CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:31:31 UTC 2024 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1946): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.139.2.4 -r1.139.2.5 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tun.c diff -u src/sys/net/if_tun.c:1.139.2.4 src/sys/net/if_tun.c:1.139.2.5 --- src/sys/net/if_tun.c:1.139.2.4 Wed Aug 15 12:07:30 2018 +++ src/sys/net/if_tun.c Mon Mar 11 19:31:31 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $ */ +/* $NetBSD: if_tun.c,v 1.139.2.5 2024/03/11 19:31:31 martin Exp $ */ /* * Copyright (c) 1988, Julian Onions @@ -19,7 +19,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.5 2024/03/11 19:31:31 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -577,9 +577,7 @@ tun_output(struct ifnet *ifp, struct mbu goto out; } memcpy(mtod(m0, char *), dst, dst->sa_len); - } - - if (tp->tun_flags & TUN_IFHEAD) { + } else if (tp->tun_flags & TUN_IFHEAD) { /* Prepend the address family */ M_PREPEND(m0, sizeof(*af), M_DONTWAIT); if (m0 == NULL) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:31:31 UTC 2024 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1946): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.139.2.4 -r1.139.2.5 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:25:04 UTC 2023 Modified Files: src/sys/net/npf [netbsd-8]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1893): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.45.6.1 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_ruleset.c diff -u src/sys/net/npf/npf_ruleset.c:1.45 src/sys/net/npf/npf_ruleset.c:1.45.6.1 --- src/sys/net/npf/npf_ruleset.c:1.45 Sun Jan 29 00:15:54 2017 +++ src/sys/net/npf/npf_ruleset.c Wed Aug 23 18:25:04 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_ruleset.c,v 1.45 2017/01/29 00:15:54 christos Exp $ */ +/* $NetBSD: npf_ruleset.c,v 1.45.6.1 2023/08/23 18:25:04 martin Exp $ */ /*- * Copyright (c) 2009-2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.45 2017/01/29 00:15:54 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.45.6.1 2023/08/23 18:25:04 martin Exp $"); #include #include @@ -944,7 +944,7 @@ npf_ruleset_inspect(npf_cache_t *npc, co KASSERT(n < skip_to); /* Group is a barrier: return a matching if found any. */ - if ((attr & NPF_RULE_GROUP) != 0 && final_rl) { + if ((attr & NPF_DYNAMIC_GROUP) == NPF_RULE_GROUP && final_rl) { break; }
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:25:04 UTC 2023 Modified Files: src/sys/net/npf [netbsd-8]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1893): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.45.6.1 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 15:00:28 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1885: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.216.6.8 -r1.216.6.9 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.8 src/sys/net/bpf.c:1.216.6.9 --- src/sys/net/bpf.c:1.216.6.8 Wed Feb 22 19:51:47 2023 +++ src/sys/net/bpf.c Fri Aug 4 15:00:28 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.9 2023/08/04 15:00:28 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.9 2023/08/04 15:00:28 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1605,6 +1605,8 @@ bpf_deliver(struct bpf_if *bp, void *(*c else slen = bpf_filter_ext(NULL, filter->bf_insn, ); + } else { + slen = (u_int)-1; /* No filter means accept all */ } if (!slen) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 15:00:28 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1885: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.216.6.8 -r1.216.6.9 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:19:05 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1824): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.194.6.16 -r1.194.6.17 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:19:05 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1824): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.194.6.16 -r1.194.6.17 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.16 src/sys/net/route.c:1.194.6.17 --- src/sys/net/route.c:1.194.6.16 Wed Feb 22 18:55:06 2023 +++ src/sys/net/route.c Thu Jun 8 11:19:05 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -229,12 +229,14 @@ static krwlock_t rt_lock __cacheline_al #define RT_UNLOCK() rw_exit(_lock) #define RT_WLOCKED() rw_write_held(_lock) #define RT_ASSERT_WLOCK() KASSERT(rw_write_held(_lock)) +#define RT_WQ_FLAGS WQ_MPSAFE #else #define RT_RLOCK() do {} while (0) #define RT_WLOCK() do {} while (0) #define RT_UNLOCK() do {} while (0) #define RT_WLOCKED() true #define RT_ASSERT_WLOCK() do {} while (0) +#define RT_WQ_FLAGS 0 #endif static uint64_t rtcache_generation; @@ -479,7 +481,7 @@ rt_init(void) rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET); error = workqueue_create(_free_global.wq, "rt_free", - rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); @@ -1802,7 +1804,7 @@ rt_timer_init(void) LIST_INIT(_queue_head); callout_init(_timer_ch, CALLOUT_MPSAFE); error = workqueue_create(_timer_wq, "rt_timer", - rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); callout_reset(_timer_ch, hz, rt_timer_timer, NULL);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:51:47 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1802): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.216.6.7 -r1.216.6.8 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:51:47 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1802): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.216.6.7 -r1.216.6.8 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.7 src/sys/net/bpf.c:1.216.6.8 --- src/sys/net/bpf.c:1.216.6.7 Sun Aug 4 11:19:03 2019 +++ src/sys/net/bpf.c Wed Feb 22 19:51:47 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1091,7 +1091,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { +d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break; @@ -1120,7 +1129,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval50 *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { + d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:55:07 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1801): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.194.6.15 -r1.194.6.16 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:55:07 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1801): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.194.6.15 -r1.194.6.16 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.15 src/sys/net/route.c:1.194.6.16 --- src/sys/net/route.c:1.194.6.15 Fri Oct 4 11:26:35 2019 +++ src/sys/net/route.c Wed Feb 22 18:55:06 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -644,8 +644,17 @@ static bool rt_wait_ok(void) { + /* + * This originally returned !cpu_softintr_p(), but that doesn't + * work: the caller may hold a lock (probably softnet lock) + * that a softint is waiting for, in which case waiting here + * would cause a deadlock. See https://gnats.netbsd.org/56844 + * for details. For now, until the locking paths are sorted + * out, we just disable the waiting option altogether and + * always defer to workqueue. + */ KASSERT(!cpu_intr_p()); - return !cpu_softintr_p(); + return false; } void
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 10 16:09:13 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1770): sys/net/if_ethersubr.c: revision 1.254 Fix a bug in the VLAN path: there's an inverted logic, the mbuf needs to be bigger than struct ether_vlan_header, not smaller. Meanwhile add a KASSERT in the LLC path. To generate a diff of this commit: cvs rdiff -u -r1.242.6.9 -r1.242.6.10 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 10 16:09:13 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1770): sys/net/if_ethersubr.c: revision 1.254 Fix a bug in the VLAN path: there's an inverted logic, the mbuf needs to be bigger than struct ether_vlan_header, not smaller. Meanwhile add a KASSERT in the LLC path. To generate a diff of this commit: cvs rdiff -u -r1.242.6.9 -r1.242.6.10 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.9 src/sys/net/if_ethersubr.c:1.242.6.10 --- src/sys/net/if_ethersubr.c:1.242.6.9 Wed Oct 27 18:52:51 2021 +++ src/sys/net/if_ethersubr.c Mon Oct 10 16:09:12 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.10 2022/10/10 16:09:12 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.10 2022/10/10 16:09:12 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -706,7 +706,7 @@ ether_input(struct ifnet *ifp, struct mb * just being used to store the priority. Extract the ether * type, and if IP or IPV6, let them deal with it. */ - if (m->m_len <= sizeof(*evl) + if (m->m_len >= sizeof(*evl) && EVL_VLANOFTAG((ntohs(evl->evl_tag))) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); @@ -841,11 +841,13 @@ ether_input(struct ifnet *ifp, struct mb return; } } else { + KASSERT(ehlen == sizeof(*eh)); #if defined (LLC) || defined (NETATALK) - if (m->m_len < ehlen + sizeof(struct llc)) { + if (m->m_len < sizeof(*eh) + sizeof(struct llc)) { goto dropanyway; } l = (struct llc *)(eh+1); + switch (l->llc_dsap) { #ifdef NETATALK case LLC_SNAP_LSAP: @@ -871,10 +873,10 @@ ether_input(struct ifnet *ifp, struct mb sizeof(aarp_org_code)) == 0 && ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { - m_adj( m, sizeof(struct ether_header) + m_adj(m, sizeof(struct ether_header) + sizeof(struct llc)); aarpinput(ifp, m); /* XXX */ -return; + return; } default:
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:36:35 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1740): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.125.6.10 -r1.125.6.11 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.125.6.10 src/sys/net/if_pppoe.c:1.125.6.11 --- src/sys/net/if_pppoe.c:1.125.6.10 Thu Feb 13 19:37:39 2020 +++ src/sys/net/if_pppoe.c Wed May 4 15:36:35 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.125.6.11 2022/05/04 15:36:35 sborrill Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.11 2022/05/04 15:36:35 sborrill Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -871,6 +871,10 @@ breakbreak:; } sc->sc_ac_cookie_len = ac_cookie_len; memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); + } else if (sc->sc_ac_cookie) { + free(sc->sc_ac_cookie, M_DEVBUF); + sc->sc_ac_cookie = NULL; + sc->sc_ac_cookie_len = 0; } if (relay_sid) { if (sc->sc_relay_sid) @@ -886,6 +890,10 @@ breakbreak:; } sc->sc_relay_sid_len = relay_sid_len; memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); + } else if (sc->sc_relay_sid) { + free(sc->sc_relay_sid, M_DEVBUF); + sc->sc_relay_sid = NULL; + sc->sc_relay_sid_len = 0; } memcpy(>sc_dest, eh->ether_shost, sizeof sc->sc_dest); callout_stop(>sc_timeout); @@ -1313,6 +1321,9 @@ pppoe_get_mbuf(size_t len) { struct mbuf *m; + if (len + sizeof(struct ether_header) > MCLBYTES) + return NULL; + MGETHDR(m, M_DONTWAIT, MT_DATA); if (m == NULL) return NULL;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:36:35 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1740): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.125.6.10 -r1.125.6.11 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:05:45 UTC 2022 Modified Files: src/sys/net [netbsd-8]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1727): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.63.8.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:05:45 UTC 2022 Modified Files: src/sys/net [netbsd-8]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1727): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.63.8.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/ppp_tty.c diff -u src/sys/net/ppp_tty.c:1.63 src/sys/net/ppp_tty.c:1.63.8.1 --- src/sys/net/ppp_tty.c:1.63 Sun Oct 2 14:17:07 2016 +++ src/sys/net/ppp_tty.c Sat Jan 29 17:05:44 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: ppp_tty.c,v 1.63 2016/10/02 14:17:07 christos Exp $ */ +/* $NetBSD: ppp_tty.c,v 1.63.8.1 2022/01/29 17:05:44 martin Exp $ */ /* Id: ppp_tty.c,v 1.3 1996/07/01 01:04:11 paulus Exp */ /* @@ -93,7 +93,7 @@ /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ #include -__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.63 2016/10/02 14:17:07 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.63.8.1 2022/01/29 17:05:44 martin Exp $"); #ifdef _KERNEL_OPT #include "ppp.h" @@ -181,7 +181,7 @@ static void pppdumpframe(struct ppp_soft /* * Does c need to be escaped? */ -#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1 << ((c) & 0x1F))) +#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1U << ((c) & 0x1F))) /* * Procedures for using an async tty interface for PPP. @@ -1012,7 +1012,7 @@ pppinput(int c, struct tty *tp) sc->sc_flags |= SC_RCV_B7_1; else sc->sc_flags |= SC_RCV_B7_0; -if (paritytab[c >> 5] & (1 << (c & 0x1F))) +if (paritytab[c >> 5] & (1U << (c & 0x1F))) sc->sc_flags |= SC_RCV_ODDP; else sc->sc_flags |= SC_RCV_EVNP; @@ -1093,7 +1093,7 @@ pppinput(int c, struct tty *tp) return 0; } -if (c < 0x20 && (sc->sc_rasyncmap & (1 << c))) +if (c < 0x20 && (sc->sc_rasyncmap & (1U << c))) return 0; s = spltty();
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 27 18:52:51 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Fix merge mishap from previous (ticket #1704) To generate a diff of this commit: cvs rdiff -u -r1.242.6.8 -r1.242.6.9 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 27 18:52:51 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Fix merge mishap from previous (ticket #1704) To generate a diff of this commit: cvs rdiff -u -r1.242.6.8 -r1.242.6.9 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.8 src/sys/net/if_ethersubr.c:1.242.6.9 --- src/sys/net/if_ethersubr.c:1.242.6.8 Mon Oct 25 18:16:07 2021 +++ src/sys/net/if_ethersubr.c Wed Oct 27 18:52:51 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -707,7 +707,7 @@ ether_input(struct ifnet *ifp, struct mb * type, and if IP or IPV6, let them deal with it. */ if (m->m_len <= sizeof(*evl) - && EVL_VLANOFTAG((ntohs(evl->evl_tag)) == 0) { + && EVL_VLANOFTAG((ntohs(evl->evl_tag))) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); if ((m->m_flags & M_PROMISC) == 0
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:16:07 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1704): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.242.6.7 -r1.242.6.8 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.7 src/sys/net/if_ethersubr.c:1.242.6.8 --- src/sys/net/if_ethersubr.c:1.242.6.7 Tue Oct 8 18:12:44 2019 +++ src/sys/net/if_ethersubr.c Mon Oct 25 18:16:07 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -707,7 +707,7 @@ ether_input(struct ifnet *ifp, struct mb * type, and if IP or IPV6, let them deal with it. */ if (m->m_len <= sizeof(*evl) - && EVL_VLANOFTAG(evl->evl_tag) == 0) { + && EVL_VLANOFTAG((ntohs(evl->evl_tag)) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); if ((m->m_flags & M_PROMISC) == 0
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:16:07 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1704): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.242.6.7 -r1.242.6.8 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 22 18:07:38 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_l2tp.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #1665): sys/net/if_l2tp.h: revision 1.10 Fix l2tp(4) ioctl type. Pointed out by yamaguchi@n.o, thanks. XXX pullup-[89] To generate a diff of this commit: cvs rdiff -u -r1.2.2.4 -r1.2.2.5 src/sys/net/if_l2tp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 22 18:07:38 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_l2tp.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #1665): sys/net/if_l2tp.h: revision 1.10 Fix l2tp(4) ioctl type. Pointed out by yamaguchi@n.o, thanks. XXX pullup-[89] To generate a diff of this commit: cvs rdiff -u -r1.2.2.4 -r1.2.2.5 src/sys/net/if_l2tp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_l2tp.h diff -u src/sys/net/if_l2tp.h:1.2.2.4 src/sys/net/if_l2tp.h:1.2.2.5 --- src/sys/net/if_l2tp.h:1.2.2.4 Tue Sep 24 18:27:09 2019 +++ src/sys/net/if_l2tp.h Mon Mar 22 18:07:38 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_l2tp.h,v 1.2.2.4 2019/09/24 18:27:09 martin Exp $ */ +/* $NetBSD: if_l2tp.h,v 1.2.2.5 2021/03/22 18:07:38 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -44,11 +44,11 @@ #include #include -#define SIOCSL2TPSESSION _IOW('i', 151, struct l2tp_req) -#define SIOCDL2TPSESSION _IOW('i', 152, struct l2tp_req) -#define SIOCSL2TPCOOKIE _IOW('i', 153, struct l2tp_req) -#define SIOCDL2TPCOOKIE _IOW('i', 154, struct l2tp_req) -#define SIOCSL2TPSTATE _IOW('i', 155, struct l2tp_req) +#define SIOCSL2TPSESSION _IOW('i', 151, struct ifreq) +#define SIOCDL2TPSESSION _IOW('i', 152, struct ifreq) +#define SIOCSL2TPCOOKIE _IOW('i', 153, struct ifreq) +#define SIOCDL2TPCOOKIE _IOW('i', 154, struct ifreq) +#define SIOCSL2TPSTATE _IOW('i', 155, struct ifreq) #define SIOCGL2TP SIOCGIFGENERIC struct l2tp_req {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Feb 13 19:37:39 UTC 2020 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1505): sys/net/if_pppoe.c: revision 1.149 safely extract character sequences from packet for printing. To generate a diff of this commit: cvs rdiff -u -r1.125.6.9 -r1.125.6.10 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Feb 13 19:37:39 UTC 2020 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1505): sys/net/if_pppoe.c: revision 1.149 safely extract character sequences from packet for printing. To generate a diff of this commit: cvs rdiff -u -r1.125.6.9 -r1.125.6.10 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.125.6.9 src/sys/net/if_pppoe.c:1.125.6.10 --- src/sys/net/if_pppoe.c:1.125.6.9 Thu Jul 12 15:11:56 2018 +++ src/sys/net/if_pppoe.c Thu Feb 13 19:37:39 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.125.6.9 2018/07/12 15:11:56 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.9 2018/07/12 15:11:56 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -524,6 +524,7 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, const char *err_msg; char devname[IF_NAMESIZE]; char *error; + size_t dlen; uint8_t *ac_cookie; size_t ac_cookie_len; uint8_t *relay_sid; @@ -610,7 +611,8 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, break; /* ignored */ case PPPOE_TAG_ACNAME: if (len > 0) { -error = malloc(len + 1, M_TEMP, M_NOWAIT); +dlen = 4 * len + 1; +error = malloc(dlen, M_TEMP, M_NOWAIT); if (error == NULL) break; @@ -622,7 +624,9 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, goto done; } -strlcpy(error, mtod(n, char*) + noff, len + 1); +strnvisx(error, dlen, +mtod(n, char*) + noff, len, +VIS_SAFE | VIS_OCTAL); printf("pppoe: connected to %s\n", error); free(error, M_TEMP); } @@ -683,15 +687,17 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, if (err_msg) { error = NULL; if (errortag && len) { -error = malloc(len + 1, M_TEMP, +dlen = 4 * len + 1; +error = malloc(dlen, M_TEMP, M_NOWAIT|M_ZERO); n = m_pulldown(m, off + sizeof(*pt), len, ); if (!n) { m = NULL; } else if (error) { - strlcpy(error, mtod(n, char *) + noff, - len + 1); + strnvisx(error, dlen, + mtod(n, char*) + noff, len, + VIS_SAFE | VIS_OCTAL); } } if (error) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 16:00:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_loop.c Log Message: Pull up the following revisions, requested by msaitoh in ticket #1438: sys/net/if_loop.c 1.108-1.109 via patch Fix a bug that an IP broadcast packet back to myself is dropped as bad checksum when an interface's checksum offload is set. To generate a diff of this commit: cvs rdiff -u -r1.94.6.4 -r1.94.6.5 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_loop.c diff -u src/sys/net/if_loop.c:1.94.6.4 src/sys/net/if_loop.c:1.94.6.5 --- src/sys/net/if_loop.c:1.94.6.4 Tue Jan 2 10:20:33 2018 +++ src/sys/net/if_loop.c Thu Nov 14 16:00:51 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_loop.c,v 1.94.6.4 2018/01/02 10:20:33 snj Exp $ */ +/* $NetBSD: if_loop.c,v 1.94.6.5 2019/11/14 16:00:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.94.6.4 2018/01/02 10:20:33 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.94.6.5 2019/11/14 16:00:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -320,8 +320,13 @@ looutput(struct ifnet *ifp, struct mbuf KASSERT((csum_flags & ~(M_CSUM_IPv4|M_CSUM_UDPv4)) == 0); if (csum_flags != 0 && IN_LOOPBACK_NEED_CHECKSUM(csum_flags)) { ip_undefer_csum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_IPv4 and M_CSUM_UDPv4 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; pktq = ip_pktq; break; #endif @@ -332,8 +337,13 @@ looutput(struct ifnet *ifp, struct mbuf if (csum_flags != 0 && IN6_LOOPBACK_NEED_CHECKSUM(csum_flags)) { ip6_undefer_csum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_UDPv6 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; m->m_flags |= M_LOOP; pktq = ip6_pktq; break;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 16:00:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_loop.c Log Message: Pull up the following revisions, requested by msaitoh in ticket #1438: sys/net/if_loop.c 1.108-1.109 via patch Fix a bug that an IP broadcast packet back to myself is dropped as bad checksum when an interface's checksum offload is set. To generate a diff of this commit: cvs rdiff -u -r1.94.6.4 -r1.94.6.5 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 13 12:53:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #1434): sys/net/if_vlan.c: revision 1.148 Fix a bug that vlan(4) fragments IPv6 packets even the MTU > packet length. The bug is appeared when the mtu is increased on SIOCSETVLAN. >From t-kusaba@IIJ To generate a diff of this commit: cvs rdiff -u -r1.97.2.17 -r1.97.2.18 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.97.2.17 src/sys/net/if_vlan.c:1.97.2.18 --- src/sys/net/if_vlan.c:1.97.2.17 Thu Oct 24 15:48:37 2019 +++ src/sys/net/if_vlan.c Wed Nov 13 12:53:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.97.2.18 2019/11/13 12:53:34 martin Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.18 2019/11/13 12:53:34 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -119,6 +119,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v #ifdef INET6 #include #include +#include #endif #include "ioconf.h" @@ -520,6 +521,12 @@ vlan_config(struct ifvlan *ifv, struct i nmib->ifvm_p = p; nmib->ifvm_tag = vid; ifv->ifv_if.if_mtu = p->if_mtu - nmib->ifvm_mtufudge; +#ifdef INET6 + KERNEL_LOCK_UNLESS_NET_MPSAFE(); + if (in6_present) + nd6_setmtu(ifp); + KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); +#endif ifv->ifv_if.if_flags = p->if_flags & (IFF_UP | IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 13 12:53:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #1434): sys/net/if_vlan.c: revision 1.148 Fix a bug that vlan(4) fragments IPv6 packets even the MTU > packet length. The bug is appeared when the mtu is increased on SIOCSETVLAN. >From t-kusaba@IIJ To generate a diff of this commit: cvs rdiff -u -r1.97.2.17 -r1.97.2.18 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 24 15:48:37 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1411): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.97.2.16 -r1.97.2.17 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 24 15:48:37 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1411): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.97.2.16 -r1.97.2.17 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.97.2.16 src/sys/net/if_vlan.c:1.97.2.17 --- src/sys/net/if_vlan.c:1.97.2.16 Mon Oct 22 07:41:12 2018 +++ src/sys/net/if_vlan.c Thu Oct 24 15:48:37 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1622,7 +1622,6 @@ vlan_input(struct ifnet *ifp, struct mbu } m_set_rcvif(m, >ifv_if); - ifv->ifv_if.if_ipackets++; if (pfil_run_hooks(ifp->if_pfil, , ifp, PFIL_IN) != 0) goto out;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:12:44 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1402): sys/net/if_ethersubr.c: revision 1.277 Increment if_iqdrops when dropping an oversized frame. To generate a diff of this commit: cvs rdiff -u -r1.242.6.6 -r1.242.6.7 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:12:44 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1402): sys/net/if_ethersubr.c: revision 1.277 Increment if_iqdrops when dropping an oversized frame. To generate a diff of this commit: cvs rdiff -u -r1.242.6.6 -r1.242.6.7 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.6 src/sys/net/if_ethersubr.c:1.242.6.7 --- src/sys/net/if_ethersubr.c:1.242.6.6 Tue Oct 8 18:09:41 2019 +++ src/sys/net/if_ethersubr.c Tue Oct 8 18:12:44 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -603,6 +603,7 @@ ether_input(struct ifnet *ifp, struct mb ifp->if_xname, m->m_pkthdr.len); } mutex_exit(_lock); + ifp->if_iqdrops++; m_freem(m); return; }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:09:41 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1401): sys/net/if_ethersubr.c: revision 1.255 Fix two bugs in altq_etherclassify. When scanning the mbuf chain we need to make sure that m_next is not NULL, otherwise NULL deref. After that, we must not touch m->m_pkthdr, given that 'm' may not be the first mbuf of the chain anymore. Declare mtop, and add a KASSERT to make sure it has M_PKTHDR set. To generate a diff of this commit: cvs rdiff -u -r1.242.6.5 -r1.242.6.6 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.5 src/sys/net/if_ethersubr.c:1.242.6.6 --- src/sys/net/if_ethersubr.c:1.242.6.5 Tue Mar 13 15:40:25 2018 +++ src/sys/net/if_ethersubr.c Tue Oct 8 18:09:41 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.5 2018/03/13 15:40:25 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.5 2018/03/13 15:40:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -463,10 +463,13 @@ void altq_etherclassify(struct ifaltq *ifq, struct mbuf *m) { struct ether_header *eh; + struct mbuf *mtop = m; uint16_t ether_type; int hlen, af, hdrsize; void *hdr; + KASSERT((mtop->m_flags & M_PKTHDR) != 0); + hlen = ETHER_HDR_LEN; eh = mtod(m, struct ether_header *); @@ -508,7 +511,10 @@ altq_etherclassify(struct ifaltq *ifq, s while (m->m_len <= hlen) { hlen -= m->m_len; m = m->m_next; + if (m == NULL) + goto bad; } + if (m->m_len < (hlen + hdrsize)) { /* * protocol header not in a single mbuf. @@ -527,11 +533,12 @@ altq_etherclassify(struct ifaltq *ifq, s hdr = mtod(m, void *); - if (ALTQ_NEEDS_CLASSIFY(ifq)) - m->m_pkthdr.pattr_class = + if (ALTQ_NEEDS_CLASSIFY(ifq)) { + mtop->m_pkthdr.pattr_class = (*ifq->altq_classify)(ifq->altq_clfier, m, af); - m->m_pkthdr.pattr_af = af; - m->m_pkthdr.pattr_hdr = hdr; + } + mtop->m_pkthdr.pattr_af = af; + mtop->m_pkthdr.pattr_hdr = hdr; m->m_data -= hlen; m->m_len += hlen; @@ -539,9 +546,9 @@ altq_etherclassify(struct ifaltq *ifq, s return; bad: - m->m_pkthdr.pattr_class = NULL; - m->m_pkthdr.pattr_hdr = NULL; - m->m_pkthdr.pattr_af = AF_UNSPEC; + mtop->m_pkthdr.pattr_class = NULL; + mtop->m_pkthdr.pattr_hdr = NULL; + mtop->m_pkthdr.pattr_af = AF_UNSPEC; } #endif /* ALTQ */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Oct 4 11:26:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by rin in ticket #1398): sys/net/route.c: revision 1.222 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.194.6.14 -r1.194.6.15 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.14 src/sys/net/route.c:1.194.6.15 --- src/sys/net/route.c:1.194.6.14 Tue Sep 24 18:27:09 2019 +++ src/sys/net/route.c Fri Oct 4 11:26:35 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.14 2019/09/24 18:27:09 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.14 2019/09/24 18:27:09 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -1387,47 +1387,48 @@ rt_setgate(struct rtentry *rt, const str } static struct ifaddr * -rt_update_get_ifa(const struct rt_addrinfo info, const struct rtentry *rt, +rt_update_get_ifa(const struct rt_addrinfo *info, const struct rtentry *rt, struct ifnet **ifp, struct psref *psref_ifp, struct psref *psref) { struct ifaddr *ifa = NULL; *ifp = NULL; - if (info.rti_info[RTAX_IFP] != NULL) { - ifa = ifa_ifwithnet_psref(info.rti_info[RTAX_IFP], psref); + if (info->rti_info[RTAX_IFP] != NULL) { + ifa = ifa_ifwithnet_psref(info->rti_info[RTAX_IFP], psref); if (ifa == NULL) goto next; *ifp = ifa->ifa_ifp; if_acquire(*ifp, psref_ifp); - if (info.rti_info[RTAX_IFA] == NULL && - info.rti_info[RTAX_GATEWAY] == NULL) + if (info->rti_info[RTAX_IFA] == NULL && + info->rti_info[RTAX_GATEWAY] == NULL) goto next; ifa_release(ifa, psref); - if (info.rti_info[RTAX_IFA] == NULL) { + if (info->rti_info[RTAX_IFA] == NULL) { /* route change -ifp */ - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_GATEWAY], - *ifp, psref); + ifa = ifaof_ifpforaddr_psref( + info->rti_info[RTAX_GATEWAY], *ifp, psref); } else { /* route change -ifp -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], + psref); if (ifa != NULL) goto out; - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_IFA], + ifa = ifaof_ifpforaddr_psref(info->rti_info[RTAX_IFA], *ifp, psref); } goto out; } next: - if (info.rti_info[RTAX_IFA] != NULL) { + if (info->rti_info[RTAX_IFA] != NULL) { /* route change -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], psref); if (ifa != NULL) goto out; } - if (info.rti_info[RTAX_GATEWAY] != NULL) { + if (info->rti_info[RTAX_GATEWAY] != NULL) { /* route change */ ifa = ifa_ifwithroute_psref(rt->rt_flags, rt_getkey(rt), - info.rti_info[RTAX_GATEWAY], psref); + info->rti_info[RTAX_GATEWAY], psref); } out: if (ifa != NULL && *ifp == NULL) { @@ -1487,7 +1488,7 @@ rt_update(struct rtentry *rt, struct rt_ * flags may also be different; ifp may be specified * by ll sockaddr when protocol address is ambiguous */ - new_ifa = rt_update_get_ifa(*info, rt, _ifp, _new_ifp, + new_ifa = rt_update_get_ifa(info, rt, _ifp, _new_ifp, _new_ifa); if (new_ifa != NULL) { ifa_release(ifa, _ifa);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Oct 4 11:26:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by rin in ticket #1398): sys/net/route.c: revision 1.222 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.194.6.14 -r1.194.6.15 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:19:03 UTC 2019 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1323): sys/net/bpf.c: revision 1.229 Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To generate a diff of this commit: cvs rdiff -u -r1.216.6.6 -r1.216.6.7 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.6 src/sys/net/bpf.c:1.216.6.7 --- src/sys/net/bpf.c:1.216.6.6 Tue May 15 13:48:37 2018 +++ src/sys/net/bpf.c Sun Aug 4 11:19:03 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1969,10 +1969,10 @@ static int bpf_allocbufs(struct bpf_d *d) { - d->bd_fbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP); + d->bd_fbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP); if (!d->bd_fbuf) return (ENOBUFS); - d->bd_sbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP); + d->bd_sbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP); if (!d->bd_sbuf) { kmem_free(d->bd_fbuf, d->bd_bufsize); return (ENOBUFS);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:19:03 UTC 2019 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1323): sys/net/bpf.c: revision 1.229 Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To generate a diff of this commit: cvs rdiff -u -r1.216.6.6 -r1.216.6.7 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:01:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1318): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.56.4.2 -r1.56.4.3 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:01:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1318): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.56.4.2 -r1.56.4.3 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/raw_usrreq.c diff -u src/sys/net/raw_usrreq.c:1.56.4.2 src/sys/net/raw_usrreq.c:1.56.4.3 --- src/sys/net/raw_usrreq.c:1.56.4.2 Mon Apr 9 13:34:10 2018 +++ src/sys/net/raw_usrreq.c Sun Aug 4 11:01:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_usrreq.c,v 1.56.4.2 2018/04/09 13:34:10 bouyer Exp $ */ +/* $NetBSD: raw_usrreq.c,v 1.56.4.3 2019/08/04 11:01:22 martin Exp $ */ /* * Copyright (c) 1980, 1986, 1993 @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.56.4.2 2018/04/09 13:34:10 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.56.4.3 2019/08/04 11:01:22 martin Exp $"); #include #include @@ -120,12 +120,12 @@ raw_input(struct mbuf *m0, ...) } if (last != NULL) { if (sbappendaddr(>so_rcv, src, m, NULL) == 0) { - m_free(m); + m_freem(m); soroverflow(last); } else sorwakeup(last); } else { - m_free(m); + m_freem(m); } }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed May 29 16:01:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1276): sys/net/rtsock.c: revision 1.250 Don't take softnet_lock in sysctl_rtable Taking softnet_lock there can cause a deadlock with nfs sosend, so we don't. Having only KERNEL_LOCK is enough because now the routing table is protected by KERNEL_LOCK that was introduced by the fix for PR 53043. PR kern/54227 from Paul Ripke To generate a diff of this commit: cvs rdiff -u -r1.213.2.12 -r1.213.2.13 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed May 29 16:01:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1276): sys/net/rtsock.c: revision 1.250 Don't take softnet_lock in sysctl_rtable Taking softnet_lock there can cause a deadlock with nfs sosend, so we don't. Having only KERNEL_LOCK is enough because now the routing table is protected by KERNEL_LOCK that was introduced by the fix for PR 53043. PR kern/54227 from Paul Ripke To generate a diff of this commit: cvs rdiff -u -r1.213.2.12 -r1.213.2.13 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/rtsock.c diff -u src/sys/net/rtsock.c:1.213.2.12 src/sys/net/rtsock.c:1.213.2.13 --- src/sys/net/rtsock.c:1.213.2.12 Thu Mar 7 16:59:10 2019 +++ src/sys/net/rtsock.c Wed May 29 16:01:51 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $ */ +/* $NetBSD: rtsock.c,v 1.213.2.13 2019/05/29 16:01:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.13 2019/05/29 16:01:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1873,7 +1873,7 @@ again: w.w_needed = 0 - w.w_given; w.w_where = where; - SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); + KERNEL_LOCK_UNLESS_NET_MPSAFE(); s = splsoftnet(); switch (w.w_op) { @@ -1932,7 +1932,7 @@ again: break; } splx(s); - SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); + KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); /* check to see if we couldn't allocate memory with NOWAIT */ if (error == ENOBUFS && w.w_tmem == 0 && w.w_tmemneeded)
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 14 11:37:13 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_media.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1266): sys/net/if_media.c: revision 1.42 (via patch) Add missing error check. To generate a diff of this commit: cvs rdiff -u -r1.32.6.2 -r1.32.6.3 src/sys/net/if_media.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_media.c diff -u src/sys/net/if_media.c:1.32.6.2 src/sys/net/if_media.c:1.32.6.3 --- src/sys/net/if_media.c:1.32.6.2 Tue Jan 2 10:20:33 2018 +++ src/sys/net/if_media.c Tue May 14 11:37:12 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_media.c,v 1.32.6.2 2018/01/02 10:20:33 snj Exp $ */ +/* $NetBSD: if_media.c,v 1.32.6.3 2019/05/14 11:37:12 martin Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -76,7 +76,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_media.c,v 1.32.6.2 2018/01/02 10:20:33 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_media.c,v 1.32.6.3 2019/05/14 11:37:12 martin Exp $"); #include #include @@ -335,6 +335,9 @@ _ifmedia_ioctl(struct ifnet *ifp, struct : nwords; int *kptr = (int *)malloc(minwords * sizeof(int), M_TEMP, M_WAITOK); + + if (kptr == NULL) +return ENOMEM; /* * Get the media words from the interface's list. */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 14 11:37:13 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_media.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1266): sys/net/if_media.c: revision 1.42 (via patch) Add missing error check. To generate a diff of this commit: cvs rdiff -u -r1.32.6.2 -r1.32.6.3 src/sys/net/if_media.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Apr 22 09:06:49 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1241): sys/net/if_gif.c: revision 1.146 fix a potential bug of gif(4) check for tunnel duplicate. This problem has not actualized thanks to check for duplicate in encap_attach(). To generate a diff of this commit: cvs rdiff -u -r1.126.2.13 -r1.126.2.14 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_gif.c diff -u src/sys/net/if_gif.c:1.126.2.13 src/sys/net/if_gif.c:1.126.2.14 --- src/sys/net/if_gif.c:1.126.2.13 Mon Nov 12 08:50:18 2018 +++ src/sys/net/if_gif.c Mon Apr 22 09:06:49 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_gif.c,v 1.126.2.13 2018/11/12 08:50:18 martin Exp $ */ +/* $NetBSD: if_gif.c,v 1.126.2.14 2019/04/22 09:06:49 martin Exp $ */ /* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.13 2018/11/12 08:50:18 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.14 2019/04/22 09:06:49 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1031,7 +1031,7 @@ gif_set_tunnel(struct ifnet *ifp, struct if (sc2 == sc) continue; - var2 = gif_getref_variant(sc, ); + var2 = gif_getref_variant(sc2, ); if (!var2->gv_pdst || !var2->gv_psrc) { gif_putref_variant(var2, ); continue;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Apr 22 09:06:49 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1241): sys/net/if_gif.c: revision 1.146 fix a potential bug of gif(4) check for tunnel duplicate. This problem has not actualized thanks to check for duplicate in encap_attach(). To generate a diff of this commit: cvs rdiff -u -r1.126.2.13 -r1.126.2.14 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:47:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1216): sys/net/if_ipsec.c: revision 1.21 Fix ipsecif(4) memory leak in some ioctl cases. To generate a diff of this commit: cvs rdiff -u -r1.3.2.10 -r1.3.2.11 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.10 src/sys/net/if_ipsec.c:1.3.2.11 --- src/sys/net/if_ipsec.c:1.3.2.10 Sun Oct 21 11:55:54 2018 +++ src/sys/net/if_ipsec.c Fri Mar 15 14:47:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.10 2018/10/21 11:55:54 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.11 2019/03/15 14:47:22 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.10 2018/10/21 11:55:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.11 2019/03/15 14:47:22 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1104,6 +1104,7 @@ if_ipsec_delete_tunnel(struct ifnet *ifp mutex_exit(>ipsec_lock); encap_lock_exit(); kmem_free(nvar, sizeof(*nvar)); + kmem_free(nullvar, sizeof(*nullvar)); return; } @@ -1191,6 +1192,8 @@ if_ipsec_ensure_flags(struct ifnet *ifp, /* nothing to do */ mutex_exit(>ipsec_lock); encap_lock_exit(); + kmem_free(nvar, sizeof(*nvar)); + kmem_free(nullvar, sizeof(*nullvar)); return 0; }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:47:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1216): sys/net/if_ipsec.c: revision 1.21 Fix ipsecif(4) memory leak in some ioctl cases. To generate a diff of this commit: cvs rdiff -u -r1.3.2.10 -r1.3.2.11 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:44:05 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1215): sys/net/route.c: revision 1.217 Add missing ifa_release on error paths To generate a diff of this commit: cvs rdiff -u -r1.194.6.12 -r1.194.6.13 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.12 src/sys/net/route.c:1.194.6.13 --- src/sys/net/route.c:1.194.6.12 Tue Nov 6 14:38:58 2018 +++ src/sys/net/route.c Fri Mar 15 14:44:05 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.12 2018/11/06 14:38:58 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.13 2019/03/15 14:44:05 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.12 2018/11/06 14:38:58 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.13 2019/03/15 14:44:05 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -1504,6 +1504,8 @@ rt_update(struct rtentry *rt, struct rt_ } if (new_ifa == NULL) ifa_release(ifa, _ifa); + /* To avoid ifa_release below */ + ifa = NULL; } ifa_release(new_ifa, _new_ifa); if (new_ifp && rt->rt_ifp != new_ifp && !if_is_deactivated(new_ifp)) { @@ -1525,6 +1527,7 @@ rt_update(struct rtentry *rt, struct rt_ (void)ifp_changed; /* XXX gcc */ #endif out: + ifa_release(ifa, _ifa); if_put(new_ifp, _new_ifp); if_put(ifp, _ifp);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:44:05 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1215): sys/net/route.c: revision 1.217 Add missing ifa_release on error paths To generate a diff of this commit: cvs rdiff -u -r1.194.6.12 -r1.194.6.13 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Mar 7 16:59:10 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1203): sys/net/rtsock.c: revision 1.247 Protect sysctl_rtable with KERNEL_LOCK and softnet_lock In the function the routing table could be accessed without any locks, which was unsafe. Actually, on netbsd-7, a kernel panic happened(*). The situation of locking hasn't changed since netbsd-7 so we still need to hold the big locks on -current (and netbsd-8) too. Note that if NET_MPSAFE is enabled, the routing table is protected by its own lock and we don't need the locks. Reported and tested on netbsd-7 by sborrill@ (*) http://mail-index.netbsd.org/tech-net/2018/11/08/msg007153.html To generate a diff of this commit: cvs rdiff -u -r1.213.2.11 -r1.213.2.12 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/rtsock.c diff -u src/sys/net/rtsock.c:1.213.2.11 src/sys/net/rtsock.c:1.213.2.12 --- src/sys/net/rtsock.c:1.213.2.11 Wed Nov 21 12:01:11 2018 +++ src/sys/net/rtsock.c Thu Mar 7 16:59:10 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $ */ +/* $NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1873,6 +1873,7 @@ again: w.w_needed = 0 - w.w_given; w.w_where = where; + SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); s = splsoftnet(); switch (w.w_op) { @@ -1931,6 +1932,7 @@ again: break; } splx(s); + SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); /* check to see if we couldn't allocate memory with NOWAIT */ if (error == ENOBUFS && w.w_tmem == 0 && w.w_tmemneeded)
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Mar 7 16:59:10 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1203): sys/net/rtsock.c: revision 1.247 Protect sysctl_rtable with KERNEL_LOCK and softnet_lock In the function the routing table could be accessed without any locks, which was unsafe. Actually, on netbsd-7, a kernel panic happened(*). The situation of locking hasn't changed since netbsd-7 so we still need to hold the big locks on -current (and netbsd-8) too. Note that if NET_MPSAFE is enabled, the routing table is protected by its own lock and we don't need the locks. Reported and tested on netbsd-7 by sborrill@ (*) http://mail-index.netbsd.org/tech-net/2018/11/08/msg007153.html To generate a diff of this commit: cvs rdiff -u -r1.213.2.11 -r1.213.2.12 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jan 11 15:55:02 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ppp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1162): sys/net/if_ppp.c: revision 1.162 sys/net/if_ppp.c: revision 1.163 Fix missing mutex_exit in ppp_create(). Fix missing splx in ppp_inproc(). To generate a diff of this commit: cvs rdiff -u -r1.158.8.1 -r1.158.8.2 src/sys/net/if_ppp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ppp.c diff -u src/sys/net/if_ppp.c:1.158.8.1 src/sys/net/if_ppp.c:1.158.8.2 --- src/sys/net/if_ppp.c:1.158.8.1 Thu Jul 26 23:55:31 2018 +++ src/sys/net/if_ppp.c Fri Jan 11 15:55:01 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ppp.c,v 1.158.8.1 2018/07/26 23:55:31 snj Exp $ */ +/* $NetBSD: if_ppp.c,v 1.158.8.2 2019/01/11 15:55:01 martin Exp $ */ /* Id: if_ppp.c,v 1.6 1997/03/04 03:33:00 paulus Exp */ /* @@ -102,7 +102,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.158.8.1 2018/07/26 23:55:31 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.158.8.2 2019/01/11 15:55:01 martin Exp $"); #ifdef _KERNEL_OPT #include "ppp.h" @@ -301,6 +301,7 @@ ppp_create(const char *name, int unit) break; else if (unit == sci->sc_unit) { free(sc, M_DEVBUF); +mutex_exit(_list_lock); return NULL; } } @@ -1722,6 +1723,7 @@ ppp_inproc(struct ppp_softc *sc, struct /* pktq: inet or inet6 cases */ if (__predict_true(pktq)) { if (__predict_false(!pktq_enqueue(pktq, m, 0))) { + splx(s); ifp->if_iqdrops++; goto bad; } @@ -1733,6 +1735,7 @@ ppp_inproc(struct ppp_softc *sc, struct /* ifq: other protocol cases */ if (!inq) { + splx(s); goto bad; } if (IF_QFULL(inq)) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jan 11 15:55:02 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ppp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1162): sys/net/if_ppp.c: revision 1.162 sys/net/if_ppp.c: revision 1.163 Fix missing mutex_exit in ppp_create(). Fix missing splx in ppp_inproc(). To generate a diff of this commit: cvs rdiff -u -r1.158.8.1 -r1.158.8.2 src/sys/net/if_ppp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 21 12:01:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1101): sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0x80b7c44a in kleak_note [ 944.627332] #1 0x80b7c4ca in kleak_copyout [ 944.627332] #2 0x80c91698 in sysctl_iflist_if [ 944.637336] #3 0x80c91d3c in sysctl_iflist [ 944.647343] #4 0x80c93855 in sysctl_rtable [ 944.647343] #5 0x80b5b328 in sysctl_dispatch [ 944.657346] #6 0x80b5b62e in sys___sysctl [ 944.667354] #7 0x8025ab3c in sy_call [ 944.667354] #8 0x8025ad6e in sy_invoke [ 944.677365] #9 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.213.2.10 -r1.213.2.11 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/rtsock.c diff -u src/sys/net/rtsock.c:1.213.2.10 src/sys/net/rtsock.c:1.213.2.11 --- src/sys/net/rtsock.c:1.213.2.10 Sat May 5 19:07:51 2018 +++ src/sys/net/rtsock.c Wed Nov 21 12:01:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $ */ +/* $NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.10 2018/05/05 19:07:51 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.11 2018/11/21 12:01:11 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1294,7 +1294,7 @@ again: if (rw->w_tmemsize < len) { if (rw->w_tmem) kmem_free(rw->w_tmem, rw->w_tmemsize); -rw->w_tmem = kmem_alloc(len, KM_SLEEP); +rw->w_tmem = kmem_zalloc(len, KM_SLEEP); rw->w_tmemsize = len; } if (rw->w_tmem) { @@ -1863,7 +1863,7 @@ sysctl_rtable(SYSCTLFN_ARGS) again: /* we may return here if a later [re]alloc of the t_mem buffer fails */ if (w.w_tmemneeded) { - w.w_tmem = kmem_alloc(w.w_tmemneeded, KM_SLEEP); + w.w_tmem = kmem_zalloc(w.w_tmemneeded, KM_SLEEP); w.w_tmemsize = w.w_tmemneeded; w.w_tmemneeded = 0; }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 21 12:01:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1101): sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0x80b7c44a in kleak_note [ 944.627332] #1 0x80b7c4ca in kleak_copyout [ 944.627332] #2 0x80c91698 in sysctl_iflist_if [ 944.637336] #3 0x80c91d3c in sysctl_iflist [ 944.647343] #4 0x80c93855 in sysctl_rtable [ 944.647343] #5 0x80b5b328 in sysctl_dispatch [ 944.657346] #6 0x80b5b62e in sys___sysctl [ 944.667354] #7 0x8025ab3c in sy_call [ 944.667354] #8 0x8025ad6e in sy_invoke [ 944.677365] #9 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.213.2.10 -r1.213.2.11 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Nov 12 08:50:18 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1087): sys/net/if_gif.c: revision 1.145 Fix ALTQ on gif(4). Reported and tested by Anthony Mallet, advised by Greg Troxel, thanks. l2tp(4) and ipsecif(4) don't support ALTQ yet. So, they don't require this fix. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.12 -r1.126.2.13 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_gif.c diff -u src/sys/net/if_gif.c:1.126.2.12 src/sys/net/if_gif.c:1.126.2.13 --- src/sys/net/if_gif.c:1.126.2.12 Sun Oct 21 11:55:54 2018 +++ src/sys/net/if_gif.c Mon Nov 12 08:50:18 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_gif.c,v 1.126.2.12 2018/10/21 11:55:54 martin Exp $ */ +/* $NetBSD: if_gif.c,v 1.126.2.13 2018/11/12 08:50:18 martin Exp $ */ /* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.12 2018/10/21 11:55:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.13 2018/11/12 08:50:18 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -489,7 +489,8 @@ gif_output(struct ifnet *ifp, struct mbu m->m_pkthdr.csum_flags = 0; m->m_pkthdr.csum_data = 0; - error = gif_transmit_direct(var, m); + error = if_transmit_lock(ifp, m); + end: if (var != NULL) gif_putref_variant(var, );
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Nov 12 08:50:18 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1087): sys/net/if_gif.c: revision 1.145 Fix ALTQ on gif(4). Reported and tested by Anthony Mallet, advised by Greg Troxel, thanks. l2tp(4) and ipsecif(4) don't support ALTQ yet. So, they don't require this fix. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.12 -r1.126.2.13 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 22 07:41:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Additionally pull up r1.131 for ticket #1066 (requested by knakahara): Use a different psz for a different lock. Patch from riastradh, reviewed by ozaki-r. To generate a diff of this commit: cvs rdiff -u -r1.97.2.15 -r1.97.2.16 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 22 07:41:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Additionally pull up r1.131 for ticket #1066 (requested by knakahara): Use a different psz for a different lock. Patch from riastradh, reviewed by ozaki-r. To generate a diff of this commit: cvs rdiff -u -r1.97.2.15 -r1.97.2.16 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.97.2.15 src/sys/net/if_vlan.c:1.97.2.16 --- src/sys/net/if_vlan.c:1.97.2.15 Sun Oct 21 11:55:54 2018 +++ src/sys/net/if_vlan.c Mon Oct 22 07:41:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.97.2.15 2018/10/21 11:55:54 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.15 2018/10/21 11:55:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -161,6 +161,7 @@ struct ifvlan { * instead of direct dereference */ kmutex_t ifv_lock; /* writer lock for ifv_mib */ + pserialize_t ifv_psz; LIST_HEAD(__vlan_mchead, vlan_mc_entry) ifv_mc_listhead; LIST_ENTRY(ifvlan) ifv_list; @@ -350,6 +351,7 @@ vlan_clone_create(struct if_clone *ifc, psref_target_init(>ifvm_psref, ifvm_psref_class); mutex_init(>ifv_lock, MUTEX_DEFAULT, IPL_NONE); + ifv->ifv_psz = pserialize_create(); ifv->ifv_mib = mib; mutex_enter(_list.lock); @@ -788,7 +790,7 @@ vlan_linkmib_update(struct ifvlan *ifv, membar_producer(); ifv->ifv_mib = nmib; - pserialize_perform(vlan_psz); + pserialize_perform(ifv->ifv_psz); psref_target_destroy(>ifvm_psref, ifvm_psref_class); }
Re: CVS commit: [netbsd-8] src/sys/net
I think you forgot something: Index: sys/net/if_vlan.c === RCS file: /cvsroot/src/sys/net/if_vlan.c,v retrieving revision 1.97.2.15 diff -u -r1.97.2.15 if_vlan.c --- sys/net/if_vlan.c 21 Oct 2018 11:55:54 - 1.97.2.15 +++ sys/net/if_vlan.c 21 Oct 2018 18:36:20 - @@ -161,6 +161,7 @@ * instead of direct dereference */ kmutex_t ifv_lock; /* writer lock for ifv_mib */ + pserialize_t ifv_psz; LIST_HEAD(__vlan_mchead, vlan_mc_entry) ifv_mc_listhead; LIST_ENTRY(ifvlan) ifv_list; -- Hisashi T Fujinaka - ht...@twofifty.com BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Oct 21 11:55:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c if_gif.h if_ipsec.c if_ipsec.h if_l2tp.c if_l2tp.h if_vlan.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1066): sys/net/if_vlan.c: revision 1.133 sys/net/if_gif.h: revision 1.32 sys/net/if_ipsec.c: revision 1.18 sys/net/if_ipsec.h: revision 1.4 sys/net/if_gif.c: revision 1.144 sys/net/if_l2tp.h: revision 1.6 sys/net/if_l2tp.c: revision 1.30 Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.11 -r1.126.2.12 src/sys/net/if_gif.c cvs rdiff -u -r1.25.8.3 -r1.25.8.4 src/sys/net/if_gif.h cvs rdiff -u -r1.3.2.9 -r1.3.2.10 src/sys/net/if_ipsec.c cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/sys/net/if_ipsec.h cvs rdiff -u -r1.11.2.9 -r1.11.2.10 src/sys/net/if_l2tp.c cvs rdiff -u -r1.2.2.2 -r1.2.2.3 src/sys/net/if_l2tp.h cvs rdiff -u -r1.97.2.14 -r1.97.2.15 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_gif.c diff -u src/sys/net/if_gif.c:1.126.2.11 src/sys/net/if_gif.c:1.126.2.12 --- src/sys/net/if_gif.c:1.126.2.11 Thu Jun 7 17:42:25 2018 +++ src/sys/net/if_gif.c Sun Oct 21 11:55:54 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_gif.c,v 1.126.2.11 2018/06/07 17:42:25 martin Exp $ */ +/* $NetBSD: if_gif.c,v 1.126.2.12 2018/10/21 11:55:54 martin Exp $ */ /* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.11 2018/06/07 17:42:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.12 2018/10/21 11:55:54 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -105,7 +105,6 @@ static struct { kmutex_t lock; } gif_softcs __cacheline_aligned; -pserialize_t gif_psz __read_mostly; struct psref_class *gv_psref_class __read_mostly; static void gif_ro_init_pc(void *, void *, struct cpu_info *); @@ -224,7 +223,6 @@ gifinit(void) LIST_INIT(_softcs.list); if_clone_attach(_cloner); - gif_psz = pserialize_create(); gv_psref_class = psref_class_create("gifvar", IPL_SOFTNET); gif_sysctl_setup(); @@ -243,7 +241,6 @@ gifdetach(void) if (error == 0) { psref_class_destroy(gv_psref_class); - pserialize_destroy(gif_psz); if_clone_detach(_cloner); sysctl_teardown(_sysctl); @@ -275,9 +272,10 @@ gif_clone_create(struct if_clone *ifc, i sc->gif_var = var; mutex_init(>gif_lock, MUTEX_DEFAULT, IPL_NONE); + sc->gif_psz = pserialize_create(); + sc->gif_ro_percpu = percpu_alloc(sizeof(struct gif_ro)); percpu_foreach(sc->gif_ro_percpu, gif_ro_init_pc, NULL); - mutex_enter(_softcs.lock); LIST_INSERT_HEAD(_softcs.list, sc, gif_list); mutex_exit(_softcs.lock); @@ -355,6 +353,7 @@ gif_clone_destroy(struct ifnet *ifp) percpu_foreach(sc->gif_ro_percpu, gif_ro_fini_pc, NULL); percpu_free(sc->gif_ro_percpu, sizeof(struct gif_ro)); + pserialize_destroy(sc->gif_psz); mutex_destroy(>gif_lock); var = sc->gif_var; @@ -1173,7 +1172,7 @@ gif_update_variant(struct gif_softc *sc, KASSERT(mutex_owned(>gif_lock)); sc->gif_var = nvar; - pserialize_perform(gif_psz); + pserialize_perform(sc->gif_psz); psref_target_destroy(>gv_psref, gv_psref_class); if (nvar->gv_psrc != NULL && nvar->gv_pdst != NULL) Index: src/sys/net/if_gif.h diff -u src/sys/net/if_gif.h:1.25.8.3 src/sys/net/if_gif.h:1.25.8.4 --- src/sys/net/if_gif.h:1.25.8.3 Thu May 17 14:07:03 2018 +++ src/sys/net/if_gif.h Sun Oct 21 11:55:54 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_gif.h,v 1.25.8.3 2018/05/17 14:07:03 martin Exp $ */ +/* $NetBSD: if_gif.h,v 1.25.8.4 2018/10/21 11:55:54 martin Exp $ */ /* $KAME: if_gif.h,v 1.23 2001/07/27 09:21:42 itojun Exp $ */ /* @@ -40,6 +40,7 @@ #include #include #ifdef _KERNEL +#include #include #endif @@ -78,6 +79,7 @@ struct gif_softc { * instead of direct dereference. */ kmutex_t gif_lock; /* writer lock for gif_var */ + pserialize_t gif_psz; LIST_ENTRY(gif_softc) gif_list; /* list of all gifs */ }; Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.9 src/sys/net/if_ipsec.c:1.3.2.10 --- src/sys/net/if_ipsec.c:1.3.2.9 Thu Jun 7 16:22:43 2018 +++ src/sys/net/if_ipsec.c Sun Oct 21 11:55:54 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.10 2018/10/21 11:55:54 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.10 2018/10/21 11:55:54 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -145,7 +145,6
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Oct 21 11:55:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c if_gif.h if_ipsec.c if_ipsec.h if_l2tp.c if_l2tp.h if_vlan.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1066): sys/net/if_vlan.c: revision 1.133 sys/net/if_gif.h: revision 1.32 sys/net/if_ipsec.c: revision 1.18 sys/net/if_ipsec.h: revision 1.4 sys/net/if_gif.c: revision 1.144 sys/net/if_l2tp.h: revision 1.6 sys/net/if_l2tp.c: revision 1.30 Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.11 -r1.126.2.12 src/sys/net/if_gif.c cvs rdiff -u -r1.25.8.3 -r1.25.8.4 src/sys/net/if_gif.h cvs rdiff -u -r1.3.2.9 -r1.3.2.10 src/sys/net/if_ipsec.c cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/sys/net/if_ipsec.h cvs rdiff -u -r1.11.2.9 -r1.11.2.10 src/sys/net/if_l2tp.c cvs rdiff -u -r1.2.2.2 -r1.2.2.3 src/sys/net/if_l2tp.h cvs rdiff -u -r1.97.2.14 -r1.97.2.15 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 3 17:57:39 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_bridge.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1046): sys/net/if_bridge.c: revision 1.157 sys/net/if_bridge.c: revision 1.158 sys/net/if_bridge.c: revision 1.159 Fix a bug that bridge_enqueue() incorrectly cleared outgoing packet's offload flags. bridge_enqueue() is called from bridge_output() when a packet is spontaneous. Clear csum_flags before calling brige_enqueue() in bridge_forward() or bridge_broadcast() instead of in the beginning of bridge_enqueue(). Note that this change doesn't fix a problem on the following configuration: A bridge has two or more interfaces. An address is assigned to an bridge member interface and some offload flags are set. Another interface has no address and has no any offload flag. XXX pullup-[78] - Fix bridge_enqueue() which was broken by last commit. Use correct mbuf pointer. - Modify comment. Micro optimization. m_copym(M_COPYALL) -> m_copypacket(). To generate a diff of this commit: cvs rdiff -u -r1.134.6.11 -r1.134.6.12 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_bridge.c diff -u src/sys/net/if_bridge.c:1.134.6.11 src/sys/net/if_bridge.c:1.134.6.12 --- src/sys/net/if_bridge.c:1.134.6.11 Thu Jun 7 17:42:25 2018 +++ src/sys/net/if_bridge.c Wed Oct 3 17:57:39 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_bridge.c,v 1.134.6.11 2018/06/07 17:42:25 martin Exp $ */ +/* $NetBSD: if_bridge.c,v 1.134.6.12 2018/10/03 17:57:39 martin Exp $ */ /* * Copyright 2001 Wasabi Systems, Inc. @@ -80,7 +80,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.11 2018/06/07 17:42:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.12 2018/10/03 17:57:39 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_bridge_ipf.h" @@ -1395,11 +1395,6 @@ bridge_enqueue(struct bridge_softc *sc, int len, error; short mflags; - /* - * Clear any in-bound checksum flags for this packet. - */ - m->m_pkthdr.csum_flags = 0; - if (runfilt) { if (pfil_run_hooks(sc->sc_if.if_pfil, , dst_ifp, PFIL_OUT) != 0) { @@ -1545,7 +1540,7 @@ bridge_output(struct ifnet *ifp, struct used = true; mc = m; } else { -mc = m_copym(m, 0, M_COPYALL, M_NOWAIT); +mc = m_copypacket(m, M_DONTWAIT); if (mc == NULL) { sc->sc_if.if_oerrors++; goto next; @@ -1563,8 +1558,7 @@ bridge_output(struct ifnet *ifp, struct used = true; mc = m; } else { - mc = m_copym(m, 0, M_COPYALL, - M_DONTWAIT); + mc = m_copypacket(m, M_DONTWAIT); if (mc == NULL) { sc->sc_if.if_oerrors++; goto next; @@ -1768,6 +1762,13 @@ bridge_forward(struct bridge_softc *sc, bridge_release_member(sc, bif, ); + /* + * Before enqueueing this packet to the destination interface, + * clear any in-bound checksum flags to prevent them from being + * misused as out-bound flags. + */ + m->m_pkthdr.csum_flags = 0; + ACQUIRE_GLOBAL_LOCKS(); bridge_enqueue(sc, dst_if, m, 1); RELEASE_GLOBAL_LOCKS(); @@ -1973,18 +1974,25 @@ bridge_broadcast(struct bridge_softc *sc goto next; if (dst_if != src_if) { - mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); + mc = m_copypacket(m, M_DONTWAIT); if (mc == NULL) { sc->sc_if.if_oerrors++; goto next; } + /* + * Before enqueueing this packet to the destination + * interface, clear any in-bound checksum flags to + * prevent them from being misused as out-bound flags. + */ + mc->m_pkthdr.csum_flags = 0; + ACQUIRE_GLOBAL_LOCKS(); bridge_enqueue(sc, dst_if, mc, 1); RELEASE_GLOBAL_LOCKS(); } if (bmcast) { - mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); + mc = m_copypacket(m, M_DONTWAIT); if (mc == NULL) { sc->sc_if.if_oerrors++; goto next;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 3 17:57:39 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_bridge.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1046): sys/net/if_bridge.c: revision 1.157 sys/net/if_bridge.c: revision 1.158 sys/net/if_bridge.c: revision 1.159 Fix a bug that bridge_enqueue() incorrectly cleared outgoing packet's offload flags. bridge_enqueue() is called from bridge_output() when a packet is spontaneous. Clear csum_flags before calling brige_enqueue() in bridge_forward() or bridge_broadcast() instead of in the beginning of bridge_enqueue(). Note that this change doesn't fix a problem on the following configuration: A bridge has two or more interfaces. An address is assigned to an bridge member interface and some offload flags are set. Another interface has no address and has no any offload flag. XXX pullup-[78] - Fix bridge_enqueue() which was broken by last commit. Use correct mbuf pointer. - Modify comment. Micro optimization. m_copym(M_COPYALL) -> m_copypacket(). To generate a diff of this commit: cvs rdiff -u -r1.134.6.11 -r1.134.6.12 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Sep 7 12:31:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1012): sys/net/route.c: revision 1.212 sys/net/route.c: revision 1.213 route: don't take an extra reference of a rtentry for the delayed free mechanism Because a reference is already taken at that point. - route: avoid overwriting rt_free_global.enqueued unexpectedly rt_free_global.enqueued can be set to true by rt_free during rt_free_work because rt_free_work releases rt_free_global.lock. So rt_free_work must update it once and not update after releasing the lock. To generate a diff of this commit: cvs rdiff -u -r1.194.6.10 -r1.194.6.11 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Sep 7 12:31:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1012): sys/net/route.c: revision 1.212 sys/net/route.c: revision 1.213 route: don't take an extra reference of a rtentry for the delayed free mechanism Because a reference is already taken at that point. - route: avoid overwriting rt_free_global.enqueued unexpectedly rt_free_global.enqueued can be set to true by rt_free during rt_free_work because rt_free_work releases rt_free_global.lock. So rt_free_work must update it once and not update after releasing the lock. To generate a diff of this commit: cvs rdiff -u -r1.194.6.10 -r1.194.6.11 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.10 src/sys/net/route.c:1.194.6.11 --- src/sys/net/route.c:1.194.6.10 Fri Jun 8 10:14:33 2018 +++ src/sys/net/route.c Fri Sep 7 12:31:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.10 2018/06/08 10:14:33 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.11 2018/09/07 12:31:30 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.10 2018/06/08 10:14:33 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.11 2018/09/07 12:31:30 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -702,8 +702,8 @@ rt_free_work(struct work *wk, void *arg) struct rtentry *rt; mutex_enter(_free_global.lock); - rt_free_global.enqueued = false; if ((rt = SLIST_FIRST(_free_global.queue)) == NULL) { + rt_free_global.enqueued = false; mutex_exit(_free_global.lock); return; } @@ -726,7 +726,7 @@ rt_free(struct rtentry *rt) } mutex_enter(_free_global.lock); - rt_ref(rt); + /* No need to add a reference here. */ SLIST_INSERT_HEAD(_free_global.queue, rt, rt_free); if (!rt_free_global.enqueued) { workqueue_enqueue(rt_free_global.wq, _free_global.wk, NULL);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Aug 27 07:49:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #991): sys/net/if.c: revision 1.434 Restore splx removed accidentally at v1.406 Pointed out by k-goda@IIJ To generate a diff of this commit: cvs rdiff -u -r1.394.2.13 -r1.394.2.14 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.394.2.13 src/sys/net/if.c:1.394.2.14 --- src/sys/net/if.c:1.394.2.13 Fri Jul 13 16:01:12 2018 +++ src/sys/net/if.c Mon Aug 27 07:49:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.394.2.13 2018/07/13 16:01:12 martin Exp $ */ +/* $NetBSD: if.c,v 1.394.2.14 2018/08/27 07:49:11 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.13 2018/07/13 16:01:12 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.14 2018/08/27 07:49:11 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -2326,6 +2326,7 @@ if_link_state_change_softint(struct ifne /* Ensure the change is still valid. */ if (ifp->if_link_state == link_state) { IF_LINK_STATE_CHANGE_UNLOCK(ifp); + splx(s); return; }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Aug 27 07:49:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #991): sys/net/if.c: revision 1.434 Restore splx removed accidentally at v1.406 Pointed out by k-goda@IIJ To generate a diff of this commit: cvs rdiff -u -r1.394.2.13 -r1.394.2.14 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Aug 15 12:07:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #974): sys/net/if_tun.c: revision 1.145 sys/net/if_tun.c: revision 1.146 tun: fix locking against myself filt_tunread is called with tun_lock held from tun_output (via tun_output => selnotify => knote), so we must not take tun_lock in filt_tunread. The bug is triggered only if a tun is used through kqueue. Found by k-goda@IIJ Fix tun(4) kevent locking filt_tunread gets called in two contexts: - by calls to selnotify in if_tun.c (or knote, as the case may be, but not here), in which case tp->tun_lock is held; and - by internal logic in kevent, in which tp->tun_lock is not held. The standard convention to discriminate between these two cases is by setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or knote; then in filt_*: if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(>tun_lock)); else mutex_enter(>tun_lock); ... if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(>tun_lock)); else mutex_exit(>tun_lock); Pointed out by and patch from riastradh@ Tested by ozaki-r@ (only the former path) To generate a diff of this commit: cvs rdiff -u -r1.139.2.3 -r1.139.2.4 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Aug 15 12:07:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #974): sys/net/if_tun.c: revision 1.145 sys/net/if_tun.c: revision 1.146 tun: fix locking against myself filt_tunread is called with tun_lock held from tun_output (via tun_output => selnotify => knote), so we must not take tun_lock in filt_tunread. The bug is triggered only if a tun is used through kqueue. Found by k-goda@IIJ Fix tun(4) kevent locking filt_tunread gets called in two contexts: - by calls to selnotify in if_tun.c (or knote, as the case may be, but not here), in which case tp->tun_lock is held; and - by internal logic in kevent, in which tp->tun_lock is not held. The standard convention to discriminate between these two cases is by setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or knote; then in filt_*: if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(>tun_lock)); else mutex_enter(>tun_lock); ... if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(>tun_lock)); else mutex_exit(>tun_lock); Pointed out by and patch from riastradh@ Tested by ozaki-r@ (only the former path) To generate a diff of this commit: cvs rdiff -u -r1.139.2.3 -r1.139.2.4 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tun.c diff -u src/sys/net/if_tun.c:1.139.2.3 src/sys/net/if_tun.c:1.139.2.4 --- src/sys/net/if_tun.c:1.139.2.3 Sat Mar 17 11:26:44 2018 +++ src/sys/net/if_tun.c Wed Aug 15 12:07:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tun.c,v 1.139.2.3 2018/03/17 11:26:44 martin Exp $ */ +/* $NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $ */ /* * Copyright (c) 1988, Julian Onions @@ -19,7 +19,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.3 2018/03/17 11:26:44 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -288,7 +288,7 @@ tun_clone_destroy(struct ifnet *ifp) tp->tun_flags &= ~TUN_RWAIT; cv_broadcast(>tun_cv); } - selnotify(>tun_rsel, 0, 0); + selnotify(>tun_rsel, 0, NOTE_SUBMIT); mutex_exit(>tun_lock); @@ -381,7 +381,7 @@ tunclose(dev_t dev, int flag, int mode, tp->tun_flags &= ~TUN_OPEN; tp->tun_pgid = 0; - selnotify(>tun_rsel, 0, 0); + selnotify(>tun_rsel, 0, NOTE_SUBMIT); TUNDEBUG ("%s: closed\n", ifp->if_xname); mutex_exit(>tun_lock); @@ -625,7 +625,7 @@ tun_output(struct ifnet *ifp, struct mbu if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid) softint_schedule(tp->tun_isih); - selnotify(>tun_rsel, 0, 0); + selnotify(>tun_rsel, 0, NOTE_SUBMIT); mutex_exit(>tun_lock); out: @@ -996,7 +996,7 @@ tunstart(struct ifnet *ifp) if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid) softint_schedule(tp->tun_osih); - selnotify(>tun_rsel, 0, 0); + selnotify(>tun_rsel, 0, NOTE_SUBMIT); } mutex_exit(>tun_lock); } @@ -1057,20 +1057,24 @@ filt_tunread(struct knote *kn, long hint struct tun_softc *tp = kn->kn_hook; struct ifnet *ifp = >tun_if; struct mbuf *m; + int ready; - mutex_enter(>tun_lock); - IF_POLL(>if_snd, m); - if (m == NULL) { - mutex_exit(>tun_lock); - return 0; - } + if (hint & NOTE_SUBMIT) + KASSERT(mutex_owned(>tun_lock)); + else + mutex_enter(>tun_lock); + IF_POLL(>if_snd, m); + ready = (m != NULL); for (kn->kn_data = 0; m != NULL; m = m->m_next) kn->kn_data += m->m_len; - mutex_exit(>tun_lock); + if (hint & NOTE_SUBMIT) + KASSERT(mutex_owned(>tun_lock)); + else + mutex_exit(>tun_lock); - return 1; + return ready; } static const struct filterops tunread_filtops =
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jul 13 16:01:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #915): sys/net/if.c: revision 1.424 Print "NET_MPSAFE enabled" if it's enabled. To generate a diff of this commit: cvs rdiff -u -r1.394.2.12 -r1.394.2.13 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jul 13 16:01:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #915): sys/net/if.c: revision 1.424 Print "NET_MPSAFE enabled" if it's enabled. To generate a diff of this commit: cvs rdiff -u -r1.394.2.12 -r1.394.2.13 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.394.2.12 src/sys/net/if.c:1.394.2.13 --- src/sys/net/if.c:1.394.2.12 Fri Jul 13 15:49:55 2018 +++ src/sys/net/if.c Fri Jul 13 16:01:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.394.2.12 2018/07/13 15:49:55 martin Exp $ */ +/* $NetBSD: if.c,v 1.394.2.13 2018/07/13 16:01:12 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.12 2018/07/13 15:49:55 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.13 2018/07/13 16:01:12 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -309,6 +309,11 @@ ifinit(void) void ifinit1(void) { + +#ifdef NET_MPSAFE + printf("NET_MPSAFE enabled\n"); +#endif + mutex_init(_clone_mtx, MUTEX_DEFAULT, IPL_NONE); TAILQ_INIT(_list);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jul 12 15:11:56 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #890): sys/net/if_pppoe.c: revision 1.137 sys/net/if_pppoe.c: revision 1.139 sys/net/if_pppoe.c: revision 1.140 Drop early if there's no PPPoE interface. Otherwise it is easy for someone to flood dmesg over the local subnet. Fix not to use PPPOE_UNLOCK before acccess to pppoe_softc to avoid a race condition According to the locking order of pppoe(4), the access to pppoe_softc has to follow 5 steps as below. 1. aquire pppoe_softc_list_lock 2. aquire pppoe_softc lock 3. release pppoe_softc_list_lock 4. access to pppoe_softc 5. release pppoe_softc lock However, pppoe_dispatch_disc_pkt() releases the lock of pppoe_softc temporarily, and then re-aquires it before step 4 of the adove. So, it is possible for other contexts to destroy a pppoe_softc in the interim. To fix this condition, avoid PPPOE_UNLOCK with the problem. ok by knakahara@n.o Fix to aquire pppoe_softc_list_lock before read and write the list ok by knakahara@n.o To generate a diff of this commit: cvs rdiff -u -r1.125.6.8 -r1.125.6.9 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.125.6.8 src/sys/net/if_pppoe.c:1.125.6.9 --- src/sys/net/if_pppoe.c:1.125.6.8 Thu Jun 7 17:42:25 2018 +++ src/sys/net/if_pppoe.c Thu Jul 12 15:11:56 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.125.6.8 2018/06/07 17:42:25 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.125.6.9 2018/07/12 15:11:56 martin Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.8 2018/06/07 17:42:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.9 2018/07/12 15:11:56 martin Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -277,8 +277,11 @@ pppoedetach(void) { int error = 0; - if (!LIST_EMPTY(_softc_list)) + rw_enter(_softc_list_lock, RW_READER); + if (!LIST_EMPTY(_softc_list)) { + rw_exit(_softc_list_lock); error = EBUSY; + } if (error == 0) { if_clone_detach(_cloner); @@ -338,9 +341,12 @@ pppoe_clone_create(struct if_clone *ifc, sppp_attach(>sc_sppp.pp_if); bpf_attach(>sc_sppp.pp_if, DLT_PPP_ETHER, 0); + rw_enter(_softc_list_lock, RW_READER); if (LIST_EMPTY(_softc_list)) { pfil_add_ihook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil); } + rw_exit(_softc_list_lock); + if_register(>sc_sppp.pp_if); rw_init(>sc_lock); @@ -424,14 +430,18 @@ pppoe_find_softc_by_hunique(uint8_t *tok { struct pppoe_softc *sc, *t; - if (LIST_EMPTY(_softc_list)) + rw_enter(_softc_list_lock, RW_READER); + if (LIST_EMPTY(_softc_list)) { + rw_exit(_softc_list_lock); return NULL; + } - if (len != sizeof sc) + if (len != sizeof sc) { + rw_exit(_softc_list_lock); return NULL; + } memcpy(, token, len); - rw_enter(_softc_list_lock, RW_READER); LIST_FOREACH(sc, _softc_list, sc_list) { if (sc == t) { PPPOE_LOCK(sc, lock); @@ -518,15 +528,15 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, size_t ac_cookie_len; uint8_t *relay_sid; size_t relay_sid_len; -#ifdef PPPOE_SERVER uint8_t *hunique; size_t hunique_len; -#endif struct pppoehdr *ph; struct pppoetag *pt; struct mbuf *n; int noff, err, errortag; struct ether_header *eh; + struct ifnet *rcvif; + struct psref psref; /* as long as we don't know which instance */ strlcpy(devname, "pppoe", sizeof(devname)); @@ -545,10 +555,8 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, ac_cookie_len = 0; relay_sid = NULL; relay_sid_len = 0; -#ifdef PPPOE_SERVER hunique = NULL; hunique_len = 0; -#endif session = 0; if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); @@ -601,8 +609,7 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, case PPPOE_TAG_SNAME: break; /* ignored */ case PPPOE_TAG_ACNAME: - error = NULL; - if (sc != NULL && len > 0) { + if (len > 0) { error = malloc(len + 1, M_TEMP, M_NOWAIT); if (error == NULL) break; @@ -616,40 +623,24 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, } strlcpy(error, mtod(n, char*) + noff, len + 1); -printf("%s: connected to %s\n", devname, error); +printf("pppoe: connected to %s\n", error); free(error, M_TEMP); } break; /* ignored */ - case PPPOE_TAG_HUNIQUE: { - struct ifnet *rcvif; - struct psref psref; + case PPPOE_TAG_HUNIQUE: + if (hunique == NULL) { +n = m_pulldown(m, off + sizeof(*pt), len, +); +if (!n) { + m = NULL; + err_msg = "TAG HUNIQUE ERROR"; + break; +} - if (sc != NULL) -break; - n = m_pulldown(m, off + sizeof(*pt), len, ); - if (!n) { -m
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jul 12 15:11:56 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #890): sys/net/if_pppoe.c: revision 1.137 sys/net/if_pppoe.c: revision 1.139 sys/net/if_pppoe.c: revision 1.140 Drop early if there's no PPPoE interface. Otherwise it is easy for someone to flood dmesg over the local subnet. Fix not to use PPPOE_UNLOCK before acccess to pppoe_softc to avoid a race condition According to the locking order of pppoe(4), the access to pppoe_softc has to follow 5 steps as below. 1. aquire pppoe_softc_list_lock 2. aquire pppoe_softc lock 3. release pppoe_softc_list_lock 4. access to pppoe_softc 5. release pppoe_softc lock However, pppoe_dispatch_disc_pkt() releases the lock of pppoe_softc temporarily, and then re-aquires it before step 4 of the adove. So, it is possible for other contexts to destroy a pppoe_softc in the interim. To fix this condition, avoid PPPOE_UNLOCK with the problem. ok by knakahara@n.o Fix to aquire pppoe_softc_list_lock before read and write the list ok by knakahara@n.o To generate a diff of this commit: cvs rdiff -u -r1.125.6.8 -r1.125.6.9 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Jul 11 16:50:46 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pullup src/sys/net/if_llatbl.c r1.30 to fix build fallout from previous, requested by both ozaki-r (ticket #918) and kre (ticket #920): Update previous so that there is no unused (but assigned) variable left when there is no ARP. Thanks gcc! To generate a diff of this commit: cvs rdiff -u -r1.18.6.6 -r1.18.6.7 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_llatbl.c diff -u src/sys/net/if_llatbl.c:1.18.6.6 src/sys/net/if_llatbl.c:1.18.6.7 --- src/sys/net/if_llatbl.c:1.18.6.6 Tue Jul 10 15:31:33 2018 +++ src/sys/net/if_llatbl.c Wed Jul 11 16:50:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_llatbl.c,v 1.18.6.6 2018/07/10 15:31:33 martin Exp $ */ +/* $NetBSD: if_llatbl.c,v 1.18.6.7 2018/07/11 16:50:46 martin Exp $ */ /* * Copyright (c) 2004 Luigi Rizzo, Alessandro Cerri. All rights reserved. * Copyright (c) 2004-2008 Qing Li. All rights reserved. @@ -695,12 +695,14 @@ lla_rt_output(const u_char rtm_type, con * conditions so remove it first. */ if (lle != NULL) { - size_t pkts_dropped = llentry_free(lle); #if defined(INET) && NARP > 0 + size_t pkts_dropped = llentry_free(lle); if (dst->sa_family == AF_INET) { arp_stat_add(ARP_STAT_DFRDROPPED, (uint64_t)pkts_dropped); } +#else + (void) llentry_free(lle); #endif }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Jul 11 16:50:46 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pullup src/sys/net/if_llatbl.c r1.30 to fix build fallout from previous, requested by both ozaki-r (ticket #918) and kre (ticket #920): Update previous so that there is no unused (but assigned) variable left when there is no ARP. Thanks gcc! To generate a diff of this commit: cvs rdiff -u -r1.18.6.6 -r1.18.6.7 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 15:31:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pull up the following, requested by ozaki-r in ticket #918: src/sys/net/if_llatbl.c 1.29 Avoid attempting to call arp related functions if there is no arp in the kernel. To generate a diff of this commit: cvs rdiff -u -r1.18.6.5 -r1.18.6.6 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 15:31:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pull up the following, requested by ozaki-r in ticket #918: src/sys/net/if_llatbl.c 1.29 Avoid attempting to call arp related functions if there is no arp in the kernel. To generate a diff of this commit: cvs rdiff -u -r1.18.6.5 -r1.18.6.6 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_llatbl.c diff -u src/sys/net/if_llatbl.c:1.18.6.5 src/sys/net/if_llatbl.c:1.18.6.6 --- src/sys/net/if_llatbl.c:1.18.6.5 Tue Jul 10 14:41:31 2018 +++ src/sys/net/if_llatbl.c Tue Jul 10 15:31:33 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_llatbl.c,v 1.18.6.5 2018/07/10 14:41:31 martin Exp $ */ +/* $NetBSD: if_llatbl.c,v 1.18.6.6 2018/07/10 15:31:33 martin Exp $ */ /* * Copyright (c) 2004 Luigi Rizzo, Alessandro Cerri. All rights reserved. * Copyright (c) 2004-2008 Qing Li. All rights reserved. @@ -696,10 +696,12 @@ lla_rt_output(const u_char rtm_type, con */ if (lle != NULL) { size_t pkts_dropped = llentry_free(lle); +#if defined(INET) && NARP > 0 if (dst->sa_family == AF_INET) { arp_stat_add(ARP_STAT_DFRDROPPED, (uint64_t)pkts_dropped); } +#endif } lle = lla_create(llt, 0, dst, rt);
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Tue Jul 10 14:44:05 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_handler.c Log Message: Pull up following revision(s) (requested by maxv in ticket #919): sys/net/npf/npf_handler.c: revision 1.41 Update the pointer when fast-kicking, because it may have been freed. Before my changes the nonsensical pointer ininitialization held, but when I started introducing sanity checks the whole thing collapsed. Need pullup-8. To generate a diff of this commit: cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_handler.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_handler.c diff -u src/sys/net/npf/npf_handler.c:1.37.6.1 src/sys/net/npf/npf_handler.c:1.37.6.2 --- src/sys/net/npf/npf_handler.c:1.37.6.1 Wed May 9 15:35:37 2018 +++ src/sys/net/npf/npf_handler.c Tue Jul 10 14:44:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_handler.c,v 1.37.6.1 2018/05/09 15:35:37 martin Exp $ */ +/* $NetBSD: npf_handler.c,v 1.37.6.2 2018/07/10 14:44:05 martin Exp $ */ /*- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.37.6.1 2018/05/09 15:35:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.37.6.2 2018/07/10 14:44:05 martin Exp $"); #include #include @@ -159,6 +159,7 @@ npf_packet_handler(npf_t *npf, struct mb /* If error on the format, leave quickly. */ if (flags & NPC_FMTERR) { + *mp = nbuf_head_mbuf(); error = EINVAL; goto fastout; }
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Tue Jul 10 14:44:05 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_handler.c Log Message: Pull up following revision(s) (requested by maxv in ticket #919): sys/net/npf/npf_handler.c: revision 1.41 Update the pointer when fast-kicking, because it may have been freed. Before my changes the nonsensical pointer ininitialization held, but when I started introducing sanity checks the whole thing collapsed. Need pullup-8. To generate a diff of this commit: cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_handler.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 14:41:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #918): sys/net/if_llatbl.c: revision 1.28 Don't overwrite an existing llentry on RTM_ADD to avoid race conditions Reported and tested by christos@ To generate a diff of this commit: cvs rdiff -u -r1.18.6.4 -r1.18.6.5 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_llatbl.c diff -u src/sys/net/if_llatbl.c:1.18.6.4 src/sys/net/if_llatbl.c:1.18.6.5 --- src/sys/net/if_llatbl.c:1.18.6.4 Sat Jun 9 14:44:33 2018 +++ src/sys/net/if_llatbl.c Tue Jul 10 14:41:31 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_llatbl.c,v 1.18.6.4 2018/06/09 14:44:33 martin Exp $ */ +/* $NetBSD: if_llatbl.c,v 1.18.6.5 2018/07/10 14:41:31 martin Exp $ */ /* * Copyright (c) 2004 Luigi Rizzo, Alessandro Cerri. All rights reserved. * Copyright (c) 2004-2008 Qing Li. All rights reserved. @@ -677,7 +677,7 @@ lla_rt_output(const u_char rtm_type, con /* Add static LLE */ IF_AFDATA_WLOCK(ifp); - lle = lla_lookup(llt, 0, dst); + lle = lla_lookup(llt, LLE_EXCLUSIVE, dst); /* Cannot overwrite an existing static entry */ if (lle != NULL && @@ -689,8 +689,18 @@ lla_rt_output(const u_char rtm_type, con error = EEXIST; goto out; } - if (lle != NULL) - LLE_RUNLOCK(lle); + + /* + * We can't overwrite an existing entry to avoid race + * conditions so remove it first. + */ + if (lle != NULL) { + size_t pkts_dropped = llentry_free(lle); + if (dst->sa_family == AF_INET) { +arp_stat_add(ARP_STAT_DFRDROPPED, +(uint64_t)pkts_dropped); + } + } lle = lla_create(llt, 0, dst, rt); if (lle == NULL) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 14:41:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #918): sys/net/if_llatbl.c: revision 1.28 Don't overwrite an existing llentry on RTM_ADD to avoid race conditions Reported and tested by christos@ To generate a diff of this commit: cvs rdiff -u -r1.18.6.4 -r1.18.6.5 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jun 9 14:44:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by nonaka in ticket #862): sys/net/if_llatbl.c: revision 1.27 It is necessary to set wall time instead of monotonic time to rmx_expire. To generate a diff of this commit: cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_llatbl.c diff -u src/sys/net/if_llatbl.c:1.18.6.3 src/sys/net/if_llatbl.c:1.18.6.4 --- src/sys/net/if_llatbl.c:1.18.6.3 Tue Mar 13 13:27:10 2018 +++ src/sys/net/if_llatbl.c Sat Jun 9 14:44:33 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_llatbl.c,v 1.18.6.3 2018/03/13 13:27:10 martin Exp $ */ +/* $NetBSD: if_llatbl.c,v 1.18.6.4 2018/06/09 14:44:33 martin Exp $ */ /* * Copyright (c) 2004 Luigi Rizzo, Alessandro Cerri. All rights reserved. * Copyright (c) 2004-2008 Qing Li. All rights reserved. @@ -112,8 +112,8 @@ lltable_dump_entry(struct lltable *llt, /* Need to copy by myself */ rtm->rtm_index = ifp->if_index; rtm->rtm_rmx.rmx_mtu = 0; - rtm->rtm_rmx.rmx_expire = - (lle->la_flags & LLE_STATIC) ? 0 : lle->la_expire; + rtm->rtm_rmx.rmx_expire = (lle->la_flags & LLE_STATIC) ? 0 : + time_mono_to_wall(lle->la_expire); rtm->rtm_flags = RTF_UP; rtm->rtm_flags |= RTF_HOST; /* For ndp */ /* For backward compatibility */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jun 9 14:44:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by nonaka in ticket #862): sys/net/if_llatbl.c: revision 1.27 It is necessary to set wall time instead of monotonic time to rmx_expire. To generate a diff of this commit: cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 17:50:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #844): sys/net/if.c: revision 1.425 Relax a lock check in if_mcast_op unless NET_MPSAFE It seems that there remain some paths that don't satisfy the constraint that is required only if NET_MPSAFE. So don't check it by default. One known path is nd6_rtrequest => in6_addmulti => if_mcast_op, which is not easy to address. To generate a diff of this commit: cvs rdiff -u -r1.394.2.10 -r1.394.2.11 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.394.2.10 src/sys/net/if.c:1.394.2.11 --- src/sys/net/if.c:1.394.2.10 Tue May 15 13:48:37 2018 +++ src/sys/net/if.c Thu Jun 7 17:50:54 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.394.2.10 2018/05/15 13:48:37 martin Exp $ */ +/* $NetBSD: if.c,v 1.394.2.11 2018/06/07 17:50:54 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.10 2018/05/15 13:48:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.11 2018/06/07 17:50:54 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -3601,10 +3601,13 @@ if_mcast_op(ifnet_t *ifp, const unsigned int rc; struct ifreq ifr; + /* There remain some paths that don't hold IFNET_LOCK yet */ +#ifdef NET_MPSAFE /* CARP and MROUTING still don't deal with the lock yet */ #if (!defined(NCARP) || (NCARP == 0)) && !defined(MROUTING) KASSERT(IFNET_LOCKED(ifp)); #endif +#endif if (ifp->if_mcastop != NULL) rc = (*ifp->if_mcastop)(ifp, cmd, sa); else {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 17:50:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #844): sys/net/if.c: revision 1.425 Relax a lock check in if_mcast_op unless NET_MPSAFE It seems that there remain some paths that don't satisfy the constraint that is required only if NET_MPSAFE. So don't check it by default. One known path is nd6_rtrequest => in6_addmulti => if_mcast_op, which is not easy to address. To generate a diff of this commit: cvs rdiff -u -r1.394.2.10 -r1.394.2.11 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:22:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #840): sys/net/if_ipsec.c: revision 1.15,1.16 Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks. Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed. Fix the following two issues. - remove extra padding of sizeof(xisr) when adding ipsec policy - add padding for xpl when adding discard policy To generate a diff of this commit: cvs rdiff -u -r1.3.2.8 -r1.3.2.9 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.8 src/sys/net/if_ipsec.c:1.3.2.9 --- src/sys/net/if_ipsec.c:1.3.2.8 Thu Jun 7 16:19:47 2018 +++ src/sys/net/if_ipsec.c Thu Jun 7 16:22:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1591,6 +1591,7 @@ if_ipsec_add_sp0(struct sockaddr *src, i if_ipsec_add_pad(m, padlen); if_ipsec_add_mbuf(m, , sizeof(xpl)); + padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl); if (policy == IPSEC_POLICY_IPSEC) { if_ipsec_add_mbuf(m, , sizeof(xisr)); /* @@ -1599,10 +1600,9 @@ if_ipsec_add_sp0(struct sockaddr *src, i */ if_ipsec_add_mbuf_addr_port(m, src, sport, false); if_ipsec_add_mbuf_addr_port(m, dst, dport, false); - } - padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl); - if (src != NULL && dst != NULL) + padlen -= PFKEY_ALIGN8(sizeof(xisr)); padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len); + } if_ipsec_add_pad(m, padlen); /* key_kpi_spdadd() has already done KEY_SP_REF(). */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:22:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #840): sys/net/if_ipsec.c: revision 1.15,1.16 Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks. Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed. Fix the following two issues. - remove extra padding of sizeof(xisr) when adding ipsec policy - add padding for xpl when adding discard policy To generate a diff of this commit: cvs rdiff -u -r1.3.2.8 -r1.3.2.9 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:19:47 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #839): sys/net/if_ipsec.c: revision 1.14 ipsecif(4) must not set port number to spidx even if NAT-T. Pointed out by ohishi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.3.2.7 -r1.3.2.8 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.7 src/sys/net/if_ipsec.c:1.3.2.8 --- src/sys/net/if_ipsec.c:1.3.2.7 Thu May 17 14:07:03 2018 +++ src/sys/net/if_ipsec.c Thu Jun 7 16:19:47 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.7 2018/05/17 14:07:03 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.7 2018/05/17 14:07:03 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1574,13 +1574,18 @@ if_ipsec_add_sp0(struct sockaddr *src, i m_copyback(m, 0, sizeof(msg), ); if_ipsec_add_mbuf(m, , sizeof(xsrc)); - if_ipsec_add_mbuf_addr_port(m, src, sport, true); + /* + * secpolicy.spidx.{src, dst} must not be set port number, + * even if it is used for NAT-T. + */ + if_ipsec_add_mbuf_addr_port(m, src, 0, true); padlen = PFKEY_UNUNIT64(xsrc.sadb_address_len) - (sizeof(xsrc) + PFKEY_ALIGN8(src->sa_len)); if_ipsec_add_pad(m, padlen); if_ipsec_add_mbuf(m, , sizeof(xdst)); - if_ipsec_add_mbuf_addr_port(m, dst, dport, true); + /* ditto */ + if_ipsec_add_mbuf_addr_port(m, dst, 0, true); padlen = PFKEY_UNUNIT64(xdst.sadb_address_len) - (sizeof(xdst) + PFKEY_ALIGN8(dst->sa_len)); if_ipsec_add_pad(m, padlen); @@ -1588,6 +1593,10 @@ if_ipsec_add_sp0(struct sockaddr *src, i if_ipsec_add_mbuf(m, , sizeof(xpl)); if (policy == IPSEC_POLICY_IPSEC) { if_ipsec_add_mbuf(m, , sizeof(xisr)); + /* + * secpolicy.req->saidx.{src, dst} must be set port number, + * when it is used for NAT-T. + */ if_ipsec_add_mbuf_addr_port(m, src, sport, false); if_ipsec_add_mbuf_addr_port(m, dst, dport, false); }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:19:47 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #839): sys/net/if_ipsec.c: revision 1.14 ipsecif(4) must not set port number to spidx even if NAT-T. Pointed out by ohishi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.3.2.7 -r1.3.2.8 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu May 17 14:02:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #828): sys/net/if_ipsec.c: revision 1.12 Fix "how" argument of MGET(). Pointed out by maxv@n.o, thanks. MGET() does not have M_ZERO flag, so add memset when it is required. To generate a diff of this commit: cvs rdiff -u -r1.3.2.5 -r1.3.2.6 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu May 17 14:02:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #828): sys/net/if_ipsec.c: revision 1.12 Fix "how" argument of MGET(). Pointed out by maxv@n.o, thanks. MGET() does not have M_ZERO flag, so add memset when it is required. To generate a diff of this commit: cvs rdiff -u -r1.3.2.5 -r1.3.2.6 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.5 src/sys/net/if_ipsec.c:1.3.2.6 --- src/sys/net/if_ipsec.c:1.3.2.5 Mon Apr 9 17:01:20 2018 +++ src/sys/net/if_ipsec.c Thu May 17 14:02:31 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.5 2018/04/09 17:01:20 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.6 2018/05/17 14:02:31 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.5 2018/04/09 17:01:20 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.6 2018/05/17 14:02:31 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1339,10 +1339,11 @@ if_ipsec_add_mbuf_optalign(struct mbuf * { struct mbuf *m; - MGET(m, M_WAITOK | M_ZERO, MT_DATA); - if (align) + MGET(m, M_WAIT, MT_DATA); + if (align) { m->m_len = PFKEY_ALIGN8(len); - else + memset(mtod(m, void *), 0, m->m_len); + } else m->m_len = len; m_copyback(m, 0, len, data); m_cat(m0, m); @@ -1378,8 +1379,9 @@ if_ipsec_add_pad(struct mbuf *m0, size_t if (len == 0) return; - MGET(m, M_WAITOK | M_ZERO, MT_DATA); + MGET(m, M_WAIT, MT_DATA); m->m_len = len; + memset(mtod(m, void *), 0, m->m_len); m_cat(m0, m); } @@ -1556,7 +1558,7 @@ if_ipsec_add_sp0(struct sockaddr *src, i memset(, 0, sizeof(xpl)); memset(, 0, sizeof(xisr)); - MGETHDR(m, M_WAITOK, MT_DATA); + MGETHDR(m, M_WAIT, MT_DATA); size = if_ipsec_set_sadb_src(, src, proto); ext_msg_len += PFKEY_UNIT64(size); @@ -1683,7 +1685,7 @@ if_ipsec_del_sp0(struct secpolicy *sp) memset(, 0, sizeof(msg)); memset(, 0, sizeof(xpl)); - MGETHDR(m, M_WAITOK, MT_DATA); + MGETHDR(m, M_WAIT, MT_DATA); size = if_ipsec_set_sadb_x_policy(, NULL, 0, 0, sp->id, 0, NULL, NULL); ext_msg_len += PFKEY_UNIT64(size);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 15 13:48:37 UTC 2018 Modified Files: src/sys/net [netbsd-8]: bpf.c if.c if_bridge.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #826): sys/net/if_bridge.c: revision 1.155 sys/net/if.c: revision 1.421 sys/net/bpf.c: revision 1.224 sys/net/if.c: revision 1.422 sys/net/if.c: revision 1.423 Use if_is_mpsafe (NFC) Protect packet input routines with KERNEL_LOCK and splsoftnet if_input, i.e, ether_input and friends, now runs in softint without any protections. It's ok for ether_input itself because it's already MP-safe, however, subsequent routines called from it such as carp_input and agr_input aren't safe because they're not MP-safe. Protect if_input with KERNEL_LOCK. if_input can be called from a normal LWP context. In that case we need to prevent interrupts (softint) from running by splsoftnet to protect non-MP-safe codes (e.g., carp_input and agr_input). Pointed out by mlelstv@ Protect if_deferred_start_softint with KERNEL_LOCK if the interface isn't MP-safe To generate a diff of this commit: cvs rdiff -u -r1.216.6.5 -r1.216.6.6 src/sys/net/bpf.c cvs rdiff -u -r1.394.2.9 -r1.394.2.10 src/sys/net/if.c cvs rdiff -u -r1.134.6.9 -r1.134.6.10 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.5 src/sys/net/bpf.c:1.216.6.6 --- src/sys/net/bpf.c:1.216.6.5 Mon Feb 5 14:18:00 2018 +++ src/sys/net/bpf.c Tue May 15 13:48:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.5 2018/02/05 14:18:00 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.5 2018/02/05 14:18:00 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -836,9 +836,13 @@ bpf_write(struct file *fp, off_t *offp, error = if_output_lock(ifp, ifp, m, (struct sockaddr *) , NULL); if (mc != NULL) { - if (error == 0) + if (error == 0) { + int s = splsoftnet(); + KERNEL_LOCK_UNLESS_IFP_MPSAFE(ifp); ifp->_if_input(ifp, mc); - else + KERNEL_UNLOCK_UNLESS_IFP_MPSAFE(ifp); + splx(s); + } else m_freem(mc); } /* Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.394.2.9 src/sys/net/if.c:1.394.2.10 --- src/sys/net/if.c:1.394.2.9 Wed Feb 28 18:54:43 2018 +++ src/sys/net/if.c Tue May 15 13:48:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.394.2.9 2018/02/28 18:54:43 martin Exp $ */ +/* $NetBSD: if.c,v 1.394.2.10 2018/05/15 13:48:37 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.9 2018/02/28 18:54:43 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.394.2.10 2018/05/15 13:48:37 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -716,8 +716,7 @@ if_initialize(ifnet_t *ifp) if (if_is_link_state_changeable(ifp)) { u_int flags = SOFTINT_NET; - flags |= ISSET(ifp->if_extflags, IFEF_MPSAFE) ? - SOFTINT_MPSAFE : 0; + flags |= if_is_mpsafe(ifp) ? SOFTINT_MPSAFE : 0; ifp->if_link_si = softint_establish(flags, if_link_state_change_si, ifp); if (ifp->if_link_si == NULL) { @@ -834,11 +833,13 @@ struct if_percpuq * if_percpuq_create(struct ifnet *ifp) { struct if_percpuq *ipq; + u_int flags = SOFTINT_NET; + + flags |= if_is_mpsafe(ifp) ? SOFTINT_MPSAFE : 0; ipq = kmem_zalloc(sizeof(*ipq), KM_SLEEP); ipq->ipq_ifp = ifp; - ipq->ipq_si = softint_establish(SOFTINT_NET|SOFTINT_MPSAFE, - if_percpuq_softint, ipq); + ipq->ipq_si = softint_establish(flags, if_percpuq_softint, ipq); ipq->ipq_ifqs = percpu_alloc(sizeof(struct ifqueue)); percpu_foreach(ipq->ipq_ifqs, _percpuq_init_ifq, NULL); @@ -1066,11 +1067,13 @@ void if_deferred_start_init(struct ifnet *ifp, void (*func)(struct ifnet *)) { struct if_deferred_start *ids; + u_int flags = SOFTINT_NET; + + flags |= if_is_mpsafe(ifp) ? SOFTINT_MPSAFE : 0; ids = kmem_zalloc(sizeof(*ids), KM_SLEEP); ids->ids_ifp = ifp; - ids->ids_si = softint_establish(SOFTINT_NET|SOFTINT_MPSAFE, - if_deferred_start_softint, ids); + ids->ids_si = softint_establish(flags, if_deferred_start_softint, ids); if (func != NULL) ids->ids_if_start = func; else Index: src/sys/net/if_bridge.c diff -u src/sys/net/if_bridge.c:1.134.6.9 src/sys/net/if_bridge.c:1.134.6.10 --- src/sys/net/if_bridge.c:1.134.6.9 Wed Apr 18 14:11:42 2018 +++ src/sys/net/if_bridge.c Tue May 15 13:48:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_bridge.c,v 1.134.6.9 2018/04/18 14:11:42 martin Exp $ */ +/* $NetBSD: if_bridge.c,v 1.134.6.10 2018/05/15 13:48:37 martin Exp $ */ /* * Copyright 2001
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 15 13:48:37 UTC 2018 Modified Files: src/sys/net [netbsd-8]: bpf.c if.c if_bridge.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #826): sys/net/if_bridge.c: revision 1.155 sys/net/if.c: revision 1.421 sys/net/bpf.c: revision 1.224 sys/net/if.c: revision 1.422 sys/net/if.c: revision 1.423 Use if_is_mpsafe (NFC) Protect packet input routines with KERNEL_LOCK and splsoftnet if_input, i.e, ether_input and friends, now runs in softint without any protections. It's ok for ether_input itself because it's already MP-safe, however, subsequent routines called from it such as carp_input and agr_input aren't safe because they're not MP-safe. Protect if_input with KERNEL_LOCK. if_input can be called from a normal LWP context. In that case we need to prevent interrupts (softint) from running by splsoftnet to protect non-MP-safe codes (e.g., carp_input and agr_input). Pointed out by mlelstv@ Protect if_deferred_start_softint with KERNEL_LOCK if the interface isn't MP-safe To generate a diff of this commit: cvs rdiff -u -r1.216.6.5 -r1.216.6.6 src/sys/net/bpf.c cvs rdiff -u -r1.394.2.9 -r1.394.2.10 src/sys/net/if.c cvs rdiff -u -r1.134.6.9 -r1.134.6.10 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Mon May 14 19:22:30 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_alg_icmp.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #823): sys/net/npf/npf_inet.c: revision 1.45-1.47 sys/net/npf/npf_alg_icmp.c: revision 1.27-1.30 sys/net/npf/npf_sendpkt.c: revision 1.19 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. Retrieve the complete IPv4 header right away, and make sure we did retrieve the IPv6 option header we were iterating on. Ah, fix compilation. I tested my previous change by loading the kernel module from the filesystem, but the Makefile didn't have DIAGNOSTIC enabled, and the two KASSERTs I added did not compile properly. If we fail to advance inside TCP/UDP/ICMPv4/ICMPv6, stop pretending L4 is unknown, and error out right away. This prevents bugs in machinery, if a place looks for L4 in 'npc_proto' without checking the cache too. I've seen a ~similar problem already. In addition to checking L4 in the cache, here we also need to check the protocol. The NPF entry point does not ensure that ICMPv6 can be set only in IPv6 ICMPv4 can be set only in IPv4 So we could have ICMPv6 in IPv4. apply some INET6 so this compiles in INET6-less kernels again. To generate a diff of this commit: cvs rdiff -u -r1.24.8.1 -r1.24.8.2 src/sys/net/npf/npf_alg_icmp.c cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_inet.c cvs rdiff -u -r1.16.8.1 -r1.16.8.2 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Mon May 14 19:22:30 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_alg_icmp.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #823): sys/net/npf/npf_inet.c: revision 1.45-1.47 sys/net/npf/npf_alg_icmp.c: revision 1.27-1.30 sys/net/npf/npf_sendpkt.c: revision 1.19 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. Retrieve the complete IPv4 header right away, and make sure we did retrieve the IPv6 option header we were iterating on. Ah, fix compilation. I tested my previous change by loading the kernel module from the filesystem, but the Makefile didn't have DIAGNOSTIC enabled, and the two KASSERTs I added did not compile properly. If we fail to advance inside TCP/UDP/ICMPv4/ICMPv6, stop pretending L4 is unknown, and error out right away. This prevents bugs in machinery, if a place looks for L4 in 'npc_proto' without checking the cache too. I've seen a ~similar problem already. In addition to checking L4 in the cache, here we also need to check the protocol. The NPF entry point does not ensure that ICMPv6 can be set only in IPv6 ICMPv4 can be set only in IPv4 So we could have ICMPv6 in IPv4. apply some INET6 so this compiles in INET6-less kernels again. To generate a diff of this commit: cvs rdiff -u -r1.24.8.1 -r1.24.8.2 src/sys/net/npf/npf_alg_icmp.c cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_inet.c cvs rdiff -u -r1.16.8.1 -r1.16.8.2 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_alg_icmp.c diff -u src/sys/net/npf/npf_alg_icmp.c:1.24.8.1 src/sys/net/npf/npf_alg_icmp.c:1.24.8.2 --- src/sys/net/npf/npf_alg_icmp.c:1.24.8.1 Wed May 9 15:35:37 2018 +++ src/sys/net/npf/npf_alg_icmp.c Mon May 14 19:22:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_alg_icmp.c,v 1.24.8.1 2018/05/09 15:35:37 martin Exp $ */ +/* $NetBSD: npf_alg_icmp.c,v 1.24.8.2 2018/05/14 19:22:30 martin Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.24.8.1 2018/05/09 15:35:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.24.8.2 2018/05/14 19:22:30 martin Exp $"); #include #include @@ -120,13 +120,15 @@ npfa_icmp_match(npf_cache_t *npc, npf_na /* * npfa_icmp{4,6}_inspect: retrieve unique identifiers - either ICMP query * ID or TCP/UDP ports of the original packet, which is embedded. + * + * => Sets hasqid=true if the packet has a Query Id. In this case neither + *the nbuf nor npc is touched. */ static bool -npfa_icmp4_inspect(const int type, npf_cache_t *npc) +npfa_icmp4_inspect(const int type, npf_cache_t *npc, bool *hasqid) { nbuf_t *nbuf = npc->npc_nbuf; - u_int offby; /* Per RFC 792. */ switch (type) { @@ -147,12 +149,8 @@ npfa_icmp4_inspect(const int type, npf_c case ICMP_TSTAMPREPLY: case ICMP_IREQ: case ICMP_IREQREPLY: - /* Should contain ICMP query ID - ensure. */ - offby = offsetof(struct icmp, icmp_id); - if (!nbuf_advance(nbuf, offby, sizeof(uint16_t))) { - return false; - } - npc->npc_info |= NPC_ICMP_ID; + /* Contains ICMP query ID. */ + *hasqid = true; return true; default: break; @@ -161,10 +159,9 @@ npfa_icmp4_inspect(const int type, npf_c } static bool -npfa_icmp6_inspect(const int type, npf_cache_t *npc) +npfa_icmp6_inspect(const int type, npf_cache_t *npc, bool *hasqid) { nbuf_t *nbuf = npc->npc_nbuf; - u_int offby; /* Per RFC 4443. */ switch (type) { @@ -180,12 +177,8 @@ npfa_icmp6_inspect(const int type, npf_c case ICMP6_ECHO_REQUEST: case ICMP6_ECHO_REPLY: - /*
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed May 9 15:35:37 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf.h npf_alg_icmp.c npf_handler.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #817): sys/net/npf/npf_inet.c: revision 1.38-1.44 sys/net/npf/npf_handler.c: revision 1.38-1.39 sys/net/npf/npf_alg_icmp.c: revision 1.26 sys/net/npf/npf.h: revision 1.56 sys/net/npf/npf_sendpkt.c: revision 1.17-1.18 Declare NPC_FMTERR, and use it to kick malformed packets. Several sanity checks are added in IPv6; after we see the first IPPROTO_FRAGMENT header, we are allowed to fail to advance, otherwise we kick the packet. Sent on tech-net@ a few days ago, no response, but I'm committing it now anyway. Switch nptr to uint8_t, and use nbuf_ensure_contig. Makes us use fewer magic values. Remove dead branches, 'npc' can't be NULL (and it is dereferenced earlier). Fix two consecutive mistakes. The first mistake was npf_inet.c rev1.37: "Don't reassemble ipv6 fragments, instead treat the first fragment as a regular packet (subject to filtering rules), and pass subsequent fragments in the same group unconditionally." Doing this was entirely wrong, because then a packet just had to push the L4 payload in a secondary fragment, and NPF wouldn't apply rules on it - meaning any IPv6 packet could bypass >=L4 filtering. This mistake was supposed to be a fix for the second mistake. The second mistake was that ip6_reass_packet (in npf_reassembly) was getting called with npc->npc_hlen. But npc_hlen pointed to the last encountered header in the IPv6 chain, which was not necessarily the fragment header. So ip6_reass_packet was given garbage, and would fail, resulting in the packet getting kicked. So basically IPv6 was broken by NPF. The first mistake is reverted, and the second one is fixed by doing: - hlen = sizeof(struct ip6_frag); + hlen = 0; Now the iteration stops on the fragment header, and the call to ip6_reass_packet is valid. My npf_inet.c rev1.38 is partially reverted: we don't need to worry about failing properly to advance; once the packet is reassembled npf_cache_ip gets called again, and this time the whole chain should be there. Tested with a simple UDPv6 server - send a 3000-byte-sized buffer, the packet gets correctly reassembled by NPF now. Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF is not happy in npf_reassembly, because NPC_IPFRAG is again returned after the packet was reassembled. I'm wondering whether it would not be better to just remove the fragment header in frag6_input directly. Fix the "return-rst" rule on IPv6 packets. The scopes needed to be set on the addresses before invoking ip6_output, because ip6_output needs them. The reason they are not here already is because pfil_run_hooks (in ip6_input) is called _before_ the kernel initializes the scopes. Until now ip6_output was always failing, and the IPv6-TCP-RST packet was never actually sent. Perhaps it would be better to have the kernel initialize the scopes before invoking pfil_run_hooks, but several things will need to be fixed in several places. Tested with a simple TCPv6 server. Until now the client would block waiting for an answer that never came; now it receives an RST right away and closes the connection, as expected. I believe that the same problem exists in the "return-icmp" rules, but I can't investigate this right now (some problems with wireshark). Fix the IPv6 payload computation in npf_tcpsaw. It was incorrect, and this caused the "return-rst" rules to send back an RST with the wrong ACK when the received SYN had an IPv6 option. Set the scopes before calling icmp6_error(). This fixes a bug similar to the one I fixed in rev1.17: since the scopes were not set the packet was never actually sent. Tested with wireshark, now the ICMPv6 reply is correctly sent, as expected. Don't read the L4 payload after IPPROTO_AH when handling IPv6 packets. AH must be considered as the payload, otherwise a block all pass in proto ah from any pass out proto ah from any configuration will actually block everything, because NPF checks the protocol against the one found after AH, and not AH itself. In addition it may have been a problem for stateful connections; an AH packet sent by an attacker with an incorrect authentication and a correct TCP/UDP/whatever payload from an active connection could manage to change NPF's FSM state, which would perhaps have altered the legitimate connection with the authenticated remote IPsec host. Note that IPv4 already doesn't go beyond AH, which is the correct behavior. Add XXX (we don't handle IPv6 Jumbograms), and whitespace. To generate a diff of this commit: cvs rdiff -u -r1.54.6.1 -r1.54.6.2 src/sys/net/npf/npf.h cvs rdiff -u -r1.24 -r1.24.8.1
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed May 9 15:35:37 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf.h npf_alg_icmp.c npf_handler.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #817): sys/net/npf/npf_inet.c: revision 1.38-1.44 sys/net/npf/npf_handler.c: revision 1.38-1.39 sys/net/npf/npf_alg_icmp.c: revision 1.26 sys/net/npf/npf.h: revision 1.56 sys/net/npf/npf_sendpkt.c: revision 1.17-1.18 Declare NPC_FMTERR, and use it to kick malformed packets. Several sanity checks are added in IPv6; after we see the first IPPROTO_FRAGMENT header, we are allowed to fail to advance, otherwise we kick the packet. Sent on tech-net@ a few days ago, no response, but I'm committing it now anyway. Switch nptr to uint8_t, and use nbuf_ensure_contig. Makes us use fewer magic values. Remove dead branches, 'npc' can't be NULL (and it is dereferenced earlier). Fix two consecutive mistakes. The first mistake was npf_inet.c rev1.37: "Don't reassemble ipv6 fragments, instead treat the first fragment as a regular packet (subject to filtering rules), and pass subsequent fragments in the same group unconditionally." Doing this was entirely wrong, because then a packet just had to push the L4 payload in a secondary fragment, and NPF wouldn't apply rules on it - meaning any IPv6 packet could bypass >=L4 filtering. This mistake was supposed to be a fix for the second mistake. The second mistake was that ip6_reass_packet (in npf_reassembly) was getting called with npc->npc_hlen. But npc_hlen pointed to the last encountered header in the IPv6 chain, which was not necessarily the fragment header. So ip6_reass_packet was given garbage, and would fail, resulting in the packet getting kicked. So basically IPv6 was broken by NPF. The first mistake is reverted, and the second one is fixed by doing: - hlen = sizeof(struct ip6_frag); + hlen = 0; Now the iteration stops on the fragment header, and the call to ip6_reass_packet is valid. My npf_inet.c rev1.38 is partially reverted: we don't need to worry about failing properly to advance; once the packet is reassembled npf_cache_ip gets called again, and this time the whole chain should be there. Tested with a simple UDPv6 server - send a 3000-byte-sized buffer, the packet gets correctly reassembled by NPF now. Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF is not happy in npf_reassembly, because NPC_IPFRAG is again returned after the packet was reassembled. I'm wondering whether it would not be better to just remove the fragment header in frag6_input directly. Fix the "return-rst" rule on IPv6 packets. The scopes needed to be set on the addresses before invoking ip6_output, because ip6_output needs them. The reason they are not here already is because pfil_run_hooks (in ip6_input) is called _before_ the kernel initializes the scopes. Until now ip6_output was always failing, and the IPv6-TCP-RST packet was never actually sent. Perhaps it would be better to have the kernel initialize the scopes before invoking pfil_run_hooks, but several things will need to be fixed in several places. Tested with a simple TCPv6 server. Until now the client would block waiting for an answer that never came; now it receives an RST right away and closes the connection, as expected. I believe that the same problem exists in the "return-icmp" rules, but I can't investigate this right now (some problems with wireshark). Fix the IPv6 payload computation in npf_tcpsaw. It was incorrect, and this caused the "return-rst" rules to send back an RST with the wrong ACK when the received SYN had an IPv6 option. Set the scopes before calling icmp6_error(). This fixes a bug similar to the one I fixed in rev1.17: since the scopes were not set the packet was never actually sent. Tested with wireshark, now the ICMPv6 reply is correctly sent, as expected. Don't read the L4 payload after IPPROTO_AH when handling IPv6 packets. AH must be considered as the payload, otherwise a block all pass in proto ah from any pass out proto ah from any configuration will actually block everything, because NPF checks the protocol against the one found after AH, and not AH itself. In addition it may have been a problem for stateful connections; an AH packet sent by an attacker with an incorrect authentication and a correct TCP/UDP/whatever payload from an active connection could manage to change NPF's FSM state, which would perhaps have altered the legitimate connection with the authenticated remote IPsec host. Note that IPv4 already doesn't go beyond AH, which is the correct behavior. Add XXX (we don't handle IPv6 Jumbograms), and whitespace. To generate a diff of this commit: cvs rdiff -u -r1.54.6.1 -r1.54.6.2 src/sys/net/npf/npf.h cvs rdiff -u -r1.24 -r1.24.8.1