| Age | Commit message (Collapse) | Author |
|---|
|
there it calls sbappendaddr() while holding the raw table mutex.
This ends in sorwakeup() where we finally grab the kernel lock while
holding a mutex. Witness detects this misuse.
Use the same solution as for PCB notify. Collect the affected PCBs
in a temporary list. The list is protected by exclusive net lock.
syzbot+ebe3f03a472fecf5e42e@syzkaller.appspotmail.com
OK claudio@
|
|
|
|
of all UDP PCBs. From there it calls udp_sbappend() while holding
the UDP table mutex. This ends in sorwakeup() where we finally
grab the kernel lock while holding a mutex. Witness detects this
misuse.
Use the same solution as for PCB notify. Collect the affected PCBs
in a temporary list. The list is protected by exclusive net lock.
Reported-by: syzbot+7596cb96fb9f3c9d6f4f@syzkaller.appspotmail.com
OK sashan@
|
|
|
|
for PCB tables. It does not break userland build anymore.
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To
run pf in parallel, make parts of the stack MP safe. Protect the
list and hashes in the PCB tables with a mutex.
Note that the protocol notify functions may call pf via tcp_output().
As the pf lock is a sleeping rw_lock, we must not hold a mutex. To
solve this for now, collect these PCBs in inp_notify list and protect
it with exclusive netlock.
OK sashan@
|
|
previously things that used sendto or similar with raw sockets would
ignore any configured sourceaddr. this made it inconsistent with
other traffic, which in turn makes things confusing to debug if
you're using ping or traceroute (which use raw sockets) to figure
out what's happening to other packets.
the ipv6 equiv already does this too.
ok sthen@ claudio@
|
|
this allows the IP_MULTICAST_IF sockopt to specify which address
you want to send a limited broadcast (255.255.255.255) packet out
of.
requested by and ok claudio@
|
|
needed to make inpcb in kernel MP safe. To build sysctl and libkvm
based programs, we have to export it to userland.
OK claudio@
|
|
This reverts the commit protecting the list and hashes in the PCB tables
with a mutex since the build of sysctl(8) breaks, as found by kettenis.
ok sthen
|
|
run pf in parallel, make parts of the stack MP safe. Protect the
list and hashes in the PCB tables with a mutex.
Note that the protocol notify functions may call pf via tcp_output().
As the pf lock is a sleeping rw_lock, we must not hold a mutex. To
solve this for now, collect these PCBs in inp_notify list and protect
it with exclusive netlock.
OK sashan@
|
|
IP forwarding diff. Add mutex and refcount to make memory management
of struct ipsec_acquire MP safe.
testing Hrvoje Popovski; input sashan@; OK mvs@
|
|
variables. Although not necessary everywhere, using atomic functions
exclusively for variables marked as atomic is clearer.
OK mvs@ visa@
|
|
OK tobhe@ mvs@
|
|
but that does not work when coming from tcp_output() as inp != NULL.
This seems to be done to block packets from sockets with options
in inp_seclevel. But instead of doing the route lookup, go directly
to ipsp_spd_inp() where the socket policy checks are done. Calling
rtable_l2() before the shortcut also costs a bit, do it when needed.
OK tobhe@
|
|
for malloc(9) to make the system call reliable.
OK mvs@
|
|
but would panic instead of waiting. Remove needless error handling.
OK mvs@
|
|
|
|
|
|
function.
OK gnezdo@ mvs@ florian@ sashan@
|
|
supported anymore.
|
|
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit
|
|
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.
Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.
ok mvs@ bluhm@
|
|
needed it and some no longer need it after moving the externs from
there to <sys/protosw.h>
ok jsg@
|
|
net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@
|
|
the big change is removing the integration with and reliance on
bridge(4) for learning vxlan endpoints. we have the etherbridge
layer now (which is used by veb, nvgre, bpe, etc) so vxlan can
operate independently of bridge(4) (or any other driver) while still
dynamically learning about other endpoints.
vxlan now uses the udp socket upcall mechanism to receive packets.
this means it actually creates and binds udp sockets to use rather
adding code in the udp layer for stealing packets from the udp
layer.
i think it's also important to note that this adds loop prevention
to the code. this stops a vxlan interface being used to transmit a
packet that was encapsulated in itself.
i want to clear this out of my tree where it's been sitting for
nearly a year. noone seems too concerned with the change either
way.
ok claudio@
|
|
do not bother operating on its first 8 bytes, which will always be zero.
ok visa@
|
|
A few variables in the kernel are only writeable before securelevel is
raised. It makes sense to handle them with less code.
OK sthen@ bluhm@
|
|
u_int t_flags. Shifting TF_TIMER with TCPT_DELACK can touch the
sign bit.
found by kubsan; suggested by deraadt@; OK miod@
|
|
found by kubsan; joint work with tobhe@; OK miod@
|
|
trees. ipsp_ids_lookup() returns `ids' with bumped reference
counter. original diff from mvs
ok mvs
|
|
ok jmc@ reads ok tb@
|
|
found by clang 13; OK tobhe@
|
|
dirty hacks, it is better to protect IPsec input and output with
kernel lock. Not much is lost as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path. Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@
|
|
per packet and improve readability.
ok bluhm@
|
|
ok bluhm@
|
|
'tdb_data' struct became unused and was removed.
Tested by Hrvoje Popovski.
ok bluhm@
|
|
|
|
sleep. So holding the tdb_sadb_mtx() when calling walker() is not
allowed. Move the TDB from the TDB-Hash to a temporary list that
is protected by netlock. Then unlock tdb_sadb_mtx and traverse the
list to call the walker.
OK mvs@
|
|
and tdb_cleanspd(). gettdb...() can return a TDB before tdb_unlink().
Then ipsp_spd_lookup() could add it to tdb_policy_head after
tdb_cleanspd(). There it would stay until it hits the kassert in
tdb_free().
OK tobhe@
|
|
therefore the mandatory idiom is completely clearing structs before
building them for copyout -- that means ALMOST ALL STRUCTS, because
we never know when some architecture will pad a struct.. In two more
cases, the clearing wasn't performed.
from Reno Robert ZDI
ok millert bluhm
|
|
is NULL. It should be set in rti_fill(), but is not if malloc(9)
fails. There is no rollback after malloc failure so the field stays
uninitialized. The code is only called from ioctl, setsockopt or
a task. Malloc should wait instead of failing, otherwise syscalls
would be unreliable. While there also put an M_WAIT in the init
code. During init malloc must not fail.
OK mvs@
Reported-by: syzbot+e22326057ccf34908d78@syzkaller.appspotmail.com
|
|
two ECN bits. From daisuke.higashi at gmail.com via OpenSSH bz#3373,
ok claudio@, job@, djm@.
|
|
is also a list of SAs that belong to a policy. To make it MP safe,
protect these pointers with a mutex.
tested by Hrvoje Popovski; OK mvs@
|
|
TDB. Clearing the timeout flags just before pool put in tdb_free()
does not make sense. Move this to tdb_delete(). While there make
the parentheses in the flag check consistent.
tested by Hrvoje Popovski; OK tobhe@
|
|
that gettdb_dir() is MP safe now. Add the tdb_sadb_mtx mutex in
udpencap_ctlinput() to protect the access to tdb_snext. Make the
braces consistently for all these TDB loops. Move NET_ASSERT_LOCKED()
into the functions where the read access happens.
OK mvs@
|
|
may prevent that tdb_free() is called. It is not a real leak as
ipsecctl -F or termination of iked flush this cache when they remove
the IPsec policy. Move the code from tdb_free() to tdb_delete(),
then the kernel does the cleanup itself.
OK mvs@ tobhe@
|
|
pfkey_flush().
ok bluhm@ mvs@
|
|
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@
|
|
tunnels. It is never used, so this is useless code. Remove ipn
and ip6n IP header variables and the m_copydata() to fill them.
OK mvs@ kn@ sthen@
|
|
OK mpi@ mvs@
|
