ipfw: remove locking workarounds in the table code
Before the "upper half lock" became sleepable the table manipulation code
needed sophisticated workarounds to recover from races, where the lock is
temporarily dropped to do malloc(M_WAITOK). Remove all these workarounds
as they are no longer needed.
Differential Revision: https://reviews.freebsd.org/D54580
ipfw: make the upper half lock sleepable
The so called upper half ipfw lock is not used in the forwarding path. It
is used only during configuration changes and servicing system events like
interface arrival/departure or vnet creation. The original code drops the
lock before malloc(M_WAITOK) and then goes into great efforts to recover
from possible races. But the races still exist, e.g. create_table() would
first check for table existence, but then drop the lock. The change also
fixes unlock leak in check_table_space() in a branch that apparently was
never entered.
Changing to a sleepable lock we can reduce a lot of existing complexity
associated with race recovery, and as use the lock to cover other
configuration time allocations, like recently added per-rule bpf(4) taps.
This change doesn't remove much of a race recovery code, to ease bisection
in case of a regression. This will be done in a separate commit. This
change just removes lock drops during configuration events. The only
reduction is removal of get_map(), which is a straightforward reduce to a
[11 lines not shown]
net: on interface detach purge all its routes before detaching protocols
Otherwise, a forwarding thread may use the interface being detached. This
is a regression from 0d469d23715d, which manifests itself as a reliably
reproducible panic in in6_selecthlim(). Note that there are old bug
reports about such a panic, and I believe this change will not fix them,
as their nature is not due to a screwed up detach sequence, but due to
lack of proper epoch(9) based synchronization between the detach and
forwarding.
Reviewed by: pouria
Reported & tested by: jhibbits
PR: 292162
Fixes: 0d469d23715d690b863787ebfa51529e1f6a9092
Differential Revision: https://reviews.freebsd.org/D54721
mxge(4): avoid clang 21 warning in NO-IP configuration
Building the LINT-NOIP kernel on amd64 with clang 21 results in a
-Werror warning similar to:
sys/dev/mxge/if_mxge.c:1846:44: error: variable 'sum' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer]
1846 | cksum_offset, sizeof(sum), (caddr_t)&sum);
| ^~~
Indeed, if both `INET` and `INET6` are undefined, `sum` is never
initialized. Initialize it to zero to silence the warning.
Reviewed by: jhibbits
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54730
tdestroy: don't visit one-child node twice
Change tdestroy() to immediately free a node with no right child as
soon as it is encountered. Currently, such nodes are visited twice
before deletion.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54699
Initialize CLOCK_UPTIME for itmer events
Since we move to implement Linux's CLOCK_MONOTONIC with CLOCK_UPTIME, we
broke the some timer support for Linux. Fix this by initializing
CLOCK_UPTIME as a posix clock so we can use in that context.
PR: 292496
MFC After: 5 days
Fixes: 108de784513d
Sponsored by: Netflix
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54746
termios.4: Cross-reference stack(9) for STATUS
If the kernel is built without stack(9) (options STACK),
then the mentioned sysctl(8) kern.tty_info_kstacks will not be found.
MFC after: 3 days
Reviewed by: kib, ziaee
Differential Revision: https://reviews.freebsd.org/D54701
smartpqi: Avoid declaring extern inline functions
Each C file is compiled separately so these functions can't be inlined
except in the file where they are defined. Since these functions aren't
used outside smartpqi_request.c, just do the simple thing and make them
private to that file.
Reported by: gcc
Reviewed by: jrhall
Fixes: c558eca47970 ("smartpqi: update to version 4660.0.2002")
Differential Revision: https://reviews.freebsd.org/D54732
ng_netflow v9: fix template re-announcement using packet count
Increment fe->sent_packets after export9_send().
Previously, NetFlow v9 templates were only re-announced based on
time, ignoring the packet count parameter (`templ_packets`).
PR: 270083
Reviewed by: glebius pouria
Approved by: glebius (mentor)
MFC after: 1 week
Sponsored by: Subcarpathian BSD User Group
exterr: Sort output from make_libc_exterr_cat_filenames.sh
Otherwise the script may permute the order of entries in the file since
find(1) output is not stable.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54669
HBSD: Remove our old MAC hook for jail/prison destruction
FreeBSD recently implemented MAC hooks for various jail-related kernel
functions. We can use FreeBSD's implementation, especially since the
conflicting symbol (mac_prison_destroy) is effectively the same as ours.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
bhyve: Want walk_config_nodes
Add a function to all nodes under a config option node. This allows
parsing an arbitrary number of similarly structured configuration
options in a config option group.
Reviewed by: corvink, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51551
vchiq: fix build with clang 21
When compiling vchiq with clang 21, the following -Werror warning is
produced:
sys/contrib/vchiq/interface/vchiq_arm/vchiq_arm.c:728:27: error: default initialization of an object of type 'VCHIQ_QUEUE_MESSAGE32_T' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
728 | VCHIQ_QUEUE_MESSAGE32_T args32;
| ^
sys/contrib/vchiq/interface/vchiq_arm/vchiq_ioctl.h:151:40: note: member 'elements' declared 'const' here
151 | const /*VCHIQ_ELEMENT_T * */ uint32_t elements;
| ^
While the warning is formally correct, the 'args32' object is
immediately initialized after its declaration. Therefore, suppress the
warning.
MFC after: 3 days
bge: disable TXCSUM if UDP transmit checksum offloading is disabled
The bge interface is special with respect to transmit checksumi
offloading. In the default settings, an bge interface announces TXCSUM
capabilities, but only supports TCP/IPv4 and not UDP/IPv4 due to
limitations of some of the NICs. This results in problems when the bge
interface becomes a member of a bridge. Since currently only the
TXCSUM capabilities are synced when a member is added to a bridge and
not the protocol specific capabilities, this can result in a situation
where UDP packets are sent out using a bge interface without having a
correct checksum.
To mitigate this problem, initially don't announce TXCSUM capabilities,
when UDP transmit checksum is disabled. It is still possible to enable
TXCSUM capabilities via ifconfig.
PR: 291420
Reviewed by: Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54486
ipv6: account for jumbo payload option
If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.
Reported by: syzbot+73fe316271df473230eb at syzkaller.appspotmail.com
Reviewed by: markj, Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54394
