Commit Graph

121 Commits

Author SHA1 Message Date
imp
2ecef44547 /* -> /*- for license, minor formatting changes, insert COPYRIGHT into files 2005-01-07 02:35:34 +00:00
rwatson
c146b8722a If MALLOC() fails in at_pcballoc(), return ENOBUFS rather than
potentially panicking.

MFC after:	1 week
2005-01-03 00:16:07 +00:00
rwatson
7679ddf408 Correct a misspelling in a comment. 2004-12-05 13:28:52 +00:00
rwatson
c39858036f Acquire socket receive buffer mutex before appending and then waking up
a receive socket in DDP.  This reduces the number of mutex operations
required to deliver to a socket by two, and is the model used in other
protocols.
2004-12-05 13:27:30 +00:00
phk
027fce30f5 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
rwatson
4b81ce6dd2 Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
rwatson
199b1160c6 Inline umich license from COPYRIGHT to make it clear what license the
umich copyright is asserting.

Clarify that the copyright I'm asserting is the standard Berkeley
license.

Remove Giant assertions from AARP and DDP input routines.
2004-08-10 03:23:05 +00:00
rwatson
7127c711e8 Further function forward declaration white space tweaks. 2004-07-19 17:18:58 +00:00
rwatson
dc1ff7aa46 Re-style at_control.c to bring it closer to style(9), primarily with
regard to function prototypes and indentation.  The lack of indentation
in if clauses and case statements made this code extremely difficult
to read.
2004-07-19 17:15:51 +00:00
rwatson
9183ed533a Procotol control block locking for netatalk DDP. 2004-07-12 18:39:59 +00:00
rwatson
d0f3949724 Imperfect synchronization solution to imperfect code: use a static 256
byte buffer in the stack for temporary printf results rather than a
global buffer without synchronization.
2004-07-12 18:37:31 +00:00
rwatson
de62cbb6dd Remove 'Not used' comment: at_org_code is used, just not in netatalk/. 2004-07-12 18:35:30 +00:00
rwatson
8d63702565 Remove spl's from netatalk in preparation to merge locking. 2004-07-12 04:33:58 +00:00
rwatson
f1bc833e95 Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so):

- Hold socket lock over calls to MAC entry points reading or
  manipulating socket labels.

- Assert socket lock in MAC entry point implementations.

- When externalizing the socket label, first make a thread-local
  copy while holding the socket lock, then release the socket lock
  to externalize to userspace.
2004-06-13 02:50:07 +00:00
rwatson
82295697cd Extend coverage of SOCK_LOCK(so) to include so_count, the socket
reference count:

- Assert SOCK_LOCK(so) macros that directly manipulate so_count:
  soref(), sorele().

- Assert SOCK_LOCK(so) in macros/functions that rely on the state of
  so_count: sofree(), sotryfree().

- Acquire SOCK_LOCK(so) before calling these functions or macros in
  various contexts in the stack, both at the socket and protocol
  layers.

- In some cases, perform soisdisconnected() before sotryfree(), as
  this could result in frobbing of a non-present socket if
  sotryfree() actually frees the socket.

- Note that sofree()/sotryfree() will release the socket lock even if
  they don't free the socket.

Submitted by:	sam
Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS
2004-06-12 20:47:32 +00:00
rwatson
1238dc9ef8 Remove redundant call to soisdisconnected() from ddp_abort(), as it
calls at_pcbdetach() which also immediately calls soisdisconnected().
2004-05-05 03:34:37 +00:00
luigi
59063f7a08 This commit does two things:
1. rt_check() cleanup:
    rt_check() is only necessary for some address families to gain access
    to the corresponding arp entry, so call it only in/near the *resolve()
    routines where it is actually used -- at the moment this is
    arpresolve(), nd6_storelladdr() (the call is embedded here),
    and atmresolve() (the call is just before atmresolve to reduce
    the number of changes).
    This change will make it a lot easier to decouple the arp table
    from the routing table.

    There is an extra call to rt_check() in if_iso88025subr.c to
    determine the routing info length. I have left it alone for
    the time being.

    The interface of arpresolve() and nd6_storelladdr() now changes slightly:
     + the 'rtentry' parameter (really a hint from the upper level layer)
       is now passed unchanged from *_output(), so it becomes the route
       to the final destination and not to the gateway.
     + the routines will return 0 if resolution is possible, non-zero
       otherwise.
     + arpresolve() returns EWOULDBLOCK in case the mbuf is being held
       waiting for an arp reply -- in this case the error code is masked
       in the caller so the upper layer protocol will not see a failure.

2. arpcom untangling
    Where possible, use 'struct ifnet' instead of 'struct arpcom' variables,
    and use the IFP2AC macro to access arpcom fields.
    This mostly affects the netatalk code.

=== Detailed changes: ===
net/if_arcsubr.c
   rt_check() cleanup, remove a useless variable

net/if_atmsubr.c
   rt_check() cleanup

net/if_ethersubr.c
   rt_check() cleanup, arpcom untangling

net/if_fddisubr.c
   rt_check() cleanup, arpcom untangling

net/if_iso88025subr.c
   rt_check() cleanup

netatalk/aarp.c
   arpcom untangling, remove a block of duplicated code

netatalk/at_extern.h
   arpcom untangling

netinet/if_ether.c
   rt_check() cleanup (change arpresolve)

netinet6/nd6.c
   rt_check() cleanup (change nd6_storelladdr)
2004-04-25 09:24:52 +00:00
rwatson
56b53cb7be Lock down the netatalk AARP code, which is responsible for appletalk
address discovery and caching (similar to inet ARP).  Use a single
global mutex, aarptab_mtx, to protect the table.  Remove spl/spx.

Tested by:	Bob Bishop <rb@gid.co.uk>
2004-04-09 01:40:12 +00:00
rwatson
5be96e4b7c Rename 'ddpcb' variable to 'ddpcb_list' to better distinguish it from
'struct ddpcb'.
2004-03-22 04:54:36 +00:00
rwatson
e7287c638a Rename 'at_ifaddr' list to 'at_ifaddr_list' so that the variable is
more easily mechanically distinguished from 'struct at_ifaddr'.
2004-03-22 04:50:36 +00:00
rwatson
c4f5b78e26 Compare pointers with NULL rather than 0, or treating them as boolans in
if statements.

at_rmx gets a $FreeBSD$ out of the deal also (this code appears to be
unused).
2004-03-22 03:57:01 +00:00
rwatson
83a23fd2a4 Also modify ddp_input.c with the following changes previously applied
to other files in netatalk:

  Log:
  Since I have my hands all over netatalk adding locking and restructuring
  it, cinch the file's style closer to style(9) with regard to parenthesis:

    s/( /(/g
    s/ )/)/g
    s/return(/return (/g
    s/return 0/return (0)/
    s/return 1/return (1)/
2004-03-22 03:48:31 +00:00
rwatson
a961e30573 Since I have my hands all over netatalk adding locking and restructuring
it, cinch the file's style closer to style(9) with regard to parenthesis:

  s/( /(/g
  s/ )/)/g
  s/return(/return (/g
  s/return 0/return (0)/
  s/return 1/return (1)/
2004-03-22 03:24:10 +00:00
rwatson
909ef06760 Spell "(struct foo *)0" as "NULL". 2004-03-21 03:28:08 +00:00
rwatson
a0128abb0a Isolate PCB-specific ethertalk DDP functions in ddp_pcb.c, removing them
from ddp_usrreq.c.  Functions moved are:

  at_pcballoc()
  at_pcbconnect()
  at_pcbdetach()
  at_pcbdisconnect()
  at_pcbsetaddr()
  at_sockaddr()

Also moved are ddp_ports and ddpcb, global variables associated with DDP
pcbs.  This makes PCB implementation more parallel to inet, inet6, and
ipx.
2004-03-19 07:21:22 +00:00
rwatson
0f33a4da2f Make ddp_ports static, as it's not used outside of ddp_usrreq.c.
Inspired by:	Day spent hiking to hot springs in Taiwan
Powered by:	Asia BSDCon 2004
2004-03-17 12:54:21 +00:00
rwatson
b4db84c328 Const-poison atmulticastaddr, which should be read but not modified.
While there, remove (caddr_t) casting of ethernet addresses, which
among other things discards the qualifier.  This makes it clear that
atmulticastaddr does not require synchronization.
2004-03-13 05:27:17 +00:00
rwatson
b0b5f961bd Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
sam
9f0b8cac1e Eliminate a duplicate free when deleting an interface address. This
caused crashes, typically during shutdown, because the second free
referenced a mutex that had been destroyed.

Tested by:	several
Approved by:	re (scottl)
2003-11-28 04:19:41 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
sam
7f3b205cb8 o add a flags parameter to netisr_register that is used to specify
whether or not the isr needs to hold Giant when running; Giant-less
  operation is also controlled by the setting of debug_mpsafenet
o mark all netisr's except NETISR_IP as needing Giant
o add a GIANT_REQUIRED assertion to the top of netisr's that need Giant
o pickup Giant (when debug_mpsafenet is 1) inside ip_input before
  calling up with a packet
o change netisr handling so swi_net runs w/o Giant; instead we grab
  Giant before invoking handlers based on whether the handler needs Giant
o change netisr handling so that netisr's that are marked MPSAFE may
  have multiple instances active at a time
o add netisr statistics for packets dropped because the isr is inactive

Supported by:	FreeBSD Foundation
2003-11-08 22:28:40 +00:00
sam
e971307a02 must use RTFREE instead of rtfree for proper locking 2003-11-08 03:36:32 +00:00
brooks
f1e94c6f29 Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
imp
4407135243 Remove unnecessary casts to (caddr_t) for if_broadcastaddr. 2003-10-23 17:48:53 +00:00
rwatson
fdb34fcdc5 More checking of M_PREPEND() return values: pass through link-layer
Appletalk code.  These changes are untested since I don't have
an Appletalk environment.
2003-08-29 19:27:09 +00:00
mdodd
cda1ad1e06 - Use if_broadcastaddr from struct ifnet rather than relying on
extern 'etherbroadcastaddr'.
- Make 'etherbroadcastaddr' static.

Reviewed by:	 imp
2003-03-21 17:53:16 +00:00
jlemon
04e28d5a81 Update netisr handling; Each SWI now registers its queue, and all queue
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
2003-03-04 23:19:55 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
hsu
c3153934cb Lock up ifaddr reference counts. 2002-12-18 11:46:59 +00:00
sobomax
7b3d4c8729 Add more ethernet types and move AppleTalk types into proper location.
Obtained from:  NetBSD (syssrc/sys/net/ethertypes.h, rev.1.13)
2002-09-06 17:02:29 +00:00
rwatson
60c2032dc8 Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:58:44 +00:00
tanimura
e6fa9b9e92 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
peter
d19e3cd1fd Fix warning; Extra tokens after #endif 2002-05-24 06:11:07 +00:00
tanimura
92d8381dd5 Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
tanimura
89ec521d91 Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
jhb
db9aa81e23 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
jhb
dc2e474f79 Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
alfred
8c4c86de23 Remove __P. 2002-03-20 02:39:27 +00:00
iedowse
dcad47177b Make `options NETATALK' compile after the -fno-common changes.
Tested by:	Emiel Kollof <coolvibe@hackerheaven.org>
2002-01-16 11:26:50 +00:00