| Age | Commit message (Collapse) | Author |
|---|
|
for example, with locking assertions.
OK mpi@, anton@
|
|
adding more filter properties without cluttering the struct.
OK mpi@, anton@
|
|
The 3 subsystems: signal, poll/select and kqueue can now be addressed
separatly.
Note that bpf(4) and audio(4) currently delay the wakeups to a separate
context in order to respect the KERNEL_LOCK() requirement. Sockets (UDP,
TCP) and pipes spin to grab the lock for the sames reasons.
ok anton@, visa@
|
|
like USB only use the former and bpf_iflist was otherwise retaining
references to a freed bpf_if.
ok sashan
|
|
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().
Idea from NetBSD
OK mpi@, claudio@
|
|
something with csignal().
OK visa@
|
|
make the structs const so that the data are put in .rodata.
OK mpi@, deraadt@, anton@, bluhm@
|
|
BPF: remove redundant reference counting of filedescriptors
Anton@ made problem crystal clear:
I've been looking into a similar bpf panic reported by syzkaller,
which looks somewhat related. The one reported by syzkaller is caused
by issuing ioctl(SIOCIFDESTROY) on the interface which the packet filter
is attached to. This will in turn invoke the following functions
expressed as an inverted stacktrace:
1. bpfsdetach()
2. vdevgone()
3. VOP_REVOKE()
4. vop_generic_revoke()
5. vgonel()
6. vclean(DOCLOSE)
7. VOP_CLOSE()
8. bpfclose()
Note that bpfclose() is called before changing the vnode type. In
bpfclose(), the `struct bpf_d` is immediately removed from the global
bpf_d_list list and might end up sleeping inside taskq_barrier(systq).
Since the bpf file descriptor (fd) is still present and valid, another
thread could perform an ioctl() on the fd only to fault since
bpfilter_lookup() will return NULL. The vnode is not locked in this path
either so it won't end up waiting on the ongoing vclean().
Steps to trigger the similar type of panic are straightforward, let there be
two processes running concurrently:
process A:
while true ; do ifconfig tun0 up ; ifconfig tun0 destroy ; done
process B:
while true ; do tcpdump -i tun0 ; done
panic happens within few secs (Dell PowerEdge 710)
OK @visa, OK @anton
|
|
this is not needed now that the "public" api does not provide a way
to pass a custom copy function in for the internals to pass around.
ok claudio@ visa@
|
|
it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.
ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.
|
|
pointed out by naddy@
|
|
this makes it easier to call at least, and makes it consistent with
bpf_tap_hdr.
ok stsp@ sashan@
|
|
ok anton@, sashan@
|
|
|
|
OK visa@, OK mpi@
|
|
prevent passing negative values to timeout_add().
While here, protect against unsigned wrap around during addition of
bd_rdStart and bd_rtout since it could also cause passing negative
values to timeout_add().
ok bluhm@
Reported-by: syzbot+6771e3d6d9567b3983aa@syzkaller.appspotmail.com
|
|
OK visa@
|
|
the timeout converted to ticks is later passed timeout_add(), it could
cause a panic if the timeout is negative.
ok deraadt@ millert@
Reported-by: syzbot+82cb4dfe6a1fc3d8b490@syzkaller.appspotmail.com
|
|
BIOCSFILDROP was already able to be used as a quick and dirty
firewall, which is especially useful when you you want to filter
non-ip things. however, capturing the packets you're dropping is a
lot of overhead when you just want to drop stuff. this extends
fildrop so you can tell bpf not to capture the packets it drops.
ok sthen@ mikeb@ claudio@ visa@
|
|
ioctl function after the device has been pulled out. Also accept
this error code in bpf_detachd() to prevent a kernel panic. tcpdump(8)
may run while the interface is detached.
from Moritz Buhl; OK stsp@
|
|
affects the bpfioctl() and bpfclose() path.
lock assertion reported and fix tested by Pierre Emeriaud; OK visa@
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
internally it uses mbufs to handle the chain of buffers, but the
caller doesnt have to deal with that or allocate a temporary buffer
with the header attached.
ok mpi@
|
|
bpf assumed that it was being unconditionally attached to network
interfaces, and maintained a pointer to a struct ifnet *. this was
mostly used to get at the name of the interface, which is how
userland asks to be attached to a particular interface. this diff
adds a pointer to the name and uses it instead of the interface
pointer for these lookups. this in turn allows bpf to be attached
to arbitrary subsystems in the kernel which just have to supply a
name rather than an interface pointer. for example, bpf could be
attached to pf_test so you can see what packets are about to be
filtered. mpi@ is using this to look at usb transfers.
bpf still uses the interface pointer for bpfwrite, and for enabling
and disabling promisc. however, these are nopped out for subsystems.
ok mpi@
|
|
ok deraadt@ krw@
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
expansion bug in bpf prevented protocols above 127. m_data is
signed, bpf_mbuf_ldb() returns unsigned.
bug report Matthias Pitzl; OK deraadt@ millert@
|
|
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@
|
|
on amd64 and i386.
|
|
ok dlg@, visa@
|
|
rectification.
|
|
With this change bpf_catchpacket() no longer need the KERNEL_LOCK().
Tested by Hrvoje Popovski who reported a recursion in the previous
attempt.
ok bluhm@
|
|
bpf_mpath_ether().
Problem reported by Hrvoje Popovski.
|
|
With this change bpf_catchpacket() no longer need the KERNEL_LOCK().
ok bluhm@, jmatthew@
|
|
before we call ifpromisc() and possibly sleep.
ok bluhm@
|
|
are fulfilled in bpf_catchpacket().
|
|
|
|
While here properly account for used reference in bpfwrite().
ok bluhm@
|
|
This will help trading the KERNEL_LOCK for a mutex.
ok bluhm@
|
|
|
|
ok natano@ deraadt@
|
|
This will allow us make bpf_tap() KERNEL_LOCK() free.
Discussed with dlg@ and input from guenther@
|
|
already does it.
|
|
for the reference counting.
ok dlg@
|
|
and bpfwrite(), all of which will need to grabe a lock to protect the
buffers.
ok dlg@
|
|
descriptor is referenced before it is inserted in the global list.
ok dlg@
|
|
minor number for reuse by the device cloning code. This fixes a panic
reported by bluhm@.
initial diff from tedu
ok deraadt
|
|
to ifconfig.
"llprio" allows one to set the priority of packets that do not go through
pf(4), as the case is for arp(4) or bpf(4).
ok sthen@ mikeb@
|
|
the srp_ref struct is used to track the location of the callers
hazard pointer so later calls to srp_follow and srp_enter already
know what to clear. this in turn means most of the caveats around
using srps go away. specifically, you can now:
- switch cpus while holding an srp ref
- ie, you can sleep while holding an srp ref
- you can take and release srp refs in any order
the original intent was to simplify use of the api when dealing
with complicated data structures. the caller now no longer has to
track the location of the srp a value was fetched from, the srp_ref
effectively does that for you.
srp lists have been refactored to use srp_refs instead of srpl_iter
structs.
this is in preparation of using srps inside the ART code. ART is a
complicated data structure, and lookups require overlapping holds
of srp references.
ok mpi@ jmatthew@
|
|
this makes it more obvious that the bpf code should only read
packets, never modify them.
now possible because the paths that care about M_FILDROP set it
after calling bpf_mtap.
ok mpi@ visa@ deraadt@
|
