Commit Graph

117 Commits

Author SHA1 Message Date
Poul-Henning Kamp
756d52a195 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
Robert Watson
81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
Robert Watson
1761672b75 Inline umich license from COPYRIGHT to make it clear what license the
umich copyright is asserting.

Clarify that the copyright I'm asserting is the standard Berkeley
license.

Remove Giant assertions from AARP and DDP input routines.
2004-08-10 03:23:05 +00:00
Robert Watson
36dd5f47d9 Further function forward declaration white space tweaks. 2004-07-19 17:18:58 +00:00
Robert Watson
439e36c655 Re-style at_control.c to bring it closer to style(9), primarily with
regard to function prototypes and indentation.  The lack of indentation
in if clauses and case statements made this code extremely difficult
to read.
2004-07-19 17:15:51 +00:00
Robert Watson
8375a14422 Procotol control block locking for netatalk DDP. 2004-07-12 18:39:59 +00:00
Robert Watson
dedfa2fb68 Imperfect synchronization solution to imperfect code: use a static 256
byte buffer in the stack for temporary printf results rather than a
global buffer without synchronization.
2004-07-12 18:37:31 +00:00
Robert Watson
598a1cadf1 Remove 'Not used' comment: at_org_code is used, just not in netatalk/. 2004-07-12 18:35:30 +00:00
Robert Watson
effb15c0c5 Remove spl's from netatalk in preparation to merge locking. 2004-07-12 04:33:58 +00:00
Robert Watson
310e7ceb94 Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so):

- Hold socket lock over calls to MAC entry points reading or
  manipulating socket labels.

- Assert socket lock in MAC entry point implementations.

- When externalizing the socket label, first make a thread-local
  copy while holding the socket lock, then release the socket lock
  to externalize to userspace.
2004-06-13 02:50:07 +00:00
Robert Watson
395a08c904 Extend coverage of SOCK_LOCK(so) to include so_count, the socket
reference count:

- Assert SOCK_LOCK(so) macros that directly manipulate so_count:
  soref(), sorele().

- Assert SOCK_LOCK(so) in macros/functions that rely on the state of
  so_count: sofree(), sotryfree().

- Acquire SOCK_LOCK(so) before calling these functions or macros in
  various contexts in the stack, both at the socket and protocol
  layers.

- In some cases, perform soisdisconnected() before sotryfree(), as
  this could result in frobbing of a non-present socket if
  sotryfree() actually frees the socket.

- Note that sofree()/sotryfree() will release the socket lock even if
  they don't free the socket.

Submitted by:	sam
Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS
2004-06-12 20:47:32 +00:00
Robert Watson
bd1004ef9e Remove redundant call to soisdisconnected() from ddp_abort(), as it
calls at_pcbdetach() which also immediately calls soisdisconnected().
2004-05-05 03:34:37 +00:00
Luigi Rizzo
cd46a114fc This commit does two things:
1. rt_check() cleanup:
    rt_check() is only necessary for some address families to gain access
    to the corresponding arp entry, so call it only in/near the *resolve()
    routines where it is actually used -- at the moment this is
    arpresolve(), nd6_storelladdr() (the call is embedded here),
    and atmresolve() (the call is just before atmresolve to reduce
    the number of changes).
    This change will make it a lot easier to decouple the arp table
    from the routing table.

    There is an extra call to rt_check() in if_iso88025subr.c to
    determine the routing info length. I have left it alone for
    the time being.

    The interface of arpresolve() and nd6_storelladdr() now changes slightly:
     + the 'rtentry' parameter (really a hint from the upper level layer)
       is now passed unchanged from *_output(), so it becomes the route
       to the final destination and not to the gateway.
     + the routines will return 0 if resolution is possible, non-zero
       otherwise.
     + arpresolve() returns EWOULDBLOCK in case the mbuf is being held
       waiting for an arp reply -- in this case the error code is masked
       in the caller so the upper layer protocol will not see a failure.

2. arpcom untangling
    Where possible, use 'struct ifnet' instead of 'struct arpcom' variables,
    and use the IFP2AC macro to access arpcom fields.
    This mostly affects the netatalk code.

=== Detailed changes: ===
net/if_arcsubr.c
   rt_check() cleanup, remove a useless variable

net/if_atmsubr.c
   rt_check() cleanup

net/if_ethersubr.c
   rt_check() cleanup, arpcom untangling

net/if_fddisubr.c
   rt_check() cleanup, arpcom untangling

net/if_iso88025subr.c
   rt_check() cleanup

netatalk/aarp.c
   arpcom untangling, remove a block of duplicated code

netatalk/at_extern.h
   arpcom untangling

netinet/if_ether.c
   rt_check() cleanup (change arpresolve)

netinet6/nd6.c
   rt_check() cleanup (change nd6_storelladdr)
2004-04-25 09:24:52 +00:00
Robert Watson
8e9013b4c4 Lock down the netatalk AARP code, which is responsible for appletalk
address discovery and caching (similar to inet ARP).  Use a single
global mutex, aarptab_mtx, to protect the table.  Remove spl/spx.

Tested by:	Bob Bishop <rb@gid.co.uk>
2004-04-09 01:40:12 +00:00
Robert Watson
3280e5dc69 Rename 'ddpcb' variable to 'ddpcb_list' to better distinguish it from
'struct ddpcb'.
2004-03-22 04:54:36 +00:00
Robert Watson
4ddd6a81e0 Rename 'at_ifaddr' list to 'at_ifaddr_list' so that the variable is
more easily mechanically distinguished from 'struct at_ifaddr'.
2004-03-22 04:50:36 +00:00
Robert Watson
f2aa178725 Compare pointers with NULL rather than 0, or treating them as boolans in
if statements.

at_rmx gets a $FreeBSD$ out of the deal also (this code appears to be
unused).
2004-03-22 03:57:01 +00:00
Robert Watson
e0af0ab104 Also modify ddp_input.c with the following changes previously applied
to other files in netatalk:

  Log:
  Since I have my hands all over netatalk adding locking and restructuring
  it, cinch the file's style closer to style(9) with regard to parenthesis:

    s/( /(/g
    s/ )/)/g
    s/return(/return (/g
    s/return 0/return (0)/
    s/return 1/return (1)/
2004-03-22 03:48:31 +00:00
Robert Watson
b8e3da4a83 Since I have my hands all over netatalk adding locking and restructuring
it, cinch the file's style closer to style(9) with regard to parenthesis:

  s/( /(/g
  s/ )/)/g
  s/return(/return (/g
  s/return 0/return (0)/
  s/return 1/return (1)/
2004-03-22 03:24:10 +00:00
Robert Watson
97cb84c481 Spell "(struct foo *)0" as "NULL". 2004-03-21 03:28:08 +00:00
Robert Watson
909d5c6308 Isolate PCB-specific ethertalk DDP functions in ddp_pcb.c, removing them
from ddp_usrreq.c.  Functions moved are:

  at_pcballoc()
  at_pcbconnect()
  at_pcbdetach()
  at_pcbdisconnect()
  at_pcbsetaddr()
  at_sockaddr()

Also moved are ddp_ports and ddpcb, global variables associated with DDP
pcbs.  This makes PCB implementation more parallel to inet, inet6, and
ipx.
2004-03-19 07:21:22 +00:00
Robert Watson
34f74e1ed8 Make ddp_ports static, as it's not used outside of ddp_usrreq.c.
Inspired by:	Day spent hiking to hot springs in Taiwan
Powered by:	Asia BSDCon 2004
2004-03-17 12:54:21 +00:00
Robert Watson
2d3b3d66b4 Const-poison atmulticastaddr, which should be read but not modified.
While there, remove (caddr_t) casting of ethernet addresses, which
among other things discards the qualifier.  This makes it clear that
atmulticastaddr does not require synchronization.
2004-03-13 05:27:17 +00:00
Robert Watson
746e5bf09b Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
Sam Leffler
fdc21d0d1e Eliminate a duplicate free when deleting an interface address. This
caused crashes, typically during shutdown, because the second free
referenced a mutex that had been destroyed.

Tested by:	several
Approved by:	re (scottl)
2003-11-28 04:19:41 +00:00
Robert Watson
a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
Sam Leffler
7902224c6b o add a flags parameter to netisr_register that is used to specify
whether or not the isr needs to hold Giant when running; Giant-less
  operation is also controlled by the setting of debug_mpsafenet
o mark all netisr's except NETISR_IP as needing Giant
o add a GIANT_REQUIRED assertion to the top of netisr's that need Giant
o pickup Giant (when debug_mpsafenet is 1) inside ip_input before
  calling up with a packet
o change netisr handling so swi_net runs w/o Giant; instead we grab
  Giant before invoking handlers based on whether the handler needs Giant
o change netisr handling so that netisr's that are marked MPSAFE may
  have multiple instances active at a time
o add netisr statistics for packets dropped because the isr is inactive

Supported by:	FreeBSD Foundation
2003-11-08 22:28:40 +00:00
Sam Leffler
6536168e0a must use RTFREE instead of rtfree for proper locking 2003-11-08 03:36:32 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Warner Losh
231ef86f68 Remove unnecessary casts to (caddr_t) for if_broadcastaddr. 2003-10-23 17:48:53 +00:00
Robert Watson
b50a132f22 More checking of M_PREPEND() return values: pass through link-layer
Appletalk code.  These changes are untested since I don't have
an Appletalk environment.
2003-08-29 19:27:09 +00:00
Matthew N. Dodd
868d8b6286 - Use if_broadcastaddr from struct ifnet rather than relying on
extern 'etherbroadcastaddr'.
- Make 'etherbroadcastaddr' static.

Reviewed by:	 imp
2003-03-21 17:53:16 +00:00
Jonathan Lemon
1cafed3941 Update netisr handling; Each SWI now registers its queue, and all queue
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
2003-03-04 23:19:55 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Jeffrey Hsu
19fc74fb60 Lock up ifaddr reference counts. 2002-12-18 11:46:59 +00:00
Maxim Sobolev
d04c7d51be Add more ethernet types and move AppleTalk types into proper location.
Obtained from:  NetBSD (syssrc/sys/net/ethertypes.h, rev.1.13)
2002-09-06 17:02:29 +00:00
Robert Watson
a7320549ac Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:58:44 +00:00
Seigo Tanimura
4cc20ab1f0 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
Peter Wemm
ac0f456146 Fix warning; Extra tokens after #endif 2002-05-24 06:11:07 +00:00
Seigo Tanimura
243917fe3b Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
Seigo Tanimura
960ed29c4b Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Alfred Perlstein
96abb1618a Remove __P. 2002-03-20 02:39:27 +00:00
Ian Dowse
c6cca33809 Make `options NETATALK' compile after the -fno-common changes.
Tested by:	Emiel Kollof <coolvibe@hackerheaven.org>
2002-01-16 11:26:50 +00:00
Matthew Dillon
b1e4abd246 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Poul-Henning Kamp
fc2ffbe604 Mechanical change to use <sys/queue.h> macro API instead of
fondling implementation details.

Created with: sed(1)
Reviewed by: md5(1)
2001-02-04 13:13:25 +00:00
Bosko Milekic
2a0c503e7a * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00