to RELENG_6:
Rename IFF_RUNNING to IFF_DRV_RUNNING, IFF_OACTIVE to IFF_DRV_OACTIVE,
and move both flags from ifnet.if_flags to ifnet.if_drv_flags, making
and documenting the locking of these flags the responsibility of the
device driver, not the network stack. The flags for these two fields
will be mutually exclusive so that they can be exposed to user space as
though they were stored in the same variable.
Provide #defines to provide the old names #ifndef _KERNEL, so that user
applications (such as ifconfig) can use the old flag names. Using the
old names in a device driver will result in a compile error in order to
help device driver writers adopt the new model.
When exposing the interface flags to user space, via interface ioctls
or routing sockets, or the two fields together. Since the driver flags
cannot currently be set for user space, no new logic is currently
required to handle this case.
Add some assertions that general purpose network stack routines, such
as if_setflags(), are not improperly used on driver-owned flags.
With this change, a large number of very minor network stack races are
closed, subject to correct device driver locking. Most were likely
never triggered.
Driver sweep to follow; many thanks to pjd and bz for the line-by-line
review they gave this patch.
Reviewed by: pjd, bz
Approved by: re (scottl)
- Remove NTP servers which do not resolve in DNS.
- Use pool.ntp.org servers where possible, thanks to
Chuck Swiger <cswiger at mac dot com> .
- Update list of Swedish NTP servers, thanks to
Fredrik Lindberg <fli+freebsd-current at shapeshifter dot se> .
PR: bin/75479
Approved by: re (scottl)
Lock down netnatm and mark as MPSAFE:
- Introduce a subsystem mutex, natm_mtx, manipulated with accessor macros
NATM_LOCK_INIT(), NATM_LOCK(), NATM_UNLOCK(), NATM_LOCK_ASSERT(). It
protects the consistency of pcb-related data structures. Finer grained
locking is possible, but should be done in the context of specific
measurements (as very little work is done in netnatm -- most is in the
ATM device driver or socket layer, so there's probably not much
contention).
- Remove GIANT_REQUIRED, mark as NETISR_MPSAFE, remove
NET_NEEDS_GIANT("netnatm").
- Conditionally acquire Giant when entering network interfaces for
ifp->if_ioctl() using IFF_LOCKGIANT(ifp)/IFF_UNLOCKGIANT(ifp) in order
to coexist with non-MPSAFE atm ifnet drivers..
- De-spl.
Reviewed by: harti, bms (various versions)
Approved by: re (hrs)
ip_input.c:1.303, ip_output.c:1.243 from HEAD to RELENG_6:
Introduce in_multi_mtx, which will protect IPv4-layer multicast address
lists, as well as accessor macros. For now, this is a recursive mutex
due code sequences where IPv4 multicast calls into IGMP calls into
ip_output(), which then tests for a multicast forwarding case.
For support macros in in_var.h to check multicast address lists, assert
that in_multi_mtx is held.
Acquire in_multi_mtx around iteration over the IPv4 multicast address
lists, such as in ip_input() and ip_output().
Acquire in_multi_mtx when manipulating the IPv4 layer multicast
addresses, as well as over the manipulation of ifnet multicast address
lists in order to keep the two layers in sync.
Lock down accesses to IPv4 multicast addresses in IGMP, or assert the
lock when performing IGMP join/leave events.
Eliminate spl's associated with IPv4 multicast addresses, portions of
IGMP that weren't previously expunged by IGMP locking.
Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded
lock order in WITNESS, in that order.
Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca>
Approved by: re (scottl)
Modify network protocol consumers of the ifnet multicast address lists
to lock if_addr_mtx.
Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca>
Approved by: re (scottl)
if_iso88025subr.c:1.68 from HEAD to RELENG_6:
When allocating link layer ifnet address list entries in
ifp->if_resolvemulti(), do so with M_NOWAIT rather than M_WAITOK, so
that a mutex can be held over the call. In the FDDI code, add a
missing M_ZERO. Consumers are already aware that if_resolvemulti()
can fail.
Approved by: re (scottl)
- Rename ifmaof_ifpforaddr() to if_findmulti(); assert if_addr_mtx.
Staticize.
Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca>
Approved by: re (scottl)
correct nits in the addition of if_addr_mtx:
if.c:1.240:
Initialize the if_addr mutex in if_alloc() rather than waiting until
if_attach(). This allows ethernet drivers to use it in their routines
to program their MAC filters before ether_ifattach() is called (de(4) is
one such driver). Also, the if_addr mutex is destroyed in if_free()
rather than if_detach(), so there was another potential bug in that a
driver that failed during attach and called if_free() without having
called ether_ifattach() would have tried to destroy an uninitialized
mutex.
Reported by: Holm Tiffe holm at freibergnet dot de
Discussed with: rwatson
if.c:1.241:
destroy lock _before_ free'ing the structure it resides in
if.c:1.242:
- Move IF_ADDR_LOCK_DESTROY(ifp) from if_free to if_free_type.
- Add a note that additions should be made to if_free_type and not
if_free to help avoid this in the future.
This apparently fixes a use after free in if_bridge and may fix bugs
in other direct if_free_type consumers.
Reported by: thompsa
Approved by: re (hrs)
Protect link layer network interface multicast address list manipulation
using ifp->if_addr_mtx:
- Initialize if_addr_mtx when ifnet is initialized.
- Destroy if_addr_mtx when ifnet is torn down.
- Rename ifmaof_ifpforaddr() to if_findmulti(); assert if_addr_mtx.
Staticize.
- Extract ifmultiaddr allocation and initialization into if_allocmulti();
accept a 'mflags' argument to indicate whether or not sleeping is
permitted. This centralizes error handling and address duplication.
- Extract ifmultiaddr tear-down and deallocation in if_freemulti().
- Re-structure if_addmulti() to hold if_addr_mtx around manipulation of
the ifnet multicast address list and reference count manipulation.
Make use of non-sleeping allocations. Annotate the fact that we only
generate routing socket events for explicit address addition, not
implicit link layer address addition.
- Re-structure if_delmulti() to hold if_addr_mtx around manipulation of
the ifnet multicast address list and reference count manipulation.
Annotate the lack of a routing socket event for implicit link layer
address removal.
- De-spl all and sundry.
Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca>
Approved by: re (hrs)
- Introduce a helper function if_setflag() containing the code common
to ifpromisc() and if_allmulti() instead of duplicating the code poorly,
with different bugs.
- Call ifp->if_ioctl() in a consistent way: always use more compatible C
syntax and check whether ifp->if_ioctl is not NULL prior to the call.
Discussed with: yar
Approved by: re (scottl)
Silence "busy" warnings when unmounting devfs at system shutdown. This
is a workaround for non-symetric teardown of the file systems at
shutdown with respect to the mount order at boot. The proper long term
fix is to properly detach devfs from the root mount before unmounting
each, and should be implemented, but since the problem is non-harmful,
this temporary band-aid will prevent false positive bug reports and
unnecessary error output for 6.0-RELEASE.
Tested by: pav, pjd
Approved by: re (scottl)
Add helper function ip_findmoptions(), which accepts an inpcb, and attempts
to atomically return either an existing set of IP multicast options for the
PCB, or a newlly allocated set with default values. The inpcb is returned
locked. This function may sleep.
Call ip_moptions() to acquire a reference to a PCB's socket options, and
perform the update of the options while holding the PCB lock. Release the
lock before returning.
Remove garbage collection of multicast options when values return to the
default, as this complicates locking substantially. Most applications
allocate a socket either to be multicast, or not, and don't tend to keep
around sockets that have previously been used for multicast, then used for
unicast.
This closes a number of race conditions involving multiple threads or
processes modifying the IP multicast state of a socket simultaenously.
Approved by: re (scottl)
The "Mbuf" zone was renamed "mbuf" to improve consistency, but the code
example in libmemstat.3 was not updated to take this rename into account.
Update the example.
PR: 84946
Submitted by: Wojciech A. Koszek <dunstan at freebsd dot czest dot pl>
Approved by: re (scottl)
Allocate one of the spare ifnet integer fields to hold if_drv_flags,
which in the future will hold IFF_OACTIVE and IFF_RUNNING, and have
its access synchronized by the device driver rather than the
protocol stack. This will avoid potential races in the management
of flags in if_flags.
Discussed with: various (scottl, jhb, ...)
Approved by: re (kensmith)
Remove no-op spl references in in_pcb.c, since in_pcb locking has been
basically complete for several years now. Update one spl comment to
reference the locking strategy.
Approved by: re (kensmith)
to RELENG_6:
Remove no-op spl's and most comment references to spls, as TCP locking
is believed to be basically done (modulo any remaining bugs).
Approved by: re (kensmith)
Improve canonicalization of copyrights. Order copyrights by order of
assertion (jeff, bmilekic, rwatson).
Suggested ages ago by: bde
Approved by: re (kensmith)
Hook up libmemstat(3) to the library list in mdoc.local. This will cause
the library description (specifically, -lmemstat) to render properly in
the libmemstat.3 man page.
Submitted by: ru
Approved by: re (kensmith)
rev. 1.108, 1.109 src/sys/netinet/ip_fw2.c
rev. 1.101 src/sys/netinet/ip_fw.h
rev. 1.77 src/sbin/ipfw/ipfw2.c
rev. 1.176 src/sbin/ipfw/ipfw.8
* Add dynamic sysctl for net.inet6.ip6.fw.
* Correct handling of IPv6 Extension Headers.
* Add unreach6 code.
* Add logging for IPv6.
* Fix build without INET6 and IPFIREWALL compiled into kernel.[1]
Submitted by: sysctl handling derived from patch from ume needed for ip6fw
Obtained from: is_icmp6_query and send_reject6 derived from similar
functions of netinet6,ip6fw
Reviewed by: ume, gnn; silence on ipfw@
Spotted and tested by: Michal Mertl <mime at traveller.cz>[1]
Approved by: re (kensmith)
Make the procfs module buildable again in the MODULES_WITH_WORLD case.
This means defining a target for default opt_compat.h, but only if we
are not building the modules along with the kernel.
Approved by: re (kensmith)
calls before an if_attach.
Partial MFC of 1.243. The change it was a response to has not been
MFCd, but the comment is relevent without it.
Approved by: re (kensmith)
Take this opportunity to note that glebius indicated
that the initial work in this area was done by
Igor Sysoev <is rambler-co.ru>
Approved by: re (kensmith)
Clarify how the 'channel' argument should look like and add an
example on how to obtain information on devices on an ata channel.
Approved by: re (hrs)
Add a new switch -h for interface stats mode, which prints all interface
statistics in human readable form.
In collaboration with: vsevolod
Reviewed by: cperciva
Approved by: re (kensmith)
Axe ppp_for_tty(). Use tty->t_lsc pointer to store sc. This
also eliminates recursive use of ppp_softc_list_mtx.
PR: kern/84686
Reviewed by: phk
Approved by: re (kensmith)
Fix bogus check. It was possible to panic the kernel by giving 0 length.
This is actually a local DoS, as every user can use /dev/crypto if there
is crypto hardware in the system and cryptodev.ko is loaded (or compiled
into the kernel).
Reported by: Mike Tancsa <mike@sentex.net>
Security: Local DoS on systems with crypto HW and with /dev/crypto available
Approved by: re (kensmith)
Not sure why, but SYSCTL_OUT() can sometimes keep returning ENOMEM
in sysctl_jail_list(). Because of this, jls(8) could enter into
an endless loop. The strange thing is, that we can call jls(8) while
the other one is in loop and it will succeed - SYSCTL_OUT() will
not return ENOMEM there.
Approved by: re (kensmith)
Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.
PR: bin/82625
Submitted by: Chris Hellberg <chellberg juniper.net> (with some cleanups)
Approved by: re (kensmith)
date: 2005/08/18 22:30:52; author: csjp; state: Exp; lines: +4 -2
Add missing braces around bpf_filter which were missed when I
merged the bpfstat code.
Approved by: re (kensmith)
MFC revision 1.167
date: 2005/08/08 21:06:42; author: csjp; state: Exp; lines: +2 -0
Drop in a WITNESS_WARN into SYSCTL_IN to make sure that we are
not holding any non-sleep-able-locks locks when copyin is called.
This gets executed un-conditionally since we have no function
to wire the buffer in this direction.
MFC revision 1.166
date: 2005/08/08 18:54:35; author: csjp; state: Exp; lines: +6 -1
Check to see if we wired the user-supplied buffers in SYSCTL_OUT, if
the buffer has not been wired and we are holding any non-sleep-able locks,
drop a witness warning. If the buffer has not been wired, it is possible
that the writing of the data can sleep, especially if the page is not in
memory. This can result in a number of different locking issues, including
dead locks.
Approved by: re (kensmith)
BRANCH_OVERRIDE environment variable (which, if set, overrides the
BRANCH specified here). These make my FreeBSD Update build code
simpler by making it easier to recognize when two kernels are identical
modulo version numbers.
Approved by: re (kensmith)
