Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (14 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.

This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Approved by:	kib (mentor, blanket)
Differential Revision:	https://reviews.freebsd.org/D23639
This commit is contained in:
kaktus 2020-02-24 10:47:18 +00:00
parent 8b4e301422
commit 3150f61ee2
4 changed files with 82 additions and 41 deletions

View File

@ -367,44 +367,68 @@ SYSCTL_DECL(_net_inet);
SYSCTL_DECL(_net_inet_ip);
SYSCTL_DECL(_net_inet_ip_alias);
static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp, CTLFLAG_RW, NULL,
static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp,
CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
"SCTP NAT");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_log_level, 0, sysctl_chg_loglevel, "IU",
"Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_init_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_up_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) to keep an association up with no traffic");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for SHUTDOWN-COMPLETE");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_holddown_timer, 0, sysctl_chg_timer, "IU",
"Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU",
"Size of hash tables used for NAT lookups (100 < prime_number > 1000001)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb, CTLTYPE_UINT | CTLFLAG_RW,
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU",
"ErrorM sent on receipt of ootb packet:\n\t0 - none,\n\t1 - to local only,\n\t2 - to local and global if a partial association match,\n\t3 - to local and global (DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip, CTLTYPE_UINT | CTLFLAG_RW,
"ErrorM sent on receipt of ootb packet:\n\t0 - none,\n"
"\t1 - to local only,\n"
"\t2 - to local and global if a partial association match,\n"
"\t3 - to local and global (DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU",
"NAT response to receipt of global OOTB AddIP:\n\t0 - No response,\n\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
&sysctl_initialising_chunk_proc_limit, 0, sysctl_chg_initialising_chunk_proc_limit, "IU",
"Number of chunks that should be processed if there is no current association found:\n\t > 0 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
"NAT response to receipt of global OOTB AddIP:\n"
"\t0 - No response,\n"
"\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_initialising_chunk_proc_limit, 0,
sysctl_chg_initialising_chunk_proc_limit, "IU",
"Number of chunks that should be processed if there is no current "
"association found:\n\t > 0 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU",
"Number of chunks that should be processed to find key chunk:\n\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
"Number of chunks that should be processed to find key chunk:\n"
"\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU",
"Number of parameters (in a chunk) that should be processed to find key parameters:\n\t> 1 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses, CTLTYPE_UINT | CTLFLAG_RW,
"Number of parameters (in a chunk) that should be processed to find key "
"parameters:\n\t> 1 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_track_global_addresses, 0, sysctl_chg_track_global_addresses, "IU",
"Configures the global address tracking option within the NAT:\n\t0 - Global tracking is disabled,\n\t> 0 - enables tracking but limits the number of global IP addresses to this value");
"Configures the global address tracking option within the NAT:\n"
"\t0 - Global tracking is disabled,\n"
"\t> 0 - enables tracking but limits the number of global IP addresses to this value");
#endif /* SYSCTL_NODE */

View File

@ -861,8 +861,8 @@ sctp_sysctl_handle_trace_log_clear(SYSCTL_HANDLER_ARGS)
return (error); \
} \
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, mib_name, \
CTLFLAG_VNET|CTLTYPE_UINT|CTLFLAG_RW, NULL, 0, \
sctp_sysctl_handle_##mib_name, "UI", prefix##_DESC);
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, \
NULL, 0, sctp_sysctl_handle_##mib_name, "UI", prefix##_DESC);
/*
* sysctl definitions
@ -873,10 +873,14 @@ SCTP_UINT_SYSCTL(recvspace, sctp_recvspace, SCTPCTL_RECVSPACE)
SCTP_UINT_SYSCTL(auto_asconf, sctp_auto_asconf, SCTPCTL_AUTOASCONF)
SCTP_UINT_SYSCTL(ecn_enable, sctp_ecn_enable, SCTPCTL_ECN_ENABLE)
SCTP_UINT_SYSCTL(pr_enable, sctp_pr_enable, SCTPCTL_PR_ENABLE)
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, auth_enable, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
NULL, 0, sctp_sysctl_handle_auth, "IU", SCTPCTL_AUTH_ENABLE_DESC);
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, asconf_enable, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
NULL, 0, sctp_sysctl_handle_asconf, "IU", SCTPCTL_ASCONF_ENABLE_DESC);
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, auth_enable,
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_auth, "IU",
SCTPCTL_AUTH_ENABLE_DESC);
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, asconf_enable,
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_asconf, "IU",
SCTPCTL_ASCONF_ENABLE_DESC);
SCTP_UINT_SYSCTL(reconfig_enable, sctp_reconfig_enable, SCTPCTL_RECONFIG_ENABLE)
SCTP_UINT_SYSCTL(nrsack_enable, sctp_nrsack_enable, SCTPCTL_NRSACK_ENABLE)
SCTP_UINT_SYSCTL(pktdrop_enable, sctp_pktdrop_enable, SCTPCTL_PKTDROP_ENABLE)
@ -926,13 +930,19 @@ SCTP_UINT_SYSCTL(default_frag_interleave, sctp_default_frag_interleave, SCTPCTL_
SCTP_UINT_SYSCTL(mobility_base, sctp_mobility_base, SCTPCTL_MOBILITY_BASE)
SCTP_UINT_SYSCTL(mobility_fasthandoff, sctp_mobility_fasthandoff, SCTPCTL_MOBILITY_FASTHANDOFF)
#if defined(SCTP_LOCAL_TRACE_BUF)
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, log, CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RD,
NULL, 0, sctp_sysctl_handle_trace_log, "S,sctplog", "SCTP logging (struct sctp_log)");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, clear_trace, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
NULL, 0, sctp_sysctl_handle_trace_log_clear, "IU", "Clear SCTP Logging buffer");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, log,
CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_trace_log, "S,sctplog"a
, "SCTP logging (struct sctp_log)");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, clear_trace,
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_trace_log_clear, "IU",
"Clear SCTP Logging buffer");
#endif
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, udp_tunneling_port, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
NULL, 0, sctp_sysctl_handle_udp_tunneling, "IU", SCTPCTL_UDP_TUNNELING_PORT_DESC);
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, udp_tunneling_port,
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_udp_tunneling, "IU",
SCTPCTL_UDP_TUNNELING_PORT_DESC);
SCTP_UINT_SYSCTL(enable_sack_immediately, sctp_enable_sack_immediately, SCTPCTL_SACK_IMMEDIATELY_ENABLE)
SCTP_UINT_SYSCTL(nat_friendly_init, sctp_inits_include_nat_friendly, SCTPCTL_NAT_FRIENDLY_INITS)
SCTP_UINT_SYSCTL(vtag_time_wait, sctp_vtag_time_wait, SCTPCTL_TIME_WAIT)
@ -952,7 +962,11 @@ SCTP_UINT_SYSCTL(debug, sctp_debug_on, SCTPCTL_DEBUG)
#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
SCTP_UINT_SYSCTL(output_unlocked, sctp_output_unlocked, SCTPCTL_OUTPUT_UNLOCKED)
#endif
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, stats, CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RW,
NULL, 0, sctp_sysctl_handle_stats, "S,sctpstat", "SCTP statistics (struct sctp_stat)");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, assoclist, CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_RD,
NULL, 0, sctp_sysctl_handle_assoclist, "S,xassoc", "List of active SCTP associations");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, stats,
CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_stats, "S,sctpstat",
"SCTP statistics (struct sctp_stat)");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, assoclist,
CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
NULL, 0, sctp_sysctl_handle_assoclist, "S,xassoc",
"List of active SCTP associations");

View File

@ -421,8 +421,10 @@ sctp_getcred(SYSCTL_HANDLER_ARGS)
return (error);
}
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, getcred, CTLTYPE_OPAQUE | CTLFLAG_RW,
0, 0, sctp_getcred, "S,ucred", "Get the ucred of a SCTP connection");
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, getcred,
CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
0, 0, sctp_getcred, "S,ucred",
"Get the ucred of a SCTP connection");
#ifdef INET

View File

@ -472,9 +472,10 @@ sctp6_getcred(SYSCTL_HANDLER_ARGS)
return (error);
}
SYSCTL_PROC(_net_inet6_sctp6, OID_AUTO, getcred, CTLTYPE_OPAQUE | CTLFLAG_RW,
0, 0,
sctp6_getcred, "S,ucred", "Get the ucred of a SCTP6 connection");
SYSCTL_PROC(_net_inet6_sctp6, OID_AUTO, getcred,
CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
0, 0, sctp6_getcred, "S,ucred",
"Get the ucred of a SCTP6 connection");
/* This is the same as the sctp_abort() could be made common */