NetBSD Cross-Reference & Source Code Search Engine

Home	Sort by: relevance \| last modified time \| path

Full Search

in project(s):

Definition

Symbol

File Path

History

| | Help

Searched hist:1.361 (Results 1 - 25 of 245) sorted by relevancy

1 2 3 4 5 6 7 8 9 10

/src/share/man/man9/
kernhist.9	1.4.8.1 Thu Nov 02 21:29:51 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/sys/arch/evbarm/conf/
RPI2_INSTALL	1.2.8.1 Thu Nov 02 21:29:51 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/share/man/man4/
options.4	1.361 Sat Mar 22 00:29:01 UTC 2008 jmmv branches: 1.361.2; 1.361.6; Beleatedly document the MODULAR kernel option and mk.conf's MKMODULAR. Per hubertf@'s request. Sat Mar 22 00:29:01 UTC 2008 jmmv branches: 1.361.2; 1.361.6; Beleatedly document the MODULAR kernel option and mk.conf's MKMODULAR. Per hubertf@'s request. .2; 1.361.6; Beleatedly document the MODULAR kernel option and mk.conf's MKMODULAR. Per hubertf@'s request. 1.361.6.2 Wed Sep 24 16:41:22 UTC 2008 wrstuden Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3. 1.361.6.1 Thu Sep 18 04:38:09 UTC 2008 wrstuden Sync with wrstuden-revivesa-base-2. 1.361.2.2 Sun Oct 05 20:11:21 UTC 2008 mjf Sync with HEAD. 1.361.2.1 Sat Mar 22 00:29:01 UTC 2008 mjf file options.4 was added on branch mjf-devfs2 on 2008-10-05 20:11:21 +0000
/src/sys/arch/epoc32/conf/
GENERIC	1.3.2.1 Fri Nov 14 15:16:17 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/kern/
kern_history.c	1.14.8.1 Thu Nov 02 21:29:52 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/sys/sys/
kernhist.h	1.18.8.2 Thu Nov 02 21:29:52 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/sys/arch/i386/conf/
files.i386	1.361 Sat Aug 27 00:47:49 UTC 2011 bouyer branches: 1.361.2; Split gcscpcib into MI part, and MD pci attachement which is also in charge of attaching the MD pcib device. Will be used by the upcoming evbmips loongson support. Sat Aug 27 00:47:49 UTC 2011 bouyer branches: 1.361.2; Split gcscpcib into MI part, and MD pci attachement which is also in charge of attaching the MD pcib device. Will be used by the upcoming evbmips loongson support. 1.361.2.5 Thu May 22 11:39:51 UTC 2014 yamt sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") 1.361.2.4 Wed Jan 23 00:05:49 UTC 2013 yamt sync with head 1.361.2.3 Tue Oct 30 17:19:48 UTC 2012 yamt sync with head 1.361.2.2 Wed May 23 10:07:44 UTC 2012 yamt sync with head. 1.361.2.1 Tue Apr 17 00:06:28 UTC 2012 yamt sync with head
/src/sys/dev/ic/
com.c	`1.361 Wed Sep 30 14:56:34 UTC 2020 jmcneill branches: 1.361.2; 1.361.4; Set sc_fifolen=1 for the no fifo case Wed Sep 30 14:56:34 UTC 2020 jmcneill branches: 1.361.2; 1.361.4; Set sc_fifolen=1 for the no fifo case .2; 1.361.4; Set sc_fifolen=1 for the no fifo case 1.361.4.1 Sat Apr 03 21:44:51 UTC 2021 thorpej Sync with HEAD. 1.361.2.1 Sat Apr 03 22:28:44 UTC 2021 thorpej Sync with HEAD.`
/src/sys/arch/amigappc/conf/
GENERIC	1.20.4.1 Fri Nov 14 15:16:18 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/arm/broadcom/
bcm2835_bsc.c	1.5.10.2 Thu Nov 02 21:29:51 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/sys/arch/emips/conf/
GENERIC	1.12.6.1 Fri Nov 14 15:16:16 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/hppa/conf/
GENERIC	1.1.8.1 Fri Nov 14 15:16:18 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/mvmeppc/conf/
GENERIC	1.22.6.2 Fri Nov 14 15:16:18 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/pmax/conf/
GENERIC64	1.18.2.1 Fri Nov 14 15:16:15 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/sgimips/conf/
GENERIC32_IP12	1.24.2.1 Fri Nov 14 15:16:18 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/arch/vax/conf/
VAX780	1.16.6.1 Fri Nov 14 15:16:15 UTC 2014 martin Pull up following revision(s) (requested by manu in ticket #232): sys/arch/next68k/conf/GENERIC: revision 1.138 sys/arch/cobalt/conf/GENERIC: revision 1.146 sys/arch/mvme68k/conf/GENERIC: revision 1.93 sys/arch/vax/conf/VAX780: revision 1.18 sys/arch/newsmips/conf/GENERIC: revision 1.128 sys/arch/luna68k/conf/GENERIC: revision 1.118 sys/arch/sbmips/conf/GENERIC: revision 1.100 sys/arch/pmax/conf/GENERIC: revision 1.184 sys/arch/alpha/conf/GENERIC: revision 1.361 sys/arch/sparc64/conf/GENERIC: revision 1.176 sys/arch/sun3/conf/GENERIC: revision 1.170 sys/arch/shark/conf/GENERIC: revision 1.120 sys/arch/landisk/conf/GENERIC: revision 1.44 sys/arch/bebox/conf/GENERIC: revision 1.144 sys/arch/sparc64/conf/NONPLUS64: revision 1.43 sys/arch/sandpoint/conf/GENERIC: revision 1.87 sys/arch/emips/conf/GENERIC: revision 1.14 sys/arch/amd64/conf/XEN3_DOM0: revision 1.111 sys/arch/dreamcast/conf/GENERIC: revision 1.120 sys/arch/cesfic/conf/GENERIC: revision 1.64 sys/arch/mmeye/conf/GENERIC: revision 1.119 sys/arch/epoc32/conf/GENERIC: revision 1.7 sys/arch/x68k/conf/GENERIC: revision 1.178 sys/arch/iyonix/conf/GENERIC: revision 1.87 sys/arch/sun2/conf/GENERIC: revision 1.93 sys/arch/ews4800mips/conf/GENERIC: revision 1.50 sys/arch/amd64/conf/XEN3_DOMU: revision 1.59 sys/arch/acorn26/conf/GENERIC: revision 1.80 sys/arch/acorn32/conf/GENERIC: revision 1.115 sys/arch/macppc/conf/POWERMAC_G5: revision 1.24 sys/arch/i386/conf/GENERIC: revision 1.1117 sys/arch/arc/conf/GENERIC: revision 1.183 sys/arch/cats/conf/GENERIC: revision 1.154 sys/arch/amiga/conf/GENERIC.in: revision 1.128 sys/arch/zaurus/conf/GENERIC: revision 1.64 sys/arch/netwinder/conf/GENERIC: revision 1.125 sys/arch/hppa/conf/GENERIC: revision 1.5 sys/arch/mvmeppc/conf/GENERIC: revision 1.23 sys/arch/macppc/conf/GENERIC: revision 1.319 sys/arch/amiga/conf/GENERIC: revision 1.310 sys/arch/pmax/conf/GENERIC64: revision 1.20 sys/arch/macppc/conf/MAMBO: revision 1.23 sys/arch/sgimips/conf/GENERIC32_IP12: revision 1.27 sys/arch/amigappc/conf/GENERIC: revision 1.23 sys/arch/amd64/conf/GENERIC: revision 1.403 sys/arch/ofppc/conf/GENERIC: revision 1.156 sys/arch/mac68k/conf/GENERIC: revision 1.219 sys/arch/i386/conf/XEN3_DOMU: revision 1.64 sys/arch/mipsco/conf/GENERIC: revision 1.87 sys/arch/hp300/conf/GENERIC: revision 1.189 sys/arch/vax/conf/GENERIC: revision 1.192 sys/arch/news68k/conf/GENERIC: revision 1.124 sys/arch/ibmnws/conf/GENERIC: revision 1.45 sys/arch/hpcsh/conf/GENERIC: revision 1.105 sys/arch/sparc/conf/TADPOLE3GX: revision 1.64 sys/arch/i386/conf/XEN3_DOM0: revision 1.92 sys/arch/sparc/conf/GENERIC: revision 1.247 sys/arch/sgimips/conf/GENERIC32_IP3x: revision 1.105 sys/arch/prep/conf/GENERIC: revision 1.173 sys/arch/sgimips/conf/GENERIC32_IP2x: revision 1.103 sys/arch/rs6000/conf/GENERIC: revision 1.32 sys/arch/hpcmips/conf/GENERIC: revision 1.228 Support for UFS1 extended attributes in GENERIC and GENERIC-like kernels This change just brings UFS1 extended attribute support in the kernel, extended attributes are not enabled unless three conditions are met: 1) filesystem is UFS1 (newfs -O1) 2) .attribute/system and .attribute/user directories are created at fs root 3) filesystem is mounted with -o extattr Some GENERIC kernels are obviously memory constrained, the extended attributes options were not enabled for them, but just added commented out. (kernel were considered memory constrained if QUOTA option was disabled)
/src/sys/netipsec/
ipsec_private.h	1.4.4.1 Sat Oct 21 19:43:54 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
key_debug.h	1.8.4.1 Sat Oct 21 19:43:54 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
keysock.h	1.9.2.1 Sat Oct 21 19:43:54 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
/src/sys/ufs/lfs/
ulfs_inode.c	1.19.2.2 Thu Nov 02 21:29:52 UTC 2017 snj Pull up following revision(s) (requested by pgoyette in ticket #335): share/man/man9/kernhist.9: 1.5-1.8 sys/arch/acorn26/acorn26/pmap.c: 1.39 sys/arch/arm/arm32/fault.c: 1.105 via patch sys/arch/arm/arm32/pmap.c: 1.350, 1.359 sys/arch/arm/broadcom/bcm2835_bsc.c: 1.7 sys/arch/arm/omap/if_cpsw.c: 1.20 sys/arch/arm/omap/tiotg.c: 1.7 sys/arch/evbarm/conf/RPI2_INSTALL: 1.3 sys/dev/ic/sl811hs.c: 1.98 sys/dev/usb/ehci.c: 1.256 sys/dev/usb/if_axe.c: 1.83 sys/dev/usb/motg.c: 1.18 sys/dev/usb/ohci.c: 1.274 sys/dev/usb/ucom.c: 1.119 sys/dev/usb/uhci.c: 1.277 sys/dev/usb/uhub.c: 1.137 sys/dev/usb/umass.c: 1.160-1.162 sys/dev/usb/umass_quirks.c: 1.100 sys/dev/usb/umass_scsipi.c: 1.55 sys/dev/usb/usb.c: 1.168 sys/dev/usb/usb_mem.c: 1.70 sys/dev/usb/usb_subr.c: 1.221 sys/dev/usb/usbdi.c: 1.175 sys/dev/usb/usbdi_util.c: 1.67-1.70 sys/dev/usb/usbroothub.c: 1.3 sys/dev/usb/xhci.c: 1.75 sys/external/bsd/drm2/dist/drm/i915/i915_gem.c: 1.34 sys/kern/kern_history.c: 1.15 sys/kern/kern_xxx.c: 1.74 sys/kern/vfs_bio.c: 1.275-1.276 sys/miscfs/genfs/genfs_io.c: 1.71 sys/sys/kernhist.h: 1.21 sys/ufs/ffs/ffs_balloc.c: 1.63 sys/ufs/lfs/lfs_vfsops.c: 1.361 sys/ufs/lfs/ulfs_inode.c: 1.21 sys/ufs/lfs/ulfs_vnops.c: 1.52 sys/ufs/ufs/ufs_inode.c: 1.102 sys/ufs/ufs/ufs_vnops.c: 1.239 sys/uvm/pmap/pmap.c: 1.37-1.39 sys/uvm/pmap/pmap_tlb.c: 1.22 sys/uvm/uvm_amap.c: 1.108 sys/uvm/uvm_anon.c: 1.64 sys/uvm/uvm_aobj.c: 1.126 sys/uvm/uvm_bio.c: 1.91 sys/uvm/uvm_device.c: 1.66 sys/uvm/uvm_fault.c: 1.201 sys/uvm/uvm_km.c: 1.144 sys/uvm/uvm_loan.c: 1.85 sys/uvm/uvm_map.c: 1.353 sys/uvm/uvm_page.c: 1.194 sys/uvm/uvm_pager.c: 1.111 sys/uvm/uvm_pdaemon.c: 1.109 sys/uvm/uvm_swap.c: 1.175 sys/uvm/uvm_vnode.c: 1.103 usr.bin/vmstat/vmstat.c: 1.219 Reorder to test for null before null deref in debug code -- Reorder to test for null before null deref in debug code -- KNF -- No need for '\n' in UVMHIST_LOG -- normalise a BIOHIST log message -- Update the kernhist(9) kernel history code to address issues identified in PR kern/52639, as well as some general cleaning-up... (As proposed on tech-kern@ with additional changes and enhancements.) Details of changes: * All history arguments are now stored as uintmax_t values[1], both in the kernel and in the structures used for exporting the history data to userland via sysctl(9). This avoids problems on some architectures where passing a 64-bit (or larger) value to printf(3) can cause it to process the value as multiple arguments. (This can be particularly problematic when printf()'s format string is not a literal, since in that case the compiler cannot know how large each argument should be.) * Update the data structures used for exporting kernel history data to include a version number as well as the length of history arguments. * All [2] existing users of kernhist(9) have had their format strings updated. Each format specifier now includes an explicit length modifier 'j' to refer to numeric values of the size of uintmax_t. * All [2] existing users of kernhist(9) have had their format strings updated to replace uses of "%p" with "%#jx", and the pointer arguments are now cast to (uintptr_t) before being subsequently cast to (uintmax_t). This is needed to avoid compiler warnings about casting "pointer to integer of a different size." * All [2] existing users of kernhist(9) have had instances of "%s" or "%c" format strings replaced with numeric formats; several instances of mis-match between format string and argument list have been fixed. * vmstat(1) has been modified to handle the new size of arguments in the history data as exported by sysctl(9). * vmstat(1) now provides a warning message if the history requested with the -u option does not exist (previously, this condition was silently ignored, with only a single blank line being printed). * vmstat(1) now checks the version and argument length included in the data exported via sysctl(9) and exits if they do not match the values with which vmstat was built. * The kernhist(9) man-page has been updated to note the additional requirements imposed on the format strings, along with several other minor changes and enhancements. [1] It would have been possible to use an explicit length (for example, uint64_t) for the history arguments. But that would require another "rototill" of all the users in the future when we add support for an architecture that supports a larger size. Also, the printf(3) format specifiers for explicitly-sized values, such as "%"PRIu64, are much more verbose (and less aesthetically appealing, IMHO) than simply using "%ju". [2] I've tried very hard to find "all [the] existing users of kernhist(9)" but it is possible that I've missed some of them. I would be glad to update any stragglers that anyone identifies. -- For some reason this single kernel seems to have outgrown its declared size as a result of the kernhist(9) changes. Bump the size. XXX The amount of increase may be excessive - anyone with more detailed XXX knowledge please feel free to further adjust the value appropriately. -- Misssed one cast of pointer --> uintptr_t in previous kernhist(9) commit -- And yet another one. :( -- Use correct mark-up for NetBSD version. -- More improvements in grammar and readability. -- Remove a stray '"' (obvious typo) and add a couple of casts that are probably needed. -- And replace an instance of "%p" conversion with "%#jx" -- Whitespace fix. Give Bl tag table a width. Fix Xr.
/src/tests/net/carp/
t_basic.sh	1.6.2.1 Sat Oct 21 19:43:55 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
/src/tests/net/if_gif/
t_gif.sh	1.10.2.1 Sat Oct 21 19:43:55 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
/src/tests/net/if_l2tp/
t_l2tp.sh	1.2.8.1 Sat Oct 21 19:43:55 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
/src/tests/net/ipsec/
Makefile	1.6.2.1 Sat Oct 21 19:43:55 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
algorithms.sh	1.4.2.1 Sat Oct 21 19:43:55 UTC 2017 snj Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr

Completed in 283 milliseconds

1 2 3 4 5 6 7 8 9 10

OpenGrok