| Age | Commit message (Collapse) | Author |
|---|
|
Make knote(9) lock the knote list internally, and add knote_locked(9)
for the typical situation where the list is already locked.
Remove the KNOTE(9) macro to simplify the API.
Manual page OK jmc@
OK mpi@ mvs@
|
|
Use the same mutex for read and write side klists. It would be overkill
to have dedicated locks.
Remove klist_invalidate() from pppacclose() because pppac(4) does not
have forced device detach. When the close routine gets called, there
should be no open file descriptors pointing the device, and consequently
the klists should be empty.
OK mvs@
|
|
The kernel lock is still taken when we access pppx(4) layer through
device node. Since pipex(4) layer doesn't rely on netlock anymore, and we
don't acquire it when we access pipex(4) from pppx(4) layer, kernel lock
is enough to protect pppx(4) data. Such data doesn't accessed from packet
processing path, so there is no reason to block it by netlock acquiring.
Assume kernel lock as protection for `pxd_pxis' lists and `pppx_ifs' tree.
The search in `pppx_ifs' tree has no context switch. There is no context
switch between the `pxi' free unit search and tree insertion.
Use reference counters to make `pxi' dereference safe, instead of holding
netlock. Now pppx_if_find() returns `pxi' with reference counter bumped,
and newly introduced pppx_if_rele() used for release this `pxi'.
Introduce pppx_if_find_locked() which returns `pxi' but doesn't bump
reference counter. pppx_if_find_locked() and pppx_if_find() both called
with kernel lock held, but keep existing notation where _locked()
function returned data with non bumped counter.
Mark dying `pxi' by setting `pxi_ready' to null, so concurrent thread
can't receive it by pppx_if_find().
The netlock is left around modification of associated ifnet's
`if_description'. This is unwanted because `if_description' never accessed
within packet processing path, but this require ifnet locking
modification, so keep this to the following diffs.
ok bluhm@
|
|
Push netlock down to pppx_add_session(). The 'pppx_if' structure has
the `pxi_ready' member to prevent access to incomplete `pxi', so we
don't need to hold netlock during all initialisation process. This
removes potential PR_WAITOK/M_WAITOK allocations impact on packet
processing. Also this removes relock dances around if_attach() and
if_detach() calls.
Do not grab netlock for FIONREAD. mbuf(9) queue doesn't rely on it.
Do not grab netlock around pipex_ioctl() call. pipex(4) has its own
protection and doesn't rely on netlock. We need to unlink pipex(4)
session before destroy associated `pxi', it can't be killed
concurrently. Also this stops to block packet processing when npppd(8)
periodically does PIPEXGCLOSED ioctl(2) commands.
The dummy FIONBIO case doesn't require any lock to be held.
The netlock remains to be taken around pppx_del_session() and
pppx_set_session_descr() because pppx(4) data structures rely on it.
Tested by Hrvoje Popovski.
ok yasuoka@
|
|
There was a crash due to use after free of the ifa although it is
ref counted. As ifa_refcnt was a simple integer increment, there
may be a path where multiple CPUs access it concurrently. So change
to struct refcnt which is MP safe and provides dt(4) leak debugging.
Link level address for IPsec enc(4) and various MPLS interfaces is
special. There ifa is part of struct sc. Use refcount anyway and
add a panic to detect use after free.
bug report stsp@; OK mvs@
|
|
netlock anymore.
ok bluhm@ yasuoka@
|
|
|
|
mutex(9) to protect session context. Except MPPE encryption, PPPOE
sessions are mostly immutable, so no lock required for that case.
Global pipex(4) data is already protected by `pipex_list_mtx' mutex(9),
so pipex(4) doesn't rely on netlock anymore.
Recursion was removed from pipex_mppe_input() and pipex_mppe_output().
ok bluhm@
|
|
Also remove unneeded includes of <sys/poll.h> and <sys/select.h>.
Some addenda from jsg@.
OK miod@ mpi@
|
|
(*if_qstart)() and we don't worry it's not serialized with the rest of
output path. Also we will process already enqueued pipex(4) packets
regardless on `pipex_enable' state.
Use the local copy of `pipex_enable' within pppx_if_output(), otherwise we
loose consistency.
pointed and ok by bluhm@
|
|
(*if_qstart)() be always called with netlock held doesn't work anymore
with PPPOE sessions.
Introduce `pipex_list_mtx' mutex(9) and use it to protect global pipex(4)
lists and radix trees.
Protect pipex(4) `session' dereference with reference counters, because we
could sleep when accessing pipex(4) from ioctl(2) path, and this is not
possible with mutex(9) held.
ok bluhm@
|
|
which represent flags. We mix unlocked access to immutable flags with
protected access to mutable ones. This could be not MP independent on
some architectures, so convert these fields to u_int `flags' variables.
ok bluhm@
|
|
net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@
|
|
ok mvs@
Reported-by: syzbot+e2d1df67f742a5a47938@syzkaller.appspotmail.com
Reported-by: syzbot+72298724beda82ec8e7f@syzkaller.appspotmail.com
|
|
points in pppacopen() and pppacclose() paths. Use the same "sc_ready"
logic we use for 'pppx_if' structure.
Reported-by: syzbot+a7ac144b48f7f471f689@syzkaller.appspotmail.com
ok anton@ dlg@
|
|
more compliant to bluhm@'s work on traffic forwarding parallelization.
ok yasuoka@ bluhm@
|
|
the first cut of this diff was made with coccinelle using this spatch:
@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)
i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.
ok deraadt@ bluhm@
|
|
pppac_ioctl() be called on dying pppac(4) interface. But now if_detach()
makes dying `ifp' inaccessible and waits for references which are in-use
in ioctl(2) path. This logic is not required anymore. Also if_detach()
was moved before klist_invalidate() to prevent the case while
pppac_qstart() bump `sc_rsel'.
ok yasuoka@
|
|
Otherwise this `pxi' can be killed by concurrent thread after context
switch caused by following netlock.
ok yasuoka@
|
|
OpenBSD 6.7 npppd(8) can't work over tun(4).
ok yasuoka@
|
|
Rename klist_{insert,remove}() to klist_{insert,remove}_locked().
These functions assume that the caller has locked the klist. The current
state of locking remains intact because the kernel lock is still used
with all klists.
Add new functions klist_insert() and klist_remove() that lock the klist
internally. This allows some code simplification.
OK mpi@
|
|
pppx_if_qstart() and pppac_qstart() with netlock held. Otherwise we can't
be sure about netlock status while performing these handlers.
Problem reported by Glen Faustino.
ok yasuoka@
|
|
ok yasuoka@
|
|
pipex(4) layer this `ifnet' still uses `if_data'. Also pppx(4) doesn't
use per cpu counters but `if_data'.
Add per cpu counters to pppx(4) and pipex(4). This finishes interface
statistics collecting mess.
ok yasuoka@
|
|
pipex_iface of struct pipex_session with owner_sc which refers the
owner device. This makes ioctl commands for pppac or pppx device
simpler. PIPEX{S,G}MODE became dummy since both pppac and pppx is
always used with pipex. Also move some pppac specific things to the
pppac part on if_pppx.c.
suggestions from mvs, ok mvs
|
|
packets output out of KERNEL_LOCK. pppx(4) and pipex(4) are ready to
this.
ok yasuoka@ mpi@
|
|
count them because `if_snd' does this.
ok yasuoka@
|
|
packets output out of KERNEL_LOCK. pppac(4) and pipex(4) are ready to
this.
ok yasuoka@
|
|
ok mpi@
|
|
within pipex(4) layer.
ok mpi@
|
|
ok mpi@
|
|
ok dlg@ tobhe@
|
|
"new" API.
ok dlg@ tobhe@
|
|
malloc(9) in pppxopen(). We can avoid these races without rwlock. Also
we move malloc(9) out of rwlock.
ok mpi@
|
|
prevent collecting entropy from pppx(4).
ok mpi@
|
|
simultaneously protected by KERNEL_LOCK() and NET_LOCK() and now we have
the only lock for it. This step reduces locking mess in this layer.
ok mpi@
|
|
ok mpi@
|
|
- There is no panic() condition while inserting `pxi' to tree so drop
RBT_FIND() to avoid two lookups.
- Modify text in panic() message in delete case.
ok yasuoka@ claudio@
|
|
listed below.
- pipex_init_session() to check request and alloc new session.
- pipex_link_session() to link session to pipex(4) layer.
- pipex_unlink_session() to unlink session from pipex(4) layer.
- pipex_rele_session() to release session and it's internal allocation.
ok mpi@
|
|
This help in case of a context switch inside if_detach().
From Vitaliy Makkoveev.
|
|
|
|
Premature locking is causing more trouble than it is solving issue. In this
case the lifetime of descriptors is protected by the KERNEL_LOCK() so using
a rwlock for the lookup introduce sleeping points and possible new races
without benefit.
From Vitaliy Makkoveev.
|
|
when using pppac without pipex.
ok dlg
|
|
Removing a malloc(9) with M_WAITOK reduces possible context switches which
helps when dealing with parallelism issues.
From Vitaliy Makkoveev.
|
|
for example, with locking assertions.
OK mpi@, anton@
|
|
From Vitaliy Makkoveev
OK yasuoka@
|
|
From Vitaliy Makkoveev
|
|
This way pppx(4) and pppac(4) can be further unified. This is an
intermediary step that does not introduce any behaviour change.
From Vitaliy Makkoveev
|
|
The timeout code currently assumes that the `session' descriptor it deals
with is independently allocated. This isn't true for pppx(4) and result
in memory corruption. So disable the feature until the code is fixed.
Bug reported and fix provided by Vitaliy Makkoveev.
|
|
This makes a pattern emerge that should help when starting to protect
the global `session' list with something else than the KERNEL_LOCK().
from Vitaliy Makkoveev.
|
