A received control packet may cause the transmit queue to be flushed, in
which case ng_l2tp_seq_recv_nr() cancels the transmit timeout handler.
The handler checks to see if it was cancelled before doing anything, but
did so before acquiring the node lock, so a small race window could
cause ng_l2tp_seq_rack_timeout() to attempt to flush an empty queue,
ultimately causing a null pointer dereference.
PR: 241133
Reviewed by: bz, glebius, Lutz Donnerhacke
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D26548
We must enter NET_EPOCH before calling ether_output_frame(). Several of the
functions it calls (pfil_run_hooks, if_transmit) expect to be running in the
NET_EPOCH.
While here remove an unneeded EPOCH entry (which wasn't wide enough to cover
BRIDGE_INPUT).
PR: 248958
Reviewed by: glebius, bz (previous version), melifaro (previous version)
Tested by: manu
Differential Revision: https://reviews.freebsd.org/D26226
Update the ng_iface documentation and hooks to reflect the fact that the
node currently only supports IPv4 and v6 packets.
Reviewed by: Lutz Donnerhacke
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25862
This is normally handled by a netgraph thread, but netgraph messages may
be dispatched directly to a node, in which case no VNET is set before
ng_iface calls into the network stack. Netgraph could probably handle
this more generally, but for now just be sure to set the current VNET in
ng_iface.
PR: 242406
Tested by: Michael Muenz <m.muenz@gmail.com>
Reviewed by: Lutz Donnerhacke
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25788
ACL packet boundary flag should be 0 instead of 2 for LE PDU.
Some HCI will drop LE packet with PB flag is 2, and if sent,
some target may reject the packet.
PR: 248024
Reported by: Greg V
Reviewed by: Greg V, emax
Differential Revision: https://reviews.freebsd.org/D25704
Refer to bluetooth core v5.2 specifications Vol4. Part E. 7.8.27.
PR: 245763
Submitted by: Marc Veldman <marc@bumblingdork.com>
MFC after: 1 week
Sponsored by: Mellanox Technologies
A later change, currently being iterated on in D24459, will in-fact change
the lock type to an sx so that TTY drivers can sleep on it if they need to.
Committing this ahead of time to make the review in question a little more
palatable.
tty_lock_assert() is unfortunately still needed for now in two places to
make sure that the tty lock has not been recursed upon, for those scenarios
where it's supplied by the TTY driver and possibly a mutex that is allowed
to recurse.
Suggested by: markj
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
Mark all obvious cases as MPSAFE. All entries that haven't been marked
as MPSAFE before are by default marked as NEEDGIANT
Approved by: kib (mentor, blanket)
Commented by: kib, gallatin, melifaro
Differential Revision: https://reviews.freebsd.org/D23718
From the beginning, ng_nat safely assumed cleansed traffic
because of limited ways it could be attached to NETGRAPH:
ng_ipfw or ng_ppp only.
Now as it may be attached with ng_ether too, the assumption proven wrong.
Add needed check to the ng_nat. Thanks for markj for debugging this.
PR: 243096
Submitted by: Lutz Donnerhacke <lutz@donnerhacke.de>
Reported by: Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by: markj and others
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D23091
ng_nat implements NAT for IPv4 traffic only. When connected to an
ng_ether node it erroneously handled IPv6 packets as well.
This change is not sufficient: ng_nat does not do any validation of IP
packets in this mode, even though they have not yet passed through
ip_input().
PR: 243096
Reported by: Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by: julian
Differential Revision: https://reviews.freebsd.org/D23080
In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API can be removed again entirely.
Suggested by: julian
Submitted by: Lutz Donnerhacke (lutz donnerhacke.de)
PR: 240787
Reviewed by: julian
MFC after: 2 weeks
X-MFC with: r353026
Differential Revision: https://reviews.freebsd.org/D21961
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
can handle. Instead using an array on node private data, use per-hook
private data.
- Use NG_NODE_FOREACH_HOOK() to traverse through hooks instead of array.
PR: 240787
Submitted by: Lutz Donnerhacke <lutz donnerhacke.de>
Differential Revision: https://reviews.freebsd.org/D21803
This removes the last consumer of the modified zlib originally
bundled with Paul's PPP implementation, which will be removed
in a follow up commit.
PR: 229763
Differential Revision: https://reviews.freebsd.org/D21186
Add helper function for synchronous execution of HCI commands at probe
stage and use this function to check firmware state of Intel Wireless
8260/8265 bluetooth devices found in many post 2016 year laptops.
Attempt to initialize FreeBSD bluetooth stack while such a device is in
bootloader mode locks the adapter hardly so it requires power on/off
cycle to restore.
This change blocks ng_ubt attachment unless operational firmware is
loaded thus preventing the lock up.
PR: 237083
Reviewed by: hps, emax
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21071