,6 @@ init_secondary(int cpu)
}
mtx_unlock_spin(_boot_mtx);
-
- enable_interrupts(PSR_I);
loop_counter = 0;
while (smp_started == 0) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360690 - head/sys/arm64/arm64
Author: markj
Date: Wed May 6 15:01:06 2020
New Revision: 360690
URL: https://svnweb.freebsd.org/changeset/base/360690
Log:
Simplify arm64's pmap_bootstrap() a bit.
locore constructs an L2 page mapping the kernel and preloaded data
starting a KERNBASE (the same as VM_MIN_KERNEL_ADDRESS on arm64).
initarm() and pmap_bootstrap() use the preloaded metadata to
tell it where it can start allocating from.
pmap_bootstrap() currently iterates over the L2 page to find the last
valid entry, but doesn't do anything with the result. Remove the loop
and zap some now-unused local variables.
MFC after:2 weeks
Sponsored by: Juniper Networks, Klara Inc.
Differential Revision:https://reviews.freebsd.org/D24559
Modified:
head/sys/arm64/arm64/pmap.c
Modified: head/sys/arm64/arm64/pmap.c
==
--- head/sys/arm64/arm64/pmap.c Wed May 6 11:40:32 2020(r360689)
+++ head/sys/arm64/arm64/pmap.c Wed May 6 15:01:06 2020(r360690)
@@ -831,9 +831,7 @@ void
pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
vm_size_t kernlen)
{
- u_int l1_slot, l2_slot;
- pt_entry_t *l2;
- vm_offset_t va, freemempos;
+ vm_offset_t freemempos;
vm_offset_t dpcpu, msgbufpv;
vm_paddr_t start_pa, pa, min_pa;
uint64_t kern_delta;
@@ -867,7 +865,7 @@ pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_
* Find the minimum physical address. physmap is sorted,
* but may contain empty ranges.
*/
- for (i = 0; i < (physmap_idx * 2); i += 2) {
+ for (i = 0; i < physmap_idx * 2; i += 2) {
if (physmap[i] == physmap[i + 1])
continue;
if (physmap[i] <= min_pa)
@@ -880,38 +878,14 @@ pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_
/* Create a direct map region early so we can use it for pa -> va */
freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos);
- va = KERNBASE;
start_pa = pa = KERNBASE - kern_delta;
/*
-* Read the page table to find out what is already mapped.
-* This assumes we have mapped a block of memory from KERNBASE
-* using a single L1 entry.
+* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS. We assume that the
+* loader allocated the first and only l2 page table page used to map
+* the kernel, preloaded files and module metadata.
*/
- l2 = pmap_early_page_idx(l1pt, KERNBASE, _slot, _slot);
-
- /* Sanity check the index, KERNBASE should be the first VA */
- KASSERT(l2_slot == 0, ("The L2 index is non-zero"));
-
- /* Find how many pages we have mapped */
- for (; l2_slot < Ln_ENTRIES; l2_slot++) {
- if ((l2[l2_slot] & ATTR_DESCR_MASK) == 0)
- break;
-
- /* Check locore used L2 blocks */
- KASSERT((l2[l2_slot] & ATTR_DESCR_MASK) == L2_BLOCK,
- ("Invalid bootstrap L2 table"));
- KASSERT((l2[l2_slot] & ~ATTR_MASK) == pa,
- ("Incorrect PA in L2 table"));
-
- va += L2_SIZE;
- pa += L2_SIZE;
- }
-
- va = roundup2(va, L1_SIZE);
-
- /* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS */
- freemempos = pmap_bootstrap_l2(l1pt, va, freemempos);
+ freemempos = pmap_bootstrap_l2(l1pt, KERNBASE + L1_SIZE, freemempos);
/* And the l3 tables for the early devmap */
freemempos = pmap_bootstrap_l3(l1pt,
VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE), freemempos);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360648 - in head: lib/libvmmapi share/man/man5 share/mk sys/amd64/include sys/amd64/vmm sys/amd64/vmm/amd sys/amd64/vmm/intel sys/amd64/vmm/io sys/conf sys/modules/vmm tools/build/opt
On 5/5/20 7:20 PM, Li-Wen Hsu wrote: > On Tue, May 5, 2020 at 8:02 AM John Baldwin wrote: >> >> Author: jhb >> Date: Tue May 5 00:02:04 2020 >> New Revision: 360648 >> URL: https://svnweb.freebsd.org/changeset/base/360648 > ... >> Added: >> head/sys/amd64/include/vmm_snapshot.h (contents, props changed) >> head/sys/amd64/vmm/vmm_snapshot.c (contents, props changed) >> head/tools/build/options/WITH_BHYVE_SNAPSHOT (contents, props changed) >> head/usr.sbin/bhyve/snapshot.c (contents, props changed) >> head/usr.sbin/bhyve/snapshot.h (contents, props changed) > > These added files all have "THIS SOFTWARE IS PROVIDED BY NETAPP, INC" > in copyright header, but non of the authors look like from NetApp. Is > it intended or it's better to have "THIS SOFTWARE IS PROVIDED BY THE > AUTHOR AND CONTRIBUTORS"? They probably should have the latter, I will check this with the authors. -- John Baldwin ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360689 - stable/11/sys/fs/smbfs
Author: dim Date: Wed May 6 11:40:32 2020 New Revision: 360689 URL: https://svnweb.freebsd.org/changeset/base/360689 Log: MFC r316584 (by cem): smbfs: Fix an indentation level Based on the change in r242386, it seems clear that scred was intended to be released in all paths at exit. No functional change. This line's indent was just the result of a bad copy paste from the previous free() in an early exit path. Reported by: PVS-Studio Sponsored by: Dell EMC Isilon Modified: stable/11/sys/fs/smbfs/smbfs_vnops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/smbfs/smbfs_vnops.c == --- stable/11/sys/fs/smbfs/smbfs_vnops.cWed May 6 11:10:13 2020 (r360688) +++ stable/11/sys/fs/smbfs/smbfs_vnops.cWed May 6 11:40:32 2020 (r360689) @@ -280,7 +280,7 @@ smbfs_getattr(ap) smbfs_attr_cachelookup(vp, va); if (np->n_flag & NOPEN) np->n_size = oldsize; - smbfs_free_scred(scred); + smbfs_free_scred(scred); return 0; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360688 - stable/11/sys/dev/e1000
Author: dim
Date: Wed May 6 11:10:13 2020
New Revision: 360688
URL: https://svnweb.freebsd.org/changeset/base/360688
Log:
MFC r318297 (by tsoome):
e1000api: misleading-indentation
Two blocks in e1000_ich8lan.c are misaligned, causing noise with some
compilers (gcc 6).
Reviewed by: imp, erj
Differential Revision:https://reviews.freebsd.org/D10741
Modified:
stable/11/sys/dev/e1000/e1000_ich8lan.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/dev/e1000/e1000_ich8lan.c
==
--- stable/11/sys/dev/e1000/e1000_ich8lan.c Wed May 6 08:32:49 2020
(r360687)
+++ stable/11/sys/dev/e1000/e1000_ich8lan.c Wed May 6 11:10:13 2020
(r360688)
@@ -1499,24 +1499,24 @@ s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool
ret_val = e1000_read_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, _reg);
if (ret_val)
goto release;
- phy_reg &= ~(I218_ULP_CONFIG1_IND |
-I218_ULP_CONFIG1_STICKY_ULP |
-I218_ULP_CONFIG1_RESET_TO_SMBUS |
-I218_ULP_CONFIG1_WOL_HOST |
-I218_ULP_CONFIG1_INBAND_EXIT |
-I218_ULP_CONFIG1_EN_ULP_LANPHYPC |
-I218_ULP_CONFIG1_DIS_CLR_STICKY_ON_PERST |
-I218_ULP_CONFIG1_DISABLE_SMB_PERST);
- e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg);
+ phy_reg &= ~(I218_ULP_CONFIG1_IND |
+I218_ULP_CONFIG1_STICKY_ULP |
+I218_ULP_CONFIG1_RESET_TO_SMBUS |
+I218_ULP_CONFIG1_WOL_HOST |
+I218_ULP_CONFIG1_INBAND_EXIT |
+I218_ULP_CONFIG1_EN_ULP_LANPHYPC |
+I218_ULP_CONFIG1_DIS_CLR_STICKY_ON_PERST |
+I218_ULP_CONFIG1_DISABLE_SMB_PERST);
+ e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg);
- /* Commit ULP changes by starting auto ULP configuration */
- phy_reg |= I218_ULP_CONFIG1_START;
- e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg);
+ /* Commit ULP changes by starting auto ULP configuration */
+ phy_reg |= I218_ULP_CONFIG1_START;
+ e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg);
- /* Clear Disable SMBus Release on PERST# in MAC */
- mac_reg = E1000_READ_REG(hw, E1000_FEXTNVM7);
- mac_reg &= ~E1000_FEXTNVM7_DISABLE_SMB_PERST;
- E1000_WRITE_REG(hw, E1000_FEXTNVM7, mac_reg);
+ /* Clear Disable SMBus Release on PERST# in MAC */
+ mac_reg = E1000_READ_REG(hw, E1000_FEXTNVM7);
+ mac_reg &= ~E1000_FEXTNVM7_DISABLE_SMB_PERST;
+ E1000_WRITE_REG(hw, E1000_FEXTNVM7, mac_reg);
release:
hw->phy.ops.release(hw);
@@ -1559,13 +1559,13 @@ static s32 e1000_check_for_copper_link_ich8lan(struct
if (!mac->get_link_status)
return E1000_SUCCESS;
- /* First we want to see if the MII Status Register reports
-* link. If so, then we want to get the current speed/duplex
-* of the PHY.
-*/
- ret_val = e1000_phy_has_link_generic(hw, 1, 0, );
- if (ret_val)
- return ret_val;
+ /* First we want to see if the MII Status Register reports
+* link. If so, then we want to get the current speed/duplex
+* of the PHY.
+*/
+ ret_val = e1000_phy_has_link_generic(hw, 1, 0, );
+ if (ret_val)
+ return ret_val;
if (hw->mac.type == e1000_pchlan) {
ret_val = e1000_k1_gig_workaround_hv(hw, link);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360687 - stable/11/sys/cam/ctl
Author: dim
Date: Wed May 6 08:32:49 2020
New Revision: 360687
URL: https://svnweb.freebsd.org/changeset/base/360687
Log:
Redo r360682, now with only a minimal fix for misleading indentation:
MFC r333465 (partial, by lwhsu):
Fix build for platforms using GCC:
[omitted] - Remove unused or dead store variable
[omitted] - Remove unused function ctl_copyin_alloc
- Add missing curly brackets, this seems a regression in r287720
Reviewed by: jhibbits
Differential Revision:https://reviews.freebsd.org/D15383
Modified:
stable/11/sys/cam/ctl/ctl.c
Modified: stable/11/sys/cam/ctl/ctl.c
==
--- stable/11/sys/cam/ctl/ctl.c Wed May 6 08:24:47 2020(r360686)
+++ stable/11/sys/cam/ctl/ctl.c Wed May 6 08:32:49 2020(r360687)
@@ -8591,10 +8591,11 @@ ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
if (lun->pr_res_type != SPR_TYPE_EX_AC &&
lun->pr_res_type != SPR_TYPE_WR_EX &&
(lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
- for (i = softc->init_min; i < softc->init_max; i++)
+ for (i = softc->init_min; i < softc->init_max; i++) {
if (i == residx || ctl_get_prkey(lun, i) == 0)
continue;
ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
+ }
}
lun->flags &= ~CTL_LUN_PR_RESERVED;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360686 - stable/11/sys/cam/ctl
Author: dim
Date: Wed May 6 08:24:47 2020
New Revision: 360686
URL: https://svnweb.freebsd.org/changeset/base/360686
Log:
Revert r360682, as it does not compile on stable/11 (will commit a
minimal indentation fix instead):
Un-MFC r333465 (by lwhsu):
Fix build for platforms using GCC:
- Remove unused or dead store variable
- Remove unused function ctl_copyin_alloc
- Add missing curly brackets, this seems a regression in r287720
Reviewed by: jhibbits
Differential Revision:https://reviews.freebsd.org/D15383
Modified:
stable/11/sys/cam/ctl/ctl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/cam/ctl/ctl.c
==
--- stable/11/sys/cam/ctl/ctl.c Wed May 6 07:48:37 2020(r360685)
+++ stable/11/sys/cam/ctl/ctl.c Wed May 6 08:24:47 2020(r360686)
@@ -2440,6 +2440,25 @@ ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_
mtx_unlock(>lun_lock);
}
+static void *
+ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str,
+size_t error_str_len)
+{
+ void *kptr;
+
+ kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
+
+ if (copyin(user_addr, kptr, len) != 0) {
+ snprintf(error_str, error_str_len, "Error copying %d bytes "
+"from user address %p to kernel address %p", len,
+user_addr, kptr);
+ free(kptr, M_CTL);
+ return (NULL);
+ }
+
+ return (kptr);
+}
+
static void
ctl_free_args(int num_args, struct ctl_be_arg *args)
{
@@ -5033,9 +5052,11 @@ ctl_lun_secondary(struct ctl_be_lun *be_lun)
int
ctl_invalidate_lun(struct ctl_be_lun *be_lun)
{
+ struct ctl_softc *softc;
struct ctl_lun *lun;
lun = (struct ctl_lun *)be_lun->ctl_lun;
+ softc = lun->ctl_softc;
mtx_lock(>lun_lock);
@@ -6231,7 +6252,7 @@ ctl_mode_select(struct ctl_scsiio *ctsio)
{
struct ctl_lun *lun = CTL_LUN(ctsio);
union ctl_modepage_info *modepage_info;
- int bd_len, i, header_size, param_len, rtd;
+ int bd_len, i, header_size, param_len, pf, rtd, sp;
uint32_t initidx;
initidx = ctl_get_initindex(>io_hdr.nexus);
@@ -6241,7 +6262,9 @@ ctl_mode_select(struct ctl_scsiio *ctsio)
cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
+ pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
+ sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
param_len = cdb->length;
header_size = sizeof(struct scsi_mode_header_6);
break;
@@ -6251,7 +6274,9 @@ ctl_mode_select(struct ctl_scsiio *ctsio)
cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
+ pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
+ sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
param_len = scsi_2btoul(cdb->length);
header_size = sizeof(struct scsi_mode_header_10);
break;
@@ -6374,12 +6399,13 @@ int
ctl_mode_sense(struct ctl_scsiio *ctsio)
{
struct ctl_lun *lun = CTL_LUN(ctsio);
- int pc, page_code, dbd, subpage;
+ int pc, page_code, dbd, llba, subpage;
int alloc_len, page_len, header_len, total_len;
struct scsi_mode_block_descr *block_desc;
struct ctl_page_index *page_index;
dbd = 0;
+ llba = 0;
block_desc = NULL;
CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
@@ -6413,6 +6439,8 @@ ctl_mode_sense(struct ctl_scsiio *ctsio)
dbd = 1;
else
header_len += sizeof(struct scsi_mode_block_descr);
+ if (cdb->byte2 & SMS10_LLBAA)
+ llba = 1;
pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
page_code = cdb->page & SMS_PAGE_CODE;
subpage = cdb->subpage;
@@ -8563,11 +8591,10 @@ ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
if (lun->pr_res_type != SPR_TYPE_EX_AC &&
lun->pr_res_type != SPR_TYPE_WR_EX &&
(lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
- for (i = softc->init_min; i < softc->init_max; i++) {
+ for (i = softc->init_min; i < softc->init_max; i++)
if (i == residx || ctl_get_prkey(lun, i) == 0)
continue;
ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
- }
}
lun->flags &= ~CTL_LUN_PR_RESERVED;
@@ -10375,6 +10402,7 @@ ctl_get_event_status(struct ctl_scsiio *ctsio)
struct scsi_get_event_status_header *hdr;
struct scsi_get_event_status *cdb;
uint32_t alloc_len, data_len;
+ int notif_class;
svn commit: r360685 - in head/tests/sys: netinet netinet6
Author: melifaro
Date: Wed May 6 07:48:37 2020
New Revision: 360685
URL: https://svnweb.freebsd.org/changeset/base/360685
Log:
Add basic routing LPM tests.
Differential Revision:https://reviews.freebsd.org/D24684
Added:
head/tests/sys/netinet/lpm.sh (contents, props changed)
head/tests/sys/netinet6/lpm6.sh (contents, props changed)
Modified:
head/tests/sys/netinet/Makefile
head/tests/sys/netinet6/Makefile
Modified: head/tests/sys/netinet/Makefile
==
--- head/tests/sys/netinet/Makefile Wed May 6 05:41:02 2020
(r360684)
+++ head/tests/sys/netinet/Makefile Wed May 6 07:48:37 2020
(r360685)
@@ -9,7 +9,7 @@ ATF_TESTS_C=ip_reass_test \
so_reuseport_lb_test \
socket_afinet
-ATF_TESTS_SH= carp fibs_test redirect divert forward output
+ATF_TESTS_SH= carp fibs_test redirect divert forward output lpm
PROGS= udp_dontroute tcp_user_cookie
Added: head/tests/sys/netinet/lpm.sh
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/netinet/lpm.sh Wed May 6 07:48:37 2020
(r360685)
@@ -0,0 +1,179 @@
+#!/usr/bin/env atf-sh
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2020 Alexander V. Chernikov
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#notice, this list of conditions and the following disclaimer in the
+#documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+. $(atf_get_srcdir)/../common/vnet.subr
+
+setup_networking()
+{
+ jname="$1"
+ lo_dst="$2"
+ epair0="$3"
+ epair1="$4"
+
+ vnet_mkjail ${jname}a ${epair0}a ${epair1}a
+ # Setup transit IPv4 networks
+ jexec ${jname}a ifconfig ${epair0}a up
+ jexec ${jname}a ifconfig ${epair0}a inet 203.0.113.1/30
+ jexec ${jname}a ifconfig ${epair1}a up
+ jexec ${jname}a ifconfig ${epair1}a inet 203.0.113.5/30
+
+ vnet_mkjail ${jname}b ${epair0}b ${epair1}b ${lo_dst}
+ jexec ${jname}b ifconfig ${epair0}b up
+ jexec ${jname}b ifconfig ${epair0}b inet 203.0.113.2/30
+ jexec ${jname}b ifconfig ${epair1}b up
+ jexec ${jname}b ifconfig ${epair1}b inet 203.0.113.6/30
+ jexec ${jname}b ifconfig ${lo_dst} up
+
+}
+
+atf_test_case "lpm_test1_success" "cleanup"
+lpm_test1_success_head()
+{
+
+ atf_set descr 'Test IPv4 LPM for /30 and /31'
+ atf_set require.user root
+}
+
+lpm_test1_success_body()
+{
+
+ vnet_init
+
+ jname="v4t-lpm_test1_success"
+
+ lo_dst=$(vnet_mkloopback)
+ epair0=$(vnet_mkepair)
+ epair1=$(vnet_mkepair)
+
+ setup_networking ${jname} ${lo_dst} ${epair0} ${epair1}
+
+ jexec ${jname}b ifconfig ${lo_dst} inet 198.51.100.0/32
+ jexec ${jname}b ifconfig ${lo_dst} alias 198.51.100.2/32
+
+ # Add routes
+ # A -> towards B via epair0a
+ jexec ${jname}a route add -4 -net 198.51.100.0/30 203.0.113.2
+ # A -> towards B via epair1a
+ jexec ${jname}a route add -4 -net 198.51.100.0/31 203.0.113.6
+
+ count=20
+ valid_message="${count} packets transmitted, ${count} packets received"
+
+ # Check that 198.51.100.0 goes via epair1
+ atf_check -o match:"${valid_message}" jexec ${jname}a ping -f
-nc${count} 198.51.100.0
+ pkt_0=`jexec ${jname}a netstat -Wf link -I ${epair0}a | head | awk
'$1!~/^Name/{print$8}'`
+ pkt_1=`jexec ${jname}a netstat -Wf link -I ${epair1}a | head | awk
'$1!~/^Name/{print$8}'`
+ if [ ${pkt_1} -le ${count} ]; then
+ echo "LPM failure: 1: ${pkt_0} 2: ${pkt_1} (should be ${count})"
+ exit 1
+ fi
+
+ # Check that 198.51.100.2 goes via epair0
+ atf_check
