svn commit: r360772 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:50:34 2020 New Revision: 360772 URL: https://svnweb.freebsd.org/changeset/base/360772 Log: MFC r360671: Avoid integer underflow Avoid underflowing a variable, which would result in taking more data from the stream queues then needed. Thanks to Timo Voelker for finding this bug and providing a fix. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 03:48:59 2020 (r360771) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:50:34 2020 (r360772) @@ -7763,7 +7763,11 @@ sctp_fill_outqueue(struct sctp_tcb *stcb, } strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); total_moved += moved; - space_left -= moved; + if (space_left >= moved) { + space_left -= moved; + } else { + space_left = 0; + } if (space_left >= SCTP_DATA_CHUNK_OVERHEAD(stcb)) { space_left -= SCTP_DATA_CHUNK_OVERHEAD(stcb); } else { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360771 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:48:59 2020 New Revision: 360771 URL: https://svnweb.freebsd.org/changeset/base/360771 Log: MFC r360662: Fix a bug in SCTP SACK generation Fix the computation of the numbers of entries of the mapping array to look at when generating a SACK. This was wrong in case of sequence numbers wrap arounds. Thanks to Gwenael FOURRE for reporting the issue for the userland stack: https://github.com/sctplab/usrsctp/issues/462 Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 03:44:35 2020 (r360770) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:48:59 2020 (r360771) @@ -10713,7 +10713,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked if (highest_tsn > asoc->mapping_array_base_tsn) { siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; } else { - siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; + siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + highest_tsn + 7) / 8; } } else { sack = NULL; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360770 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:44:35 2020 New Revision: 360770 URL: https://svnweb.freebsd.org/changeset/base/360770 Log: MFC r360193, r360209: Improve input validation ofor AUTH chunks Improve input validation when processing AUTH chunks. Thanks to Natalie Silvanovich from Google for finding and reporting the issue found by her in the SCTP userland stack. Modified: stable/11/sys/netinet/sctp_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c == --- stable/11/sys/netinet/sctp_input.c Thu May 7 03:37:22 2020 (r360769) +++ stable/11/sys/netinet/sctp_input.c Thu May 7 03:44:35 2020 (r360770) @@ -2098,7 +2098,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in int init_offset, initack_offset, initack_limit; int retval; int error = 0; - uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE]; + uint8_t auth_chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; @@ -2277,8 +2277,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in if (auth_skipped) { struct sctp_auth_chunk *auth; - auth = (struct sctp_auth_chunk *) - sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf); + if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { + auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf); + } else { + auth = NULL; + } if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) { /* auth HMAC failed, dump the assoc and packet */ SCTPDBG(SCTP_DEBUG_AUTH1, @@ -4671,11 +4674,13 @@ sctp_process_control(struct mbuf *m, int iphlen, int * if (auth_skipped && (stcb != NULL)) { struct sctp_auth_chunk *auth; - auth = (struct sctp_auth_chunk *) - sctp_m_getptr(m, auth_offset, - auth_len, chunk_buf); - got_auth = 1; - auth_skipped = 0; + if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { + auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, chunk_buf); + got_auth = 1; + auth_skipped = 0; + } else { + auth = NULL; + } if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) { /* auth HMAC failed so dump it */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360769 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:37:22 2020 New Revision: 360769 URL: https://svnweb.freebsd.org/changeset/base/360769 Log: MFC r359131: Fix MTU candidates The MTU candidates MUST be a multiple of 4, so make them so. Modified: stable/11/sys/netinet/sctputil.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctputil.c == --- stable/11/sys/netinet/sctputil.cThu May 7 03:29:18 2020 (r360768) +++ stable/11/sys/netinet/sctputil.cThu May 7 03:37:22 2020 (r360769) @@ -859,7 +859,7 @@ static uint32_t sctp_mtu_sizes[] = { 2048, 4352, 4464, - 8166, + 8168, 17912, 32000, 65532 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360768 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:29:18 2020 New Revision: 360768 URL: https://svnweb.freebsd.org/changeset/base/360768 Log: MFC r358621: When using automatically generated flow labels and using TCP SYN cookies, use the same flow label for the segments sent during the handshake and after the handshake. This fixes a bug by making sure that sc_flowlabel is always stored in network byte order. Reviewed by: bz Sponsored by: Netflix, Inc. Differential Revision:https://reviews.freebsd.org/D23957 Modified: stable/11/sys/netinet/tcp_syncache.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/tcp_syncache.c == --- stable/11/sys/netinet/tcp_syncache.cThu May 7 03:27:10 2020 (r360767) +++ stable/11/sys/netinet/tcp_syncache.cThu May 7 03:29:18 2020 (r360768) @@ -2110,7 +2110,8 @@ syncookie_lookup(struct in_conninfo *inc, struct synca #ifdef INET6 case INC_ISIPV6: if (sotoinpcb(lso)->inp_flags & IN6P_AUTOFLOWLABEL) - sc->sc_flowlabel = sc->sc_iss & IPV6_FLOWLABEL_MASK; + sc->sc_flowlabel = + htonl(sc->sc_iss) & IPV6_FLOWLABEL_MASK; break; #endif } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360767 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:27:10 2020 New Revision: 360767 URL: https://svnweb.freebsd.org/changeset/base/360767 Log: MFC r358169: Remove an unused timer type. Modified: stable/11/sys/netinet/sctp_constants.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_constants.h == --- stable/11/sys/netinet/sctp_constants.h Thu May 7 03:24:34 2020 (r360766) +++ stable/11/sys/netinet/sctp_constants.h Thu May 7 03:27:10 2020 (r360767) @@ -541,14 +541,13 @@ __FBSDID("$FreeBSD$"); #define SCTP_TIMER_TYPE_ASCONF 10 #define SCTP_TIMER_TYPE_SHUTDOWNGUARD 11 #define SCTP_TIMER_TYPE_AUTOCLOSE 12 -#define SCTP_TIMER_TYPE_EVENTWAKE 13 -#define SCTP_TIMER_TYPE_STRRESET14 -#define SCTP_TIMER_TYPE_INPKILL 15 -#define SCTP_TIMER_TYPE_ASOCKILL16 -#define SCTP_TIMER_TYPE_ADDR_WQ 17 -#define SCTP_TIMER_TYPE_PRIM_DELETED18 +#define SCTP_TIMER_TYPE_STRRESET 13 +#define SCTP_TIMER_TYPE_INPKILL14 +#define SCTP_TIMER_TYPE_ASOCKILL 15 +#define SCTP_TIMER_TYPE_ADDR_WQ16 +#define SCTP_TIMER_TYPE_PRIM_DELETED 17 /* add new timers here - and increment LAST */ -#define SCTP_TIMER_TYPE_LAST19 +#define SCTP_TIMER_TYPE_LAST 18 #define SCTP_IS_TIMER_TYPE_VALID(t)(((t) > SCTP_TIMER_TYPE_NONE) && \ ((t) < SCTP_TIMER_TYPE_LAST)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360766 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:24:34 2020 New Revision: 360766 URL: https://svnweb.freebsd.org/changeset/base/360766 Log: MFC r358028: Fix SCTP stream scheduler bug Fix the non-default stream schedulers such that do not interleave user messages when it is now allowed. Thanks to Christian Wright for reporting the issue for the userland stack and providing a fix for the priority scheduler. Modified: stable/11/sys/netinet/sctp_ss_functions.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_ss_functions.c == --- stable/11/sys/netinet/sctp_ss_functions.c Thu May 7 03:22:57 2020 (r360765) +++ stable/11/sys/netinet/sctp_ss_functions.c Thu May 7 03:24:34 2020 (r360766) @@ -515,6 +515,9 @@ sctp_ss_prio_select(struct sctp_tcb *stcb SCTP_UNUSED, { struct sctp_stream_out *strq, *strqt, *strqn; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } strqt = asoc->ss_data.last_out_stream; prio_again: /* Find the next stream to use */ @@ -692,6 +695,9 @@ sctp_ss_fb_select(struct sctp_tcb *stcb SCTP_UNUSED, s { struct sctp_stream_out *strq = NULL, *strqt; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } if (asoc->ss_data.last_out_stream == NULL || TAILQ_FIRST(>ss_data.out.wheel) == TAILQ_LAST(>ss_data.out.wheel, sctpwheel_listhead)) { strqt = TAILQ_FIRST(>ss_data.out.wheel); @@ -898,6 +904,9 @@ sctp_ss_fcfs_select(struct sctp_tcb *stcb SCTP_UNUSED, struct sctp_stream_out *strq; struct sctp_stream_queue_pending *sp; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } sp = TAILQ_FIRST(>ss_data.out.list); default_again: if (sp != NULL) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360765 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:22:57 2020 New Revision: 360765 URL: https://svnweb.freebsd.org/changeset/base/360765 Log: MFC r358023: Don't use uninitialized memory Don't use uninitialised stack memory if the sysctl variable net.inet.tcp.hostcache.enable is set to 0. The bug resulted in using possibly a too small MSS value or wrong initial retransmission timer settings. Possibly the value used for ssthresh was also wrong. Submitted by: rscheff Reviewed by: Cheng Cui, rgrimes@, tuexen@ Differential Revision:https://reviews.freebsd.org/D23687 Modified: stable/11/sys/netinet/tcp_hostcache.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/tcp_hostcache.c == --- stable/11/sys/netinet/tcp_hostcache.c Thu May 7 03:20:01 2020 (r360764) +++ stable/11/sys/netinet/tcp_hostcache.c Thu May 7 03:22:57 2020 (r360765) @@ -435,8 +435,10 @@ tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_ { struct hc_metrics *hc_entry; - if (!V_tcp_use_hostcache) + if (!V_tcp_use_hostcache) { + bzero(hc_metrics_lite, sizeof(*hc_metrics_lite)); return; + } /* * Find the right bucket. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360764 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:20:01 2020 New Revision: 360764 URL: https://svnweb.freebsd.org/changeset/base/360764 Log: MFC r357830: Improve handling of memory allocation failure Don't panic under INVARIANTS when we can't allocate memory for storing a vtag in time wait. This issue was found by running syzkaller. Modified: stable/11/sys/netinet/sctp_pcb.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:17:52 2020 (r360763) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:20:01 2020 (r360764) @@ -4637,9 +4637,6 @@ sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, SCTP_MALLOC(twait_block, struct sctp_tagblock *, sizeof(struct sctp_tagblock), SCTP_M_TIMW); if (twait_block == NULL) { -#ifdef INVARIANTS - panic("Can not alloc tagblock"); -#endif return; } memset(twait_block, 0, sizeof(struct sctp_tagblock)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360763 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:17:52 2020 New Revision: 360763 URL: https://svnweb.freebsd.org/changeset/base/360763 Log: MFC r357768: Optimize timer starting Don't start an SCTP timer using a net, which has been removed. Submitted by: Taylor Brandstetter Modified: stable/11/sys/netinet/sctp_pcb.c stable/11/sys/netinet/sctputil.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:15:59 2020 (r360762) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:17:52 2020 (r360763) @@ -4483,6 +4483,7 @@ out: SCTP_FROM_SCTP_PCB + SCTP_LOC_9); sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_PCB + SCTP_LOC_10); + net->dest_state |= SCTP_ADDR_BEING_DELETED; sctp_free_remote_addr(net); } Modified: stable/11/sys/netinet/sctputil.c == --- stable/11/sys/netinet/sctputil.cThu May 7 03:15:59 2020 (r360762) +++ stable/11/sys/netinet/sctputil.cThu May 7 03:17:52 2020 (r360763) @@ -2047,6 +2047,10 @@ sctp_timer_start(int t_type, struct sctp_inpcb *inp, s if (stcb) { SCTP_TCB_LOCK_ASSERT(stcb); } + /* Don't restart timer on net that's been removed. */ + if (net != NULL && (net->dest_state & SCTP_ADDR_BEING_DELETED)) { + return; + } switch (t_type) { case SCTP_TIMER_TYPE_ADDR_WQ: /* Only 1 tick away :-) */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360762 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:15:59 2020 New Revision: 360762 URL: https://svnweb.freebsd.org/changeset/base/360762 Log: MFC r357708: More timer cleanups Stop the PMTU and HB timer when removing a net, not when freeing it. Submitted by: Taylor Brandstetter Modified: stable/11/sys/netinet/sctp_pcb.c stable/11/sys/netinet/sctp_var.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:14:00 2020 (r360761) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:15:59 2020 (r360762) @@ -4428,8 +4428,10 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockadd void sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net) { + struct sctp_inpcb *inp; struct sctp_association *asoc; + inp = stcb->sctp_ep; asoc = >asoc; asoc->numnets--; TAILQ_REMOVE(>nets, net, sctp_next); @@ -4477,6 +4479,10 @@ out: sctp_free_remote_addr(stcb->asoc.alternate); stcb->asoc.alternate = NULL; } + sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, + SCTP_FROM_SCTP_PCB + SCTP_LOC_9); + sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, + SCTP_FROM_SCTP_PCB + SCTP_LOC_10); sctp_free_remote_addr(net); } @@ -6997,7 +7003,7 @@ sctp_drain_mbufs(struct sctp_tcb *stcb) */ asoc->last_revoke_count = cnt; sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, - SCTP_FROM_SCTP_PCB + SCTP_LOC_16); + SCTP_FROM_SCTP_PCB + SCTP_LOC_11); /* sa_ignore NO_NULL_CHK */ sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED); Modified: stable/11/sys/netinet/sctp_var.h == --- stable/11/sys/netinet/sctp_var.hThu May 7 03:14:00 2020 (r360761) +++ stable/11/sys/netinet/sctp_var.hThu May 7 03:15:59 2020 (r360762) @@ -185,8 +185,6 @@ extern struct pr_usrreqs sctp_usrreqs; if ((__net)) { \ if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&(__net)->ref_count)) { \ (void)SCTP_OS_TIMER_STOP(&(__net)->rxt_timer.timer); \ - (void)SCTP_OS_TIMER_STOP(&(__net)->pmtu_timer.timer); \ - (void)SCTP_OS_TIMER_STOP(&(__net)->hb_timer.timer); \ if ((__net)->ro.ro_rt) { \ RTFREE((__net)->ro.ro_rt); \ (__net)->ro.ro_rt = NULL; \ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360761 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:14:00 2020 New Revision: 360761 URL: https://svnweb.freebsd.org/changeset/base/360761 Log: MFC r357705: Cleanup timer handling Submitted by: Taylor Brandstetter Modified: stable/11/sys/netinet/sctp_indata.c stable/11/sys/netinet/sctp_output.c stable/11/sys/netinet/sctp_pcb.c stable/11/sys/netinet/sctputil.c stable/11/sys/netinet/sctputil.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 03:12:07 2020 (r360760) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 03:14:00 2020 (r360761) @@ -2661,7 +2661,8 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap) * is pending, we got our first packet OR * there are gaps or duplicates. */ - (void)SCTP_OS_TIMER_STOP(>asoc.dack_timer.timer); + sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_19); sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); } } else { Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 03:12:07 2020 (r360760) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 03:14:00 2020 (r360761) @@ -10068,7 +10068,8 @@ do_it_again: */ if (SCTP_OS_TIMER_PENDING(>asoc.dack_timer.timer)) { sctp_send_sack(stcb, so_locked); - (void)SCTP_OS_TIMER_STOP(>asoc.dack_timer.timer); + sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, + SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3); } while (asoc->sent_queue_retran_cnt) { /*- @@ -10597,7 +10598,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked if (stcb->asoc.delayed_ack) { sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, - SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3); + SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4); sctp_timer_start(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL); } else { @@ -10666,7 +10667,7 @@ sctp_send_sack(struct sctp_tcb *stcb, int so_locked if (stcb->asoc.delayed_ack) { sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, - SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4); + SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); sctp_timer_start(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL); } else { @@ -12824,7 +12825,7 @@ sctp_lower_sosend(struct socket *so, if (control) { if (sctp_process_cmsgs_for_init(stcb, control, )) { sctp_free_assoc(inp, stcb, SCTP_PCBFREE_FORCE, - SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); + SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); hold_tcblock = 0; stcb = NULL; goto out_unlocked; Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:12:07 2020 (r360760) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:14:00 2020 (r360761) @@ -3547,7 +3547,6 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, } if (cnt) { /* Ok we have someone out there that will kill us */ - (void)SCTP_OS_TIMER_STOP(>sctp_ep.signature_change.timer); #ifdef SCTP_LOG_CLOSING sctp_log_closing(inp, NULL, 3); #endif @@ -3566,7 +3565,6 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, if ((inp->refcount) || (being_refed) || (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) { - (void)SCTP_OS_TIMER_STOP(>sctp_ep.signature_change.timer); #ifdef SCTP_LOG_CLOSING sctp_log_closing(inp, NULL, 4); #endif @@ -4764,35 +4762,8 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc return (0); } } - /* now clean up any other timers */ -
svn commit: r360760 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:12:07 2020 New Revision: 360760 URL: https://svnweb.freebsd.org/changeset/base/360760 Log: MFC r357501: Remote unused timer. Submitted by: Taylor Brandstetter Modified: stable/11/sys/netinet/sctp_pcb.c stable/11/sys/netinet/sctp_structs.h stable/11/sys/netinet/sctputil.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 03:08:00 2020 (r360759) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 03:12:07 2020 (r360760) @@ -2745,7 +2745,6 @@ sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, st stcb->asoc.strreset_timer.ep = (void *)new_inp; stcb->asoc.shut_guard_timer.ep = (void *)new_inp; stcb->asoc.autoclose_timer.ep = (void *)new_inp; - stcb->asoc.delayed_event_timer.ep = (void *)new_inp; stcb->asoc.delete_prim_timer.ep = (void *)new_inp; /* now what about the nets? */ TAILQ_FOREACH(net, >asoc.nets, sctp_next) { @@ -4410,7 +4409,6 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockadd SCTP_OS_TIMER_INIT(>asconf_timer.timer); SCTP_OS_TIMER_INIT(>shut_guard_timer.timer); SCTP_OS_TIMER_INIT(>autoclose_timer.timer); - SCTP_OS_TIMER_INIT(>delayed_event_timer.timer); SCTP_OS_TIMER_INIT(>delete_prim_timer.timer); LIST_INSERT_HEAD(>sctp_asoc_list, stcb, sctp_tcblist); @@ -4784,8 +4782,6 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc asoc->autoclose_timer.self = NULL; (void)SCTP_OS_TIMER_STOP(>shut_guard_timer.timer); asoc->shut_guard_timer.self = NULL; - (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer); - asoc->delayed_event_timer.self = NULL; /* Mobility adaptation */ (void)SCTP_OS_TIMER_STOP(>delete_prim_timer.timer); asoc->delete_prim_timer.self = NULL; @@ -4970,7 +4966,6 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc (void)SCTP_OS_TIMER_STOP(>asconf_timer.timer); (void)SCTP_OS_TIMER_STOP(>shut_guard_timer.timer); (void)SCTP_OS_TIMER_STOP(>autoclose_timer.timer); - (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer); TAILQ_FOREACH(net, >nets, sctp_next) { (void)SCTP_OS_TIMER_STOP(>rxt_timer.timer); (void)SCTP_OS_TIMER_STOP(>pmtu_timer.timer); Modified: stable/11/sys/netinet/sctp_structs.h == --- stable/11/sys/netinet/sctp_structs.hThu May 7 03:08:00 2020 (r360759) +++ stable/11/sys/netinet/sctp_structs.hThu May 7 03:12:07 2020 (r360760) @@ -804,7 +804,6 @@ struct sctp_association { struct sctp_timer strreset_timer; /* stream reset */ struct sctp_timer shut_guard_timer; /* shutdown guard */ struct sctp_timer autoclose_timer; /* automatic close timer */ - struct sctp_timer delayed_event_timer; /* timer for delayed events */ struct sctp_timer delete_prim_timer;/* deleting primary dst */ /* list of restricted local addresses */ Modified: stable/11/sys/netinet/sctputil.c == --- stable/11/sys/netinet/sctputil.cThu May 7 03:08:00 2020 (r360759) +++ stable/11/sys/netinet/sctputil.cThu May 7 03:12:07 2020 (r360760) @@ -786,7 +786,6 @@ sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) (void)SCTP_OS_TIMER_STOP(>strreset_timer.timer); (void)SCTP_OS_TIMER_STOP(>asconf_timer.timer); (void)SCTP_OS_TIMER_STOP(>autoclose_timer.timer); - (void)SCTP_OS_TIMER_STOP(>delayed_event_timer.timer); TAILQ_FOREACH(net, >nets, sctp_next) { (void)SCTP_OS_TIMER_STOP(>pmtu_timer.timer); (void)SCTP_OS_TIMER_STOP(>hb_timer.timer); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360759 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:08:00 2020 New Revision: 360759 URL: https://svnweb.freebsd.org/changeset/base/360759 Log: MFC r357500: Improve dubug information Improve numbering of debug information. Submitted by: Taylor Brandstetter Modified: stable/11/sys/netinet/sctp_constants.h stable/11/sys/netinet/sctp_indata.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_constants.h == --- stable/11/sys/netinet/sctp_constants.h Thu May 7 03:01:01 2020 (r360758) +++ stable/11/sys/netinet/sctp_constants.h Thu May 7 03:08:00 2020 (r360759) @@ -805,7 +805,7 @@ __FBSDID("$FreeBSD$"); #define SCTP_LOC_33 0x0021 #define SCTP_LOC_34 0x0022 #define SCTP_LOC_35 0x0023 - +#define SCTP_LOC_36 0x0024 /* Free assoc codes */ #define SCTP_NORMAL_PROC 0 Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 03:01:01 2020 (r360758) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 03:08:00 2020 (r360759) @@ -1752,7 +1752,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc * Need to send an abort since we had a empty data chunk. */ op_err = sctp_generate_no_user_data_cause(tsn); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_flag = 1; return (0); @@ -1890,7 +1890,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid); err_out: op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_flag = 1; return (0); @@ -2039,7 +2039,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc (uint16_t)mid); } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_flag = 1; return (0); @@ -2611,7 +2611,7 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap) if (SCTP_OS_TIMER_PENDING(>asoc.dack_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_17); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_18); } sctp_send_shutdown(stcb, ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination)); @@ -2764,7 +2764,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated"); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_18; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); return (2); } @@ -2775,7 +2775,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated"); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); return (2); } @@ -2800,7 +2800,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o ch->chunk_type == SCTP_DATA ? "DATA" :
svn commit: r360758 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 03:01:01 2020 New Revision: 360758 URL: https://svnweb.freebsd.org/changeset/base/360758 Log: MFC r356660: Avoid division by zero Fix division by zero issue. Thanks to Stas Denisov for reporting the issue for the userland stack and providing a fix. Modified: stable/11/sys/netinet/sctp_cc_functions.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_cc_functions.c == --- stable/11/sys/netinet/sctp_cc_functions.c Thu May 7 02:57:33 2020 (r360757) +++ stable/11/sys/netinet/sctp_cc_functions.c Thu May 7 03:01:01 2020 (r360758) @@ -1874,7 +1874,7 @@ htcp_cong_time(struct htcp *ca) static inline uint32_t htcp_ccount(struct htcp *ca) { - return (htcp_cong_time(ca) / ca->minRTT); + return (ca->minRTT == 0 ? htcp_cong_time(ca) : htcp_cong_time(ca) / ca->minRTT); } static inline void ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360757 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:57:33 2020 New Revision: 360757 URL: https://svnweb.freebsd.org/changeset/base/360757 Log: MFC r356378: Improve SCTP iterator Don't make the sendall iterator as being up if it could not be started. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 02:55:08 2020 (r360756) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:57:33 2020 (r360757) @@ -6926,7 +6926,7 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, (void *)ca, 0, sctp_sendall_completes, inp, 1); if (ret) { - SCTP_PRINTF("Failed to initiate iterator for sendall\n"); + inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP; SCTP_FREE(ca, SCTP_M_COPYAL); SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); return (EFAULT); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360756 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:55:08 2020 New Revision: 360756 URL: https://svnweb.freebsd.org/changeset/base/360756 Log: MFC r356377: Improve consistency Return -1 consistently if an error occurs. Modified: stable/11/sys/netinet/sctp_pcb.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 02:53:02 2020 (r360755) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 02:55:08 2020 (r360756) @@ -7134,7 +7134,7 @@ sctp_initiate_iterator(inp_func inpf, SCTP_M_ITER); if (it == NULL) { SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); - return (ENOMEM); + return (-1); } memset(it, 0, sizeof(*it)); it->function_assoc = af; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360755 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:53:02 2020 New Revision: 360755 URL: https://svnweb.freebsd.org/changeset/base/360755 Log: MFC r356376: Fix SCTP iterator issue Ensure that we don't miss a trigger for kicking off the SCTP iterator. Reported by: nwhitehorn Modified: stable/11/sys/netinet/sctputil.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctputil.c == --- stable/11/sys/netinet/sctputil.cThu May 7 02:46:57 2020 (r360754) +++ stable/11/sys/netinet/sctputil.cThu May 7 02:53:02 2020 (r360755) @@ -1472,12 +1472,11 @@ no_stcb: void sctp_iterator_worker(void) { - struct sctp_iterator *it, *nit; + struct sctp_iterator *it; /* This function is called with the WQ lock in place */ - sctp_it_ctl.iterator_running = 1; - TAILQ_FOREACH_SAFE(it, _it_ctl.iteratorhead, sctp_nxt_itr, nit) { + while ((it = TAILQ_FIRST(_it_ctl.iteratorhead)) != NULL) { /* now lets work on this one */ TAILQ_REMOVE(_it_ctl.iteratorhead, it, sctp_nxt_itr); SCTP_IPI_ITERATOR_WQ_UNLOCK(); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360754 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:46:57 2020 New Revision: 360754 URL: https://svnweb.freebsd.org/changeset/base/360754 Log: MFC r356271: Whitespace change Remove empty line which was added in r356270 by accident. Modified: stable/11/sys/netinet/sctp.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp.h == --- stable/11/sys/netinet/sctp.hThu May 7 02:45:42 2020 (r360753) +++ stable/11/sys/netinet/sctp.hThu May 7 02:46:57 2020 (r360754) @@ -1,4 +1,3 @@ - /*- * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360753 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:45:42 2020 New Revision: 360753 URL: https://svnweb.freebsd.org/changeset/base/360753 Log: MFC r356270: Improve input validation Improve input validation of the spp_pathmtu field in the SCTP_PEER_ADDR_PARAMS socket option. The code in the stack assumes sane values for the MTU. This issue was found by running an instance of syzkaller. Modified: stable/11/sys/netinet/sctp.h stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp.h == --- stable/11/sys/netinet/sctp.hThu May 7 02:40:08 2020 (r360752) +++ stable/11/sys/netinet/sctp.hThu May 7 02:45:42 2020 (r360753) @@ -1,3 +1,4 @@ + /*- * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. @@ -583,8 +584,10 @@ struct sctp_error_auth_invalid_hmac { #define SCTP_MOBILITY_PRIM_DELETED 0x0004 -#define SCTP_SMALLEST_PMTU 512 /* smallest pmtu allowed when disabling PMTU -* discovery */ +/* Smallest PMTU allowed when disabling PMTU discovery */ +#define SCTP_SMALLEST_PMTU 512 +/* Largest PMTU allowed when disabling PMTU discovery */ +#define SCTP_LARGEST_PMTU 65536 #undef SCTP_PACKED Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:40:08 2020 (r360752) +++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:45:42 2020 (r360753) @@ -5363,6 +5363,14 @@ sctp_setopt(struct socket *so, int optname, void *optv SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (EINVAL); } + if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && + ((paddrp->spp_pathmtu < SCTP_SMALLEST_PMTU) || + (paddrp->spp_pathmtu > SCTP_LARGEST_PMTU))) { + if (stcb) + SCTP_TCB_UNLOCK(stcb); + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + return (EINVAL); + } if (stcb != NULL) { /TCB SPECIFIC SET **/ @@ -5394,7 +5402,7 @@ sctp_setopt(struct socket *so, int optname, void *optv sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); } } - if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) { + if (paddrp->spp_flags & SPP_PMTUD_DISABLE) { if (SCTP_OS_TIMER_PENDING(>pmtu_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, SCTP_FROM_SCTP_USRREQ + SCTP_LOC_11); @@ -5536,7 +5544,7 @@ sctp_setopt(struct socket *so, int optname, void *optv } sctp_stcb_feature_on(inp, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT); } - if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) { + if (paddrp->spp_flags & SPP_PMTUD_DISABLE) { TAILQ_FOREACH(net, >asoc.nets, sctp_next) { if (SCTP_OS_TIMER_PENDING(>pmtu_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, @@ -5635,9 +5643,7 @@ sctp_setopt(struct socket *so, int optname, void *optv inp->sctp_ep.default_mtu = 0; sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_NOT_PMTUD); } else if (paddrp->spp_flags & SPP_PMTUD_DISABLE) { - if (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU) { - inp->sctp_ep.default_mtu = paddrp->spp_pathmtu; - } + inp->sctp_ep.default_mtu = paddrp->spp_pathmtu;
svn commit: r360752 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:40:08 2020 New Revision: 360752 URL: https://svnweb.freebsd.org/changeset/base/360752 Log: MFC r355931: Improve input validation Improve input validation for some parameters having a too small reported length. Thanks to Natalie Silvanovich from Google for finding one of these issues in the SCTP userland stack and reporting it. Modified: stable/11/sys/netinet/sctp_auth.c stable/11/sys/netinet/sctp_pcb.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_auth.c == --- stable/11/sys/netinet/sctp_auth.c Thu May 7 02:34:58 2020 (r360751) +++ stable/11/sys/netinet/sctp_auth.c Thu May 7 02:40:08 2020 (r360752) @@ -1429,7 +1429,8 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, str ptype = ntohs(phdr->param_type); plen = ntohs(phdr->param_length); - if ((plen == 0) || (offset + plen > length)) + if ((plen < sizeof(struct sctp_paramhdr)) || + (offset + plen > length)) break; if (ptype == SCTP_RANDOM) { Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 02:34:58 2020 (r360751) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 02:40:08 2020 (r360752) @@ -6205,7 +6205,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s if (offset + plen > limit) { break; } - if (plen == 0) { + if (plen < sizeof(struct sctp_paramhdr)) { break; } #ifdef INET @@ -6430,6 +6430,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s } if (plen > sizeof(lstore)) { return (-23); + } + if (plen < sizeof(struct sctp_asconf_addrv4_param)) { + return (-101); } phdr = sctp_get_next_param(m, offset, (struct sctp_paramhdr *), ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360751 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:34:58 2020 New Revision: 360751 URL: https://svnweb.freebsd.org/changeset/base/360751 Log: MFC r355265: Restart RTT measurement When changing the MTU of an SCTP path, not only cancel all ongoing RTT measurements, but also scheldule new ones for the future. Submitted by: Julius Flohr Differential Revision:https://reviews.freebsd.org/D22547 Modified: stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:31:24 2020 (r360750) +++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:34:58 2020 (r360751) @@ -138,7 +138,10 @@ sctp_pathmtu_adjustment(struct sctp_tcb *stcb, uint16_ chk->rec.data.tsn); } /* Clear any time so NO RTT is being done */ - chk->do_rtt = 0; + if (chk->do_rtt == 1) { + chk->do_rtt = 0; + chk->whoTo->rto_needed = 1; + } } } } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360750 - stable/11/sys/netinet6
Author: tuexen Date: Thu May 7 02:31:24 2020 New Revision: 360750 URL: https://svnweb.freebsd.org/changeset/base/360750 Log: MFC r355264: Handle PTB message consistent for SCTP/IPv[46] Update the hostcache also for PTB messages received for SCTP/IPv6. The corresponding code for SCTP/IPv4 was introduced in https://svnweb.freebsd.org/base?view=revision=317597 Submitted by: Julius Flohr Differential Revision:https://reviews.freebsd.org/D22605 Modified: stable/11/sys/netinet6/sctp6_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/sctp6_usrreq.c == --- stable/11/sys/netinet6/sctp6_usrreq.c Thu May 7 02:28:30 2020 (r360749) +++ stable/11/sys/netinet6/sctp6_usrreq.c Thu May 7 02:31:24 2020 (r360750) @@ -238,6 +238,11 @@ sctp6_notify(struct sctp_inpcb *inp, } if (net->mtu > next_mtu) { net->mtu = next_mtu; + if (net->port) { + sctp_hc_set_mtu(>ro._l_addr, inp->fibnum, next_mtu + sizeof(struct udphdr)); + } else { + sctp_hc_set_mtu(>ro._l_addr, inp->fibnum, next_mtu); + } } /* Update the association MTU */ if (stcb->asoc.smallest_mtu > next_mtu) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360749 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:28:30 2020 New Revision: 360749 URL: https://svnweb.freebsd.org/changeset/base/360749 Log: MFC r355172: Ignore assoc IDs on 1-to-1 style SCTP sockets. Really ignore the SCTP association identifier on 1-to-1 style sockets as requiresd by the socket API specification. Thanks to Inaki Baz Castillo, who found this bug running the userland stack with valgrind and reported the issue in https://github.com/sctplab/usrsctp/issues/408 Modified: stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:25:58 2020 (r360748) +++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 02:28:30 2020 (r360749) @@ -1675,7 +1675,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (av->assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (av->assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); if (inp->idata_supported) { av->assoc_value = 1; @@ -1705,7 +1706,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (av->assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (av->assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); av->assoc_value = inp->sctp_cmt_on_off; SCTP_INP_RUNLOCK(inp); @@ -1731,7 +1733,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (av->assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (av->assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); av->assoc_value = inp->sctp_ep.sctp_default_cc_module; SCTP_INP_RUNLOCK(inp); @@ -1776,7 +1779,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (av->assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (av->assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); av->assoc_value = inp->sctp_ep.sctp_default_ss_module; SCTP_INP_RUNLOCK(inp); @@ -1914,7 +1918,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (av->assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (av->assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); av->assoc_value = inp->sctp_context; SCTP_INP_RUNLOCK(inp); @@ -1990,7 +1995,8 @@ flags_out: } else { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || - (sack->sack_assoc_id == SCTP_FUTURE_ASSOC)) { + ((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && + (sack->sack_assoc_id == SCTP_FUTURE_ASSOC))) { SCTP_INP_RLOCK(inp); sack->sack_delay = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); sack->sack_freq =
svn commit: r360748 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:25:58 2020 New Revision: 360748 URL: https://svnweb.freebsd.org/changeset/base/360748 Log: MFC r355135: Plug memory leaks Plug two mbuf leaks during INIT-ACK handling. One leak happens when there is not enough memory to allocate the the resources for streams. The other leak happens if the are unknown parameters in the received INIT-ACK chunk which require reporting and the INIT-ACK requires sending an ABORT due to illegal parameter combinations. Hopefully this fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083 Modified: stable/11/sys/netinet/sctp_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c == --- stable/11/sys/netinet/sctp_input.c Thu May 7 02:18:36 2020 (r360747) +++ stable/11/sys/netinet/sctp_input.c Thu May 7 02:25:58 2020 (r360748) @@ -494,6 +494,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int /* process the peer's parameters in the INIT-ACK */ retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb); if (retval < 0) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } return (retval); } initack_limit = offset + ntohs(cp->ch.chunk_length); @@ -501,6 +504,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int if ((retval = sctp_load_addresses_from_init(stcb, m, (offset + sizeof(struct sctp_init_chunk)), initack_limit, src, dst, NULL, stcb->asoc.port))) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Problem with address parameters"); SCTPDBG(SCTP_DEBUG_INPUT1, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360747 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:18:36 2020 New Revision: 360747 URL: https://svnweb.freebsd.org/changeset/base/360747 Log: MFC r353452: Improve remote address scanning in SCTP Ensure that local variables are reset to their initial value when dealing with error cases in a loop over all remote addresses. This issue was found and reported by OSS_Fuzz in: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18080 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18086 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18121 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18163 Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 02:16:25 2020 (r360746) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:18:36 2020 (r360747) @@ -7866,8 +7866,8 @@ sctp_med_chunk_output(struct sctp_inpcb *inp, int bundle_at, ctl_cnt, no_data_chunks, eeor_mode; unsigned int mtu, r_mtu, omtu, mx_mtu, to_out; int tsns_sent = 0; - uint32_t auth_offset = 0; - struct sctp_auth_chunk *auth = NULL; + uint32_t auth_offset; + struct sctp_auth_chunk *auth; uint16_t auth_keyid; int override_ok = 1; int skip_fill_up = 0; @@ -8062,6 +8062,8 @@ again_one_more_time: } bundle_at = 0; endoutchain = outchain = NULL; + auth = NULL; + auth_offset = 0; no_fragmentflg = 1; one_chunk = 0; if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360746 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:16:25 2020 New Revision: 360746 URL: https://svnweb.freebsd.org/changeset/base/360746 Log: MFC r353303: Improve SCTP packet handling Validate length before use it, not vice versa. r353060 should have contained this... This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18070 Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:13:28 2020 (r360745) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:16:25 2020 (r360746) @@ -332,11 +332,11 @@ sctp_process_asconf_delete_ip(struct sockaddr *src, #endif aparam_length = ntohs(aph->ph.param_length); - ph = (struct sctp_paramhdr *)(aph + 1); - param_type = ntohs(ph->param_type); if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { return (NULL); } + ph = (struct sctp_paramhdr *)(aph + 1); + param_type = ntohs(ph->param_type); #if defined(INET) || defined(INET6) param_length = ntohs(ph->param_length); if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360745 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:13:28 2020 New Revision: 360745 URL: https://svnweb.freebsd.org/changeset/base/360745 Log: MFC r353145: Plump a memory leak Plumb an mbuf leak in a code path that should not be taken. Also avoid that this path is taken by setting the tail pointer correctly. There is still bug related to handling unordered unfragmented messages which were delayed in deferred handling. This issue was found by OSS-Fuzz testing the usrsctp stack and reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17794 Modified: stable/11/sys/netinet/sctp_indata.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 02:10:44 2020 (r360744) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 02:13:28 2020 (r360745) @@ -714,6 +714,7 @@ sctp_add_to_tail_pointer(struct sctp_queued_to_read *c } if (control->tail_mbuf == NULL) { /* TSNH */ + sctp_m_freem(control->data); control->data = m; sctp_setup_tail_pointer(control); return; @@ -2117,10 +2118,13 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc struct mbuf *mm; control->data = dmbuf; + control->tail_mbuf = NULL; for (mm = control->data; mm; mm = mm->m_next) { control->length += SCTP_BUF_LEN(mm); + if (SCTP_BUF_NEXT(mm) == NULL) { + control->tail_mbuf = mm; + } } - control->tail_mbuf = NULL; control->end_added = 1; control->last_frag_seen = 1; control->first_frag_seen = 1; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360744 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:10:44 2020 New Revision: 360744 URL: https://svnweb.freebsd.org/changeset/base/360744 Log: MFC r353123: Fix use afterfreee. Fix a use after free bug when removing remote addresses. This bug was found by OSS-Fuzz and reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18004 Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:08:44 2020 (r360743) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:10:44 2020 (r360744) @@ -281,7 +281,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc static int sctp_asconf_del_remote_addrs_except(struct sctp_tcb *stcb, struct sockaddr *src) { - struct sctp_nets *src_net, *net; + struct sctp_nets *src_net, *net, *nnet; /* make sure the source address exists as a destination net */ src_net = sctp_findnet(stcb, src); @@ -291,10 +291,9 @@ sctp_asconf_del_remote_addrs_except(struct sctp_tcb *s } /* delete all destination addresses except the source */ - TAILQ_FOREACH(net, >asoc.nets, sctp_next) { + TAILQ_FOREACH_SAFE(net, >asoc.nets, sctp_next, nnet) { if (net != src_net) { /* delete this address */ - sctp_remove_net(stcb, net); SCTPDBG(SCTP_DEBUG_ASCONF1, "asconf_del_remote_addrs_except: deleting "); SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, @@ -302,6 +301,7 @@ sctp_asconf_del_remote_addrs_except(struct sctp_tcb *s /* notify upper layer */ sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, (struct sockaddr *)>ro._l_addr, SCTP_SO_NOT_LOCKED); + sctp_remove_net(stcb, net); } } return (0); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360743 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:08:44 2020 New Revision: 360743 URL: https://svnweb.freebsd.org/changeset/base/360743 Log: MFC r353122: Plump memory leak Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the userland stack and reporting it in: https://github.com/sctplab/usrsctp/issues/396 Modified: stable/11/sys/netinet/sctp_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c == --- stable/11/sys/netinet/sctp_input.c Thu May 7 02:06:37 2020 (r360742) +++ stable/11/sys/netinet/sctp_input.c Thu May 7 02:08:44 2020 (r360743) @@ -464,6 +464,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int if (!cookie_found) { uint16_t len; + /* Only report the missing cookie parameter */ + if (op_err != NULL) { + sctp_m_freem(op_err); + } len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); /* We abort with an error of missing mandatory param */ op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360742 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:06:37 2020 New Revision: 360742 URL: https://svnweb.freebsd.org/changeset/base/360742 Log: MFC r353119: Fix padding of COOKIE_ECHO chunks Fix the adding of padding to COOKIE-ECHO chunks. Thanks to Mark Wodrich who found this issue while fuzz testing the usrsctp stack and reported the issue in https://github.com/sctplab/usrsctp/issues/382 Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 02:03:25 2020 (r360741) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:06:37 2020 (r360742) @@ -9053,8 +9053,7 @@ sctp_send_cookie_echo(struct mbuf *m, pad = 4 - pad; } if (pad > 0) { - cookie = sctp_pad_lastmbuf(cookie, pad, NULL); - if (cookie == NULL) { + if (sctp_pad_lastmbuf(cookie, pad, NULL) == NULL) { return (-8); } } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360741 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:03:25 2020 New Revision: 360741 URL: https://svnweb.freebsd.org/changeset/base/360741 Log: MFC r353071: Improve address parsing When skipping the address parameter, take the padding into account. Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:01:04 2020 (r360740) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:03:25 2020 (r360741) @@ -697,8 +697,8 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset sctp_m_freem(m_ack); return; } - /* param_length is already validated in process_control... */ - offset += ntohs(p_addr->ph.param_length); /* skip lookup addr */ + /* skip lookup addr */ + offset += SCTP_SIZE32(ntohs(p_addr->ph.param_length)); /* get pointer to first asconf param in ASCONF */ aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_asconf_paramhdr), (uint8_t *)_buf); if (aph == NULL) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360740 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 02:01:04 2020 New Revision: 360740 URL: https://svnweb.freebsd.org/changeset/base/360740 Log: MFC r353069: add required padding when sending ASCONF-ACK Cleanup sctp_asconf_error_response() and ensure that the parameter is padded as required. This fixes the followig bug reported by OSS-Fuzz for the usersctp stack: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17790 Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:56:49 2020 (r360739) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 02:01:04 2020 (r360740) @@ -103,42 +103,47 @@ sctp_asconf_error_response(uint32_t id, uint16_t cause struct mbuf *m_reply = NULL; struct sctp_asconf_paramhdr *aph; struct sctp_error_cause *error; + size_t buf_len; + uint16_t i, param_length, cause_length, padding_length; uint8_t *tlv; - m_reply = sctp_get_mbuf_for_msg((sizeof(struct sctp_asconf_paramhdr) + - tlv_length + - sizeof(struct sctp_error_cause)), - 0, M_NOWAIT, 1, MT_DATA); + if (error_tlv == NULL) { + tlv_length = 0; + } + cause_length = sizeof(struct sctp_error_cause) + tlv_length; + param_length = sizeof(struct sctp_asconf_paramhdr) + cause_length; + padding_length = tlv_length % 4; + if (padding_length != 0) { + padding_length = 4 - padding_length; + } + buf_len = param_length + padding_length; + if (buf_len > MLEN) { + SCTPDBG(SCTP_DEBUG_ASCONF1, + "asconf_error_response: tlv_length (%xh) too big\n", + tlv_length); + return (NULL); + } + m_reply = sctp_get_mbuf_for_msg(buf_len, 0, M_NOWAIT, 1, MT_DATA); if (m_reply == NULL) { SCTPDBG(SCTP_DEBUG_ASCONF1, "asconf_error_response: couldn't get mbuf!\n"); return (NULL); } aph = mtod(m_reply, struct sctp_asconf_paramhdr *); - error = (struct sctp_error_cause *)(aph + 1); - - aph->correlation_id = id; aph->ph.param_type = htons(SCTP_ERROR_CAUSE_IND); + aph->ph.param_length = htons(param_length); + aph->correlation_id = id; + error = (struct sctp_error_cause *)(aph + 1); error->code = htons(cause); - error->length = tlv_length + sizeof(struct sctp_error_cause); - aph->ph.param_length = error->length + - sizeof(struct sctp_asconf_paramhdr); - - if (aph->ph.param_length > MLEN) { - SCTPDBG(SCTP_DEBUG_ASCONF1, - "asconf_error_response: tlv_length (%xh) too big\n", - tlv_length); - sctp_m_freem(m_reply); /* discard */ - return (NULL); - } + error->length = htons(cause_length); if (error_tlv != NULL) { tlv = (uint8_t *)(error + 1); memcpy(tlv, error_tlv, tlv_length); + for (i = 0; i < padding_length; i++) { + tlv[tlv_length + i] = 0; + } } - SCTP_BUF_LEN(m_reply) = aph->ph.param_length; - error->length = htons(error->length); - aph->ph.param_length = htons(aph->ph.param_length); - + SCTP_BUF_LEN(m_reply) = buf_len; return (m_reply); } @@ -778,8 +783,6 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset if (m_result != NULL) { SCTP_BUF_NEXT(m_tail) = m_result; m_tail = m_result; - /* update lengths, make sure it's aligned too */ - SCTP_BUF_LEN(m_result) = SCTP_SIZE32(SCTP_BUF_LEN(m_result)); ack_cp->ch.chunk_length += SCTP_BUF_LEN(m_result); /* set flag to force success reports */ error = 1; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360739 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:56:49 2020 New Revision: 360739 URL: https://svnweb.freebsd.org/changeset/base/360739 Log: MFC r353060: Improve input validation Add missing input validation. This could result in reading from uninitialized memory. The issue was found by OSS-Fuzz for usrsctp and reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17780 Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:55:08 2020 (r360738) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:56:49 2020 (r360739) @@ -167,10 +167,16 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc #endif aparam_length = ntohs(aph->ph.param_length); + if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { + return (NULL); + } ph = (struct sctp_paramhdr *)(aph + 1); param_type = ntohs(ph->param_type); #if defined(INET) || defined(INET6) param_length = ntohs(ph->param_length); + if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { + return (NULL); + } #endif sa = switch (param_type) { @@ -323,8 +329,14 @@ sctp_process_asconf_delete_ip(struct sockaddr *src, aparam_length = ntohs(aph->ph.param_length); ph = (struct sctp_paramhdr *)(aph + 1); param_type = ntohs(ph->param_type); + if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { + return (NULL); + } #if defined(INET) || defined(INET6) param_length = ntohs(ph->param_length); + if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { + return (NULL); + } #endif sa = switch (param_type) { @@ -452,10 +464,16 @@ sctp_process_asconf_set_primary(struct sockaddr *src, #endif aparam_length = ntohs(aph->ph.param_length); + if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { + return (NULL); + } ph = (struct sctp_paramhdr *)(aph + 1); param_type = ntohs(ph->param_type); #if defined(INET) || defined(INET6) param_length = ntohs(ph->param_length); + if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { + return (NULL); + } #endif sa = switch (param_type) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360738 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:55:08 2020 New Revision: 360738 URL: https://svnweb.freebsd.org/changeset/base/360738 Log: MFC r352894: Don't use uninitialized memory. Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in https://github.com/sctplab/usrsctp/issues/380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:43:21 2020 (r360737) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:55:08 2020 (r360738) @@ -234,6 +234,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc "process_asconf_add_ip: using source addr "); SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); } + net = NULL; /* add the address */ if (bad_address) { m_reply = sctp_asconf_error_response(aph->correlation_id, @@ -248,17 +249,19 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph, aparam_length); } else { - /* notify upper layer */ - sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); if (response_required) { m_reply = sctp_asconf_success_response(aph->correlation_id); } - sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, - stcb, net); - if (send_hb) { - sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); + if (net != NULL) { + /* notify upper layer */ + sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); + sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, + stcb, net); + if (send_hb) { + sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); + } } } return (m_reply); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360737 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:43:21 2020 New Revision: 360737 URL: https://svnweb.freebsd.org/changeset/base/360737 Log: MFC r352652: Fix memory leak Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: https://github.com/sctplab/usrsctp/issues/378 Modified: stable/11/sys/netinet/sctp_indata.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 01:37:42 2020 (r360736) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:43:21 2020 (r360737) @@ -470,6 +470,11 @@ sctp_clean_up_control(struct sctp_tcb *stcb, struct sc chk->data = NULL; sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); } + sctp_free_remote_addr(control->whoFrom); + if (control->data) { + sctp_m_freem(control->data); + control->data = NULL; + } sctp_free_a_readq(stcb, control); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360736 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:37:42 2020 New Revision: 360736 URL: https://svnweb.freebsd.org/changeset/base/360736 Log: MFC r352594: Improve SCTP locking Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in https://github.com/sctplab/usrsctp/issues/374 He found this bug using fuzz testing. Modified: stable/11/sys/netinet/sctp_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c == --- stable/11/sys/netinet/sctp_input.c Thu May 7 01:34:41 2020 (r360735) +++ stable/11/sys/netinet/sctp_input.c Thu May 7 01:37:42 2020 (r360736) @@ -702,34 +702,37 @@ static int sctp_handle_nat_colliding_state(struct sctp_tcb *stcb) { /* -* return 0 means we want you to proceed with the abort non-zero -* means no abort processing +* Return 0 means we want you to proceed with the abort non-zero +* means no abort processing. */ + uint32_t new_vtag; struct sctpasochead *head; if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { + new_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1); atomic_add_int(>asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); SCTP_INP_INFO_WLOCK(); SCTP_TCB_LOCK(stcb); atomic_subtract_int(>asoc.refcnt, 1); + } else { + return (0); } if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { /* generate a new vtag and send init */ LIST_REMOVE(stcb, sctp_asocs); - stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1); + stcb->asoc.my_vtag = new_vtag; head = _BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; /* * put it in the bucket in the vtag hash of assoc's for the * system */ LIST_INSERT_HEAD(head, stcb, sctp_asocs); - sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); SCTP_INP_INFO_WUNLOCK(); + sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); return (1); - } - if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) { + } else { /* * treat like a case where the cookie expired i.e.: - dump * current cookie. - generate a new vtag. - resend init. @@ -739,15 +742,15 @@ sctp_handle_nat_colliding_state(struct sctp_tcb *stcb) SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); sctp_stop_all_cookie_timers(stcb); sctp_toss_old_cookies(stcb, >asoc); - stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1); + stcb->asoc.my_vtag = new_vtag; head = _BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; /* * put it in the bucket in the vtag hash of assoc's for the * system */ LIST_INSERT_HEAD(head, stcb, sctp_asocs); - sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); SCTP_INP_INFO_WUNLOCK(); + sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); return (1); } return (0); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360735 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:34:41 2020 New Revision: 360735 URL: https://svnweb.freebsd.org/changeset/base/360735 Log: MFC r352592: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in https://github.com/sctplab/usrsctp/issues/375 for the userland stack and found by running a fuzz tester. Modified: stable/11/sys/netinet/sctp_indata.c stable/11/sys/netinet/sctp_input.c stable/11/sys/netinet/sctputil.c stable/11/sys/netinet/sctputil.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 01:31:21 2020 (r360734) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:34:41 2020 (r360735) @@ -3106,13 +3106,12 @@ sctp_process_segment_range(struct sctp_tcb *stcb, stru * update RTO too ? */ if (tp1->do_rtt) { - if (*rto_ok) { - tp1->whoTo->RTO = - sctp_calculate_rto(stcb, - >asoc, - tp1->whoTo, - >sent_rcv_time, - SCTP_RTT_FROM_DATA); + if (*rto_ok && + sctp_calculate_rto(stcb, + >asoc, + tp1->whoTo, + >sent_rcv_time, + SCTP_RTT_FROM_DATA)) { *rto_ok = 0; } if (tp1->whoTo->rto_needed == 0) { @@ -4084,16 +4083,12 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32 /* update RTO too? */ if (tp1->do_rtt) { - if (rto_ok) { - tp1->whoTo->RTO = - /* -* sa_ignore -* NO_NULL_CHK -*/ - sctp_calculate_rto(stcb, - asoc, tp1->whoTo, - >sent_rcv_time, - SCTP_RTT_FROM_DATA); + if (rto_ok && + sctp_calculate_rto(stcb, + >asoc, + tp1->whoTo, + >sent_rcv_time, + SCTP_RTT_FROM_DATA)) { rto_ok = 0; } if (tp1->whoTo->rto_needed == 0) { @@ -4704,12 +4699,12 @@ hopeless_peer: /* update RTO too? */ if (tp1->do_rtt) { - if (rto_ok) { - tp1->whoTo->RTO = - sctp_calculate_rto(stcb, - asoc, tp1->whoTo, - >sent_rcv_time, - SCTP_RTT_FROM_DATA); +
svn commit: r360734 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:31:21 2020 New Revision: 360734 URL: https://svnweb.freebsd.org/changeset/base/360734 Log: MFC r352550: Fix invalid handling of ASCONF chunks Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in https://github.com/sctplab/usrsctp/issues/376 for the userland stack. Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:28:59 2020 (r360733) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:31:21 2020 (r360734) @@ -701,6 +701,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset if (param_length <= sizeof(struct sctp_paramhdr)) { SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length); sctp_m_freem(m_ack); + return; } /* get the entire parameter */ aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360733 - stable/11/sys/netinet6
Author: tuexen Date: Thu May 7 01:28:59 2020 New Revision: 360733 URL: https://svnweb.freebsd.org/changeset/base/360733 Log: MFC r352511: Improve IPv6 handling over the loopback interface When processing an incoming IPv6 packet over the loopback interface which contains Hop-by-Hop options, the mbuf chain is potentially changed in ip6_hopopts_input(), called by ip6_input_hbh(). This can happen, because of the the use of IP6_EXTHDR_CHECK, which might call m_pullup(). So provide the updated pointer back to the called of ip6_input_hbh() to avoid using a freed mbuf chain in`ip6_input()`. Reviewed by: markj Sponsored by: Netflix, Inc. Differential Revision:https://reviews.freebsd.org/D21664 Modified: stable/11/sys/netinet6/ip6_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/ip6_input.c == --- stable/11/sys/netinet6/ip6_input.c Thu May 7 01:16:32 2020 (r360732) +++ stable/11/sys/netinet6/ip6_input.c Thu May 7 01:28:59 2020 (r360733) @@ -402,20 +402,22 @@ VNET_SYSUNINIT(inet6, SI_SUB_PROTO_DOMAIN, SI_ORDER_TH #endif static int -ip6_input_hbh(struct mbuf *m, uint32_t *plen, uint32_t *rtalert, int *off, +ip6_input_hbh(struct mbuf **mp, uint32_t *plen, uint32_t *rtalert, int *off, int *nxt, int *ours) { + struct mbuf *m; struct ip6_hdr *ip6; struct ip6_hbh *hbh; - if (ip6_hopopts_input(plen, rtalert, , off)) { + if (ip6_hopopts_input(plen, rtalert, mp, off)) { #if 0 /*touches NULL pointer*/ - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); + in6_ifstat_inc((*mp)->m_pkthdr.rcvif, ifs6_in_discard); #endif goto out; /* m have already been freed */ } /* adjust pointer */ + m = *mp; ip6 = mtod(m, struct ip6_hdr *); /* @@ -855,7 +857,7 @@ passin: */ plen = (u_int32_t)ntohs(ip6->ip6_plen); if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { - if (ip6_input_hbh(m, , , , , ) != 0) + if (ip6_input_hbh(, , , , , ) != 0) return; } else nxt = ip6->ip6_nxt; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360732 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:16:32 2020 New Revision: 360732 URL: https://svnweb.freebsd.org/changeset/base/360732 Log: MFC r351655: Fix initialization of top_fsn. Modified: stable/11/sys/netinet/sctp_indata.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.h == --- stable/11/sys/netinet/sctp_indata.h Thu May 7 01:13:02 2020 (r360731) +++ stable/11/sys/netinet/sctp_indata.h Thu May 7 01:16:32 2020 (r360732) @@ -59,7 +59,6 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, (_ctl)->sinfo_ppid = ppid; \ (_ctl)->sinfo_context = context; \ (_ctl)->fsn_included = 0x; \ - (_ctl)->top_fsn = 0x; \ (_ctl)->sinfo_tsn = tsn; \ (_ctl)->sinfo_cumtsn = tsn; \ (_ctl)->sinfo_assoc_id = sctp_get_associd((in_it)); \ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360731 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:13:02 2020 New Revision: 360731 URL: https://svnweb.freebsd.org/changeset/base/360731 Log: MFC r351654: Improve handling of cookie parameters in INIT-ACK chunks Improve the handling of state cookie parameters in INIT-ACK chunks. This fixes problem with parameters indicating a zero length or partial parameters after an unknown parameter indicating to stop processing. It also fixes a problem with state cookie parameters after unknown parametes indicating to stop porcessing. Thanks to Mark Wodrich from Google for finding two of these issues by fuzz testing the userland stack and reporting them in https://github.com/sctplab/usrsctp/issues/355 and https://github.com/sctplab/usrsctp/issues/352 Modified: stable/11/sys/netinet/sctp_input.c stable/11/sys/netinet/sctp_output.c stable/11/sys/netinet/sctp_output.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c == --- stable/11/sys/netinet/sctp_input.c Thu May 7 01:09:17 2020 (r360730) +++ stable/11/sys/netinet/sctp_input.c Thu May 7 01:13:02 2020 (r360731) @@ -443,22 +443,48 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int { struct sctp_association *asoc; struct mbuf *op_err; - int retval, abort_flag; - uint32_t initack_limit; + int retval, abort_flag, cookie_found; + int initack_limit; int nat_friendly = 0; /* First verify that we have no illegal param's */ abort_flag = 0; + cookie_found = 0; op_err = sctp_arethere_unrecognized_parameters(m, (offset + sizeof(struct sctp_init_chunk)), - _flag, (struct sctp_chunkhdr *)cp, _friendly); + _flag, (struct sctp_chunkhdr *)cp, + _friendly, _found); if (abort_flag) { /* Send an abort and notify peer */ sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_no_unlock = 1; return (-1); } + if (!cookie_found) { + uint16_t len; + + len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); + /* We abort with an error of missing mandatory param */ + op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); + if (op_err != NULL) { + struct sctp_error_missing_param *cause; + + SCTP_BUF_LEN(op_err) = len; + cause = mtod(op_err, struct sctp_error_missing_param *); + /* Subtract the reserved param */ + cause->cause.code = htons(SCTP_CAUSE_MISSING_PARAM); + cause->cause.length = htons(len); + cause->num_missing_params = htonl(1); + cause->type[0] = htons(SCTP_STATE_COOKIE); + } + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + mflowtype, mflowid, + vrf_id, net->port); + *abort_no_unlock = 1; + return (-3); + } asoc = >asoc; asoc->peer_supports_nat = (uint8_t)nat_friendly; /* process the peer's parameters in the INIT-ACK */ @@ -523,40 +549,8 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int /* calculate the RTO */ net->RTO = sctp_calculate_rto(stcb, asoc, net, >time_entered, SCTP_RTT_FROM_NON_DATA); - retval = sctp_send_cookie_echo(m, offset, stcb, net); - if (retval < 0) { - /* -* No cookie, we probably should send a op error. But in any -* case if there is no cookie in the INIT-ACK, we can -* abandon the peer, its broke. -*/ - if (retval == -3) { - uint16_t len; - - len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); - /* We abort with an error of missing mandatory param */ - op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); - if (op_err != NULL) { - struct sctp_error_missing_param *cause; - - SCTP_BUF_LEN(op_err) = len; - cause = mtod(op_err, struct sctp_error_missing_param *); - /* Subtract the reserved param */ - cause->cause.code = htons(SCTP_CAUSE_MISSING_PARAM); - cause->cause.length = htons(len); - cause->num_missing_params = htonl(1); - cause->type[0] = htons(SCTP_STATE_COOKIE); - } -
svn commit: r360730 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:09:17 2020 New Revision: 360730 URL: https://svnweb.freebsd.org/changeset/base/360730 Log: MFC r351641: Improve function definition. Modified: stable/11/sys/netinet/sctp_pcb.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cThu May 7 01:07:47 2020 (r360729) +++ stable/11/sys/netinet/sctp_pcb.cThu May 7 01:09:17 2020 (r360730) @@ -5773,7 +5773,7 @@ sctp_startup_mcore_threads(void) #endif void -sctp_pcb_init() +sctp_pcb_init(void) { /* * SCTP initialization for the PCB structures should be called by ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360729 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 01:07:47 2020 New Revision: 360729 URL: https://svnweb.freebsd.org/changeset/base/360729 Log: MFC r351638: Improve handling DATA chunks. Improve the handling of illegal sequence number combinations in received data chunks. Abort the association if there are data chunks with larger fragement sequence numbers than the fragement sequence of the last fragment. Thanks to Mark Wodrich from Google who found this issue by fuzz testing the userland stack and reporting this issue in https://github.com/sctplab/usrsctp/issues/355 Modified: stable/11/sys/netinet/sctp_indata.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Thu May 7 00:56:24 2020 (r360728) +++ stable/11/sys/netinet/sctp_indata.c Thu May 7 01:07:47 2020 (r360729) @@ -1477,6 +1477,16 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc "The last fsn is now in place fsn: %u\n", chk->rec.data.fsn); control->last_frag_seen = 1; + if (SCTP_TSN_GT(control->top_fsn, chk->rec.data.fsn)) { + SCTPDBG(SCTP_DEBUG_XXX, + "New fsn: %u is not at top_fsn: %u -- abort\n", + chk->rec.data.fsn, + control->top_fsn); + sctp_abort_in_reasm(stcb, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_9); + return; + } } if (asoc->idata_supported || control->first_frag_seen) { /* @@ -1492,7 +1502,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc */ sctp_abort_in_reasm(stcb, control, chk, abort_flag, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_9); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_10); return; } } @@ -1504,7 +1514,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc chk->rec.data.fsn, control->top_fsn); sctp_abort_in_reasm(stcb, control, chk, abort_flag, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_10); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_11); return; } if (asoc->idata_supported || control->first_frag_seen) { @@ -1525,7 +1535,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc chk->rec.data.fsn, control->fsn_included); sctp_abort_in_reasm(stcb, control, chk, abort_flag, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_11); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_12); return; } } @@ -1540,7 +1550,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc control->top_fsn); sctp_abort_in_reasm(stcb, control, chk, abort_flag, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_12); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_13); return; } } @@ -1583,7 +1593,7 @@ sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struc at->rec.data.fsn); sctp_abort_in_reasm(stcb, control, chk, abort_flag, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_13); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_14); return; } } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360728 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 00:56:24 2020 New Revision: 360728 URL: https://svnweb.freebsd.org/changeset/base/360728 Log: MFC r350745: Fix typo. Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c == --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 00:50:50 2020 (r360727) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 00:56:24 2020 (r360728) @@ -1364,7 +1364,7 @@ sctp_asconf_queue_add(struct sctp_tcb *stcb, struct sc if (sctp_asconf_queue_mgmt(stcb, stcb->asoc.asconf_addr_del_pending, SCTP_DEL_IP_ADDRESS) == 0) { - SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queing pending delete\n"); + SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queuing pending delete\n"); pending_delete_queued = 1; /* clear out the pending delete info */ stcb->asoc.asconf_del_pending = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360727 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 00:50:50 2020 New Revision: 360727 URL: https://svnweb.freebsd.org/changeset/base/360727 Log: MFC r350626: Fix a locking issue in SCTP Fix a locking issue in sctp_accept. PR: 238520 Reported by: pho Modified: stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Thu May 7 00:44:15 2020 (r360726) +++ stable/11/sys/netinet/sctp_usrreq.c Thu May 7 00:50:50 2020 (r360727) @@ -7229,28 +7229,56 @@ sctp_accept(struct socket *so, struct sockaddr **addr) SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (ECONNRESET); } - SCTP_INP_RLOCK(inp); + SCTP_INP_WLOCK(inp); if (inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EOPNOTSUPP); return (EOPNOTSUPP); } if (so->so_state & SS_ISDISCONNECTED) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, ECONNABORTED); return (ECONNABORTED); } stcb = LIST_FIRST(>sctp_asoc_list); if (stcb == NULL) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (ECONNRESET); } SCTP_TCB_LOCK(stcb); - SCTP_INP_RUNLOCK(inp); store = stcb->asoc.primary_destination->ro._l_addr; SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE); - SCTP_TCB_UNLOCK(stcb); + /* Wake any delayed sleep action */ + if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE; + if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; + SOCKBUF_LOCK(>sctp_socket->so_snd); + if (sowriteable(inp->sctp_socket)) { + sowwakeup_locked(inp->sctp_socket); + } else { + SOCKBUF_UNLOCK(>sctp_socket->so_snd); + } + } + if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; + SOCKBUF_LOCK(>sctp_socket->so_rcv); + if (soreadable(inp->sctp_socket)) { + sctp_defered_wakeup_cnt++; + sorwakeup_locked(inp->sctp_socket); + } else { + SOCKBUF_UNLOCK(>sctp_socket->so_rcv); + } + } + } + SCTP_INP_WUNLOCK(inp); + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, + SCTP_FROM_SCTP_USRREQ + SCTP_LOC_19); + } else { + SCTP_TCB_UNLOCK(stcb); + } switch (store.sa.sa_family) { #ifdef INET case AF_INET: @@ -7291,40 +7319,6 @@ sctp_accept(struct socket *so, struct sockaddr **addr) default: /* TSNH */ break; - } - /* Wake any delayed sleep action */ - if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) { - SCTP_INP_WLOCK(inp); - inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE; - if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) { - inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; - SCTP_INP_WUNLOCK(inp); - SOCKBUF_LOCK(>sctp_socket->so_snd); - if (sowriteable(inp->sctp_socket)) { - sowwakeup_locked(inp->sctp_socket); - } else { - SOCKBUF_UNLOCK(>sctp_socket->so_snd); - } - SCTP_INP_WLOCK(inp); - } - if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) { - inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; - SCTP_INP_WUNLOCK(inp); - SOCKBUF_LOCK(>sctp_socket->so_rcv); - if (soreadable(inp->sctp_socket)) { - sctp_defered_wakeup_cnt++; - sorwakeup_locked(inp->sctp_socket); - } else { - SOCKBUF_UNLOCK(>sctp_socket->so_rcv); - } -
svn commit: r360726 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 00:44:15 2020 New Revision: 360726 URL: https://svnweb.freebsd.org/changeset/base/360726 Log: MFC r350625: Improve compilation on 32-bit OS/ Fix build issues for the userland stack on Raspbian. Modified: stable/11/sys/netinet/sctp_output.c stable/11/sys/netinet/sctputil.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 00:26:13 2020 (r360725) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:44:15 2020 (r360726) @@ -12526,7 +12526,7 @@ sctp_lower_sosend(struct socket *so, struct thread *p ) { - ssize_t sndlen = 0, max_len; + ssize_t sndlen = 0, max_len, local_add_more; int error, len; struct mbuf *top = NULL; int queue_only = 0, queue_only_for_init = 0; @@ -12548,7 +12548,6 @@ sctp_lower_sosend(struct socket *so, int got_all_of_the_send = 0; int hold_tcblock = 0; int non_blocking = 0; - uint32_t local_add_more; ssize_t local_soresv = 0; uint16_t port; uint16_t sinfo_flags; @@ -12850,7 +12849,7 @@ sctp_lower_sosend(struct socket *so, free_cnt_applied = 1; if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { - if (sndlen > asoc->smallest_mtu) { + if (sndlen > (ssize_t)asoc->smallest_mtu) { SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); error = EMSGSIZE; goto out_unlocked; @@ -12878,7 +12877,7 @@ sctp_lower_sosend(struct socket *so, if ((SCTP_SB_LIMIT_SND(so) < (amount + inqueue_bytes + stcb->asoc.sb_send_resv)) || (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); - if (sndlen > SCTP_SB_LIMIT_SND(so)) + if (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(so)) error = EMSGSIZE; else error = EWOULDBLOCK; @@ -13060,7 +13059,7 @@ sctp_lower_sosend(struct socket *so, /* Unless E_EOR mode is on, we must make a send FIT in one call. */ if ((user_marks_eor == 0) && - (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { + (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { /* It will NEVER fit */ SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); error = EMSGSIZE; @@ -13077,20 +13076,20 @@ sctp_lower_sosend(struct socket *so, } if (user_marks_eor) { - local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); + local_add_more = (ssize_t)min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); } else { /*- * For non-eeor the whole message must fit in * the socket send buffer. */ - local_add_more = (uint32_t)sndlen; + local_add_more = sndlen; } len = 0; if (non_blocking) { goto skip_preblock; } if (((max_len <= local_add_more) && - (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || + ((ssize_t)SCTP_SB_LIMIT_SND(so) >= local_add_more)) || (max_len == 0) || ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { /* No room right now ! */ @@ -13098,7 +13097,7 @@ sctp_lower_sosend(struct socket *so, inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb)); while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { - SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", + SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %zd) || (%d+%d > %d)\n", (unsigned int)SCTP_SB_LIMIT_SND(so), inqueue_bytes, local_add_more, @@ -13231,7 +13230,7 @@ skip_preblock: else max_len = 0; - if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || + if ((max_len > (ssize_t)SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || (max_len && (SCTP_SB_LIMIT_SND(so) <
svn commit: r360725 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 00:26:13 2020 New Revision: 360725 URL: https://svnweb.freebsd.org/changeset/base/360725 Log: MFC r350520: Fix reporting of unknown paramters in an INIT chunk Fix the reporting of multiple unknown parameters in an received INIT chunk. This also plugs an potential mbuf leak. Thanks to Felix Weinrank for reporting this issue found by fuzz-testing the userland stack. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Thu May 7 00:23:07 2020 (r360724) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:26:13 2020 (r360725) @@ -4981,17 +4981,17 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ */ struct sctp_paramhdr *phdr, params; - struct mbuf *mat, *op_err; + struct mbuf *mat, *m_tmp, *op_err, *op_err_last; int at, limit, pad_needed; uint16_t ptype, plen, padded_size; - int err_at; *abort_processing = 0; mat = in_initpkt; - err_at = 0; limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); at = param_offset; op_err = NULL; + op_err_last = NULL; + pad_needed = 0; SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); phdr = sctp_get_next_param(mat, at, , sizeof(params)); while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { @@ -5116,6 +5116,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ *abort_processing = 1; sctp_m_freem(op_err); op_err = NULL; + op_err_last = NULL; #ifdef INET6 l_len = SCTP_MIN_OVERHEAD; #else @@ -5124,7 +5125,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ l_len += sizeof(struct sctp_chunkhdr); l_len += sizeof(struct sctp_gen_error_cause); op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); - if (op_err) { + if (op_err != NULL) { /* * Pre-reserve space for IP, SCTP, * and chunk header. @@ -5144,6 +5145,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ if (SCTP_BUF_NEXT(op_err) == NULL) { sctp_m_freem(op_err); op_err = NULL; + op_err_last = NULL; } } return (op_err); @@ -5179,37 +5181,55 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ #endif SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); + op_err_last = op_err; } } - if (op_err) { + if (op_err != NULL) { /* If we have space */ - struct sctp_paramhdr s; + struct sctp_paramhdr *param; - if (err_at % 4) { - uint32_t cpthis = 0; - - pad_needed = 4 - (err_at % 4); - m_copyback(op_err, err_at, pad_needed, (caddr_t)); - err_at += pad_needed; + if (pad_needed > 0) { + op_err_last = sctp_add_pad_tombuf(op_err_last, pad_needed); } - s.param_type = htons(SCTP_UNRECOG_PARAM); - s.param_length = htons((uint16_t)sizeof(struct sctp_paramhdr) + plen); - m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)); - err_at += sizeof(struct sctp_paramhdr); - SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT); - if (SCTP_BUF_NEXT(op_err) == NULL) { + if
svn commit: r360724 - stable/11/sys/netinet
Author: tuexen Date: Thu May 7 00:23:07 2020 New Revision: 360724 URL: https://svnweb.freebsd.org/changeset/base/360724 Log: MFC r350508: Improve sending of ABORT message in SCTP When responding with an ABORT to an INIT chunk containing a HOSTNAME parameter or a parameter with an illegal length, only include an error cause indicating why the ABORT was sent. This also fixes an mbuf leak which could occur. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Wed May 6 23:31:30 2020 (r360723) +++ stable/11/sys/netinet/sctp_output.c Thu May 7 00:23:07 2020 (r360724) @@ -5108,55 +5108,42 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_ break; case SCTP_HOSTNAME_ADDRESS: { - /* We can NOT handle HOST NAME addresses!! */ + /* Hostname parameters are deprecated. */ + struct sctp_gen_error_cause *cause; int l_len; SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); *abort_processing = 1; - if (op_err == NULL) { - /* Ok need to try to get a mbuf */ + sctp_m_freem(op_err); + op_err = NULL; #ifdef INET6 - l_len = SCTP_MIN_OVERHEAD; + l_len = SCTP_MIN_OVERHEAD; #else - l_len = SCTP_MIN_V4_OVERHEAD; + l_len = SCTP_MIN_V4_OVERHEAD; #endif - l_len += sizeof(struct sctp_chunkhdr); - l_len += sizeof(struct sctp_gen_error_cause); - op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); - if (op_err) { - SCTP_BUF_LEN(op_err) = 0; - /* -* Pre-reserve space for IP, -* SCTP, and chunk header. -*/ + l_len += sizeof(struct sctp_chunkhdr); + l_len += sizeof(struct sctp_gen_error_cause); + op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); + if (op_err) { + /* +* Pre-reserve space for IP, SCTP, +* and chunk header. +*/ #ifdef INET6 - SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); + SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); #else - SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); + SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); #endif - SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); - SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); - } - } - if (op_err) { - /* If we have space */ - struct sctp_gen_error_cause cause; - - if (err_at % 4) { - uint32_t cpthis = 0; - - pad_needed = 4 - (err_at % 4); - m_copyback(op_err, err_at, pad_needed, (caddr_t)); - err_at += pad_needed; - } - cause.code = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); - cause.length = htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen)); - m_copyback(op_err, err_at, sizeof(struct sctp_gen_error_cause), (caddr_t)); - err_at += sizeof(struct sctp_gen_error_cause); + SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); + SCTP_BUF_RESV_UF(op_err, sizeof(struct
svn commit: r360723 - in head/sys/dev/virtio: balloon console random scsi
Author: jrtc27 Date: Wed May 6 23:31:30 2020 New Revision: 360723 URL: https://svnweb.freebsd.org/changeset/base/360723 Log: virtio: Support MMIO bus for all devices The bus is independent of the device, so all devices can be attached to either a PCI bus or an MMIO bus. For example, QEMU's virtio-rng-device gives the MMIO variant of virtio-rng-pci, and is now detected. Reviewed by: andrew, br, brooks (mentor) Approved by: andrew, br, brooks (mentor) Differential Revision:https://reviews.freebsd.org/D24730 Modified: head/sys/dev/virtio/balloon/virtio_balloon.c head/sys/dev/virtio/console/virtio_console.c head/sys/dev/virtio/random/virtio_random.c head/sys/dev/virtio/scsi/virtio_scsi.c Modified: head/sys/dev/virtio/balloon/virtio_balloon.c == --- head/sys/dev/virtio/balloon/virtio_balloon.cWed May 6 23:28:51 2020(r360722) +++ head/sys/dev/virtio/balloon/virtio_balloon.cWed May 6 23:31:30 2020(r360723) @@ -153,6 +153,8 @@ static driver_t vtballoon_driver = { }; static devclass_t vtballoon_devclass; +DRIVER_MODULE(virtio_balloon, virtio_mmio, vtballoon_driver, +vtballoon_devclass, 0, 0); DRIVER_MODULE(virtio_balloon, virtio_pci, vtballoon_driver, vtballoon_devclass, 0, 0); MODULE_VERSION(virtio_balloon, 1); @@ -160,6 +162,7 @@ MODULE_DEPEND(virtio_balloon, virtio, 1, 1, 1); VIRTIO_SIMPLE_PNPTABLE(virtio_balloon, VIRTIO_ID_BALLOON, "VirtIO Balloon Adapter"); +VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_balloon); VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_balloon); static int Modified: head/sys/dev/virtio/console/virtio_console.c == --- head/sys/dev/virtio/console/virtio_console.cWed May 6 23:28:51 2020(r360722) +++ head/sys/dev/virtio/console/virtio_console.cWed May 6 23:31:30 2020(r360723) @@ -256,6 +256,8 @@ static driver_t vtcon_driver = { }; static devclass_t vtcon_devclass; +DRIVER_MODULE(virtio_console, virtio_mmio, vtcon_driver, vtcon_devclass, +vtcon_modevent, 0); DRIVER_MODULE(virtio_console, virtio_pci, vtcon_driver, vtcon_devclass, vtcon_modevent, 0); MODULE_VERSION(virtio_console, 1); @@ -263,6 +265,7 @@ MODULE_DEPEND(virtio_console, virtio, 1, 1, 1); VIRTIO_SIMPLE_PNPTABLE(virtio_console, VIRTIO_ID_CONSOLE, "VirtIO Console Adapter"); +VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_console); VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_console); static int Modified: head/sys/dev/virtio/random/virtio_random.c == --- head/sys/dev/virtio/random/virtio_random.c Wed May 6 23:28:51 2020 (r360722) +++ head/sys/dev/virtio/random/virtio_random.c Wed May 6 23:31:30 2020 (r360723) @@ -96,6 +96,8 @@ static driver_t vtrnd_driver = { }; static devclass_t vtrnd_devclass; +DRIVER_MODULE(virtio_random, virtio_mmio, vtrnd_driver, vtrnd_devclass, +vtrnd_modevent, 0); DRIVER_MODULE(virtio_random, virtio_pci, vtrnd_driver, vtrnd_devclass, vtrnd_modevent, 0); MODULE_VERSION(virtio_random, 1); @@ -104,6 +106,7 @@ MODULE_DEPEND(virtio_random, random_device, 1, 1, 1); VIRTIO_SIMPLE_PNPTABLE(virtio_random, VIRTIO_ID_ENTROPY, "VirtIO Entropy Adapter"); +VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_random); VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_random); static int Modified: head/sys/dev/virtio/scsi/virtio_scsi.c == --- head/sys/dev/virtio/scsi/virtio_scsi.c Wed May 6 23:28:51 2020 (r360722) +++ head/sys/dev/virtio/scsi/virtio_scsi.c Wed May 6 23:31:30 2020 (r360723) @@ -228,6 +228,8 @@ static driver_t vtscsi_driver = { }; static devclass_t vtscsi_devclass; +DRIVER_MODULE(virtio_scsi, virtio_mmio, vtscsi_driver, vtscsi_devclass, +vtscsi_modevent, 0); DRIVER_MODULE(virtio_scsi, virtio_pci, vtscsi_driver, vtscsi_devclass, vtscsi_modevent, 0); MODULE_VERSION(virtio_scsi, 1); @@ -235,6 +237,7 @@ MODULE_DEPEND(virtio_scsi, virtio, 1, 1, 1); MODULE_DEPEND(virtio_scsi, cam, 1, 1, 1); VIRTIO_SIMPLE_PNPTABLE(virtio_scsi, VIRTIO_ID_SCSI, "VirtIO SCSI Adapter"); +VIRTIO_SIMPLE_PNPINFO(virtio_mmio, virtio_scsi); VIRTIO_SIMPLE_PNPINFO(virtio_pci, virtio_scsi); static int ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360722 - head/sys/dev/virtio/mmio
Author: jrtc27 Date: Wed May 6 23:28:51 2020 New Revision: 360722 URL: https://svnweb.freebsd.org/changeset/base/360722 Log: virtio_mmio: Support non-transitional version 2 devices The non-legacy virtio MMIO specification drops the use of PFNs and replaces them with physical addresses. Whilst many implementations are so-called transitional devices, also implementing the legacy specification, TinyEMU[1] does not. Device-specific configuration registers have also changed to being little-endian, and must be accessed using a single aligned access for registers up to 32 bits, and two 32-bit aligned accesses for 64-bit registers. [1] https://bellard.org/tinyemu/ Reviewed by: br, brooks (mentor) Approved by: br, brooks (mentor) Differential Revision:https://reviews.freebsd.org/D24681 Modified: head/sys/dev/virtio/mmio/virtio_mmio.c head/sys/dev/virtio/mmio/virtio_mmio.h Modified: head/sys/dev/virtio/mmio/virtio_mmio.c == --- head/sys/dev/virtio/mmio/virtio_mmio.c Wed May 6 23:23:22 2020 (r360721) +++ head/sys/dev/virtio/mmio/virtio_mmio.c Wed May 6 23:28:51 2020 (r360722) @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -76,6 +77,8 @@ static intvtmmio_read_ivar(device_t, device_t, int, u static int vtmmio_write_ivar(device_t, device_t, int, uintptr_t); static uint64_tvtmmio_negotiate_features(device_t, uint64_t); static int vtmmio_with_feature(device_t, uint64_t); +static voidvtmmio_set_virtqueue(struct vtmmio_softc *sc, + struct virtqueue *vq, uint32_t size); static int vtmmio_alloc_virtqueues(device_t, int, int, struct vq_alloc_info *); static int vtmmio_setup_intr(device_t, enum intr_type); @@ -223,6 +226,16 @@ vtmmio_attach(device_t dev) return (ENXIO); } + sc->vtmmio_version = vtmmio_read_config_4(sc, VIRTIO_MMIO_VERSION); + if (sc->vtmmio_version < 1 || sc->vtmmio_version > 2) { + device_printf(dev, "Unsupported version: %x\n", + sc->vtmmio_version); + bus_release_resource(dev, SYS_RES_MEMORY, 0, + sc->res[0]); + sc->res[0] = NULL; + return (ENXIO); + } + vtmmio_reset(sc); /* Tell the host we've noticed this device. */ @@ -404,6 +417,46 @@ vtmmio_with_feature(device_t dev, uint64_t feature) return ((sc->vtmmio_features & feature) != 0); } +static void +vtmmio_set_virtqueue(struct vtmmio_softc *sc, struct virtqueue *vq, +uint32_t size) +{ + vm_paddr_t paddr; + + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_NUM, size); +#if 0 + device_printf(dev, "virtqueue paddr 0x%08lx\n", + (uint64_t)paddr); +#endif + if (sc->vtmmio_version == 1) { + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_ALIGN, + VIRTIO_MMIO_VRING_ALIGN); + paddr = virtqueue_paddr(vq); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_PFN, + paddr >> PAGE_SHIFT); + } else { + paddr = virtqueue_desc_paddr(vq); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_DESC_LOW, + paddr); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_DESC_HIGH, + paddr >> 32); + + paddr = virtqueue_avail_paddr(vq); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_AVAIL_LOW, + paddr); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_AVAIL_HIGH, + paddr >> 32); + + paddr = virtqueue_used_paddr(vq); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_USED_LOW, + paddr); + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_USED_HIGH, + paddr >> 32); + + vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_READY, 1); + } +} + static int vtmmio_alloc_virtqueues(device_t dev, int flags, int nvqs, struct vq_alloc_info *vq_info) @@ -448,15 +501,7 @@ vtmmio_alloc_virtqueues(device_t dev, int flags, int n break; } - vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_NUM, size); - vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_ALIGN, - VIRTIO_MMIO_VRING_ALIGN); -#if 0 - device_printf(dev, "virtqueue paddr 0x%08lx\n", - (uint64_t)virtqueue_paddr(vq)); -#endif - vtmmio_write_config_4(sc, VIRTIO_MMIO_QUEUE_PFN, - virtqueue_paddr(vq) >> PAGE_SHIFT); + vtmmio_set_virtqueue(sc, vq, size); vqx->vtv_vq = *info->vqai_vq = vq; vqx->vtv_no_intr = info->vqai_intr == NULL; @@ -568,10 +613,54 @@ vtmmio_read_dev_config(device_t
svn commit: r360721 - in stable: 11/sys/netipsec 12/sys/netipsec
Author: jhb Date: Wed May 6 23:23:22 2020 New Revision: 360721 URL: https://svnweb.freebsd.org/changeset/base/360721 Log: MFC 360202,360206: Deprecate 3des support in IPsec for FreeBSD 13. 360202: Deprecate 3des support in IPsec for FreeBSD 13. RFC 8221 does not outright ban 3des as the algorithms deprecated for 13 in r348205, but it is listed as a SHOULD NOT and will likely be a MUST NOT by the time 13 ships. 360206: Fix name of 3DES cipher in deprecation warning. Sponsored by: Chelsio Communications Modified: stable/11/sys/netipsec/xform_esp.c Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Modified: stable/12/sys/netipsec/xform_esp.c Directory Properties: stable/12/ (props changed) Modified: stable/11/sys/netipsec/xform_esp.c == --- stable/11/sys/netipsec/xform_esp.c Wed May 6 23:03:40 2020 (r360720) +++ stable/11/sys/netipsec/xform_esp.c Wed May 6 23:23:22 2020 (r360721) @@ -94,7 +94,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); -static struct timeval deswarn, blfwarn, castwarn, camelliawarn; +static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -163,6 +163,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) case SADB_EALG_DESCBC: if (ratecheck(, _warn_interval)) gone_in(13, "DES cipher for IPsec"); + break; + case SADB_EALG_3DESCBC: + if (ratecheck(, _warn_interval)) + gone_in(13, "3DES cipher for IPsec"); break; case SADB_X_EALG_BLOWFISHCBC: if (ratecheck(, _warn_interval)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360721 - in stable: 11/sys/netipsec 12/sys/netipsec
Author: jhb Date: Wed May 6 23:23:22 2020 New Revision: 360721 URL: https://svnweb.freebsd.org/changeset/base/360721 Log: MFC 360202,360206: Deprecate 3des support in IPsec for FreeBSD 13. 360202: Deprecate 3des support in IPsec for FreeBSD 13. RFC 8221 does not outright ban 3des as the algorithms deprecated for 13 in r348205, but it is listed as a SHOULD NOT and will likely be a MUST NOT by the time 13 ships. 360206: Fix name of 3DES cipher in deprecation warning. Sponsored by: Chelsio Communications Modified: stable/12/sys/netipsec/xform_esp.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/netipsec/xform_esp.c Directory Properties: stable/11/ (props changed) Modified: stable/12/sys/netipsec/xform_esp.c == --- stable/12/sys/netipsec/xform_esp.c Wed May 6 23:03:40 2020 (r360720) +++ stable/12/sys/netipsec/xform_esp.c Wed May 6 23:23:22 2020 (r360721) @@ -94,7 +94,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); -static struct timeval deswarn, blfwarn, castwarn, camelliawarn; +static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -163,6 +163,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) case SADB_EALG_DESCBC: if (ratecheck(, _warn_interval)) gone_in(13, "DES cipher for IPsec"); + break; + case SADB_EALG_3DESCBC: + if (ratecheck(, _warn_interval)) + gone_in(13, "3DES cipher for IPsec"); break; case SADB_X_EALG_BLOWFISHCBC: if (ratecheck(, _warn_interval)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360718 - in stable/12/sys/dev/cxgbe: . tom
Author: jhb Date: Wed May 6 22:49:21 2020 New Revision: 360718 URL: https://svnweb.freebsd.org/changeset/base/360718 Log: MFC 358415: Rename TOE TLS stats from [rt]x_tls_* to [rt]x_toe_tls_*. This more clearly differentiates TLS records encrypted and decrypted in TOE connections from those encrypted via NIC TLS. Sponsored by: Chelsio Communications Modified: stable/12/sys/dev/cxgbe/adapter.h stable/12/sys/dev/cxgbe/t4_main.c stable/12/sys/dev/cxgbe/tom/t4_tls.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/dev/cxgbe/adapter.h == --- stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:44:53 2020 (r360717) +++ stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:49:21 2020 (r360718) @@ -304,10 +304,10 @@ struct port_info { struct port_stats stats; u_int tnl_cong_drops; u_int tx_parse_error; - u_long tx_tls_records; - u_long tx_tls_octets; - u_long rx_tls_records; - u_long rx_tls_octets; + u_long tx_toe_tls_records; + u_long tx_toe_tls_octets; + u_long rx_toe_tls_records; + u_long rx_toe_tls_octets; struct callout tick; }; Modified: stable/12/sys/dev/cxgbe/t4_main.c == --- stable/12/sys/dev/cxgbe/t4_main.c Wed May 6 22:44:53 2020 (r360717) +++ stable/12/sys/dev/cxgbe/t4_main.c Wed May 6 22:49:21 2020 (r360718) @@ -6731,17 +6731,17 @@ cxgbe_sysctls(struct port_info *pi) #undef SYSCTL_ADD_T4_PORTSTAT - SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_tls_records", - CTLFLAG_RD, >tx_tls_records, + SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_toe_tls_records", + CTLFLAG_RD, >tx_toe_tls_records, "# of TLS records transmitted"); - SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_tls_octets", - CTLFLAG_RD, >tx_tls_octets, + SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "tx_toe_tls_octets", + CTLFLAG_RD, >tx_toe_tls_octets, "# of payload octets in transmitted TLS records"); - SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_tls_records", - CTLFLAG_RD, >rx_tls_records, + SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_toe_tls_records", + CTLFLAG_RD, >rx_toe_tls_records, "# of TLS records received"); - SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_tls_octets", - CTLFLAG_RD, >rx_tls_octets, + SYSCTL_ADD_ULONG(ctx, children, OID_AUTO, "rx_toe_tls_octets", + CTLFLAG_RD, >rx_toe_tls_octets, "# of payload octets in received TLS records"); } Modified: stable/12/sys/dev/cxgbe/tom/t4_tls.c == --- stable/12/sys/dev/cxgbe/tom/t4_tls.cWed May 6 22:44:53 2020 (r360717) +++ stable/12/sys/dev/cxgbe/tom/t4_tls.cWed May 6 22:49:21 2020 (r360718) @@ -1368,8 +1368,8 @@ t4_push_tls_records(struct adapter *sc, struct toepcb } toep->txsd_avail--; - atomic_add_long(>vi->pi->tx_tls_records, 1); - atomic_add_long(>vi->pi->tx_tls_octets, plen); + atomic_add_long(>vi->pi->tx_toe_tls_records, 1); + atomic_add_long(>vi->pi->tx_toe_tls_octets, plen); t4_l2t_send(sc, wr, toep->l2te); } @@ -1404,7 +1404,7 @@ do_tls_data(struct sge_iq *iq, const struct rss_header m_adj(m, sizeof(*cpl)); len = m->m_pkthdr.len; - atomic_add_long(>vi->pi->rx_tls_octets, len); + atomic_add_long(>vi->pi->rx_toe_tls_octets, len); KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)), ("%s: payload length mismatch", __func__)); @@ -1467,7 +1467,7 @@ do_rx_tls_cmp(struct sge_iq *iq, const struct rss_head m_adj(m, sizeof(*cpl)); len = m->m_pkthdr.len; - atomic_add_long(>vi->pi->rx_tls_records, 1); + atomic_add_long(>vi->pi->rx_toe_tls_records, 1); KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)), ("%s: payload length mismatch", __func__)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360717 - in stable/12/sys: conf dev/cxgbe dev/cxgbe/crypto modules/cxgbe/if_cxgbe
Author: jhb Date: Wed May 6 22:44:53 2020 New Revision: 360717 URL: https://svnweb.freebsd.org/changeset/base/360717 Log: MFC 354667,354686: Share routines for dealing with T6 key contexts. 354667: Create a file to hold shared routines for dealing with T6 key contexts. ccr(4) and TLS support in cxgbe(4) construct key contexts used by the crypto engine in the T6. This consolidates some duplicated code for helper functions used to build key contexts. 354686: Add t4_keyctx.c to sys/conf/files for the non-module build. Missed in r354667. Sponsored by: Chelsio Communications Added: stable/12/sys/dev/cxgbe/crypto/t4_keyctx.c - copied unchanged from r354667, head/sys/dev/cxgbe/crypto/t4_keyctx.c Modified: stable/12/sys/conf/files stable/12/sys/dev/cxgbe/adapter.h stable/12/sys/dev/cxgbe/crypto/t4_crypto.c stable/12/sys/dev/cxgbe/t4_main.c stable/12/sys/modules/cxgbe/if_cxgbe/Makefile Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/conf/files == --- stable/12/sys/conf/filesWed May 6 22:26:23 2020(r360716) +++ stable/12/sys/conf/filesWed May 6 22:44:53 2020(r360717) @@ -1429,6 +1429,8 @@ dev/cxgbe/common/t4_hw.c optional cxgbe pci \ compile-with "${NORMAL_C} -I$S/dev/cxgbe" dev/cxgbe/common/t4vf_hw.c optional cxgbev pci \ compile-with "${NORMAL_C} -I$S/dev/cxgbe" +dev/cxgbe/crypto/t4_keyctx.c optional cxgbe pci \ + compile-with "${NORMAL_C} -I$S/dev/cxgbe" dev/cxgbe/cudbg/cudbg_common.c optional cxgbe \ compile-with "${NORMAL_C} -I$S/dev/cxgbe" dev/cxgbe/cudbg/cudbg_flash_utils.coptional cxgbe \ Modified: stable/12/sys/dev/cxgbe/adapter.h == --- stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:26:23 2020 (r360716) +++ stable/12/sys/dev/cxgbe/adapter.h Wed May 6 22:44:53 2020 (r360717) @@ -1149,7 +1149,6 @@ void t4_os_link_changed(struct port_info *); void t4_iterate(void (*)(struct adapter *, void *), void *); void t4_init_devnames(struct adapter *); void t4_add_adapter(struct adapter *); -void t4_aes_getdeckey(void *, const void *, unsigned int); int t4_detach_common(device_t); int t4_map_bars_0_and_4(struct adapter *); int t4_map_bar_2(struct adapter *); @@ -1177,6 +1176,15 @@ int cxgbe_media_change(struct ifnet *); void cxgbe_media_status(struct ifnet *, struct ifmediareq *); bool t4_os_dump_cimla(struct adapter *, int, bool); void t4_os_dump_devlog(struct adapter *); + +/* t4_keyctx.c */ +struct auth_hash; +union authctx; + +void t4_aes_getdeckey(void *, const void *, unsigned int); +void t4_copy_partial_hash(int, union authctx *, void *); +void t4_init_gmac_hash(const char *, int, char *); +void t4_init_hmac_digest(struct auth_hash *, u_int, char *, int, char *); #ifdef DEV_NETMAP /* t4_netmap.c */ Modified: stable/12/sys/dev/cxgbe/crypto/t4_crypto.c == --- stable/12/sys/dev/cxgbe/crypto/t4_crypto.c Wed May 6 22:26:23 2020 (r360716) +++ stable/12/sys/dev/cxgbe/crypto/t4_crypto.c Wed May 6 22:44:53 2020 (r360717) @@ -141,8 +141,7 @@ struct ccr_session_hmac { unsigned int partial_digest_len; unsigned int auth_mode; unsigned int mk_size; - char ipad[CHCR_HASH_MAX_BLOCK_SIZE_128]; - char opad[CHCR_HASH_MAX_BLOCK_SIZE_128]; + char pads[CHCR_HASH_MAX_BLOCK_SIZE_128 * 2]; }; struct ccr_session_gmac { @@ -530,10 +529,7 @@ ccr_hash(struct ccr_softc *sc, struct ccr_session *s, V_SCMD_LAST_FRAG(0) | V_SCMD_MORE_FRAGS(crd->crd_len == 0 ? 1 : 0) | V_SCMD_MAC_ONLY(1)); - memcpy(crwr->key_ctx.key, s->hmac.ipad, s->hmac.partial_digest_len); - if (use_opad) - memcpy(crwr->key_ctx.key + iopad_size, s->hmac.opad, - s->hmac.partial_digest_len); + memcpy(crwr->key_ctx.key, s->hmac.pads, kctx_len); /* XXX: F_KEY_CONTEXT_SALT_PRESENT set, but 'salt' not set. */ kctx_flits = (sizeof(struct _key_ctx) + kctx_len) / 16; @@ -1069,8 +1065,7 @@ ccr_authenc(struct ccr_softc *sc, struct ccr_session * } dst = crwr->key_ctx.key + roundup2(s->blkcipher.key_len, 16); - memcpy(dst, s->hmac.ipad, s->hmac.partial_digest_len); - memcpy(dst + iopad_size, s->hmac.opad, s->hmac.partial_digest_len); + memcpy(dst, s->hmac.pads, iopad_size * 2); dst = (char *)(crwr + 1) + kctx_len; ccr_write_phys_dsgl(sc, dst, dsgl_nsegs); @@ -2212,44 +2207,6 @@ ccr_detach(device_t dev) } static void -ccr_copy_partial_hash(void *dst, int cri_alg, union authctx *auth_ctx) -{ - uint32_t *u32; - uint64_t *u64; - u_int i; - - u32 = (uint32_t *)dst; - u64 = (uint64_t *)dst; - switch (cri_alg) { - case
svn commit: r360716 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:26:23 2020 New Revision: 360716 URL: https://svnweb.freebsd.org/changeset/base/360716 Log: MFC r350488: Cleanup in SCTP code Small cleanup, no functional change intended. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Wed May 6 22:24:26 2020 (r360715) +++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:26:23 2020 (r360716) @@ -9083,7 +9083,6 @@ sctp_send_heartbeat_ack(struct sctp_tcb *stcb, struct sctp_chunkhdr *chdr; struct sctp_tmit_chunk *chk; - if (net == NULL) /* must have a net pointer */ return; @@ -9101,13 +9100,8 @@ sctp_send_heartbeat_ack(struct sctp_tcb *stcb, chdr = mtod(outchain, struct sctp_chunkhdr *); chdr->chunk_type = SCTP_HEARTBEAT_ACK; chdr->chunk_flags = 0; - if (chk_length % 4) { - /* need pad */ - uint32_t cpthis = 0; - int padlen; - - padlen = 4 - (chk_length % 4); - m_copyback(outchain, chk_length, padlen, (caddr_t)); + if (chk_length % 4 != 0) { + sctp_pad_lastmbuf(outchain, 4 - (chk_length % 4), NULL); } sctp_alloc_a_chunk(stcb, chk); if (chk == NULL) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360715 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:24:26 2020 New Revision: 360715 URL: https://svnweb.freebsd.org/changeset/base/360715 Log: MFC r350487: mbuf cleanup for SCTP Consistently cleanup mbufs in case of other memory errors. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:53 2020 (r360714) +++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:24:26 2020 (r360715) @@ -5579,8 +5579,7 @@ do_a_abort: m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); if (m == NULL) { /* No memory, INIT timer will re-attempt. */ - if (op_err) - sctp_m_freem(op_err); + sctp_m_freem(op_err); return; } chunk_len = (uint16_t)sizeof(struct sctp_init_ack_chunk); @@ -5769,8 +5768,11 @@ do_a_abort: net->ro._s_addr = sctp_source_address_selection(inp, stcb, (sctp_route_t *)>ro, net, 0, vrf_id); - if (net->ro._s_addr == NULL) + if (net->ro._s_addr == NULL) { + sctp_m_freem(op_err); + sctp_m_freem(m); return; + } net->src_addr_selected = 1; @@ -5799,8 +5801,11 @@ do_a_abort: net->ro._s_addr = sctp_source_address_selection(inp, stcb, (sctp_route_t *)>ro, net, 0, vrf_id); - if (net->ro._s_addr == NULL) + if (net->ro._s_addr == NULL) { + sctp_m_freem(op_err); + sctp_m_freem(m); return; + } net->src_addr_selected = 1; } @@ -5871,6 +5876,7 @@ do_a_abort: so = inp->sctp_socket; if (so == NULL) { /* memory problem */ + sctp_m_freem(op_err); sctp_m_freem(m); return; } else { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360714 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:20:53 2020 New Revision: 360714 URL: https://svnweb.freebsd.org/changeset/base/360714 Log: MFC r350254: Improve SCTP locking Don't hold a mutex while calling sbwait. This was found by syzkaller. Submitted by: rrs Reported by: markj Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:37 2020 (r360713) +++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:20:53 2020 (r360714) @@ -13399,10 +13399,10 @@ skip_preblock: stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); } - if (hold_tcblock == 1) { - SCTP_TCB_UNLOCK(stcb); - hold_tcblock = 0; - } + } + if (hold_tcblock == 1) { + SCTP_TCB_UNLOCK(stcb); + hold_tcblock = 0; } SOCKBUF_LOCK(>so_snd); /*- ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360713 - in stable/12: lib/libvmmapi sys/amd64/include sys/amd64/vmm/amd sys/amd64/vmm/intel usr.sbin/bhyve
Author: jhb Date: Wed May 6 22:20:37 2020 New Revision: 360713 URL: https://svnweb.freebsd.org/changeset/base/360713 Log: MFC 355724,360166: Software breakpoints on Intel CPUs. 355724: Support software breakpoints in the debug server on Intel CPUs. - Allow the userland hypervisor to intercept breakpoint exceptions (BP#) in the guest. A new capability (VM_CAP_BPT_EXIT) is used to enable this feature. These exceptions are reported to userland via a new VM_EXITCODE_BPT that includes the length of the original breakpoint instruction. If userland wishes to pass the exception through to the guest, it must be explicitly re-injected via vm_inject_exception(). - Export VMCS_ENTRY_INST_LENGTH as a VM_REG_GUEST_ENTRY_INST_LENGTH pseudo-register. Injecting a BP# on Intel requires setting this to the length of the breakpoint instruction. AMD SVM currently ignores writes to this register (but reports success) and fails to read it. - Rework the per-vCPU state tracked by the debug server. Rather than a single 'stepping_vcpu' global, add a structure for each vCPU that tracks state about that vCPU ('stepping', 'stepped', and 'hit_swbreak'). A global 'stopped_vcpu' tracks which vCPU is currently reporting an event. Event handlers for MTRAP and breakpoint exits loop until the associated event is reported to the debugger. Breakpoint events are discarded if the breakpoint is not present when a vCPU resumes in the breakpoint handler to retry submitting the breakpoint event. - Maintain a linked-list of active breakpoints in response to the GDB 'Z0' and 'z0' packets. 360166: Add description string for VM_CAP_BPT_EXIT. While here, replace the array of mapping structures with an array of string pointers where the index is the capability value. Modified: stable/12/lib/libvmmapi/vmmapi.c stable/12/sys/amd64/include/vmm.h stable/12/sys/amd64/vmm/amd/svm.c stable/12/sys/amd64/vmm/intel/vmcs.c stable/12/sys/amd64/vmm/intel/vmx.c stable/12/sys/amd64/vmm/intel/vmx.h stable/12/usr.sbin/bhyve/bhyve.8 stable/12/usr.sbin/bhyve/bhyverun.c stable/12/usr.sbin/bhyve/gdb.c stable/12/usr.sbin/bhyve/gdb.h Directory Properties: stable/12/ (props changed) Modified: stable/12/lib/libvmmapi/vmmapi.c == --- stable/12/lib/libvmmapi/vmmapi.cWed May 6 22:18:24 2020 (r360712) +++ stable/12/lib/libvmmapi/vmmapi.cWed May 6 22:20:37 2020 (r360713) @@ -812,16 +812,13 @@ vm_inject_nmi(struct vmctx *ctx, int vcpu) return (ioctl(ctx->fd, VM_INJECT_NMI, )); } -static struct { - const char *name; - int type; -} capstrmap[] = { - { "hlt_exit", VM_CAP_HALT_EXIT }, - { "mtrap_exit", VM_CAP_MTRAP_EXIT }, - { "pause_exit", VM_CAP_PAUSE_EXIT }, - { "unrestricted_guest", VM_CAP_UNRESTRICTED_GUEST }, - { "enable_invpcid", VM_CAP_ENABLE_INVPCID }, - { 0 } +static const char *capstrmap[] = { + [VM_CAP_HALT_EXIT] = "hlt_exit", + [VM_CAP_MTRAP_EXIT] = "mtrap_exit", + [VM_CAP_PAUSE_EXIT] = "pause_exit", + [VM_CAP_UNRESTRICTED_GUEST] = "unrestricted_guest", + [VM_CAP_ENABLE_INVPCID] = "enable_invpcid", + [VM_CAP_BPT_EXIT] = "bpt_exit", }; int @@ -829,9 +826,9 @@ vm_capability_name2type(const char *capname) { int i; - for (i = 0; capstrmap[i].name != NULL && capname != NULL; i++) { - if (strcmp(capstrmap[i].name, capname) == 0) - return (capstrmap[i].type); + for (i = 0; i < nitems(capstrmap); i++) { + if (strcmp(capstrmap[i], capname) == 0) + return (i); } return (-1); @@ -840,12 +837,8 @@ vm_capability_name2type(const char *capname) const char * vm_capability_type2name(int type) { - int i; - - for (i = 0; capstrmap[i].name != NULL; i++) { - if (capstrmap[i].type == type) - return (capstrmap[i].name); - } + if (type < nitems(capstrmap)) + return (capstrmap[type]); return (NULL); } Modified: stable/12/sys/amd64/include/vmm.h == --- stable/12/sys/amd64/include/vmm.h Wed May 6 22:18:24 2020 (r360712) +++ stable/12/sys/amd64/include/vmm.h Wed May 6 22:20:37 2020 (r360713) @@ -95,6 +95,7 @@ enum vm_reg_name { VM_REG_GUEST_DR2, VM_REG_GUEST_DR3, VM_REG_GUEST_DR6, + VM_REG_GUEST_ENTRY_INST_LENGTH, VM_REG_LAST }; @@ -434,6 +435,7 @@ enum vm_cap_type { VM_CAP_PAUSE_EXIT, VM_CAP_UNRESTRICTED_GUEST, VM_CAP_ENABLE_INVPCID, + VM_CAP_BPT_EXIT, VM_CAP_MAX }; @@ -559,6 +561,7 @@ enum vm_exitcode {
svn commit: r360712 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:18:24 2020 New Revision: 360712 URL: https://svnweb.freebsd.org/changeset/base/360712 Log: MFC r350248: Improve SCTP locking. Fix a LOR in SCTP which was found by running syzkaller. Submitted by: rrs Reported by: markj Modified: stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_usrreq.c == --- stable/11/sys/netinet/sctp_usrreq.c Wed May 6 22:16:14 2020 (r360711) +++ stable/11/sys/netinet/sctp_usrreq.c Wed May 6 22:18:24 2020 (r360712) @@ -965,9 +965,9 @@ sctp_shutdown(struct socket *so) abort_anyway: op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6; + SCTP_INP_RUNLOCK(inp); sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_LOCKED); - SCTP_INP_RUNLOCK(inp); return (0); } } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360711 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:16:14 2020 New Revision: 360711 URL: https://svnweb.freebsd.org/changeset/base/360711 Log: MFC r350216: Improve PD-API for SCTP Wakeup the application when doing PD-API for unordered DATA chunks. Work done with rrs@. Modified: stable/11/sys/netinet/sctp_indata.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_indata.c == --- stable/11/sys/netinet/sctp_indata.c Wed May 6 22:15:09 2020 (r360710) +++ stable/11/sys/netinet/sctp_indata.c Wed May 6 22:16:14 2020 (r360711) @@ -913,6 +913,9 @@ restart: break; } } + if (cnt_added && strm->pd_api_started) { + sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); + } if ((control->length > pd_point) && (strm->pd_api_started == 0)) { strm->pd_api_started = 1; control->pdapi_started = 1; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360710 - in head: share/man/man4 sys/dev/ubsec
Author: jhb Date: Wed May 6 22:15:09 2020 New Revision: 360710 URL: https://svnweb.freebsd.org/changeset/base/360710 Log: Deprecate ubsec(4) for FreeBSD 13.0. With the removal of in-tree consumers of DES, Triple DES, and MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC. This is not very useful as a standalone algorithm (IPsec AH-only with SHA1 would be the only user). This driver has also not been kept up to date with the original driver in OpenBSD which supports a few more cards and AES-CBC on newer cards. The newest card currently supported by this driver was released in 2005. Reviewed by: cem MFC after:1 week Relnotes: yes Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D24691 Modified: head/share/man/man4/ubsec.4 head/sys/dev/ubsec/ubsec.c Modified: head/share/man/man4/ubsec.4 == --- head/share/man/man4/ubsec.4 Wed May 6 22:13:08 2020(r360709) +++ head/share/man/man4/ubsec.4 Wed May 6 22:15:09 2020(r360710) @@ -48,6 +48,15 @@ module at boot time, place the following line in .Bd -literal -offset indent ubsec_load="YES" .Ed +.Sh DEPRECATION NOTICE +The +.Nm +driver is not present in +.Fx 13.0 +and later. +The majority of crypto algorithms supported by this driver are no longer +used by the kernel in +.Fx 13.0 . .Sh DESCRIPTION The .Nm Modified: head/sys/dev/ubsec/ubsec.c == --- head/sys/dev/ubsec/ubsec.c Wed May 6 22:13:08 2020(r360709) +++ head/sys/dev/ubsec/ubsec.c Wed May 6 22:15:09 2020(r360710) @@ -472,6 +472,7 @@ skip_rng: crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0); #endif } + gone_in_dev(dev, 13, "Does not support modern crypto algorithms"); return (0); bad4: while (!SIMPLEQ_EMPTY(>sc_freequeue)) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360709 - stable/11/usr.sbin/traceroute6
Author: tuexen Date: Wed May 6 22:13:08 2020 New Revision: 360709 URL: https://svnweb.freebsd.org/changeset/base/360709 Log: MFC r350027, r350028: Let traceroute6 not ignore some ICMPv6 packets MFC rr350027: Let packet_op() explicitly return the type and code instead of doing this implicitly by encoding it in a number space. No functional change intended. This is done as a preparation to add support for ICMPv6 mesages indicating a parameter problem related to the next header. MFC r350028: Add support for ICMPv6 messages indicating a parameter problem related to an unrecognized next header. Modified: stable/11/usr.sbin/traceroute6/traceroute6.8 stable/11/usr.sbin/traceroute6/traceroute6.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/traceroute6/traceroute6.8 == --- stable/11/usr.sbin/traceroute6/traceroute6.8Wed May 6 22:07:48 2020(r360708) +++ stable/11/usr.sbin/traceroute6/traceroute6.8Wed May 6 22:13:08 2020(r360709) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 2, 2018 +.Dd July 16, 2019 .Dt TRACEROUTE6 8 .Os .\" @@ -172,6 +172,8 @@ Destination Unreachable - Administratively Prohibited. Destination Unreachable - Not a Neighbour. .It !A Destination Unreachable - Address Unreachable. +.It !H +Parameter Problem - Unrecognized Next Header Type. .It !\& This is printed if the hop limit is <= 1 on a port unreachable message. This means that the packet got to the destination, Modified: stable/11/usr.sbin/traceroute6/traceroute6.c == --- stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:07:48 2020(r360708) +++ stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:13:08 2020(r360709) @@ -307,7 +307,7 @@ void*get_uphdr(struct ip6_hdr *, u_char *); intget_hoplim(struct msghdr *); double deltaT(struct timeval *, struct timeval *); const char *pr_type(int); -intpacket_ok(struct msghdr *, int, int); +intpacket_ok(struct msghdr *, int, int, u_char *, u_char *); void print(struct msghdr *, int); const char *inetname(struct sockaddr *); u_int32_t sctp_crc32c(void *, u_int32_t); @@ -365,6 +365,7 @@ main(int argc, char *argv[]) struct hostent *hp; size_t size, minlen; uid_t uid; + u_char type, code; /* * Receive ICMP @@ -935,7 +936,7 @@ main(int argc, char *argv[]) send_probe(++seq, hops); while ((cc = wait_for_reply(rcvsock, ))) { (void) gettimeofday(, NULL); - if ((i = packet_ok(, cc, seq))) { + if (packet_ok(, cc, seq, , )) { if (!IN6_ARE_ADDR_EQUAL(_addr, )) { if (probe > 0) @@ -944,29 +945,40 @@ main(int argc, char *argv[]) lastaddr = Rcv.sin6_addr; } printf(" %.3f ms", deltaT(, )); - switch (i - 1) { - case ICMP6_DST_UNREACH_NOROUTE: - ++unreachable; - printf(" !N"); - break; - case ICMP6_DST_UNREACH_ADMIN: - ++unreachable; - printf(" !P"); - break; - case ICMP6_DST_UNREACH_NOTNEIGHBOR: - ++unreachable; - printf(" !S"); - break; - case ICMP6_DST_UNREACH_ADDR: - ++unreachable; - printf(" !A"); - break; - case ICMP6_DST_UNREACH_NOPORT: + if (type == ICMP6_DST_UNREACH) { + switch (code) { + case ICMP6_DST_UNREACH_NOROUTE: + ++unreachable; + printf(" !N"); + break; + case ICMP6_DST_UNREACH_ADMIN: +
svn commit: r360708 - stable/11/usr.sbin/traceroute6
Author: tuexen Date: Wed May 6 22:07:48 2020 New Revision: 360708 URL: https://svnweb.freebsd.org/changeset/base/360708 Log: MFC r350026: Whitespace cleanup Whitespace change. No functional change. Modified: stable/11/usr.sbin/traceroute6/traceroute6.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/traceroute6/traceroute6.c == --- stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:05:29 2020(r360707) +++ stable/11/usr.sbin/traceroute6/traceroute6.cWed May 6 22:07:48 2020(r360708) @@ -1004,7 +1004,7 @@ wait_for_reply(int sock, struct msghdr *mhdr) if (poll(pfd, 1, waittime * 1000) > 0) cc = recvmsg(rcvsock, mhdr, 0); - return(cc); + return (cc); #else fd_set *fdsp; struct timeval wait; @@ -1021,7 +1021,7 @@ wait_for_reply(int sock, struct msghdr *mhdr) cc = recvmsg(rcvsock, mhdr, 0); free(fdsp); - return(cc); + return (cc); #endif } @@ -1187,10 +1187,10 @@ get_hoplim(struct msghdr *mhdr) if (cm->cmsg_level == IPPROTO_IPV6 && cm->cmsg_type == IPV6_HOPLIMIT && cm->cmsg_len == CMSG_LEN(sizeof(int))) - return(*(int *)CMSG_DATA(cm)); + return (*(int *)CMSG_DATA(cm)); } - return(-1); + return (-1); } double @@ -1301,7 +1301,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq) strlcpy(hbuf, "invalid", sizeof(hbuf)); printf("data too short (%d bytes) from %s\n", cc, hbuf); } - return(0); + return (0); } icp = (struct icmp6_hdr *)buf; #endif @@ -1324,7 +1324,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq) if (rcvpktinfo == NULL || hlimp == NULL) { warnx("failed to get received hop limit or packet info"); #if 0 - return(0); + return (0); #else rcvhlim = 0;/*XXX*/ #endif @@ -1348,7 +1348,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq) if ((up = get_uphdr(hip, (u_char *)(buf + cc))) == NULL) { if (verbose) warnx("failed to get upper layer header"); - return(0); + return (0); } switch (useproto) { case IPPROTO_ICMPV6: @@ -1443,7 +1443,7 @@ packet_ok(struct msghdr *mhdr, int cc, int seq) if (cc % WIDTH != 0) printf("\n"); } - return(0); + return (0); } /* @@ -1457,7 +1457,7 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim) static u_char none_hdr[1]; /* Fake pointer for IPPROTO_NONE. */ if (cp + sizeof(*ip6) > lim) - return(NULL); + return (NULL); nh = ip6->ip6_nxt; cp += sizeof(struct ip6_hdr); @@ -1465,15 +1465,15 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim) while (lim - cp >= (nh == IPPROTO_NONE ? 0 : 8)) { switch (nh) { case IPPROTO_ESP: - return(NULL); + return (NULL); case IPPROTO_ICMPV6: - return(useproto == nh ? cp : NULL); + return (useproto == nh ? cp : NULL); case IPPROTO_SCTP: case IPPROTO_TCP: case IPPROTO_UDP: - return(useproto == nh ? cp : NULL); + return (useproto == nh ? cp : NULL); case IPPROTO_NONE: - return(useproto == nh ? none_hdr : NULL); + return (useproto == nh ? none_hdr : NULL); case IPPROTO_FRAGMENT: hlen = sizeof(struct ip6_frag); nh = ((struct ip6_frag *)cp)->ip6f_nxt; @@ -1491,7 +1491,7 @@ get_uphdr(struct ip6_hdr *ip6, u_char *lim) cp += hlen; } - return(NULL); + return (NULL); } void ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360707 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:05:29 2020 New Revision: 360707 URL: https://svnweb.freebsd.org/changeset/base/360707 Log: MFC r34: Honor MSG_EOR and MSG_EOF in sendmsg() for SCTP sockets Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP. This is an FreeBSD extension, not covered by Posix. This issue was found by running syzkaller. Modified: stable/11/sys/netinet/sctp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_output.c == --- stable/11/sys/netinet/sctp_output.c Wed May 6 22:02:01 2020 (r360706) +++ stable/11/sys/netinet/sctp_output.c Wed May 6 22:05:29 2020 (r360707) @@ -12644,6 +12644,12 @@ sctp_lower_sosend(struct socket *so, sinfo_flags = inp->def_send.sinfo_flags; sinfo_assoc_id = inp->def_send.sinfo_assoc_id; } + if (flags & MSG_EOR) { + sinfo_flags |= SCTP_EOR; + } + if (flags & MSG_EOF) { + sinfo_flags |= SCTP_EOF; + } if (sinfo_flags & SCTP_SENDALL) { /* its a sendall */ error = sctp_sendall(inp, uio, top, srcv); @@ -12809,9 +12815,17 @@ sctp_lower_sosend(struct socket *so, } } else asoc = >asoc; - if (srcv == NULL) + if (srcv == NULL) { srcv = (struct sctp_sndrcvinfo *)>def_send; - if (srcv->sinfo_flags & SCTP_ADDR_OVER) { + sinfo_flags = srcv->sinfo_flags; + if (flags & MSG_EOR) { + sinfo_flags |= SCTP_EOR; + } + if (flags & MSG_EOF) { + sinfo_flags |= SCTP_EOF; + } + } + if (sinfo_flags & SCTP_ADDR_OVER) { if (addr) net = sctp_findnet(stcb, addr); else @@ -12918,7 +12932,7 @@ sctp_lower_sosend(struct socket *so, (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { - if (srcv->sinfo_flags & SCTP_ABORT) { + if (sinfo_flags & SCTP_ABORT) { ; } else { SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); @@ -12931,7 +12945,7 @@ sctp_lower_sosend(struct socket *so, p->td_ru.ru_msgsnd++; } /* Are we aborting? */ - if (srcv->sinfo_flags & SCTP_ABORT) { + if (sinfo_flags & SCTP_ABORT) { struct mbuf *mm; ssize_t tot_demand, tot_out = 0, max_out; @@ -13135,7 +13149,7 @@ skip_preblock: * case NOTE: uio will be null when top/mbuf is passed */ if (sndlen == 0) { - if (srcv->sinfo_flags & SCTP_EOF) { + if (sinfo_flags & SCTP_EOF) { got_all_of_the_send = 1; goto dataless_eof; } else { @@ -13184,7 +13198,7 @@ skip_preblock: } sctp_snd_sb_alloc(stcb, sp->length); atomic_add_int(>stream_queue_cnt, 1); - if (srcv->sinfo_flags & SCTP_UNORDERED) { + if (sinfo_flags & SCTP_UNORDERED) { SCTP_STAT_INCR(sctps_sends_with_unord); } TAILQ_INSERT_TAIL(>outqueue, sp, next); @@ -13259,15 +13273,15 @@ skip_preblock: sctp_snd_sb_alloc(stcb, sndout); atomic_add_int(>length, sndout); len += sndout; - if (srcv->sinfo_flags & SCTP_SACK_IMMEDIATELY) { + if (sinfo_flags & SCTP_SACK_IMMEDIATELY) { sp->sinfo_flags |= SCTP_SACK_IMMEDIATELY; } /* Did we reach EOR? */ if ((uio->uio_resid == 0) && ((user_marks_eor == 0) || - (srcv->sinfo_flags & SCTP_EOF) || - (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR { + (sinfo_flags & SCTP_EOF) || + (user_marks_eor && (sinfo_flags & SCTP_EOR { sp->msg_is_complete = 1; } else { sp->msg_is_complete = 0; @@ -13469,7 +13483,7 @@ skip_preblock: /* We send in a 0, since we do NOT have any locks */ error = sctp_msg_append(stcb, net, top, srcv, 0); top = NULL; - if
svn commit: r360706 - stable/11/sys/netinet
Author: tuexen Date: Wed May 6 22:02:01 2020 New Revision: 360706 URL: https://svnweb.freebsd.org/changeset/base/360706 Log: MFC r349998: Improve SCTP socket state handling Fix socket state handling when freeing an SCTP endpoint. This issue was found by runing syzkaller. Modified: stable/11/sys/netinet/sctp_pcb.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_pcb.c == --- stable/11/sys/netinet/sctp_pcb.cWed May 6 21:59:58 2020 (r360705) +++ stable/11/sys/netinet/sctp_pcb.cWed May 6 22:02:01 2020 (r360706) @@ -4911,12 +4911,11 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tc inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED; if (so) { SOCK_LOCK(so); - if (so->so_rcv.sb_cc == 0) { - so->so_state &= ~(SS_ISCONNECTING | - SS_ISDISCONNECTING | - SS_ISCONFIRMING | - SS_ISCONNECTED); - } + so->so_state &= ~(SS_ISCONNECTING | + SS_ISDISCONNECTING | + SS_ISCONFIRMING | + SS_ISCONNECTED); + so->so_state |= SS_ISDISCONNECTED; socantrcvmore_locked(so); socantsendmore(so); sctp_sowwakeup(inp, so); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360705 - stable/11/sys/kern
Author: tuexen Date: Wed May 6 21:59:58 2020 New Revision: 360705 URL: https://svnweb.freebsd.org/changeset/base/360705 Log: MFC r349989: Improve input validation for l_linger When using the SOL_SOCKET level socket option SO_LINGER, the structure struct linger is used as the option value. The component l_linger is of type int, but internally copied to the field so_linger of the structure struct socket. The type of so_linger is short, but it is assumed to be non-negative and the value is used to compute ticks to be stored in a variable of type int. Therefore, perform input validation on l_linger similar to the one performed by NetBSD and OpenBSD. Thanks to syzkaller for making me aware of this issue. Thanks to markj@ for pointing out that a similar check should be added to so_linger_set(). Reviewed by: markj Differential Revision:https://reviews.freebsd.org/D20948 Modified: stable/11/sys/kern/uipc_socket.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/uipc_socket.c == --- stable/11/sys/kern/uipc_socket.cWed May 6 19:58:37 2020 (r360704) +++ stable/11/sys/kern/uipc_socket.cWed May 6 21:59:58 2020 (r360705) @@ -2535,7 +2535,12 @@ sosetopt(struct socket *so, struct sockopt *sopt) error = sooptcopyin(sopt, , sizeof l, sizeof l); if (error) goto bad; - + if (l.l_linger < 0 || + l.l_linger > USHRT_MAX || + l.l_linger > (INT_MAX / hz)) { + error = EDOM; + goto bad; + } SOCK_LOCK(so); so->so_linger = l.l_linger; if (l.l_onoff) @@ -3701,6 +3706,9 @@ so_linger_get(const struct socket *so) void so_linger_set(struct socket *so, int val) { + + KASSERT(val >= 0 && val <= USHRT_MAX && val <= (INT_MAX / hz), + ("%s: val %d out of range", __func__, val)); so->so_linger = val; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360704 - stable/12/usr.sbin/binmiscctl
Author: mhorne Date: Wed May 6 19:58:37 2020 New Revision: 360704 URL: https://svnweb.freebsd.org/changeset/base/360704 Log: MFC r360519: Add RISC-V interpreter example Modified: stable/12/usr.sbin/binmiscctl/binmiscctl.8 Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/binmiscctl/binmiscctl.8 == --- stable/12/usr.sbin/binmiscctl/binmiscctl.8 Wed May 6 19:50:27 2020 (r360703) +++ stable/12/usr.sbin/binmiscctl/binmiscctl.8 Wed May 6 19:58:37 2020 (r360704) @@ -27,7 +27,7 @@ .\" .\" Support for miscellaneous binary image activators .\" -.Dd July 21, 2018 +.Dd April 30, 2020 .Dt BINMISCCTL 8 .Os .Sh NAME @@ -280,6 +280,17 @@ Add QEMU bsd-user program as an image activator for SP \ex00\ex00\ex00\ex00\ex00\ex00\ex00\ex02\ex00\ex2b" \e --mask "\exff\exff\exff\exff\exff\exff\exff\ex00\exff\exff\e \exff\exff\exff\exff\exff\exff\exff\exfe\exff\exff" \e + --size 20 --set-enabled +.Ed +.Pp +Add QEMU bsd-user program as an image activator for 64-bit RISC-V binaries: +.Bd -literal -offset indent +# binmiscctl add riscv64 \e + --interpreter "/usr/local/bin/qemu-riscv64-static" \e + --magic "\ex7f\ex45\ex4c\ex46\ex02\ex01\ex01\ex00\ex00\ex00\e + \ex00\ex00\ex00\ex00\ex00\ex00\ex02\ex00\exf3\ex00" \e + --mask "\exff\exff\exff\exff\exff\exff\exff\ex00\exff\exff\e + \exff\exff\exff\exff\exff\exff\exfe\exff\exff\exff" \e --size 20 --set-enabled .Ed .Ss "Create and use an ARMv6 chroot on an AMD64 host" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360703 - in stable/12/sys: arm/arm arm/include arm64/arm64 conf kern sys
Author: mhorne Date: Wed May 6 19:50:27 2020 New Revision: 360703 URL: https://svnweb.freebsd.org/changeset/base/360703 Log: MFC r360082: Convert arm's physmem interface to MI code Added: stable/12/sys/kern/subr_physmem.c - copied, changed from r360702, stable/12/sys/arm/arm/physmem.c stable/12/sys/sys/physmem.h - copied unchanged from r360082, head/sys/sys/physmem.h Deleted: stable/12/sys/arm/arm/physmem.c stable/12/sys/arm/include/physmem.h Modified: stable/12/sys/arm/arm/machdep.c stable/12/sys/arm/arm/machdep_boot.c stable/12/sys/arm/arm/mp_machdep.c stable/12/sys/arm/arm/pmap-v6.c stable/12/sys/arm/include/md_var.h stable/12/sys/arm64/arm64/machdep.c stable/12/sys/arm64/arm64/pmap.c stable/12/sys/conf/files.arm stable/12/sys/conf/files.arm64 Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/arm/arm/machdep.c == --- stable/12/sys/arm/arm/machdep.c Wed May 6 19:10:39 2020 (r360702) +++ stable/12/sys/arm/arm/machdep.c Wed May 6 19:50:27 2020 (r360703) @@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -82,7 +83,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -122,6 +122,9 @@ uint32_t cpu_reset_address = 0; int cold = 1; vm_offset_t vector_page; +/* The address at which the kernel was loaded. Set early in initarm(). */ +vm_paddr_t arm_physmem_kernaddr; + int (*_arm_memcpy)(void *, void *, int, int) = NULL; int (*_arm_bzero)(void *, int, int) = NULL; int _min_memcpy_size = 0; @@ -159,7 +162,6 @@ static void *delay_arg; #endif struct kva_md_info kmi; - /* * arm32_vector_init: * @@ -236,7 +238,7 @@ cpu_startup(void *dummy) (uintmax_t)arm32_ptob(vm_free_count()), (uintmax_t)arm32_ptob(vm_free_count()) / mbyte); if (bootverbose) { - arm_physmem_print_tables(); + physmem_print_tables(); devmap_print_table(); } @@ -868,11 +870,11 @@ initarm(struct arm_boot_params *abp) /* Grab physical memory regions information from device tree. */ if (fdt_get_mem_regions(mem_regions, _regions_sz, ) != 0) panic("Cannot get physical memory regions"); - arm_physmem_hardware_regions(mem_regions, mem_regions_sz); + physmem_hardware_regions(mem_regions, mem_regions_sz); /* Grab reserved memory regions information from device tree. */ if (fdt_get_reserved_regions(mem_regions, _regions_sz) == 0) - arm_physmem_exclude_regions(mem_regions, mem_regions_sz, + physmem_exclude_regions(mem_regions, mem_regions_sz, EXFLAG_NODUMP | EXFLAG_NOALLOC); /* Platform-specific initialisation */ @@ -1079,9 +1081,9 @@ initarm(struct arm_boot_params *abp) * * Prepare the list of physical memory available to the vm subsystem. */ - arm_physmem_exclude_region(abp->abp_physaddr, + physmem_exclude_region(abp->abp_physaddr, (virtual_avail - KERNVIRTADDR), EXFLAG_NOALLOC); - arm_physmem_init_kernel_globals(); + physmem_init_kernel_globals(); init_param2(physmem); dbg_monitor_init(); @@ -1147,11 +1149,11 @@ initarm(struct arm_boot_params *abp) if (fdt_get_mem_regions(mem_regions, _regions_sz,NULL) != 0) panic("Cannot get physical memory regions"); } - arm_physmem_hardware_regions(mem_regions, mem_regions_sz); + physmem_hardware_regions(mem_regions, mem_regions_sz); /* Grab reserved memory regions information from device tree. */ if (fdt_get_reserved_regions(mem_regions, _regions_sz) == 0) - arm_physmem_exclude_regions(mem_regions, mem_regions_sz, + physmem_exclude_regions(mem_regions, mem_regions_sz, EXFLAG_NODUMP | EXFLAG_NOALLOC); /* @@ -1286,9 +1288,9 @@ initarm(struct arm_boot_params *abp) * * Prepare the list of physical memory available to the vm subsystem. */ - arm_physmem_exclude_region(abp->abp_physaddr, + physmem_exclude_region(abp->abp_physaddr, pmap_preboot_get_pages(0) - abp->abp_physaddr, EXFLAG_NOALLOC); - arm_physmem_init_kernel_globals(); + physmem_init_kernel_globals(); init_param2(physmem); /* Init message buffer. */ Modified: stable/12/sys/arm/arm/machdep_boot.c == --- stable/12/sys/arm/arm/machdep_boot.cWed May 6 19:10:39 2020 (r360702) +++ stable/12/sys/arm/arm/machdep_boot.cWed May 6 19:50:27 2020 (r360703) @@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include
svn commit: r360702 - in head/contrib/llvm-project/clang: include/clang/Driver lib/CodeGen lib/Driver/ToolChains lib/Frontend
Author: dim Date: Wed May 6 19:10:39 2020 New Revision: 360702 URL: https://svnweb.freebsd.org/changeset/base/360702 Log: Merge commit 4ca2cad94 from llvm git (by Justin Hibbits): [PowerPC] Add clang -msvr4-struct-return for 32-bit ELF Summary: Change the default ABI to be compatible with GCC. For 32-bit ELF targets other than Linux, Clang now returns small structs in registers r3/r4. This affects FreeBSD, NetBSD, OpenBSD. There is no change for 32-bit Linux, where Clang continues to return all structs in memory. Add clang options -maix-struct-return (to return structs in memory) and -msvr4-struct-return (to return structs in registers) to be compatible with gcc. These options are only for PPC32; reject them on PPC64 and other targets. The options are like -fpcc-struct-return and -freg-struct-return for X86_32, and use similar code. To actually return a struct in registers, coerce it to an integer of the same size. LLVM may optimize the code to remove unnecessary accesses to memory, and will return i32 in r3 or i64 in r3:r4. Fixes PR#40736 Patch by George Koehler! Reviewed By: jhibbits, nemanjai Differential Revision: https://reviews.llvm.org/D73290 Requested by: jhibbits MFC after:3 days Modified: head/contrib/llvm-project/clang/include/clang/Driver/Options.td head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp head/contrib/llvm-project/clang/lib/Driver/ToolChains/Clang.cpp head/contrib/llvm-project/clang/lib/Frontend/CompilerInvocation.cpp Modified: head/contrib/llvm-project/clang/include/clang/Driver/Options.td == --- head/contrib/llvm-project/clang/include/clang/Driver/Options.td Wed May 6 18:43:27 2020(r360701) +++ head/contrib/llvm-project/clang/include/clang/Driver/Options.td Wed May 6 19:10:39 2020(r360702) @@ -2439,6 +2439,12 @@ def mlongcall: Flag<["-"], "mlongcall">, Group; def mno_longcall : Flag<["-"], "mno-longcall">, Group; +def maix_struct_return : Flag<["-"], "maix-struct-return">, + Group, Flags<[CC1Option]>, + HelpText<"Return all structs in memory (PPC32 only)">; +def msvr4_struct_return : Flag<["-"], "msvr4-struct-return">, + Group, Flags<[CC1Option]>, + HelpText<"Return small structs in registers (PPC32 only)">; def mvx : Flag<["-"], "mvx">, Group; def mno_vx : Flag<["-"], "mno-vx">, Group; Modified: head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp == --- head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp Wed May 6 18:43:27 2020(r360701) +++ head/contrib/llvm-project/clang/lib/CodeGen/TargetInfo.cpp Wed May 6 19:10:39 2020(r360702) @@ -4123,22 +4123,39 @@ namespace { /// PPC32_SVR4_ABIInfo - The 32-bit PowerPC ELF (SVR4) ABI information. class PPC32_SVR4_ABIInfo : public DefaultABIInfo { bool IsSoftFloatABI; + bool IsRetSmallStructInRegABI; CharUnits getParamTypeAlignment(QualType Ty) const; public: - PPC32_SVR4_ABIInfo(CodeGen::CodeGenTypes , bool SoftFloatABI) - : DefaultABIInfo(CGT), IsSoftFloatABI(SoftFloatABI) {} + PPC32_SVR4_ABIInfo(CodeGen::CodeGenTypes , bool SoftFloatABI, + bool RetSmallStructInRegABI) + : DefaultABIInfo(CGT), IsSoftFloatABI(SoftFloatABI), +IsRetSmallStructInRegABI(RetSmallStructInRegABI) {} + ABIArgInfo classifyReturnType(QualType RetTy) const; + + void computeInfo(CGFunctionInfo ) const override { +if (!getCXXABI().classifyReturnType(FI)) + FI.getReturnInfo() = classifyReturnType(FI.getReturnType()); +for (auto : FI.arguments()) + I.info = classifyArgumentType(I.type); + } + Address EmitVAArg(CodeGenFunction , Address VAListAddr, QualType Ty) const override; }; class PPC32TargetCodeGenInfo : public TargetCodeGenInfo { public: - PPC32TargetCodeGenInfo(CodeGenTypes , bool SoftFloatABI) - : TargetCodeGenInfo(new PPC32_SVR4_ABIInfo(CGT, SoftFloatABI)) {} + PPC32TargetCodeGenInfo(CodeGenTypes , bool SoftFloatABI, + bool RetSmallStructInRegABI) + : TargetCodeGenInfo(new PPC32_SVR4_ABIInfo(CGT, SoftFloatABI, + RetSmallStructInRegABI)) {} + static bool isStructReturnInRegABI(const llvm::Triple , + const CodeGenOptions ); + int getDwarfEHStackPointer(CodeGen::CodeGenModule ) const override { // This is recovered from gcc output. return 1; // r1 is the dedicated stack pointer @@ -4173,6 +4190,34 @@ CharUnits PPC32_SVR4_ABIInfo::getParamTypeAlignment(Qu return CharUnits::fromQuantity(4); } +ABIArgInfo PPC32_SVR4_ABIInfo::classifyReturnType(QualType RetTy) const { + uint64_t Size; + + // -msvr4-struct-return puts small aggregates in GPR3 and GPR4. + if
svn commit: r360701 - head/share/man/man5
Author: emaste Date: Wed May 6 18:43:27 2020 New Revision: 360701 URL: https://svnweb.freebsd.org/changeset/base/360701 Log: src.conf.5: regen after objdump removal Modified: head/share/man/man5/src.conf.5 Modified: head/share/man/man5/src.conf.5 == --- head/share/man/man5/src.conf.5 Wed May 6 18:40:52 2020 (r360700) +++ head/share/man/man5/src.conf.5 Wed May 6 18:43:27 2020 (r360701) @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd May 4, 2020 +.Dd May 6, 2020 .Dt SRC.CONF 5 .Os .Sh NAME @@ -184,23 +184,19 @@ flag set to indicate that the run-time loader should p processing at process startup rather than on demand. .It Va WITHOUT_BINUTILS Do not build or install GNU -.Xr as 1 and -.Xr objdump 1 +.Xr as 1 as part of the normal system build. .Pp This is a default setting on -arm64/aarch64, riscv/riscv64 and riscv/riscv64sf. +arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_BINUTILS Build and install GNU .Xr as 1 -on i386 and amd64, -and -.Xr objdump 1 as part of the normal system build. .Pp This is a default setting on -amd64/amd64, arm/armv6, arm/armv7, i386/i386, mips/mips, mips/mips64, powerpc/powerpc and powerpc/powerpc64. +amd64/amd64 and i386/i386. .It Va WITHOUT_BINUTILS_BOOTSTRAP Do not build GNU binutils as part of the bootstrap process. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360700 - head/share/mk
Author: emaste Date: Wed May 6 18:40:52 2020 New Revision: 360700 URL: https://svnweb.freebsd.org/changeset/base/360700 Log: src.opts.mk: with BINUTILS limited to as it is used on i386 and amd64 only Modified: head/share/mk/src.opts.mk Modified: head/share/mk/src.opts.mk == --- head/share/mk/src.opts.mk Wed May 6 18:39:55 2020(r360699) +++ head/share/mk/src.opts.mk Wed May 6 18:40:52 2020(r360700) @@ -62,7 +62,6 @@ __DEFAULT_YES_OPTIONS = \ AUTHPF \ AUTOFS \ BHYVE \ -BINUTILS \ BLACKLIST \ BLUETOOTH \ BOOT \ @@ -292,9 +291,9 @@ __DEFAULT_NO_OPTIONS+=LLVM_TARGET_BPF BROKEN_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP GDB .endif .if ${__T} == "amd64" || ${__T} == "i386" -__DEFAULT_YES_OPTIONS+=BINUTILS_BOOTSTRAP +__DEFAULT_YES_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP .else -__DEFAULT_NO_OPTIONS+=BINUTILS_BOOTSTRAP +__DEFAULT_NO_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP .endif .if ${__T:Mriscv*} != "" BROKEN_OPTIONS+=OFED ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360699 - head/tools/build/options
Author: emaste Date: Wed May 6 18:39:55 2020 New Revision: 360699 URL: https://svnweb.freebsd.org/changeset/base/360699 Log: update WITH_/WITHOUT_BINUTILS descriptions for objdump removal Modified: head/tools/build/options/WITHOUT_BINUTILS head/tools/build/options/WITH_BINUTILS Modified: head/tools/build/options/WITHOUT_BINUTILS == --- head/tools/build/options/WITHOUT_BINUTILS Wed May 6 18:38:40 2020 (r360698) +++ head/tools/build/options/WITHOUT_BINUTILS Wed May 6 18:39:55 2020 (r360699) @@ -1,6 +1,5 @@ .\" $FreeBSD$ Do not build or install GNU -.Xr as 1 and -.Xr objdump 1 +.Xr as 1 as part of the normal system build. Modified: head/tools/build/options/WITH_BINUTILS == --- head/tools/build/options/WITH_BINUTILS Wed May 6 18:38:40 2020 (r360698) +++ head/tools/build/options/WITH_BINUTILS Wed May 6 18:39:55 2020 (r360699) @@ -1,7 +1,4 @@ .\" $FreeBSD$ Build and install GNU .Xr as 1 -on i386 and amd64, -and -.Xr objdump 1 as part of the normal system build. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360698 - in head: . gnu/usr.bin/binutils
Author: emaste Date: Wed May 6 18:38:40 2020 New Revision: 360698 URL: https://svnweb.freebsd.org/changeset/base/360698 Log: binutils: disconnect objdump from the build The in-tree binutils is old and will not be updated. It does not support all archs supported by FreeBSD, and for the archs it does support not all CPU features are supported. Other tools have migrated to copyfree alternatives. Although llvm-objdump is nearly a drop-in replacement for GNU objdump it is missing a few options and has some differences in output format. For now just remove GNU objdump; ports and developers can use a contemporary, maintained version from ports or packages. We can revisit installing llvm-objdump as objdump in the future. PR: 212319 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D7338 Modified: head/ObsoleteFiles.inc head/gnu/usr.bin/binutils/Makefile Modified: head/ObsoleteFiles.inc == --- head/ObsoleteFiles.inc Wed May 6 18:13:00 2020(r360697) +++ head/ObsoleteFiles.inc Wed May 6 18:38:40 2020(r360698) @@ -36,6 +36,10 @@ # xargs -n1 | sort | uniq -d; # done +# 20200506: GNU objdump 2.17.50 retired +OLD_FILES+=usr/bin/objdump +OLD_FILES+=usr/share/man/man1/objdump.1.gz + # 20200418: Make libauditd private OLD_FILES+=usr/lib/libauditd.a OLD_FILES+=usr/lib/libauditd.so Modified: head/gnu/usr.bin/binutils/Makefile == --- head/gnu/usr.bin/binutils/Makefile Wed May 6 18:13:00 2020 (r360697) +++ head/gnu/usr.bin/binutils/Makefile Wed May 6 18:38:40 2020 (r360698) @@ -7,8 +7,6 @@ SUBDIR= libiberty \ libopcodes SUBDIR.${MK_BINUTILS}+=doc -SUBDIR.${MK_BINUTILS}+=libbinutils -SUBDIR.${MK_BINUTILS}+=objdump # GNU as is used on x86 only, for a few files that cannot be assembled by # Clang IAS. Other archs either use Clang IAS for every assembly file, or @@ -17,9 +15,7 @@ SUBDIR.${MK_BINUTILS}+= objdump SUBDIR.${MK_BINUTILS}+=as .endif -SUBDIR_DEPEND_libbinutils=libbfd # for bfdver.h SUBDIR_DEPEND_as=libbfd libiberty libopcodes -SUBDIR_DEPEND_objdump=libbfd libiberty libbinutils libopcodes .if !make(install) SUBDIR_PARALLEL= ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360697 - head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc
Author: dim Date: Wed May 6 18:13:00 2020 New Revision: 360697 URL: https://svnweb.freebsd.org/changeset/base/360697 Log: In r358396 I merged llvm upstream commit 2e24219d3, which fixed "error: unsupported relocation on symbol" when assembling arm 'adr' pseudo instructions. However, the upstream commit did not take big-endian arm into account. Applying the same changes to the big-endian handling is straightforward, thanks to Andrew Turner and Peter Smith for the hint. This will also be submitted upstream. MFC after:immediately, since this fix is meant for stable/11 Modified: head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp Modified: head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp == --- head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp Wed May 6 17:44:17 2020(r360696) +++ head/contrib/llvm-project/llvm/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp Wed May 6 18:13:00 2020(r360697) @@ -116,26 +116,22 @@ const MCFixupKindInfo ::getFixupKindInfo // ARMFixupKinds.h. // // Name Offset (bits) Size (bits) Flags - {"fixup_arm_ldst_pcrel_12", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, + {"fixup_arm_ldst_pcrel_12", 0, 32, IsPCRelConstant}, {"fixup_t2_ldst_pcrel_12", 0, 32, - MCFixupKindInfo::FKF_IsPCRel | - MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, - {"fixup_arm_pcrel_10_unscaled", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, - {"fixup_arm_pcrel_10", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, + IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, + {"fixup_arm_pcrel_10_unscaled", 0, 32, IsPCRelConstant}, + {"fixup_arm_pcrel_10", 0, 32, IsPCRelConstant}, {"fixup_t2_pcrel_10", 0, 32, MCFixupKindInfo::FKF_IsPCRel | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, {"fixup_arm_pcrel_9", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, {"fixup_t2_pcrel_9", 0, 32, - MCFixupKindInfo::FKF_IsPCRel | - MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, + IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, {"fixup_thumb_adr_pcrel_10", 8, 8, - MCFixupKindInfo::FKF_IsPCRel | - MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, - {"fixup_arm_adr_pcrel_12", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, + IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, + {"fixup_arm_adr_pcrel_12", 0, 32, IsPCRelConstant}, {"fixup_t2_adr_pcrel_12", 0, 32, - MCFixupKindInfo::FKF_IsPCRel | - MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, + IsPCRelConstant | MCFixupKindInfo::FKF_IsAlignedDownTo32Bits}, {"fixup_arm_condbranch", 8, 24, MCFixupKindInfo::FKF_IsPCRel}, {"fixup_arm_uncondbranch", 8, 24, MCFixupKindInfo::FKF_IsPCRel}, {"fixup_t2_condbranch", 0, 32, MCFixupKindInfo::FKF_IsPCRel}, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360696 - stable/11/sys/dev/urtwn
Author: dim Date: Wed May 6 17:44:17 2020 New Revision: 360696 URL: https://svnweb.freebsd.org/changeset/base/360696 Log: Fix misleading indentation warning: sys/dev/urtwn/if_urtwn.c:4183:4: error: misleading indentation; statement is not part of the previous 'for' [-Werror,-Wmisleading-indentation] if (error != USB_ERR_NORMAL_COMPLETION) ^ sys/dev/urtwn/if_urtwn.c:4180:3: note: previous statement is here for (i = 0; i < nitems(rtl8192cu_mac); i++) ^ Direct commit to stable/11, since urtwn(4) has been merged into rtwn(4) in FreeBSD 12 and later (and this code is not in rtwn). Modified: stable/11/sys/dev/urtwn/if_urtwn.c Modified: stable/11/sys/dev/urtwn/if_urtwn.c == --- stable/11/sys/dev/urtwn/if_urtwn.c Wed May 6 17:42:36 2020 (r360695) +++ stable/11/sys/dev/urtwn/if_urtwn.c Wed May 6 17:44:17 2020 (r360696) @@ -4177,11 +4177,12 @@ urtwn_mac_init(struct urtwn_softc *sc) } urtwn_write_1(sc, R92C_MAX_AGGR_NUM, 0x07); } else { - for (i = 0; i < nitems(rtl8192cu_mac); i++) + for (i = 0; i < nitems(rtl8192cu_mac); i++) { error = urtwn_write_1(sc, rtl8192cu_mac[i].reg, rtl8192cu_mac[i].val); if (error != USB_ERR_NORMAL_COMPLETION) return (EIO); + } } return (0); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360695 - stable/11/sys/mips/mips
Author: brooks Date: Wed May 6 17:42:36 2020 New Revision: 360695 URL: https://svnweb.freebsd.org/changeset/base/360695 Log: MFC r359974: Don't directly access userspace memory. Rather then using the racy useracc() followed by direct access to userspace memory, perform a copyin() and use the result if it succeeds. Reviewed by: jhb Sponsored by: DARPA Differential Revision:https://reviews.freebsd.org/D24410 Modified: stable/11/sys/mips/mips/trap.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/mips/mips/trap.c == --- stable/11/sys/mips/mips/trap.c Wed May 6 17:35:42 2020 (r360694) +++ stable/11/sys/mips/mips/trap.c Wed May 6 17:42:36 2020 (r360695) @@ -1443,7 +1443,7 @@ log_illegal_instruction(const char *msg, struct trapfr { pt_entry_t *ptep; pd_entry_t *pdep; - unsigned int *addr; + unsigned int *addr, instr[4]; struct thread *td; struct proc *p; register_t pc; @@ -1470,17 +1470,16 @@ log_illegal_instruction(const char *msg, struct trapfr * Dump a few words around faulting instruction, if the addres is * valid. */ - if (!(pc & 3) && - useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) { + addr = (unsigned int *)(intptr_t)pc; + if ((pc & 3) == 0 && copyin(addr, instr, sizeof(instr)) == 0) { /* dump page table entry for faulting instruction */ log(LOG_ERR, "Page table info for pc address %#jx: pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); - addr = (unsigned int *)(intptr_t)pc; log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n", addr); log(LOG_ERR, "%08x %08x %08x %08x\n", - addr[0], addr[1], addr[2], addr[3]); + instr[0], instr[1], instr[2], instr[3]); } else { log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); @@ -1492,7 +1491,7 @@ log_bad_page_fault(char *msg, struct trapframe *frame, { pt_entry_t *ptep; pd_entry_t *pdep; - unsigned int *addr; + unsigned int *addr, instr[4]; struct thread *td; struct proc *p; char *read_or_write; @@ -1540,18 +1539,18 @@ log_bad_page_fault(char *msg, struct trapframe *frame, * Dump a few words around faulting instruction, if the addres is * valid. */ - if (!(pc & 3) && (pc != frame->badvaddr) && - (trap_type != T_BUS_ERR_IFETCH) && - useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) { + addr = (unsigned int *)(intptr_t)pc; + if ((pc & 3) == 0 && pc != frame->badvaddr && + trap_type != T_BUS_ERR_IFETCH && + copyin((caddr_t)(intptr_t)pc, instr, sizeof(instr)) == 0) { /* dump page table entry for faulting instruction */ log(LOG_ERR, "Page table info for pc address %#jx: pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); - addr = (unsigned int *)(intptr_t)pc; log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n", addr); log(LOG_ERR, "%08x %08x %08x %08x\n", - addr[0], addr[1], addr[2], addr[3]); + instr[0], instr[1], instr[2], instr[3]); } else { log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360694 - stable/11/sys/dev/nxge/xgehal
Author: dim Date: Wed May 6 17:35:42 2020 New Revision: 360694 URL: https://svnweb.freebsd.org/changeset/base/360694 Log: Fix misleading indentation warning: sys/dev/nxge/xgehal/xgehal-mgmt.c:1743:6: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] addr = 0xA074; ^ sys/dev/nxge/xgehal/xgehal-mgmt.c:1736:2: note: previous statement is here if(CHECKBIT(val_1, 0x0)) ^ Direct commit to stable/11, since nxge(4) has been removed from FreeBSD 12 and later. Modified: stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Modified: stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c == --- stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Wed May 6 17:12:26 2020 (r360693) +++ stable/11/sys/dev/nxge/xgehal/xgehal-mgmt.c Wed May 6 17:35:42 2020 (r360694) @@ -1740,9 +1740,9 @@ void __hal_updt_stats_xpak(xge_hal_device_t *hldev) /* * Reading the warning flags */ - addr = 0xA074; - val_1 = 0x0; - val_1 = xge_hal_mdio_read(hldev, XGE_HAL_MDIO_MMD_PMA_DEV_ADDR, addr); + addr = 0xA074; + val_1 = 0x0; + val_1 = xge_hal_mdio_read(hldev, XGE_HAL_MDIO_MMD_PMA_DEV_ADDR, addr); if(CHECKBIT(val_1, 0x7)) hldev->stats.sw_dev_err_stats.stats_xpak. warn_transceiver_temp_high++; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360693 - stable/12/sys/mips/mips
Author: brooks Date: Wed May 6 17:12:26 2020 New Revision: 360693 URL: https://svnweb.freebsd.org/changeset/base/360693 Log: MFC r359974: Don't directly access userspace memory. Rather then using the racy useracc() followed by direct access to userspace memory, perform a copyin() and use the result if it succeeds. Reviewed by: jhb Sponsored by: DARPA Differential Revision:https://reviews.freebsd.org/D24410 Modified: stable/12/sys/mips/mips/trap.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/mips/mips/trap.c == --- stable/12/sys/mips/mips/trap.c Wed May 6 15:24:31 2020 (r360692) +++ stable/12/sys/mips/mips/trap.c Wed May 6 17:12:26 2020 (r360693) @@ -1404,7 +1404,7 @@ log_illegal_instruction(const char *msg, struct trapfr { pt_entry_t *ptep; pd_entry_t *pdep; - unsigned int *addr; + unsigned int *addr, instr[4]; struct thread *td; struct proc *p; register_t pc; @@ -1431,17 +1431,16 @@ log_illegal_instruction(const char *msg, struct trapfr * Dump a few words around faulting instruction, if the addres is * valid. */ - if (!(pc & 3) && - useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) { + addr = (unsigned int *)(intptr_t)pc; + if ((pc & 3) == 0 && copyin(addr, instr, sizeof(instr)) == 0) { /* dump page table entry for faulting instruction */ log(LOG_ERR, "Page table info for pc address %#jx: pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); - addr = (unsigned int *)(intptr_t)pc; log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n", addr); log(LOG_ERR, "%08x %08x %08x %08x\n", - addr[0], addr[1], addr[2], addr[3]); + instr[0], instr[1], instr[2], instr[3]); } else { log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); @@ -1453,7 +1452,7 @@ log_bad_page_fault(char *msg, struct trapframe *frame, { pt_entry_t *ptep; pd_entry_t *pdep; - unsigned int *addr; + unsigned int *addr, instr[4]; struct thread *td; struct proc *p; char *read_or_write; @@ -1501,18 +1500,18 @@ log_bad_page_fault(char *msg, struct trapframe *frame, * Dump a few words around faulting instruction, if the addres is * valid. */ - if (!(pc & 3) && (pc != frame->badvaddr) && - (trap_type != T_BUS_ERR_IFETCH) && - useracc((caddr_t)(intptr_t)pc, sizeof(int) * 4, VM_PROT_READ)) { + addr = (unsigned int *)(intptr_t)pc; + if ((pc & 3) == 0 && pc != frame->badvaddr && + trap_type != T_BUS_ERR_IFETCH && + copyin((caddr_t)(intptr_t)pc, instr, sizeof(instr)) == 0) { /* dump page table entry for faulting instruction */ log(LOG_ERR, "Page table info for pc address %#jx: pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); - addr = (unsigned int *)(intptr_t)pc; log(LOG_ERR, "Dumping 4 words starting at pc address %p: \n", addr); log(LOG_ERR, "%08x %08x %08x %08x\n", - addr[0], addr[1], addr[2], addr[3]); + instr[0], instr[1], instr[2], instr[3]); } else { log(LOG_ERR, "pc address %#jx is inaccessible, pde = %p, pte = %#jx\n", (intmax_t)pc, (void *)(intptr_t)*pdep, (uintmax_t)(ptep ? *ptep : 0)); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360692 - head/sys/dev/usb
Author: avg Date: Wed May 6 15:24:31 2020 New Revision: 360692 URL: https://svnweb.freebsd.org/changeset/base/360692 Log: usbhid: add several missing usages from Digitizer page This is applicable to HID in general, not just USB HID. Inspired by: wulf MFC after:1 week Modified: head/sys/dev/usb/usbhid.h Modified: head/sys/dev/usb/usbhid.h == --- head/sys/dev/usb/usbhid.h Wed May 6 15:10:05 2020(r360691) +++ head/sys/dev/usb/usbhid.h Wed May 6 15:24:31 2020(r360692) @@ -174,7 +174,10 @@ struct usb_hid_descriptor { #defineHUD_CONTACTCOUNT0x0054 #defineHUD_CONTACT_MAX 0x0055 #defineHUD_SCAN_TIME 0x0056 +#defineHUD_SURFACE_SWITCH 0x0057 +#defineHUD_BUTTONS_SWITCH 0x0058 #defineHUD_BUTTON_TYPE 0x0059 +#defineHUD_LATENCY_MODE0x0060 /* Usages, Consumer */ #defineHUC_AC_PAN 0x0238 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360691 - head/sys/arm/arm
Author: markj Date: Wed May 6 15:10:05 2020 New Revision: 360691 URL: https://svnweb.freebsd.org/changeset/base/360691 Log: arm: Don't enable interrupts in init_secondary(). This has the same reasoning as described in r357048. Remove a stray declaration while here. Reported and tested by: trasz MFC after:1 week Sponsored by: The FreeBSD Foundation Modified: head/sys/arm/arm/mp_machdep.c Modified: head/sys/arm/arm/mp_machdep.c == --- head/sys/arm/arm/mp_machdep.c Wed May 6 15:01:06 2020 (r360690) +++ head/sys/arm/arm/mp_machdep.c Wed May 6 15:10:05 2020 (r360691) @@ -138,7 +138,6 @@ cpu_mp_announce(void) } -extern vm_paddr_t pmap_pa; void init_secondary(int cpu) { @@ -202,8 +201,6 @@ init_secondary(int cpu) } mtx_unlock_spin(_boot_mtx); - - enable_interrupts(PSR_I); loop_counter = 0; while (smp_started == 0) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360690 - head/sys/arm64/arm64
Author: markj Date: Wed May 6 15:01:06 2020 New Revision: 360690 URL: https://svnweb.freebsd.org/changeset/base/360690 Log: Simplify arm64's pmap_bootstrap() a bit. locore constructs an L2 page mapping the kernel and preloaded data starting a KERNBASE (the same as VM_MIN_KERNEL_ADDRESS on arm64). initarm() and pmap_bootstrap() use the preloaded metadata to tell it where it can start allocating from. pmap_bootstrap() currently iterates over the L2 page to find the last valid entry, but doesn't do anything with the result. Remove the loop and zap some now-unused local variables. MFC after:2 weeks Sponsored by: Juniper Networks, Klara Inc. Differential Revision:https://reviews.freebsd.org/D24559 Modified: head/sys/arm64/arm64/pmap.c Modified: head/sys/arm64/arm64/pmap.c == --- head/sys/arm64/arm64/pmap.c Wed May 6 11:40:32 2020(r360689) +++ head/sys/arm64/arm64/pmap.c Wed May 6 15:01:06 2020(r360690) @@ -831,9 +831,7 @@ void pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart, vm_size_t kernlen) { - u_int l1_slot, l2_slot; - pt_entry_t *l2; - vm_offset_t va, freemempos; + vm_offset_t freemempos; vm_offset_t dpcpu, msgbufpv; vm_paddr_t start_pa, pa, min_pa; uint64_t kern_delta; @@ -867,7 +865,7 @@ pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_ * Find the minimum physical address. physmap is sorted, * but may contain empty ranges. */ - for (i = 0; i < (physmap_idx * 2); i += 2) { + for (i = 0; i < physmap_idx * 2; i += 2) { if (physmap[i] == physmap[i + 1]) continue; if (physmap[i] <= min_pa) @@ -880,38 +878,14 @@ pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_ /* Create a direct map region early so we can use it for pa -> va */ freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos); - va = KERNBASE; start_pa = pa = KERNBASE - kern_delta; /* -* Read the page table to find out what is already mapped. -* This assumes we have mapped a block of memory from KERNBASE -* using a single L1 entry. +* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS. We assume that the +* loader allocated the first and only l2 page table page used to map +* the kernel, preloaded files and module metadata. */ - l2 = pmap_early_page_idx(l1pt, KERNBASE, _slot, _slot); - - /* Sanity check the index, KERNBASE should be the first VA */ - KASSERT(l2_slot == 0, ("The L2 index is non-zero")); - - /* Find how many pages we have mapped */ - for (; l2_slot < Ln_ENTRIES; l2_slot++) { - if ((l2[l2_slot] & ATTR_DESCR_MASK) == 0) - break; - - /* Check locore used L2 blocks */ - KASSERT((l2[l2_slot] & ATTR_DESCR_MASK) == L2_BLOCK, - ("Invalid bootstrap L2 table")); - KASSERT((l2[l2_slot] & ~ATTR_MASK) == pa, - ("Incorrect PA in L2 table")); - - va += L2_SIZE; - pa += L2_SIZE; - } - - va = roundup2(va, L1_SIZE); - - /* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS */ - freemempos = pmap_bootstrap_l2(l1pt, va, freemempos); + freemempos = pmap_bootstrap_l2(l1pt, KERNBASE + L1_SIZE, freemempos); /* And the l3 tables for the early devmap */ freemempos = pmap_bootstrap_l3(l1pt, VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE), freemempos); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r360648 - in head: lib/libvmmapi share/man/man5 share/mk sys/amd64/include sys/amd64/vmm sys/amd64/vmm/amd sys/amd64/vmm/intel sys/amd64/vmm/io sys/conf sys/modules/vmm tools/build/opt
On 5/5/20 7:20 PM, Li-Wen Hsu wrote: > On Tue, May 5, 2020 at 8:02 AM John Baldwin wrote: >> >> Author: jhb >> Date: Tue May 5 00:02:04 2020 >> New Revision: 360648 >> URL: https://svnweb.freebsd.org/changeset/base/360648 > ... >> Added: >> head/sys/amd64/include/vmm_snapshot.h (contents, props changed) >> head/sys/amd64/vmm/vmm_snapshot.c (contents, props changed) >> head/tools/build/options/WITH_BHYVE_SNAPSHOT (contents, props changed) >> head/usr.sbin/bhyve/snapshot.c (contents, props changed) >> head/usr.sbin/bhyve/snapshot.h (contents, props changed) > > These added files all have "THIS SOFTWARE IS PROVIDED BY NETAPP, INC" > in copyright header, but non of the authors look like from NetApp. Is > it intended or it's better to have "THIS SOFTWARE IS PROVIDED BY THE > AUTHOR AND CONTRIBUTORS"? They probably should have the latter, I will check this with the authors. -- John Baldwin ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360689 - stable/11/sys/fs/smbfs
Author: dim Date: Wed May 6 11:40:32 2020 New Revision: 360689 URL: https://svnweb.freebsd.org/changeset/base/360689 Log: MFC r316584 (by cem): smbfs: Fix an indentation level Based on the change in r242386, it seems clear that scred was intended to be released in all paths at exit. No functional change. This line's indent was just the result of a bad copy paste from the previous free() in an early exit path. Reported by: PVS-Studio Sponsored by: Dell EMC Isilon Modified: stable/11/sys/fs/smbfs/smbfs_vnops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/smbfs/smbfs_vnops.c == --- stable/11/sys/fs/smbfs/smbfs_vnops.cWed May 6 11:10:13 2020 (r360688) +++ stable/11/sys/fs/smbfs/smbfs_vnops.cWed May 6 11:40:32 2020 (r360689) @@ -280,7 +280,7 @@ smbfs_getattr(ap) smbfs_attr_cachelookup(vp, va); if (np->n_flag & NOPEN) np->n_size = oldsize; - smbfs_free_scred(scred); + smbfs_free_scred(scred); return 0; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360688 - stable/11/sys/dev/e1000
Author: dim Date: Wed May 6 11:10:13 2020 New Revision: 360688 URL: https://svnweb.freebsd.org/changeset/base/360688 Log: MFC r318297 (by tsoome): e1000api: misleading-indentation Two blocks in e1000_ich8lan.c are misaligned, causing noise with some compilers (gcc 6). Reviewed by: imp, erj Differential Revision:https://reviews.freebsd.org/D10741 Modified: stable/11/sys/dev/e1000/e1000_ich8lan.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/e1000/e1000_ich8lan.c == --- stable/11/sys/dev/e1000/e1000_ich8lan.c Wed May 6 08:32:49 2020 (r360687) +++ stable/11/sys/dev/e1000/e1000_ich8lan.c Wed May 6 11:10:13 2020 (r360688) @@ -1499,24 +1499,24 @@ s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool ret_val = e1000_read_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, _reg); if (ret_val) goto release; - phy_reg &= ~(I218_ULP_CONFIG1_IND | -I218_ULP_CONFIG1_STICKY_ULP | -I218_ULP_CONFIG1_RESET_TO_SMBUS | -I218_ULP_CONFIG1_WOL_HOST | -I218_ULP_CONFIG1_INBAND_EXIT | -I218_ULP_CONFIG1_EN_ULP_LANPHYPC | -I218_ULP_CONFIG1_DIS_CLR_STICKY_ON_PERST | -I218_ULP_CONFIG1_DISABLE_SMB_PERST); - e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg); + phy_reg &= ~(I218_ULP_CONFIG1_IND | +I218_ULP_CONFIG1_STICKY_ULP | +I218_ULP_CONFIG1_RESET_TO_SMBUS | +I218_ULP_CONFIG1_WOL_HOST | +I218_ULP_CONFIG1_INBAND_EXIT | +I218_ULP_CONFIG1_EN_ULP_LANPHYPC | +I218_ULP_CONFIG1_DIS_CLR_STICKY_ON_PERST | +I218_ULP_CONFIG1_DISABLE_SMB_PERST); + e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg); - /* Commit ULP changes by starting auto ULP configuration */ - phy_reg |= I218_ULP_CONFIG1_START; - e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg); + /* Commit ULP changes by starting auto ULP configuration */ + phy_reg |= I218_ULP_CONFIG1_START; + e1000_write_phy_reg_hv_locked(hw, I218_ULP_CONFIG1, phy_reg); - /* Clear Disable SMBus Release on PERST# in MAC */ - mac_reg = E1000_READ_REG(hw, E1000_FEXTNVM7); - mac_reg &= ~E1000_FEXTNVM7_DISABLE_SMB_PERST; - E1000_WRITE_REG(hw, E1000_FEXTNVM7, mac_reg); + /* Clear Disable SMBus Release on PERST# in MAC */ + mac_reg = E1000_READ_REG(hw, E1000_FEXTNVM7); + mac_reg &= ~E1000_FEXTNVM7_DISABLE_SMB_PERST; + E1000_WRITE_REG(hw, E1000_FEXTNVM7, mac_reg); release: hw->phy.ops.release(hw); @@ -1559,13 +1559,13 @@ static s32 e1000_check_for_copper_link_ich8lan(struct if (!mac->get_link_status) return E1000_SUCCESS; - /* First we want to see if the MII Status Register reports -* link. If so, then we want to get the current speed/duplex -* of the PHY. -*/ - ret_val = e1000_phy_has_link_generic(hw, 1, 0, ); - if (ret_val) - return ret_val; + /* First we want to see if the MII Status Register reports +* link. If so, then we want to get the current speed/duplex +* of the PHY. +*/ + ret_val = e1000_phy_has_link_generic(hw, 1, 0, ); + if (ret_val) + return ret_val; if (hw->mac.type == e1000_pchlan) { ret_val = e1000_k1_gig_workaround_hv(hw, link); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360687 - stable/11/sys/cam/ctl
Author: dim Date: Wed May 6 08:32:49 2020 New Revision: 360687 URL: https://svnweb.freebsd.org/changeset/base/360687 Log: Redo r360682, now with only a minimal fix for misleading indentation: MFC r333465 (partial, by lwhsu): Fix build for platforms using GCC: [omitted] - Remove unused or dead store variable [omitted] - Remove unused function ctl_copyin_alloc - Add missing curly brackets, this seems a regression in r287720 Reviewed by: jhibbits Differential Revision:https://reviews.freebsd.org/D15383 Modified: stable/11/sys/cam/ctl/ctl.c Modified: stable/11/sys/cam/ctl/ctl.c == --- stable/11/sys/cam/ctl/ctl.c Wed May 6 08:24:47 2020(r360686) +++ stable/11/sys/cam/ctl/ctl.c Wed May 6 08:32:49 2020(r360687) @@ -8591,10 +8591,11 @@ ctl_hndl_per_res_out_on_other_sc(union ctl_io *io) if (lun->pr_res_type != SPR_TYPE_EX_AC && lun->pr_res_type != SPR_TYPE_WR_EX && (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) { - for (i = softc->init_min; i < softc->init_max; i++) + for (i = softc->init_min; i < softc->init_max; i++) { if (i == residx || ctl_get_prkey(lun, i) == 0) continue; ctl_est_ua(lun, i, CTL_UA_RES_RELEASE); + } } lun->flags &= ~CTL_LUN_PR_RESERVED; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360686 - stable/11/sys/cam/ctl
Author: dim Date: Wed May 6 08:24:47 2020 New Revision: 360686 URL: https://svnweb.freebsd.org/changeset/base/360686 Log: Revert r360682, as it does not compile on stable/11 (will commit a minimal indentation fix instead): Un-MFC r333465 (by lwhsu): Fix build for platforms using GCC: - Remove unused or dead store variable - Remove unused function ctl_copyin_alloc - Add missing curly brackets, this seems a regression in r287720 Reviewed by: jhibbits Differential Revision:https://reviews.freebsd.org/D15383 Modified: stable/11/sys/cam/ctl/ctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/cam/ctl/ctl.c == --- stable/11/sys/cam/ctl/ctl.c Wed May 6 07:48:37 2020(r360685) +++ stable/11/sys/cam/ctl/ctl.c Wed May 6 08:24:47 2020(r360686) @@ -2440,6 +2440,25 @@ ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_ mtx_unlock(>lun_lock); } +static void * +ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str, +size_t error_str_len) +{ + void *kptr; + + kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO); + + if (copyin(user_addr, kptr, len) != 0) { + snprintf(error_str, error_str_len, "Error copying %d bytes " +"from user address %p to kernel address %p", len, +user_addr, kptr); + free(kptr, M_CTL); + return (NULL); + } + + return (kptr); +} + static void ctl_free_args(int num_args, struct ctl_be_arg *args) { @@ -5033,9 +5052,11 @@ ctl_lun_secondary(struct ctl_be_lun *be_lun) int ctl_invalidate_lun(struct ctl_be_lun *be_lun) { + struct ctl_softc *softc; struct ctl_lun *lun; lun = (struct ctl_lun *)be_lun->ctl_lun; + softc = lun->ctl_softc; mtx_lock(>lun_lock); @@ -6231,7 +6252,7 @@ ctl_mode_select(struct ctl_scsiio *ctsio) { struct ctl_lun *lun = CTL_LUN(ctsio); union ctl_modepage_info *modepage_info; - int bd_len, i, header_size, param_len, rtd; + int bd_len, i, header_size, param_len, pf, rtd, sp; uint32_t initidx; initidx = ctl_get_initindex(>io_hdr.nexus); @@ -6241,7 +6262,9 @@ ctl_mode_select(struct ctl_scsiio *ctsio) cdb = (struct scsi_mode_select_6 *)ctsio->cdb; + pf = (cdb->byte2 & SMS_PF) ? 1 : 0; rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0; + sp = (cdb->byte2 & SMS_SP) ? 1 : 0; param_len = cdb->length; header_size = sizeof(struct scsi_mode_header_6); break; @@ -6251,7 +6274,9 @@ ctl_mode_select(struct ctl_scsiio *ctsio) cdb = (struct scsi_mode_select_10 *)ctsio->cdb; + pf = (cdb->byte2 & SMS_PF) ? 1 : 0; rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0; + sp = (cdb->byte2 & SMS_SP) ? 1 : 0; param_len = scsi_2btoul(cdb->length); header_size = sizeof(struct scsi_mode_header_10); break; @@ -6374,12 +6399,13 @@ int ctl_mode_sense(struct ctl_scsiio *ctsio) { struct ctl_lun *lun = CTL_LUN(ctsio); - int pc, page_code, dbd, subpage; + int pc, page_code, dbd, llba, subpage; int alloc_len, page_len, header_len, total_len; struct scsi_mode_block_descr *block_desc; struct ctl_page_index *page_index; dbd = 0; + llba = 0; block_desc = NULL; CTL_DEBUG_PRINT(("ctl_mode_sense\n")); @@ -6413,6 +6439,8 @@ ctl_mode_sense(struct ctl_scsiio *ctsio) dbd = 1; else header_len += sizeof(struct scsi_mode_block_descr); + if (cdb->byte2 & SMS10_LLBAA) + llba = 1; pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6; page_code = cdb->page & SMS_PAGE_CODE; subpage = cdb->subpage; @@ -8563,11 +8591,10 @@ ctl_hndl_per_res_out_on_other_sc(union ctl_io *io) if (lun->pr_res_type != SPR_TYPE_EX_AC && lun->pr_res_type != SPR_TYPE_WR_EX && (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) { - for (i = softc->init_min; i < softc->init_max; i++) { + for (i = softc->init_min; i < softc->init_max; i++) if (i == residx || ctl_get_prkey(lun, i) == 0) continue; ctl_est_ua(lun, i, CTL_UA_RES_RELEASE); - } } lun->flags &= ~CTL_LUN_PR_RESERVED; @@ -10375,6 +10402,7 @@ ctl_get_event_status(struct ctl_scsiio *ctsio) struct scsi_get_event_status_header *hdr; struct scsi_get_event_status *cdb; uint32_t alloc_len, data_len; + int notif_class;
svn commit: r360685 - in head/tests/sys: netinet netinet6
Author: melifaro Date: Wed May 6 07:48:37 2020 New Revision: 360685 URL: https://svnweb.freebsd.org/changeset/base/360685 Log: Add basic routing LPM tests. Differential Revision:https://reviews.freebsd.org/D24684 Added: head/tests/sys/netinet/lpm.sh (contents, props changed) head/tests/sys/netinet6/lpm6.sh (contents, props changed) Modified: head/tests/sys/netinet/Makefile head/tests/sys/netinet6/Makefile Modified: head/tests/sys/netinet/Makefile == --- head/tests/sys/netinet/Makefile Wed May 6 05:41:02 2020 (r360684) +++ head/tests/sys/netinet/Makefile Wed May 6 07:48:37 2020 (r360685) @@ -9,7 +9,7 @@ ATF_TESTS_C=ip_reass_test \ so_reuseport_lb_test \ socket_afinet -ATF_TESTS_SH= carp fibs_test redirect divert forward output +ATF_TESTS_SH= carp fibs_test redirect divert forward output lpm PROGS= udp_dontroute tcp_user_cookie Added: head/tests/sys/netinet/lpm.sh == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/netinet/lpm.sh Wed May 6 07:48:37 2020 (r360685) @@ -0,0 +1,179 @@ +#!/usr/bin/env atf-sh +#- +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2020 Alexander V. Chernikov +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +#notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +#notice, this list of conditions and the following disclaimer in the +#documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +. $(atf_get_srcdir)/../common/vnet.subr + +setup_networking() +{ + jname="$1" + lo_dst="$2" + epair0="$3" + epair1="$4" + + vnet_mkjail ${jname}a ${epair0}a ${epair1}a + # Setup transit IPv4 networks + jexec ${jname}a ifconfig ${epair0}a up + jexec ${jname}a ifconfig ${epair0}a inet 203.0.113.1/30 + jexec ${jname}a ifconfig ${epair1}a up + jexec ${jname}a ifconfig ${epair1}a inet 203.0.113.5/30 + + vnet_mkjail ${jname}b ${epair0}b ${epair1}b ${lo_dst} + jexec ${jname}b ifconfig ${epair0}b up + jexec ${jname}b ifconfig ${epair0}b inet 203.0.113.2/30 + jexec ${jname}b ifconfig ${epair1}b up + jexec ${jname}b ifconfig ${epair1}b inet 203.0.113.6/30 + jexec ${jname}b ifconfig ${lo_dst} up + +} + +atf_test_case "lpm_test1_success" "cleanup" +lpm_test1_success_head() +{ + + atf_set descr 'Test IPv4 LPM for /30 and /31' + atf_set require.user root +} + +lpm_test1_success_body() +{ + + vnet_init + + jname="v4t-lpm_test1_success" + + lo_dst=$(vnet_mkloopback) + epair0=$(vnet_mkepair) + epair1=$(vnet_mkepair) + + setup_networking ${jname} ${lo_dst} ${epair0} ${epair1} + + jexec ${jname}b ifconfig ${lo_dst} inet 198.51.100.0/32 + jexec ${jname}b ifconfig ${lo_dst} alias 198.51.100.2/32 + + # Add routes + # A -> towards B via epair0a + jexec ${jname}a route add -4 -net 198.51.100.0/30 203.0.113.2 + # A -> towards B via epair1a + jexec ${jname}a route add -4 -net 198.51.100.0/31 203.0.113.6 + + count=20 + valid_message="${count} packets transmitted, ${count} packets received" + + # Check that 198.51.100.0 goes via epair1 + atf_check -o match:"${valid_message}" jexec ${jname}a ping -f -nc${count} 198.51.100.0 + pkt_0=`jexec ${jname}a netstat -Wf link -I ${epair0}a | head | awk '$1!~/^Name/{print$8}'` + pkt_1=`jexec ${jname}a netstat -Wf link -I ${epair1}a | head | awk '$1!~/^Name/{print$8}'` + if [ ${pkt_1} -le ${count} ]; then + echo "LPM failure: 1: ${pkt_0} 2: ${pkt_1} (should be ${count})" + exit 1 + fi + + # Check that 198.51.100.2 goes via epair0 + atf_check