From nobody Mon Dec 16 09:47:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBZpx73V1z5hCNb; Mon, 16 Dec 2024 09:47:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBZpx5nhwz4nfH; Mon, 16 Dec 2024 09:47:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342425; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u69ZuXnwhA0/8SuiHa8TyIRAhrWKXoH/TNa0bJDqgrQ=; b=OUtpnk9FyHW21dtlw7ENpnY/wU+FzjLYu1UES7LiohX5g9pnye/x2wJD4uMVVf5sBluLSF 64MQQewy0lV5UwqTHrvsk3CgTaIw1B1LrMoOFhb5krp92njSAnaNrl46g+/zpfSEDzqyAz UfBcSZmWTVsZS9tx9Q3KXq2mjfyctSoJw08wCw5J9j0AcXr/WOY5sQxhEmVIHwBcZD6Une c8lZ4jW3rxhVxM+sHVswkht8OyyCj2cp/0cvrgQfU51iT5vuj4Gp7HQ/tzFuAPKxHkXbm6 nVwfIxpui/N7fjDql79lV8evFH7f/F0YkE12PVIYhkFDPPNKmE2rqBpUOt0FNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342425; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u69ZuXnwhA0/8SuiHa8TyIRAhrWKXoH/TNa0bJDqgrQ=; b=AtGFX5yg17mMiO3CZ7CuMdHXGhKW2+DnvAj6fHxFj6wvVfQ7r6JFoIqT7OX9HwHpzwn+aK sJVbT2x/2Feajy03jB5M76fmg36s2YjgTs+R2kzxiWCtkOMpDBaZ1+PPUlDPXJOzjFL5M3 cZ1+yOkprv9skwWIafekFIDhQ3DIdczC/vA9utfwbBs5eNLqyHB6cveley11Sdt6ALJLAs aFQ4fARvPUQobGob+ITwcOUmOMI5szFEGPhcFLGqyU+YFjVGa9u+J6irufHaFdZfDs69TV 8UUV2QVB7L1tRuqhtOhKqzKw4S/KxKt6Y296qfgOiWLNQ+rGV8q5Wj0zdIqGQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734342425; a=rsa-sha256; cv=none; b=u6pzxuJ+jTS9KAsF5194FmfWp4nZiokAdW5QQmfC8EOFdm24mC0Gw+w6gyr+BAYNz2vE30 FmHzPKkf6cKibznqgq0VRsYsphGrn6mjU2uTXpBTM+I9VF2D4xuZUaT7iePUwUPB4XIdz2 mI0k+5JzlVYou1upABw/okHckwCsTQP8aftUIyPwsNd1HK1sF0cek432G/Ij057TWKROeY hpzYX1mn84BFWsf/pkLd5IFuGx6pKyPelHTZtB8BwkaM61oLpoOz01J6y8uLgVnTv+Q8xf 3D/Zal5bKp7101PTwnAaBtxFOmpoOuQRpNr7CbVmtk1FKJLHU5Tcy5Qel9v0TQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBZpx5G6Dznlk; Mon, 16 Dec 2024 09:47:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BG9l5TZ092357; Mon, 16 Dec 2024 09:47:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BG9l5t3092354; Mon, 16 Dec 2024 09:47:05 GMT (envelope-from git) Date: Mon, 16 Dec 2024 09:47:05 GMT Message-Id: <202412160947.4BG9l5t3092354@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Emmanuel Vadot Subject: git: 11f3da565519 - main - pkgbase: Remove /boot/firmware from bootloader package List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: manu X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 11f3da5655194c46b4acdde586ac1b8d6a196994 Auto-Submitted: auto-generated The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/src/commit/?id=11f3da5655194c46b4acdde586ac1b8d6a196994 commit 11f3da5655194c46b4acdde586ac1b8d6a196994 Author: Emmanuel Vadot AuthorDate: 2024-12-12 16:12:11 +0000 Commit: Emmanuel Vadot CommitDate: 2024-12-16 09:44:45 +0000 pkgbase: Remove /boot/firmware from bootloader package For now we don't ship anything in /boot/firmware, but some up coming commit will ship wifi drivers in it and we want them to be in their own package. Sponsored by: Beckhoff Automation GmbH & Co. KG --- release/scripts/mtree-to-plist.awk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/scripts/mtree-to-plist.awk b/release/scripts/mtree-to-plist.awk index a5ff6fef235a..a9f1e194389a 100644 --- a/release/scripts/mtree-to-plist.awk +++ b/release/scripts/mtree-to-plist.awk @@ -43,7 +43,7 @@ if ($1 ~ /^\/boot\//) { if (kernel != "" && $1 ~ /^\/boot\/dtb\//) pkgname="dtb" - else + else if ($1 !~ /^\/boot\/firmware\//) pkgname="bootloader" } gsub(/package=/, "", pkgname) From nobody Mon Dec 16 09:47:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBZq72R83z5hCNh; Mon, 16 Dec 2024 09:47:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBZq725NXz4ndS; Mon, 16 Dec 2024 09:47:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N3pAF2p5URTUKlocyMDZNqb4fZmwOO55Q4NCOBqNNP8=; b=wmRYovxlqFwe7JfJVznxURgHrbE6mjDGZ/KOEnbrC+O6g7vg2aGk5zYUiif+BkArT4HllM ArHPLvFEQGmoIwyIqFiHgqaFWB7SFQoXnnn5XbpOUl1vQdCLjDN7m6W+5ZTLZJoUMoOt11 yf6Ah5pqUS5csGvyL+vPeGkqdQjaILakn5pyDa0HRDTmF74hlhq6Oa1rCz0fukEK3xY/fH qxtXnkgIqoolue9bLz8gAzhWib27sOV6dQ+0G2Tnt1Gfv5XaEfI7oxCL7M0yfuntz4Si5j NXUTZ2CYt6VD7o2QPZeXcgfO5XIXiXuFlxQrjvePnkSVHZ3odhtT/wFjmV2sKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N3pAF2p5URTUKlocyMDZNqb4fZmwOO55Q4NCOBqNNP8=; b=m7ZXR1dRO20IavWKAvZut/gbB2kiU5bLAkDYqYykyqoD8/DGOGVOYyyzj/8kSFkWODB7Gw rRNlE5KzJUKoubeUep/2oAO6a56zvEE6crql65egjQiAQ2keTf0yQ87uzXN9ZfwNTuE5n5 v4vJhOUSOh5YFc2ur/O/XYzrt0p9ewRSQrOXkvwxFHaYoWgI6glLitk177pql+zBYmcXna 8ebtmS61Ghint3MxDO0kMKImCfsHSSQ9y54QK2A9XQsjS9mR8SM0qbsw2DUqwendY3AHJ6 LB026ldI1IwoXlZuCIKn8suvIURsOxoQ14BgQx+gI4g2h2xfjvYUZU55XQgQlA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734342435; a=rsa-sha256; cv=none; b=PLFI/9tRzQdAqvubiUCCcfzUwAltfFh0lOmcKmJR0fWiOPiWLN60wGHL8jWcESnYlQU+iN CHVKVbgQJM3Rbo7MbiRWp+AtaSHKidw+eaACs253pAfYKkgKDllxQAUvHOwjAuA5FtMtQ+ /8t1ujF2Zp0Ah4oPRzWDtqmau1wXxtjtICkgo4+BK8hA7RHpKua9n7QZymeHMHN6Q+pZFA QDV0F2SuJvuNBDRL87lxrGS15Hww8HjQnOjQImo+NWQBlm8IJ0rDKmxdtjxUQH8gGfeY4R bsbaILyk/7JzQ0fgkYs6LR+T9sNZ7gzcGaDVlDm9RpUz20q1sHpjaraIG7wceg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBZq71hsrzp6G; Mon, 16 Dec 2024 09:47:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BG9lFWC092439; Mon, 16 Dec 2024 09:47:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BG9l7AP092415; Mon, 16 Dec 2024 09:47:07 GMT (envelope-from git) Date: Mon, 16 Dec 2024 09:47:07 GMT Message-Id: <202412160947.4BG9l7AP092415@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Emmanuel Vadot Subject: git: af0a81b6470a - main - iwm: Stop shipping firmware as kernel module List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: manu X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: af0a81b6470aba4af4a24ae9804053722846ded4 Auto-Submitted: auto-generated The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/src/commit/?id=af0a81b6470aba4af4a24ae9804053722846ded4 commit af0a81b6470aba4af4a24ae9804053722846ded4 Author: Emmanuel Vadot AuthorDate: 2024-12-12 16:13:58 +0000 Commit: Emmanuel Vadot CommitDate: 2024-12-16 09:44:47 +0000 iwm: Stop shipping firmware as kernel module Since we can load raw firmware start shipping them as is. This also remove the uuencode format that don't add any value and garbage collect old firmwares version. For pkgbase users they are now in the FreeBSD-firmware-iwm package. Sponsored by: Beckhoff Automation GmbH & Co. KG --- release/packages/Makefile.package | 2 + share/Makefile | 5 + share/firmwares/Makefile | 3 + share/firmwares/iwm/Makefile | 67 + sys/contrib/dev/iwm/iwm-3160-16.fw.uu | 20408 ----------- sys/contrib/dev/iwm/iwm-3160-17.fw | Bin 0 -> 918268 bytes sys/contrib/dev/iwm/iwm-3160-17.fw.uu | 20409 ----------- sys/contrib/dev/iwm/iwm-3168-22.fw | Bin 0 -> 1028032 bytes sys/contrib/dev/iwm/iwm-3168-22.fw.uu | 22849 ------------ sys/contrib/dev/iwm/iwm-7260-16.fw.uu | 23321 ------------ sys/contrib/dev/iwm/iwm-7260-17.fw | Bin 0 -> 1049340 bytes sys/contrib/dev/iwm/iwm-7260-17.fw.uu | 23322 ------------ sys/contrib/dev/iwm/iwm-7265-16.fw.uu | 26234 -------------- sys/contrib/dev/iwm/iwm-7265-17.fw | Bin 0 -> 1180412 bytes sys/contrib/dev/iwm/iwm-7265-17.fw.uu | 26235 -------------- sys/contrib/dev/iwm/iwm-7265D-17.fw.uu | 30750 ---------------- sys/contrib/dev/iwm/iwm-7265D-22.fw | Bin 0 -> 1028316 bytes sys/contrib/dev/iwm/iwm-7265D-22.fw.uu | 22855 ------------ sys/contrib/dev/iwm/iwm-8000C-16.fw.uu | 52262 --------------------------- sys/contrib/dev/iwm/iwm-8000C-17.fw.uu | 53122 --------------------------- sys/contrib/dev/iwm/iwm-8000C-22.fw | Bin 0 -> 2120860 bytes sys/contrib/dev/iwm/iwm-8000C-22.fw.uu | 47134 ------------------------ sys/contrib/dev/iwm/iwm-8265-22.fw | Bin 0 -> 1811984 bytes sys/contrib/dev/iwm/iwm-8265-22.fw.uu | 40270 --------------------- sys/contrib/dev/iwm/iwm-9000-34.fw | Bin 0 -> 2678284 bytes sys/contrib/dev/iwm/iwm-9000-34.fw.uu | 59521 ------------------------------- sys/contrib/dev/iwm/iwm-9260-34.fw | Bin 0 -> 2678092 bytes sys/contrib/dev/iwm/iwm-9260-34.fw.uu | 59517 ------------------------------ sys/modules/Makefile | 2 - sys/modules/iwmfw/Makefile | 11 - sys/modules/iwmfw/Makefile.inc | 17 - sys/modules/iwmfw/iwm3160fw/Makefile | 4 - sys/modules/iwmfw/iwm3168fw/Makefile | 4 - sys/modules/iwmfw/iwm7260fw/Makefile | 4 - sys/modules/iwmfw/iwm7265Dfw/Makefile | 4 - sys/modules/iwmfw/iwm7265fw/Makefile | 4 - sys/modules/iwmfw/iwm8000Cfw/Makefile | 4 - sys/modules/iwmfw/iwm8265fw/Makefile | 4 - sys/modules/iwmfw/iwm9000fw/Makefile | 4 - sys/modules/iwmfw/iwm9260fw/Makefile | 4 - 40 files changed, 77 insertions(+), 528275 deletions(-) diff --git a/release/packages/Makefile.package b/release/packages/Makefile.package index 4a31406c7c53..b8b200d0966e 100644 --- a/release/packages/Makefile.package +++ b/release/packages/Makefile.package @@ -69,6 +69,8 @@ examples_COMMENT= Examples in /usr/share/examples examples_DESC= Examples in /usr/share/examples fetch_COMMENT= Fetch Utility fetch_DESC= Fetch Utility +firmware-iwm_DESC= iwm(4) firmwares +firmware-iwm_COMMENT= iwm(4) firmwares ftp_COMMENT= FTP Utilities ftp_DESC= FTP Utilities ftpd_COMMENT= FTP Daemon diff --git a/share/Makefile b/share/Makefile index a94fe6334709..13126b118875 100644 --- a/share/Makefile +++ b/share/Makefile @@ -8,6 +8,7 @@ SUBDIR= ${_colldef} \ ${_doc} \ ${_dtrace} \ ${_examples} \ + ${_firmwares} \ ${_i18n} \ keys \ ${_man} \ @@ -45,6 +46,10 @@ _dict= dict _examples= examples .endif +.if ${MK_SOURCELESS_UCODE} != "no" +_firmwares= firmwares +.endif + .if ${MK_ICONV} != "no" _i18n= i18n .endif diff --git a/share/firmwares/Makefile b/share/firmwares/Makefile new file mode 100644 index 000000000000..ff27a8ac1a3c --- /dev/null +++ b/share/firmwares/Makefile @@ -0,0 +1,3 @@ +SUBDIR= iwm + +.include diff --git a/share/firmwares/iwm/Makefile b/share/firmwares/iwm/Makefile new file mode 100644 index 000000000000..c44f401c315e --- /dev/null +++ b/share/firmwares/iwm/Makefile @@ -0,0 +1,67 @@ +.include + +FILESGROUPS= iwm3160 \ + iwm3168 \ + iwm7260 \ + iwm7265 \ + iwm7265D \ + iwm8000C \ + iwm8265 \ + iwm9000 \ + iwm9260 + +iwm3160= ${SRCTOP}/sys/contrib/dev/iwm/iwm-3160-17.fw +iwm3160NAME= iwm3160fw +iwm3160DIR= /boot/firmware +iwm3160MODE= 644 +iwm3160PACKAGE= firmware-iwm + +iwm3168= ${SRCTOP}/sys/contrib/dev/iwm/iwm-3168-22.fw +iwm3168NAME= iwm3168fw +iwm3168DIR= /boot/firmware +iwm3168MODE= 644 +iwm3168PACKAGE= firmware-iwm + +iwm7260= ${SRCTOP}/sys/contrib/dev/iwm/iwm-7260-17.fw +iwm7260NAME= iwm7260fw +iwm7260DIR= /boot/firmware +iwm7260MODE= 644 +iwm7260PACKAGE= firmware-iwm + +iwm7265= ${SRCTOP}/sys/contrib/dev/iwm/iwm-7265-17.fw +iwm7265NAME= iwm7265fw +iwm7265DIR= /boot/firmware +iwm7265MODE= 644 +iwm7265PACKAGE= firmware-iwm + +iwm7265D= ${SRCTOP}/sys/contrib/dev/iwm/iwm-7265D-22.fw +iwm7265DNAME= iwm7265Dfw +iwm7265DDIR= /boot/firmware +iwm7265DMODE= 644 +iwm7265DPACKAGE= firmware-iwm + +iwm8000C= ${SRCTOP}/sys/contrib/dev/iwm/iwm-8000C-22.fw +iwm8000CNAME= iwm8000C +iwm8000CDIR= /boot/firmware +iwm8000CMODE= 644 +iwm8000CPACKAGE= firmware-iwm + +iwm8265= ${SRCTOP}/sys/contrib/dev/iwm/iwm-8265-22.fw +iwm8265NAME= iwm8265fw +iwm8265DIR= /boot/firmware +iwm8265MODE= 644 +iwm8265PACKAGE= firmware-iwm + +iwm9000= ${SRCTOP}/sys/contrib/dev/iwm/iwm-9000-34.fw +iwm9000NAME= iwm9000fw +iwm9000DIR= /boot/firmware +iwm9000MODE= 644 +iwm9000PACKAGE= firmware-iwm + +iwm9260= ${SRCTOP}/sys/contrib/dev/iwm/iwm-9260-34.fw +iwm9260NAME= iwm9260fw +iwm9260DIR= /boot/firmware +iwm9260MODE= 644 +iwm9260PACKAGE= firmware-iwm + +.include diff --git a/sys/contrib/dev/iwm/iwm-3160-16.fw.uu b/sys/contrib/dev/iwm/iwm-3160-16.fw.uu deleted file mode 100644 index a8678143730b..000000000000 --- a/sys/contrib/dev/iwm/iwm-3160-16.fw.uu +++ /dev/null @@ -1,20408 +0,0 @@ -begin 644 iwm-3160-16.fw -M`````$E73`IS=')E86TZ0V]R94-Y8VQE,3-?0=P!'8!,`2`0`;<`@``&$/'!TB!``=)N@=P!`!`!LPZ!W`$8($&R0(`!LE -M!"C`$>D/`&$``!LE``$;)%P$7`$)!% -MP!!@``!AX`3`$N@=P!$!`%(DM!_`$`(`$W`#``!A"`!8,`@`9#$'``!A#Q-2 -M(H($$R0(`!,E`0!2;@$``&$!``!A````80@`6&[H#P!A```3)0``$R0D$,`1 -M`(`3)#@!,B!`#*$0```20```$E"0`` -M84``$R4&`1,D!"C`$0]V$R(L2,<1#W@3(@``QA$#``$D```!)0]%`"(`7``Y -M[_\`,A@``&0``!,D`0`3)3@@=P!#F_Q,R__\3,^@=P!$```$D"``!)0\!8R(! -M`%(D"``';@(``&$``!4D````(0X``&'8!,`2Z!W`$0$`4B2T'\`0`@`3<`(` -M`&$(`&0QY@\`80\34B(/$U(B`0!2;@$``&$!``!A````81PJ@($``,`6`@$3 -M9$(!$R0$*,`18'Z`@0``P!8&`1-B!`C`$`0`$V0/7``B"@``0``&`'`:``!A -M```3)```$R4``,`7`$!8,,@@P!!P1<`0$`C`$```$R4#`!,D'`C`$1P(P!$` -M`!,D!`C`$0\4%2($`!4F#S`@(OO_,#(#`!,D&`C`$0\4%2("`!4F#R`P(@`` -M$R001<`1&`C`$0`06#`/`!,B`0`3,`0HP!$/?!,B"`#,$0``$R4``!,D-$C' -M$4``$R4'`1,D!"C`$0][$R(!`!,P!"C`$0\4%2("`!4F#TT3(@00Q1$"`!,D -M\!S`$0$`$R3L',`1```3)'``$R40',`1```3)0``$R3@',`14'Z`@0``P!8" -M`1-B#Q05(AL`%28``!,E`0`3)"00P!$``!,D``#`%P``%20````A```;)0`` -M&R0!`&1N`0`;)`(`9&X"`!LD!`!D;@0`&R0,`!MB#QL+(@\+8R(!`!M``@`; -M00```&$``!LE"`B`@0`;&B@``,`6```;)0(`&T```!MQ#V1C(@``'20````A -M```````````(```````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````````1`"`````````````#!`0``0!$`X0$!`0$!`0$!`0$!`0$!`0$!`0 -M$!`0$!`/$`D0$`4*$`L0$!`0`A`0#1`0$!`0$!`0$!`0!@,0$!`0$!`0$!`0 -M$!`0$`@0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0 -M$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0 -M$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0 -M$!`0$!`0$!`0$!`0$!`'$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0$!`0 -M$!`0$`````````0`S`,!``X`[`8%`,0`2`0&`$``#`4'`-@`9`4(`&@`/`8) -M`$``I`8*`#P`T`,+`#P`#`0/``@`Y`81`!@`3`42`*0!```3``P`_`84``,` -M"`<5``0`#`<````````````````````````````````````````````````` -M```````>````'H@>B%H```!6````5HA6B`(!``"J````JHBJB/X!``","@`` -M5(Q4C*0?````````````````_@```0#_``(!_P$`_P$!`/X"`0,"_P$!`/\! -M`0'_`@#_`P(`_@0"`P+_`@(`_P("`?\#`/\%`P#^!@,``_\#`P#_`P,!_P`` -M`````````````)1)```*````!````'A]@`````````````````#T20``!0`` -M``0```!X?8````````$```"8^```&/D``+#X``#T^```U/4``-#U``!D-P`` -M%#8``&0V```````````````!"_\```4#```$`@``!O\```#_```,_P``!_\` -M``C_```)_P``"O\```+_`0#_``$"`!$!`0(!`0$#_P$!!`(!`04#`0$&!`$! -M!P4!`0@&`0$)#P$!"A`!``S_`0#^_P(`_P<"`0'_`@(""`("`PD"`@0*`@(% -M"P("!@P"`@<-`@((#@(""0X"`@H-`@`,_P(`_O\````````````````````` -M``#_!P```/\```?_``$)"```"O\!`@```0,!_P$#`O\!`P/_`0$$_P$"!0`! -M`0O_`0(,_P$$!@8!`0?_`0`(_P$`"O\"`@#_`@,!_P(#`O\"`P/_`@$$`0(" -M!0`"`0L!`@(,`0($!@8"`@<``@`(`0(`"@$#`/\"`P,`_P,#`?\#`P+_`P,# -M!`,!!`4#`@4``P$+!0,"#`4#!`8&`P,'_P,`"`4#``H%`P#^`P0$`/\$!`'_ -M!`0"_P0$`_\$!`3_!`0%_P0$"_\$!`S_!`0&!@0$!P8$``C_!``*_P`````` -M``````#_`````0,``@("``,``@``!?\```;_```$_P``!P0```C_`0#_`0$! -M``,!`@$"`0("`@$`!/\!`0<$`0`(_P(#``8"`@(&`@`%_P(`!O\"``3_`@`' -M!P(`"`<#`P`&`P`!!0,"`@8#`07_`P`&_P,`!`<#``<'`P`(!P```````0#_ -M`0#_``$``?\!`@+_`@#_`0(``?\"`0/_`@,$_P(""O\"`@G_`@((_P,``?\# -M`0,*`P4%"@,$!O\#!@H(`P,)_P0`_P,$``'_!`$#"P0"!PL$`@@$!`,$_P0" -M"@D$!`G_!`0&_P4`_P(%!`;_!0$#!@4``?\%!0K_!04)!08`__\&!`;_!@$# -M!@8``?\&`P3_!@8)!P8&"O\```````````````````````@$#`(*!@X!"04- -M`PL'#P&1```!/P```I$``#X]```#D0``/3T```21```_`P``!9$```D0```& -MD0``%AP```>1```?'P``")$``!P6```)D0``$`D```J1```#/P``"Y$``#T] -M```,D0``/3X```V1```_`0``$1`^2$A(X!`$````#2`$````($,Y`````."$ -M`0``X1`!`````A"7RP4`,&`+````#]($````&-+\__\?">")AH2$"N"$A``` -M"^"F5=<@#.`BBRPR#>"JB8>^PQ%^"2C(N*&."*B@``&>!^2><@&N`B -MBRPR&^"33;>^PQ)&```````G,`````$2`4A0$``F#^%````V`1%``` -M!F`1%```&1`$`````7,P`0``81`@````$B"4`P``UA`<8P``UQ`<8P``V!`< -M8P``V1!Z@(``VA!X@(``VQ!X@(``"1!N7P``&A``````,1"&`0``,A"0`0`` -M,Q#(````-!!0````-1"`````.A!I````.Q#`````P1``````*N#YY>`>>^PQ*."+BXF)*>")B0```D'AX;%Q02"AX> -M'AX>'AX;%Q02"AX>'AX>'AX;%Q02"AX>````````````````(+'V````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````#0,H`!`#*``5`R@`%`,H`!,#*``'!R@`$`@H``H)*``;!"@`!@DH`!X -M)*``?"2@`(`DH`"$)*``4!"@`$@FH`!@$*``3":@`&00H`!H$*``6!"@`#`0 -MH``\$*``-!"@`"P,H```@:0``8&D``.!I`"()*``C"2@`)`DH`"4)*``F"2@ -M`)PDH`"@)*``I"2@``````````````````````!Q&PT`X($!`!:?`@`````` -M``````````!Q`0G?``#H``#B```^`5<_`69``7=!`9A"`0`/C.``*^`!;/``C3``C0``C4``C1``C5``C2`!C6```Q`"0$`$PX``#E -M`7/F`02/`?^#`6F.`0^0`0"1`7V2`7V3`7U9``;]``'^`!/_``9N``1\`0V` -M`0VY`07.`0*]`0G'`1_(`1:D`1"E`1"K`1"J`1"R`1.S`1/?`0'7`0!Z`0`` -M``````,!!0`0``0`$0`2``,`"@`T`34!-@$E``H`!``/``,!.``0`!(````' -M#!,`!!.``.P2@``H$X``Z!*```,!`@$%``0`$``*``8`?`&``7,!=P&7`9D! -ME@&8`=P!)0":`9P!```````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````0````(`````````+A$O%S`0,2@R$3/R-B(X$3D7.A`[*#P1 -M/?)`(D$!2#A).$HN2RY4'%4<5AQ7'%HX6SA<.%TX8%AA6'@X>3B('(DP``M'L``(P7``!L&```Z!<``&P7``!H&```9!<``%@7``!<%P``8!<` -M`$QP``"D<```?'```'1P``#_____________________!````/__________ -M_____P,```#_____``````````#_____``````````#_____```````````# -M````$`````,`````````````````````````_P``````````````_P`````` -M`````````````````````0`````!_P```O\```,!```%_P``!O\```C_```' -M_P``"?\```K_```+_P``#/\!`/\#`0$```$!`@H!`@4$`0$&_P$!!_\!`PH' -M`0$+_P$!#/\#`/\"`P,```,$!00#!0;_`P,*!P,!"_\#`PS_`@#_`P("```" -M`@0&`@(%_P("!O\"`@?_`@0*!P(""_\"`0P%!`#_`@0$```$`0$)!`0$!@0$ -M!?\$!0;_!`0*!P0""_\$`0P%!0#_`P4%```%!`C_!04'"`4#"?\%!0;_!04$ -M_P`````````````````````%```````````````>````$````!``````(@`B -M$3,1,_#P\/#`P,#`_/S\_/[^_OZJJJJJJJJJJJJJJJZJJJJJ*/\`S*JJ``"J -MJ@#,JJH```!``,```````%``\`!0`/"JJJJJJJJJJJJJJJJJJJJJ*/\`S*JJ -M``"JJ@#,JJH``````````````%``\`!0`/"JJJJJJJJJJJJJJNZJJJJJ*/\` -MS*JJ``"JJ@#,JJH```!``,``0`#``%``\`!0`/`'````#P`````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````__\``/__`````````````/__``#__P````````````#__P``__]@)P`` -MY"<``*@G``"D)P``C"<``&PG``!,*```D"@``&PH``#,)P``K"<````````` -M````````````````````````````````````````````````````!P```````````````!`0X.````````,@@"#P,` -M`0`````````!`0X.````````(P0""@````````````#T`0`````````````` -M`````````'Q/@``````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````````````````````````````````````````$`````"0`0```*``$"<` -M`.@#``#H`P``]".``/0C@``0A(``#(2```R$@``,A(``$(2```R$@``,A(`` -M#(2```R$@``0A(``$(2```R$@``0A(``#(2``/__```!``````````````!$ -M)`$`1"0!`$0D`0`H!@$`1"0!`$0D`0!<"`$`1"0!`$S^```0!0$`1"0!`$0D -M`0!$)`$`1"0!`$0D`0!$)`$`1"0!`$0D`0!$)`$`1"0!`$0D`0!$)`$`1"0! -M`/@>`0`@'`$`4!\!`$0D`0!$)`$`1"0!`-@5`0#0(P$`"!@!`,08`0#`%P$` -MV`P!`"@,`0"($0$`7!L!`&0D`0!$)`$`P$`Z'L!`)1[`0#8>@$`$'L!`*1Z`0"<>P$``0`````````` -M``````````````````````````-````4``````$```````!4*(`````````` -M`````````````````````````````)PQ`0`%```"!````'A]@``````````` -M``$``````````@````````!G12,!!0````("`@("`@("`@("`@("`@("`@(" -M`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@(" -M`@("`@("`@("`@("`@("`@("`@$"`@("`@("`0$"`@("`@("`@("`@("`@`` -M```0`@``````````````````````````````````Z,J````````````````` -M````````````````````````````"](.T@W2"-()T@K2$M(3TA32&](`8```#_!P!4!P```/\@```````8A(`````` -M```````````````````````````````````````````````````````````` -M_P```/__________________________```````````````````````````` -M````````````````````````````````````````````````````3+$!`-`[ -M`0`4MP$`T#L!`&1N`@#0.P$`W"D!`!Q.`@!L7`$`T#L!`-`[`0`L4@(`+%(" -M`"Q2`@`L4@(`+%("`"Q2`@`L4@(`T#L!`-`[`0#0.P$`T#L!`*2;``#0.P$` -MT#L!`-`[`0#0.P$`T#L!`#Q<`0`D7`$`T#L!`-`[`0`````````````````` -M```````````````````````````````!`````0`````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````0````(````#`````````/\```#_````_P```/\````````` -M``````````````````````````#_````B!,````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````````````/____\````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`(``````````````````````````_____P`````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````````@`````````````````````````#_____```````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````"``````````````````````````/____\````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````````````(``````````````````````````_____P`````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````````````````````````````@``````````````````````````````` -M`````````````````````/\````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``#_____`````/____\`````_____P````#_____```````````/`#\``0`` -M``\`/P`!````#P`_``$````/`#\``0````\`/P`!``````````\`/P`!```` -M#P`_``$````/`#\``0````\`/P`!````#P`_``$`````````#P`_``$````/ -M`#\``0````\`/P`!````#P`_``$````/`#\``0`````````/`#\``0````\` -M/P`!````#P`_``$````/`#\``0````\`/P`!``````````\`/P`!````#P`_ -M``$````/`#\``0````\`/P`!````#P`_``$``````````````*L````````` -M```````````````````````````````````````````````````````````` -M`````````````````````````````````````````````````````````.H* -MH@I>"AT*X`FE"6T)-PD$"=,(I`AW"$L((@CZ!],'K@>*!P`````````````` -M```````````````````````````````````````````````````````````` -M`````````````````````%1,```"````!````'A]@`````````````````"P -M3```!0````0```!X?8``````````````!0```PD#"0````````````````<` -M```>`````P```/____\````````````````````````````````````````` -M``````````````````````!F9@X``````&9F"@!F9@8`9F8&`&9F`@!F9@(` -M9F8^`&9F/@!F9CH`9F8Z``````!F9C8``````&9F,@``````9F8.```````` -M````9F8&```````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````````````````````````````````````````````D`"0D) -M"0D)"0D)``D`"0`)```)```````````````````````````````````````` -M``````````````````````````````````````````````#(!8`````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````#['8P`,Q$``````````!$````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````0%!@<("0H+#`T.#Q`J*RPM+B]*2TQ-3D]0:FML;6YO<(J+C(V. -MCY"JJZRMKJ^PR\S-SL_0T=+3U-76U]C9VMO#C($&QY?#C(%(!Y@#C(&)1YB#C('*AYC#C((+QYD#C()-!YE -M#C(*.1YG#C(+/AYH#C(,0QYI#C(-2!YJ#C(.31YL#C(B4$`-(``D8$`/(#$F -M<$`2(#0H`$$4(#$J$$$7(#$L($$9(#$N,$$<(#,P0$$>(#$R4$$A(#$T8$$C -M(#$V<$$F(#,X`$(H(#$Z$$(K(#$\($(M(#$^,$(P(#-`0$(R(#%D8$1?(C!F -M<$1B(C)H`$5D(B]J$$5G(B]L($5I(B]N,$5L(C)P0$5N(B]R4$5Q(B]T8$5S -M(B]V<$5V(C)X`$9X(B]Z$$9[(B]\($9](B]^,$:`(C&`0$:"(B^"4$:%(@"$ -M8$:'(BZ&<$:*(C&(`$>,(BZ*$$>/(BZ,($>1(BZ.,$>4(C"00$>6(BV12$>8 -M(@"5:$>=(BV7>$>?(C"9"$BB)"V;&$BD)"V=*$BG)"V?.$BI)#"A2$BL)"VE -M:$BQ)"T````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````/``\`#P`/``\`#P`/``\````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````````````````````````````````0`!``````#``)``T``` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````#_____H,2`````````````0$(/`$!"#P!`0@\`0$(/`$!" -M#P!`0@\`0$(/`$!"#P!`0@\`0$(/`.`'``!``0``X`<``$`!```@)P``X`<` -M`.`'``!``0``X`<``$`!```"``````````(````````````````````````` -M````````````````````````````````_&R``#SB@``8```````````````` -M`````````/____\````````````````````````````````````````````` -M````````````````````````````````````````^!,"`!P4`@`L%`(`!!0" -M`/03`@`P%`(`W!,"````````4````#`````````````````````````````` -M`$```(`Q``"`#@``````````````````````````````+@```#(````@```` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````H!X"```;`@"0'@(`C!T"`'`>`@#PJ0$`,!X"`#`;`@"X'`(`Y!H"`.@: -M`@`````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````````````````````````````````````"````````````` -M````````@````("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("` -M@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("` -M@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("` -M@("```(```````````````````````````````"```````#_```````````" -M````````````````````````````````@```````_P```````````@`````` -M`````````````````````````(```````/\```````````(````````````` -M``````````````````"```````#_```````````"```````````````````` -M````````````@```````_P```````````@`````````````````````````` -M`````(```````/\```````````(```````````````````````````````"` -M``````#_```````````"````````````````````````````````@``````` -M_P```````````@```````````````````````````````(```````/\````` -M``````(```````````````````````````````"```````#_```````````" -M````````````````````````````````@```````_P```````````@`````` -M`````````````````````````(```````/\```````````(````````````` -M``````````````````"```````#_```````````"```````````````````` -M````````````@```````_P```````````@`````````````````````````` -M`````(```````/\```````````(```````````````````````````````"` -M``````#_``````````````````"!`````````((`````````@P````````"$ -M`````````(4`````````A@````````"'`````````(@`````````B0`````` -M``"*`````````(L`````````C`````````"-`````````(X`````````CP`` -M``````#``0`````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````````````````````````````````````!(<0``&'$``)QQ -M```P<0``H'$``!!Q``!,<0``_P```/\```#_````_P```/\```#_````_P`` -M`/\```#_````_P```/\```#_````_P```/\```#_````_P```/\```#_```` -M_P```/\```#_````_P```/\```#_````_P```/\```#_````_P```/\```#_ -M````_P`````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M`````````````````!@@H``<(*``*""@`"P@H``X(*``(""@`"0@H``P(*`` -M-""@`#P@H`!`(:``1"&@`&@AH`!L(:``>"&@`$@AH`!,(:``<"&@`'0AH`!\ -M(:```````/\````````````````````````````````````````````````` -M````````""T"``4```($````>'V``````````````````*QQ```&````!``` -M`'A]@`````````````````!(+@$`"@````0```!X?8`````````````````` -MM&L```4```($````>'V``````````````````$"``0`%```"!````'A]@``` -M```````````````,@0$`!0```@0```!X?8``````````````````]"P"``8` -M````````>'V``'A]@`!X?8``M""@`&P@H```,```_X___P``````````F'V` -M`)A]@`"D(*``.""@``$```#X____``````````"X?8``N'V``*@@H``\(*`` -M$````,?___\``````````-A]@`#8?8``K""@`'@AH`!``0``/_[__P`````` -M````^'V``/A]@`"P(*``?"&@```,``#_\?__``````````#_````_P`````` -M`````````````````````````````````````````````````0#_```````` -M````````````````````````````,"R``,#3@``8``````````$````````` -M`````%`K@`"(TX``&``````````!``````````````!0;(``P.&``!@````` -M`````0`````````````````````````````````````````````````````` -M``#80(``B-F``!@``````````0`````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M````````````````````````__\``/__```````````````````````````` -M```````````````````````````````````````````````````````````` -M```````````````````````````````````````````````````````````` -M``````````````````````````\`/P`!````#P`_``$````/`#\``0````\` -M/P`!````#P`_``$````/`#\``0````\`/P`!````#P`_``(`````"P`0``L` -M"P`*``L`!H`!``@`"``(``@````(``:``0`(``@`"``(````"``&@`$````` -M``````````!(2#P\````````````````````````````````2$@\/``````` -M``````````````#_?P```````/]_````````_W\```````#_?P```````/]_ -M````````_W\``/]_``````````````````!]>79Y;WEI>7UW=G=O=VEW?75V -M=6]U:75]R%T(8\% -MAP5_!7@%CP.'`W\#>`-]>79Y;WEI>7UW=G=O=VEW?75V=6]U:75]4-R0VQ#9D-Y -M07)!;$%F07HEB-S(VTC9R-Z(7,A;2%G(7T%=@5O!6D%?0-V`V\# -M:0-]>79Y;WEI>7UW=G=O=VEW?75V=6]U:75]7EY8!W -M>7=R=VQW@'5Y=7)U;'6`7%R<6QQ@&]Y;W)O;&^`;7EM6MR:VQK@&EY:7)I;&F`9WEG65R96QE@&-Y8W)C;&.`87EA -M$5Q16M%?T-X0W%#:T-_07A!<4%K080E?25V)6\EA"-](W8C;R.$ -M(7TA=B%O(8<%?P5X!7(%AP-_`W@#<@,``````````/X```#0T+JYM[>XM[@` -M````````````````````````[[ZMWN^^K=[OOJW>[[ZMW@`````````````` -M````````````/'L```H````$````>'V```````#<"P$``````/\````$```` -M````````````````__\``#@Y``!,.0``8#D``.PX``#D.```]#@``&`X``!8 -M.```V.P``/#H``#LZ0``2.H``&SI``#,Z0``).H``"#M```T\P``?/,``"ST -M``"$]```X/,``!CT``!\]```M.D``)CI``#DZ``````````````"`@7_`@,` -M``(!`0$#`P#_`P$!`0,``@(#`@4&```"_P````,```$#``$$!``#`P4``@4& -M`0$!_P$``@(!`P`%`0(%!@````````````````````#L+`(`!@````0```!X -M?8``````````````````#"T"``8````$````>'V````````Q.3HS-CHS-@`` -M``#)``````````4"#0`(!#D4.0``.2,Y`!`,.3DY'!@Y(``*(#F70F!W/#@T -M,"PH)"`<&!00#`@$``0%!00"`@``'049`!,`````2D9-&`````3>W]\$W@`` -M`P`&!@8&!@8```````````,-,(J*.$>*BHJ*BG2*6F0`5H-L3HJ*BHJ*1TX= -MBGIZ9QIV+0`````&%!04!!04%`(4%!0`````!`8`!@0&!@8&!@8&!@8&!@8& -M`@8$``````L'`P`[-S,O*R____'____R#___\A_____R+___\C____)/___R7___\F -M`````````````````````````````(0Q````````A#$``````````````@`` -M``(````4AP$`J(P````````````````````````````````````````/`#\` -M`@````\`/P`"````#P`_``(````/`#\``@````\`/P`"(`````````$```"J -MJJJJJJJJJJJJJNZJJJJJ*/\`S*JJ``"JJ@#,JJH```!``,``0`#``%``\`!0 -M`/`````````````````````````````````````````````````````````` -M``````"JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ@`````````` -M````````````;&UN;W!QP$`).,``/Q[`0`DXP``4)(!`.@L`@```````````````````````````%CE -M````````6.4``-23`0``````('P!`(R2```@?`$`('P!`"1-`0"HY0``('P! -M`*CE``"(E`$`('P!````````````````````````````U.8```````#4Y@`` *** 527678 LINES SKIPPED *** From nobody Mon Dec 16 09:47:16 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBZq86x8Sz5hCp2; Mon, 16 Dec 2024 09:47:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBZq84f7jz4nsC; Mon, 16 Dec 2024 09:47:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DM/qHCgFHgOWFGp2FAaje9CB5ASCC9alXOACPqeLxg4=; b=rL82haaKoeZjRSUiTEW/RAYxo7CJuyyVlZqqZgJDCD2NWlW6Ynp4RsHV990oK+kWgLxcJ6 1dhSEdfMwDSe5X2ODwmsA1k/d/Zg7DLSm5LMipK9SV8ioEgdagThb7D9hw84EEHya4jrkW Rs6GMm8NtuShPk/1bs5+Q2EVb/pyIspH87jk0F5HW2y3h/Yqxt+/wV/O8EMctqFZWxM7b2 x9J+oWW2jD/5/NJXIOSVFyPadLP+4u3m7S48a7VroS1RxIUOBO53tzr+7qTy3c+uFZTfaO 33pa1F5OM/0pjZbr/4fogHiEycKMk3ZTp5GXjVj3ctNfhOgKy6ZTxvedjHu7Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734342436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DM/qHCgFHgOWFGp2FAaje9CB5ASCC9alXOACPqeLxg4=; b=JRlp5l5X0TmU7czRSQDJA7KuKMvYxH4XvNOqN3+0Z5nIT8EbYnHlt/sMQYq1UsT5WNxp2V ManfIruUt4/yHl4+xpewSRGE2m04p++3R4uNLijAg9sl1hgW67vuLb5bl74Hi7L4urg21Y +a56cJicLp01Pb6VZR4HB3G944dDEgHJ6LsW8dssjMz22UBiQ/LDk6eATJqgWVtzn+n1J4 9Hn4dY5ASWVGVD2f3wyIHQsSsi09jKg2enJisYFE2yqHJOhK+Yft2+mxtMdHPEG3vGcS9F lEhzDIfdLN0DeKXXiKsn2n3kyuUxgKp940kcxJ4kryYbV8a8lNMGqPMC22PNqg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734342436; a=rsa-sha256; cv=none; b=o9bAReZ6yctj+sSsLrQ7t4waZr+sjRXvjc0s3/gO9qjpoNXmDVN2MVlWjtzb8Zbsm4pscf NyLO5gUvePMn2LDar8WFvonFBR0jOU0gsbqAKnBnS0uYcVaAzG9shyERIZUe4paxh9sp8E K9B8FFS3vYUEhYdB0mCBGfv9zpD0fyPe/Epf9b6Vw8NDCKcCJmhCRG26bNKDaegexZDWyG G+G0aZ+TPrdjZOvxglrmy+bSE1fSsSwsGSJxxCTE3DJgvlrip+NWqYMxFQ2UeE2/QhD0+J gg+QbXtjFE+eQhRbXwxrv5T80Ir5tThgxtf5CCnlHbQxGyhhLqWXC9p77+TF0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBZq8327XzpGM; Mon, 16 Dec 2024 09:47:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BG9lGgt092496; Mon, 16 Dec 2024 09:47:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BG9lG3Z092493; Mon, 16 Dec 2024 09:47:16 GMT (envelope-from git) Date: Mon, 16 Dec 2024 09:47:16 GMT Message-Id: <202412160947.4BG9lG3Z092493@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Emmanuel Vadot Subject: git: 94e94d2dddfa - main - UPDATING: Add a notes for iwm(4) firmware and pkgbase users List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: manu X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 94e94d2dddfa43aa0aa3ad8aa3ab6d72363e4bd0 Auto-Submitted: auto-generated The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/src/commit/?id=94e94d2dddfa43aa0aa3ad8aa3ab6d72363e4bd0 commit 94e94d2dddfa43aa0aa3ad8aa3ab6d72363e4bd0 Author: Emmanuel Vadot AuthorDate: 2024-12-16 09:46:05 +0000 Commit: Emmanuel Vadot CommitDate: 2024-12-16 09:46:05 +0000 UPDATING: Add a notes for iwm(4) firmware and pkgbase users Sponsored by: Beckhoff Automation GmbH & Co. KG --- UPDATING | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/UPDATING b/UPDATING index 2a67a65a92ed..4fef13073431 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20241216: + The iwm(4) firmwares are no longer compiled as kernel modules but instead + shipped as raw files. For pkgbase users if you use iwm(4) you will need + to install the FreeBSD-firmware-iwm package. + 20241124: The OpenBSD derived bc and dc implementations and the WITHOUT_GH_BC option that allowed building them instead of the advanced version From nobody Mon Dec 16 09:52:24 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBZxK2lfwz5hCmZ; Mon, 16 Dec 2024 09:52:37 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mx.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBZxH72qZz4plN; Mon, 16 Dec 2024 09:52:35 +0000 (UTC) (envelope-from manu@bidouilliste.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bidouilliste.com header.s=mx header.b=fzRGZprh; spf=pass (mx1.freebsd.org: domain of manu@bidouilliste.com designates 212.83.155.74 as permitted sender) smtp.mailfrom=manu@bidouilliste.com; dmarc=pass (policy=none) header.from=bidouilliste.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com; s=mx; t=1734342747; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7U3yAfIy7zI0DkLvIJCgd0shjGLORZRHuav+G9c+PDM=; b=fzRGZprho5YLC8GSQbqBBurq98Q7/AYmuHhhZaR3LYAMBWWMzV5NOk1gYH6e3GC/aaV6/n kxU5nufZjdJ8DB8FJ5L6TQMgaZgtGepvGAWNLc57rlV/fetnrJO1oNLFYXaacgRbN0L3lP I7/ihZw9oMA1Zg8hU61ls16Y7XL5+wk= Received: from skull.home.blih.net (arennes-299-1-68-49.w92-159.abo.wanadoo.fr [92.159.163.49]) by mx.blih.net (OpenSMTPD) with ESMTPSA id 16e711a1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 16 Dec 2024 09:52:27 +0000 (UTC) Date: Mon, 16 Dec 2024 10:52:24 +0100 From: Emmanuel Vadot To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 11f3da565519 - main - pkgbase: Remove /boot/firmware from bootloader package Message-Id: <20241216105224.6206f0f599c43742efad7452@bidouilliste.com> In-Reply-To: <202412160947.4BG9l5t3092354@gitrepo.freebsd.org> References: <202412160947.4BG9l5t3092354@gitrepo.freebsd.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.40 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[bidouilliste.com,none]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:212.83.155.74/32]; R_DKIM_ALLOW(-0.20)[bidouilliste.com:s=mx]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEFALL_USER(0.00)[manu]; RCVD_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-src-all@FreeBSD.org,dev-commits-src-main@FreeBSD.org]; RCPT_COUNT_THREE(0.00)[3]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[bidouilliste.com:+] X-Rspamd-Queue-Id: 4YBZxH72qZz4plN X-Spamd-Bar: --- On Mon, 16 Dec 2024 09:47:05 GMT Emmanuel Vadot wrote: > The branch main has been updated by manu: > > URL: https://cgit.FreeBSD.org/src/commit/?id=11f3da5655194c46b4acdde586ac1b8d6a196994 > > commit 11f3da5655194c46b4acdde586ac1b8d6a196994 > Author: Emmanuel Vadot > AuthorDate: 2024-12-12 16:12:11 +0000 > Commit: Emmanuel Vadot > CommitDate: 2024-12-16 09:44:45 +0000 > > pkgbase: Remove /boot/firmware from bootloader package > > For now we don't ship anything in /boot/firmware, but some up coming commit > will ship wifi drivers in it and we want them to be in their own package. > > Sponsored by: Beckhoff Automation GmbH & Co. KG Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D48056 -- Emmanuel Vadot From nobody Mon Dec 16 09:52:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBZxk6VXCz5hCbW; Mon, 16 Dec 2024 09:52:58 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mx.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBZxj5Tktz4q44; Mon, 16 Dec 2024 09:52:57 +0000 (UTC) (envelope-from manu@bidouilliste.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bidouilliste.com header.s=mx header.b=TQvQAEIh; spf=pass (mx1.freebsd.org: domain of manu@bidouilliste.com designates 212.83.155.74 as permitted sender) smtp.mailfrom=manu@bidouilliste.com; dmarc=pass (policy=none) header.from=bidouilliste.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com; s=mx; t=1734342776; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nzqSDSyqVscchSoQntOASc8Hv0SWw3AVvj6Ksu4tOd0=; b=TQvQAEIhIxfvzN51wN7nYpA7Z7l13k7UUZJDjJwHIOJ9VH4QUzvIRfGgOFW/IiO7zh03Wk WH4K/j3+4aUylBzLRzMI1KQXxC+alnXRvTQZ+ECxFvMu9nd1R0DjnzLZgGgy+mf3b3TAsD tRJEwR20LZWZEyy5KDqJLYgScxiqiaQ= Received: from skull.home.blih.net (arennes-299-1-68-49.w92-159.abo.wanadoo.fr [92.159.163.49]) by mx.blih.net (OpenSMTPD) with ESMTPSA id 874085aa (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 16 Dec 2024 09:52:56 +0000 (UTC) Date: Mon, 16 Dec 2024 10:52:55 +0100 From: Emmanuel Vadot To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: af0a81b6470a - main - iwm: Stop shipping firmware as kernel module Message-Id: <20241216105255.c144942dbfef6aadf2d2cc32@bidouilliste.com> In-Reply-To: <202412160947.4BG9l7AP092415@gitrepo.freebsd.org> References: <202412160947.4BG9l7AP092415@gitrepo.freebsd.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.40 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[bidouilliste.com,none]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:212.83.155.74/32:c]; R_DKIM_ALLOW(-0.20)[bidouilliste.com:s=mx]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; FREEFALL_USER(0.00)[manu]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-src-all@FreeBSD.org,dev-commits-src-main@FreeBSD.org]; RCPT_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[bidouilliste.com:+] X-Rspamd-Queue-Id: 4YBZxj5Tktz4q44 X-Spamd-Bar: --- On Mon, 16 Dec 2024 09:47:07 GMT Emmanuel Vadot wrote: > The branch main has been updated by manu: > > URL: https://cgit.FreeBSD.org/src/commit/?id=af0a81b6470aba4af4a24ae9804053722846ded4 > > commit af0a81b6470aba4af4a24ae9804053722846ded4 > Author: Emmanuel Vadot > AuthorDate: 2024-12-12 16:13:58 +0000 > Commit: Emmanuel Vadot > CommitDate: 2024-12-16 09:44:47 +0000 > > iwm: Stop shipping firmware as kernel module > > Since we can load raw firmware start shipping them as is. > This also remove the uuencode format that don't add any value and garbage > collect old firmwares version. > For pkgbase users they are now in the FreeBSD-firmware-iwm package. > > Sponsored by: Beckhoff Automation GmbH & Co. KG Reviewed by: adrian, cy Differential Revision: https://reviews.freebsd.org/D48057 -- Emmanuel Vadot From nobody Mon Dec 16 12:10:59 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBf0z6Cqnz5hLqG; Mon, 16 Dec 2024 12:10:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBf0z5jwLz43v6; Mon, 16 Dec 2024 12:10:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734351059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TEJ8ZNzhucq43di1OuXeuRjJrNiwqSKwRoT+cRzwvOg=; b=ms4hj++tMNvs2+R1wynHK0hOKy/EbbkuEBA0rLcCDZ0jnTQmcSA3Fb+aQ6TlB1mPZwDbaD SrTjmUZ35R2G6TKWwlvqnNiaLlwdDZAnng6OwxWWt6A9NxlbKNU38YCq4LFqImrp0AOlgP 8fhvNPv50HduEbPdu6DEaT3uHSMg8GWAG2eCwzJBAqATgDqQk/t56qbNWnFw7YYjWbh8/o k4qUBj9uNypY+v9b+FnRabb6ZqSzFF17r9qh/qsiTmvMEyzGjE7aYuicXGOCa7A6mGP3Ua 7FYr9iIxXVzDsJwCQqY5L10L0gL4I4sObo9e6leYW+Cd9lu1HIQ5E7fR2rh6uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734351059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TEJ8ZNzhucq43di1OuXeuRjJrNiwqSKwRoT+cRzwvOg=; b=vQXyI3WUUrCJPWmFzWPNBLY35Kpr5klPxOYmws8FfzG1hr/GXfI0dzkCGDffytqtGrd7+8 TwDKAZlV+YkLVoE57sONPznzaA7yqxhDEY0J6j//CrAvYCwYoUFKgp5p+unQ1hKXVC2MTV uGWyH1ASmQUKwFG92j+S7qWztpp80n1qqyNGkGVzQOvZtxxIO8mNX69Q+GxDPphCbLhjmZ Wl0RXg9O2iqcoTo3J9uMS5WKuFL+8hTNHLfd5JRiZ8SMybIw+/zVY9ZpeapXsKS72nFpa1 eSOk+AH49vlG5zwZmyk6woPp+ZHxLEUodqAGtDNVD5HZEmwi9COGqzNYzoq7GA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734351059; a=rsa-sha256; cv=none; b=eyZS2grCe5h+xzl+pVtukvZRMSaMN1yXF7sH2Y4eudFGv9lBxE6tJZMogPMy06gJL/YefE wLQMZ8FcgyXjll5PFVZHSs2PVg2GKSrxmcPQgWRpVX8NMeJZxGp9kNLOa4q69+3cWHSv+K UI6jG3JQt+QwWy3dw3KbejmVxwWq4v4m8O9p37Ya1Bi7G/iPdPy19ZXozMgQ91FQTDX43Z RyQC+JM9ATA6t0Sm0pJyUvp5ICwnLe5K6oFGwzSng+KhCibjm/9ZJQmqy2efA0u8CFS2Gg yL4DNu4Nz82FpLT+Muwk0DOoZdGHJ9l1dJke9kIt11vJVBw5PgE+ivipl/vSvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBf0z5Jv7zs8S; Mon, 16 Dec 2024 12:10:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGCAxFS064430; Mon, 16 Dec 2024 12:10:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGCAxgR064427; Mon, 16 Dec 2024 12:10:59 GMT (envelope-from git) Date: Mon, 16 Dec 2024 12:10:59 GMT Message-Id: <202412161210.4BGCAxgR064427@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: f87074000873 - main - ip6_output(): if mtu is not yet computed for ipsec hook, use ifp mtu List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f8707400087361394703271b412477ff41583ab6 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=f8707400087361394703271b412477ff41583ab6 commit f8707400087361394703271b412477ff41583ab6 Author: Konstantin Belousov AuthorDate: 2024-11-27 14:27:42 +0000 Commit: Konstantin Belousov CommitDate: 2024-12-16 12:10:29 +0000 ip6_output(): if mtu is not yet computed for ipsec hook, use ifp mtu Sponsored by: NVidia networking --- sys/netinet6/ip6_output.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 7eea64bb6344..9e4985cdc6cd 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -798,7 +798,8 @@ nonh6lookup: error = ENOBUFS; goto bad; } - if ((error = IPSEC_OUTPUT(ipv6, ifp, m, inp, mtu)) != 0) { + if ((error = IPSEC_OUTPUT(ipv6, ifp, m, inp, mtu == 0 ? + ifp->if_mtu : mtu)) != 0) { if (error == EINPROGRESS) error = 0; goto done; From nobody Mon Dec 16 14:45:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQl6Dhpz5hW32; Mon, 16 Dec 2024 14:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQl4JR2z4bqT; Mon, 16 Dec 2024 14:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/PjNT42VezlWyi5yFYd3WIEJ3eJ6GZL0ejfmwXk3p4c=; b=ED6/QXOrZ2MKUW6neP9BRnV0wYVyMIBu65T7qgZY4zjm1SYPgC8ovG3rklLG7FoUB+mLVF Qi0m1MOw6QUvZgWfB/8xzEGFHvrQTZ8BO+vHl6ycnJLM0t5SEGQjOTgYTxI/DEiDxUsVeI 2W0/LOZCCoVxJSIIplTl6+nZ/+4S33njhdyZKxOy9XDq4SMgiLjjw45P3U42ianXErM2p/ qXN0HoWFE8qOdnbkImjUBNGA8tmuvxydfgxc8dfkwHsM6KH1Ku/kiZEKDEc2RgwW/K43Ym j1k9BWfhx8hS4mjBIz7uoL7j7nJF6uzYk7+CkWsF6a1nPtaDJ4duK8fFGaSlTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/PjNT42VezlWyi5yFYd3WIEJ3eJ6GZL0ejfmwXk3p4c=; b=wYvN9dfGZ7zcsr0KSVhvFa4NVKkPOJNfaC542sBqGO5vIUriYp/8pfKLZpO23Zm9l+BBln eBa2i/0hwJki3Bqvo4q++4GUH7VHjnF9EDmUlMgJJ6D7IQ4onrvJvE1HbLHktf5hyqGKy+ HXJrK952CipHeG3PMCx1omxpZUXx7pW1wNyg/1xLleUkT02JAhnNzgwwjm3wd2jvPzljk9 fV+QsZ2XC0Xbe+bVOEuynK12zmLfQ0e32c+p2Y6NMMyZtL6N+A5tv2/wwBsJOU9D5e17jN aroA1ipaD1nmay78I9BV5m1kgsRxdw5Kn6FO0ZfQnGW2KvA5ITLCGkexVvLb0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360303; a=rsa-sha256; cv=none; b=iknYvCe3jRoykHClKku2UAdTyuBtYS1cjoIDeeLdEInfcrdRiEbXVu4TBxmDoAWnl2spp1 cuPDPsGfMqOvpUJqPYb1DzD5O9V2zD9PVk9MgCK5f6eKO1166uQBjIhGoY4XES0a35Eoae NCmjj1JnzH0X6TnmnSwBh6QOnOgYd+SjBNLnYKtklt+R8V+crKM3KLwgxyCpy8dFJmP1qv ITP8DN1vXx2QmFemeGkqDF8QshiGjqe8A6Tgov/+r78S61ypzjOEORUgrAkbvxy9e2CCz9 MqEsMOVLMcMLYBGdVYYj7OtuS4xDSAmE8N3FS6AucxcNWB2juslee+1BdWDqqw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQl3pBVzxnG; Mon, 16 Dec 2024 14:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj3mN050943; Mon, 16 Dec 2024 14:45:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj3ln050940; Mon, 16 Dec 2024 14:45:03 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:03 GMT Message-Id: <202412161445.4BGEj3ln050940@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 4a26b63145a5 - main - osd: Constify signature of osd_register() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4a26b63145a5e18610aa9050262e3b4f75aa7117 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=4a26b63145a5e18610aa9050262e3b4f75aa7117 commit 4a26b63145a5e18610aa9050262e3b4f75aa7117 Author: Olivier Certner AuthorDate: 2024-07-01 17:10:47 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:20 +0000 osd: Constify signature of osd_register() This makes it clear that 'methods' (if not NULL) points to an array that won't be modified. Internally, this array is indeed copied into the given OSD type's larger array of all methods for all slots. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46886 --- share/man/man9/osd.9 | 4 ++-- sys/kern/kern_osd.c | 2 +- sys/sys/osd.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/share/man/man9/osd.9 b/share/man/man9/osd.9 index 95547f5211c2..5e0e482914c3 100644 --- a/share/man/man9/osd.9 +++ b/share/man/man9/osd.9 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 26, 2016 +.Dd October 07, 2024 .Dt OSD 9 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fo osd_register .Fa "u_int type" .Fa "osd_destructor_t destructor" -.Fa "osd_method_t *methods" +.Fa "const osd_method_t *methods" .Fc .Ft void .Fo osd_deregister diff --git a/sys/kern/kern_osd.c b/sys/kern/kern_osd.c index dcd80a948ea7..93809ccab8e5 100644 --- a/sys/kern/kern_osd.c +++ b/sys/kern/kern_osd.c @@ -90,7 +90,7 @@ osd_default_destructor(void *value __unused) } int -osd_register(u_int type, osd_destructor_t destructor, osd_method_t *methods) +osd_register(u_int type, osd_destructor_t destructor, const osd_method_t *methods) { void *newptr; u_int i, m; diff --git a/sys/sys/osd.h b/sys/sys/osd.h index 498cad5064f9..5d59ce5a3d9a 100644 --- a/sys/sys/osd.h +++ b/sys/sys/osd.h @@ -55,7 +55,7 @@ typedef void (*osd_destructor_t)(void *value); typedef int (*osd_method_t)(void *obj, void *data); int osd_register(u_int type, osd_destructor_t destructor, - osd_method_t *methods); + const osd_method_t *methods); void osd_deregister(u_int type, u_int slot); int osd_set(u_int type, struct osd *osd, u_int slot, void *value); From nobody Mon Dec 16 14:45:04 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQm70S0z5hVvL; Mon, 16 Dec 2024 14:45:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQm4rztz4bt3; Mon, 16 Dec 2024 14:45:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360304; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eyTrHsk+hX6yLh3kwFWjqcUidf+furqAquhm2usY7pc=; b=S16V0FwWp8n5Eoz764cfJ40/kBOKuHfgFp+oM7hdeQGKhz+8NgJZhkHUFSS0Fcwd8EDtQM LCuADAcfCu+EdY9W+fZIYlGeCCcgF+1D+sFbFFo+DR1wOH0Cr4hG29+4dExqnHKdLoKmxc jvCex9IFmwFfcOe67ytMfJcchuqZ6bSexPtCjw4SNUzmZwW2KyYCI/uQN2esBhwklKgeim dICj5JKanrOzgFlQZho/5Taxw7+WVJHzIC9Nn6uqUIES6dmLwN307lp+0fAcEW1+/jQ9GB N91YSsDKBNvkekkjLPT/WatHfbI8LKrOWxnEAstR/Jo6TQ+ke65737oZ8rEiOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360304; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eyTrHsk+hX6yLh3kwFWjqcUidf+furqAquhm2usY7pc=; b=nHAQfEGKcoJhCUpV4tFUz/M0oCKCr5mB76kh1DntvnH67EUGjbONFMvbm6uw0O1zmxnzBZ p4g5IUadJOx9SS7e2S2hFo9wAzifSSC1L62IVPcOf/RZU0xHJ5t68DES3ecg5uu0/oKGJ4 QUqR0MMLglW81i5CjxXlBmhPzL/9guBtM3q2vbwT7eXRb8WFXMzmJ0M9qwDJPjg76hKcfL HmsH2iOynnSWSAdgSGX96dvnnU5ug5vzxnhwTsAm/rwe11ROo2fI0azF6wMzKsplxYSet4 5QLN8sfoBSLsx+hiwrwS7nA+O2/NiHSOtCSy3ImbHe0iEBYVdzwyI5BKY1Es4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360304; a=rsa-sha256; cv=none; b=OiF0rl53l+Oet8dtOMN2s+ChUo++eA95vRaRgGmiIzlQKpr1f5TV4WOm3PJ0CSZswEOKRu J5MKAkPintbU3+XsbM2qlleLHc+NRyAYqIB4j2I/6rgNmLBIHZoK3XfXlwg8offlTPCmDx Nw3NpYrWXlGEpgY3s1syAHcsemPDlnUg81xr3ZpPCslCYVnjG4/im/TmwyZtLoMV15uo0a P/CcPgO88iTvsH4utH3YZAh272YHcu/Z4H2EbOumbuQh4J7qQQ246dn98WM1bugYLEvDdj deI33WlYlXT6618z3daONLGI726UxeBiwrlqdFw/M7Ji6tUQJttXq1n+jhBp1g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQm4T0XzxB5; Mon, 16 Dec 2024 14:45:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj4UF050979; Mon, 16 Dec 2024 14:45:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj410050976; Mon, 16 Dec 2024 14:45:04 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:04 GMT Message-Id: <202412161445.4BGEj410050976@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 5e9a82e898d5 - main - atomics: Constify loads List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5e9a82e898d55816c366cfa3ffbca84f02569fe5 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=5e9a82e898d55816c366cfa3ffbca84f02569fe5 commit 5e9a82e898d55816c366cfa3ffbca84f02569fe5 Author: Olivier Certner AuthorDate: 2024-07-19 15:23:19 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:26 +0000 atomics: Constify loads In order to match reality, allow using these functions with pointers on const objects, and bring us closer to C11. Remove the '+' modifier in the atomic_load_acq_64_i586()'s inline asm statement's constraint for '*p' (the value to load). CMPXCHG8B always writes back some value, even when the value exchange does not happen in which case what was read is written back. atomic_load_acq_64_i586() further takes care of the operation atomically writing back the same value that was read in any case. All in all, this makes the inline asm's write back undetectable by any other code, whether executing on other CPUs or code on the same CPU before and after the call to atomic_load_acq_64_i586(), except for the fact that CMPXCHG8B will trigger a #GP(0) if the memory address is part of a read-only mapping. This unfortunate property is however out of scope of the C abstract machine, and in particular independent of whether the 'uint64_t' pointed to is declared 'const' or not. Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46887 --- sys/amd64/include/atomic.h | 2 +- sys/arm/include/atomic.h | 8 ++++---- sys/arm64/include/atomic.h | 2 +- sys/i386/include/atomic.h | 28 ++++++++++++++++------------ sys/powerpc/include/atomic.h | 6 +++--- sys/riscv/include/atomic.h | 4 ++-- sys/sys/_atomic64e.h | 2 +- sys/sys/_atomic_subword.h | 4 ++-- sys/sys/atomic_common.h | 20 ++++++++++---------- 9 files changed, 40 insertions(+), 36 deletions(-) diff --git a/sys/amd64/include/atomic.h b/sys/amd64/include/atomic.h index a8faedd58123..e0801d0880e0 100644 --- a/sys/amd64/include/atomic.h +++ b/sys/amd64/include/atomic.h @@ -304,7 +304,7 @@ __storeload_barrier(void) #define ATOMIC_LOAD(TYPE) \ static __inline u_##TYPE \ -atomic_load_acq_##TYPE(volatile u_##TYPE *p) \ +atomic_load_acq_##TYPE(const volatile u_##TYPE *p) \ { \ u_##TYPE res; \ \ diff --git a/sys/arm/include/atomic.h b/sys/arm/include/atomic.h index 33116d0a6aee..f3313b136656 100644 --- a/sys/arm/include/atomic.h +++ b/sys/arm/include/atomic.h @@ -608,7 +608,7 @@ atomic_fetchadd_long(volatile u_long *p, u_long val) } static __inline uint32_t -atomic_load_acq_32(volatile uint32_t *p) +atomic_load_acq_32(const volatile uint32_t *p) { uint32_t v; @@ -618,7 +618,7 @@ atomic_load_acq_32(volatile uint32_t *p) } static __inline uint64_t -atomic_load_64(volatile uint64_t *p) +atomic_load_64(const volatile uint64_t *p) { uint64_t ret; @@ -637,7 +637,7 @@ atomic_load_64(volatile uint64_t *p) } static __inline uint64_t -atomic_load_acq_64(volatile uint64_t *p) +atomic_load_acq_64(const volatile uint64_t *p) { uint64_t ret; @@ -647,7 +647,7 @@ atomic_load_acq_64(volatile uint64_t *p) } static __inline u_long -atomic_load_acq_long(volatile u_long *p) +atomic_load_acq_long(const volatile u_long *p) { u_long v; diff --git a/sys/arm64/include/atomic.h b/sys/arm64/include/atomic.h index f7018f2f9e0b..998a49c02e60 100644 --- a/sys/arm64/include/atomic.h +++ b/sys/arm64/include/atomic.h @@ -465,7 +465,7 @@ _ATOMIC_TEST_OP(set, orr, set) #define _ATOMIC_LOAD_ACQ_IMPL(t, w, s) \ static __inline uint##t##_t \ -atomic_load_acq_##t(volatile uint##t##_t *p) \ +atomic_load_acq_##t(const volatile uint##t##_t *p) \ { \ uint##t##_t ret; \ \ diff --git a/sys/i386/include/atomic.h b/sys/i386/include/atomic.h index f48ad55b8029..4bb74b7ada01 100644 --- a/sys/i386/include/atomic.h +++ b/sys/i386/include/atomic.h @@ -249,7 +249,7 @@ atomic_testandclear_int(volatile u_int *p, u_int v) #define ATOMIC_LOAD(TYPE) \ static __inline u_##TYPE \ -atomic_load_acq_##TYPE(volatile u_##TYPE *p) \ +atomic_load_acq_##TYPE(const volatile u_##TYPE *p) \ { \ u_##TYPE res; \ \ @@ -302,8 +302,8 @@ atomic_thread_fence_seq_cst(void) #ifdef WANT_FUNCTIONS int atomic_cmpset_64_i386(volatile uint64_t *, uint64_t, uint64_t); int atomic_cmpset_64_i586(volatile uint64_t *, uint64_t, uint64_t); -uint64_t atomic_load_acq_64_i386(volatile uint64_t *); -uint64_t atomic_load_acq_64_i586(volatile uint64_t *); +uint64_t atomic_load_acq_64_i386(const volatile uint64_t *); +uint64_t atomic_load_acq_64_i586(const volatile uint64_t *); void atomic_store_rel_64_i386(volatile uint64_t *, uint64_t); void atomic_store_rel_64_i586(volatile uint64_t *, uint64_t); uint64_t atomic_swap_64_i386(volatile uint64_t *, uint64_t); @@ -353,12 +353,12 @@ atomic_fcmpset_64_i386(volatile uint64_t *dst, uint64_t *expect, uint64_t src) } static __inline uint64_t -atomic_load_acq_64_i386(volatile uint64_t *p) +atomic_load_acq_64_i386(const volatile uint64_t *p) { - volatile uint32_t *q; + const volatile uint32_t *q; uint64_t res; - q = (volatile uint32_t *)p; + q = (const volatile uint32_t *)p; __asm __volatile( " pushfl ; " " cli ; " @@ -447,8 +447,12 @@ atomic_fcmpset_64_i586(volatile uint64_t *dst, uint64_t *expect, uint64_t src) return (res); } +/* + * Architecturally always writes back some value to '*p' so will trigger + * a #GP(0) on read-only mappings. + */ static __inline uint64_t -atomic_load_acq_64_i586(volatile uint64_t *p) +atomic_load_acq_64_i586(const volatile uint64_t *p) { uint64_t res; @@ -456,9 +460,9 @@ atomic_load_acq_64_i586(volatile uint64_t *p) " movl %%ebx,%%eax ; " " movl %%ecx,%%edx ; " " lock; cmpxchg8b %1" - : "=&A" (res), /* 0 */ - "+m" (*p) /* 1 */ - : : "memory", "cc"); + : "=&A" (res) /* 0 */ + : "m" (*p) /* 1 */ + : "memory", "cc"); return (res); } @@ -514,7 +518,7 @@ atomic_fcmpset_64(volatile uint64_t *dst, uint64_t *expect, uint64_t src) } static __inline uint64_t -atomic_load_acq_64(volatile uint64_t *p) +atomic_load_acq_64(const volatile uint64_t *p) { if ((cpu_feature & CPUID_CX8) == 0) @@ -842,7 +846,7 @@ atomic_swap_long(volatile u_long *p, u_long v) #define atomic_subtract_rel_ptr(p, v) \ atomic_subtract_rel_int((volatile u_int *)(p), (u_int)(v)) #define atomic_load_acq_ptr(p) \ - atomic_load_acq_int((volatile u_int *)(p)) + atomic_load_acq_int((const volatile u_int *)(p)) #define atomic_store_rel_ptr(p, v) \ atomic_store_rel_int((volatile u_int *)(p), (v)) #define atomic_cmpset_ptr(dst, old, new) \ diff --git a/sys/powerpc/include/atomic.h b/sys/powerpc/include/atomic.h index 0c3a57698342..015a283e2de7 100644 --- a/sys/powerpc/include/atomic.h +++ b/sys/powerpc/include/atomic.h @@ -502,7 +502,7 @@ atomic_readandclear_long(volatile u_long *addr) */ #define ATOMIC_STORE_LOAD(TYPE) \ static __inline u_##TYPE \ -atomic_load_acq_##TYPE(volatile u_##TYPE *p) \ +atomic_load_acq_##TYPE(const volatile u_##TYPE *p) \ { \ u_##TYPE v; \ \ @@ -534,10 +534,10 @@ ATOMIC_STORE_LOAD(long) #define atomic_store_rel_ptr atomic_store_rel_long #else static __inline u_long -atomic_load_acq_long(volatile u_long *addr) +atomic_load_acq_long(const volatile u_long *addr) { - return ((u_long)atomic_load_acq_int((volatile u_int *)addr)); + return ((u_long)atomic_load_acq_int((const volatile u_int *)addr)); } static __inline void diff --git a/sys/riscv/include/atomic.h b/sys/riscv/include/atomic.h index aaa7add6894b..bf9c42453d8b 100644 --- a/sys/riscv/include/atomic.h +++ b/sys/riscv/include/atomic.h @@ -121,7 +121,7 @@ ATOMIC_FCMPSET_ACQ_REL(16); #define atomic_load_acq_16 atomic_load_acq_16 static __inline uint16_t -atomic_load_acq_16(volatile uint16_t *p) +atomic_load_acq_16(const volatile uint16_t *p) { uint16_t ret; @@ -312,7 +312,7 @@ ATOMIC_CMPSET_ACQ_REL(32); ATOMIC_FCMPSET_ACQ_REL(32); static __inline uint32_t -atomic_load_acq_32(volatile uint32_t *p) +atomic_load_acq_32(const volatile uint32_t *p) { uint32_t ret; diff --git a/sys/sys/_atomic64e.h b/sys/sys/_atomic64e.h index f7245dafb98a..82fe817f307b 100644 --- a/sys/sys/_atomic64e.h +++ b/sys/sys/_atomic64e.h @@ -55,7 +55,7 @@ int atomic_fcmpset_64(volatile u_int64_t *, u_int64_t *, u_int64_t); u_int64_t atomic_fetchadd_64(volatile u_int64_t *, u_int64_t); -u_int64_t atomic_load_64(volatile u_int64_t *); +u_int64_t atomic_load_64(const volatile u_int64_t *); #define atomic_load_acq_64 atomic_load_64 void atomic_readandclear_64(volatile u_int64_t *); diff --git a/sys/sys/_atomic_subword.h b/sys/sys/_atomic_subword.h index dad23383f642..dee5a3bed871 100644 --- a/sys/sys/_atomic_subword.h +++ b/sys/sys/_atomic_subword.h @@ -176,7 +176,7 @@ atomic_fcmpset_16(__volatile uint16_t *addr, uint16_t *old, uint16_t val) #ifndef atomic_load_acq_8 static __inline uint8_t -atomic_load_acq_8(volatile uint8_t *p) +atomic_load_acq_8(const volatile uint8_t *p) { int shift; uint8_t ret; @@ -189,7 +189,7 @@ atomic_load_acq_8(volatile uint8_t *p) #ifndef atomic_load_acq_16 static __inline uint16_t -atomic_load_acq_16(volatile uint16_t *p) +atomic_load_acq_16(const volatile uint16_t *p) { int shift; uint16_t ret; diff --git a/sys/sys/atomic_common.h b/sys/sys/atomic_common.h index 83e0d5af583d..e03cd93c2d4a 100644 --- a/sys/sys/atomic_common.h +++ b/sys/sys/atomic_common.h @@ -36,18 +36,18 @@ #include -#define __atomic_load_bool_relaxed(p) (*(volatile _Bool *)(p)) +#define __atomic_load_bool_relaxed(p) (*(const volatile _Bool *)(p)) #define __atomic_store_bool_relaxed(p, v) \ (*(volatile _Bool *)(p) = (_Bool)(v)) -#define __atomic_load_char_relaxed(p) (*(volatile u_char *)(p)) -#define __atomic_load_short_relaxed(p) (*(volatile u_short *)(p)) -#define __atomic_load_int_relaxed(p) (*(volatile u_int *)(p)) -#define __atomic_load_long_relaxed(p) (*(volatile u_long *)(p)) -#define __atomic_load_8_relaxed(p) (*(volatile uint8_t *)(p)) -#define __atomic_load_16_relaxed(p) (*(volatile uint16_t *)(p)) -#define __atomic_load_32_relaxed(p) (*(volatile uint32_t *)(p)) -#define __atomic_load_64_relaxed(p) (*(volatile uint64_t *)(p)) +#define __atomic_load_char_relaxed(p) (*(const volatile u_char *)(p)) +#define __atomic_load_short_relaxed(p) (*(const volatile u_short *)(p)) +#define __atomic_load_int_relaxed(p) (*(const volatile u_int *)(p)) +#define __atomic_load_long_relaxed(p) (*(const volatile u_long *)(p)) +#define __atomic_load_8_relaxed(p) (*(const volatile uint8_t *)(p)) +#define __atomic_load_16_relaxed(p) (*(const volatile uint16_t *)(p)) +#define __atomic_load_32_relaxed(p) (*(const volatile uint32_t *)(p)) +#define __atomic_load_64_relaxed(p) (*(const volatile uint64_t *)(p)) #define __atomic_store_char_relaxed(p, v) \ (*(volatile u_char *)(p) = (u_char)(v)) @@ -124,7 +124,7 @@ __atomic_store_generic(p, v, int64_t, uint64_t, 64) #endif -#define atomic_load_ptr(p) (*(volatile __typeof(*p) *)(p)) +#define atomic_load_ptr(p) (*(const volatile __typeof(*p) *)(p)) #define atomic_store_ptr(p, v) (*(volatile __typeof(*p) *)(p) = (v)) /* From nobody Mon Dec 16 14:45:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQp0L0hz5hW5m; Mon, 16 Dec 2024 14:45:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQn5ppZz4c6p; Mon, 16 Dec 2024 14:45:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360305; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=m/Jx3TeaH2cEFxLCOm6w7/jJezDoP2MSNXCsQ8ucsgE=; b=VQiQhEBHRviBEKyip/2CYK1ESQOkLquGc7hWsiK6ajxcpJdkUC50JmiwgDTB6Jgq86y5iv DfYL82c261eK2Vkjcr9FuJu3alhMQEX1uVad1UOyjnn05SvTK66dpy98rUh8UwGO8vXx3i 6Nz/NS80vsy3qRlYrw3fIW9Qy0jbzjrtxHooCoSxYySupkTKZTQ4E0x4jt69F7kisIZKy4 naDf2uETqtvWGyu0/iLWpI75kTtm2iOhhmFAJZrtroZVlmZ41cKKiiMQQ4bPLGw5nm7Vcq zSDWkq1vEXCe7LbwWAMUuZIjrCFtunaecwImLdLkQZMUslvdapYEdy+L2EJ5dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360305; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=m/Jx3TeaH2cEFxLCOm6w7/jJezDoP2MSNXCsQ8ucsgE=; b=tVE13wJaQKXHnSu363NQUBDBkonpylOjeP/nynF3OW3dDNbmABsZXrzs9H/nn3L86NhBm4 DgH8BjRG0beybn11fNZUF2SIPEMW15EpLjdriQ3OWogPTuS2C5vwujU87b7Qaf9H06Ohss i+gjDNWbHImy1X2iPjBarj8Whx/4HvZujjhBCM9Cdtf8+V/FJjBouHUY9B79X6PvcJZRfo g9y09nJkFgIoI7DuNGTc1b+i2Gk/9Afltx5Hwv//pqScuyiftsVv3VPj+ZRLTFVIV5VgOK rO57kFWowc7/ky2Iqt06iwiKQbvUbY8euKvgfM9gwgW3oKe3RxVq0kE0QqAz6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360305; a=rsa-sha256; cv=none; b=IrsNGTybBYproMwDki91LBGXJpta9EZ+obESWArFazQ5uzPWgTX3haugbT3ykcXQ0EisIH XAHz4Go6XyHjibmMgICCwl2Bcz5XQSGL1BAsB2xSjsBqjSEHTneIMzmtkdQYMrhxCJ+dof 8ZF4INCbISuj8e7WtyYWLRgCk6oT3/RnShZHc3m1tc9ReMGACvBLEeb6t0njHiOk+Ep1gu 1rx2DrXVA03ABR6J5gDwN3xdH0yB3Aya/ZCVBw+vGuUuK8MkkH2Epc1ZksGpvE/blu3aIj WS+8pcawKbFxovXvSIgo7W5ZhLMRrnrxS6RhWV9NGUWj6GDwJQ8KKFPCFfPDSg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQn5RHvzxkX; Mon, 16 Dec 2024 14:45:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj5hu051015; Mon, 16 Dec 2024 14:45:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj554051012; Mon, 16 Dec 2024 14:45:05 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:05 GMT Message-Id: <202412161445.4BGEj554051012@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 9dc5b3dbb063 - main - refcount: Constify refcount_load() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9dc5b3dbb063f55543ff8a0619eee2e294fb7dc5 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=9dc5b3dbb063f55543ff8a0619eee2e294fb7dc5 commit 9dc5b3dbb063f55543ff8a0619eee2e294fb7dc5 Author: Olivier Certner AuthorDate: 2024-07-19 15:23:45 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:26 +0000 refcount: Constify refcount_load() Reviewed by: markj Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46888 --- sys/sys/refcount.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/sys/refcount.h b/sys/sys/refcount.h index ae0ec44fd7a6..42c435399132 100644 --- a/sys/sys/refcount.h +++ b/sys/sys/refcount.h @@ -64,7 +64,7 @@ refcount_init(volatile u_int *count, u_int value) } static __inline u_int -refcount_load(volatile u_int *count) +refcount_load(volatile const u_int *count) { return (atomic_load_int(count)); } From nobody Mon Dec 16 14:45:06 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQq1xXgz5hWS4; Mon, 16 Dec 2024 14:45:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQp6x81z4c6x; Mon, 16 Dec 2024 14:45:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7V32KNxniWCY2IjQ6esp4cCTjN/tiBFqIjrMktLRG7Q=; b=g8jA7m0LWwYaXpgDVo4oDZaX/nsYJkdGQj+1Y2DxNIIzqtCDI1j1aTZ3pC0kEhGzQFf5rm +rDWlyD/PitW+qL3jFNJh/XYRj72NW9vEcl0CF51PpadnEaZZAFnkjz/b0ROh1HbbOtDDT Eg6jFYlWOLCpQlZ58yZO3PUEezJdZAKMisOwLCHLbZs33ThusXAw36d6omRyj4ebAsIzv+ 1zrM9WnmwAXff0Y0hIDagh3SX9bPULVCtIBW/EFkD6yTcqhv6JESB2y8NatvQg2Ekzg9zh q3N2agJ9H9E6VHx85ECt0fT6QIQYKwHZJeqOokjoxJEo1vE8oG1ux7T2tkx8DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7V32KNxniWCY2IjQ6esp4cCTjN/tiBFqIjrMktLRG7Q=; b=egjGMUKSh4pFlvBrD345cFiGrkCbbpIvE9Eafe67M/g1lSjV9Hd9wE2aFPhKnYDQk/FgIO sb3SAeMraWXgdMkAeQ0mR6awxqWfSH8zB2oiP5dTa3P1MmOAShu1bN+y/SiT/6KeKhLBVl wPt0DZw/OUlkh1kpOQsmH1djW0kw2bR3NCeycyq3R1jKiT4eF23VFAB1LZp/bQnrzlaO7y 2sW3hzZldXOBRgioQf5D0UQ4fvhYYp1XmUkZPz6isIft6tmW6h9ly8d8ZMiGw+yQETkKBB xytDKlFKa6PFKHLzdx9XbTPZLNxjTEpGkCC0KWUd7rGCaVLA5vSt7iyjq2/TnQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360307; a=rsa-sha256; cv=none; b=l+bdkWe4QXErAegrCnwIO5YttJnucC1DaFcJRFeXZnWi71vkNKAcGHDqJegtGhUqqrw9ig 5iy6xr+vs4yuxhRlu8uzQDlbJlXdAD5o3OPXX6LAtK6JYk6LHbMP9y1foaiOZP5+AHEr9X 247rFALalYrjgeglLURIBFzisSZbz3rkUZfnzMev+vHn0MnhtoETdtj9WJpKtGJzKy492H 5mUeNGZMArylc4IrrbahkEHHVIsXfGOducyDqjf52zs8cMXph42MUeFxRtsOVr6xuo7AR9 VNIKdiEGqP0zY1YJsoEIGQ04BbSW4AGvCdhUkPCpQB2nBDpxRWEHCkVenb/gMQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQp6VQ4zxB6; Mon, 16 Dec 2024 14:45:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj6st051064; Mon, 16 Dec 2024 14:45:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj6x3051061; Mon, 16 Dec 2024 14:45:06 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:06 GMT Message-Id: <202412161445.4BGEj6x3051061@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 34740937f7a4 - main - queue: New debug macros for STAILQ List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 34740937f7a46c7475bb57e804701ba8830bf6ed Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=34740937f7a46c7475bb57e804701ba8830bf6ed commit 34740937f7a46c7475bb57e804701ba8830bf6ed Author: Olivier Certner AuthorDate: 2024-07-08 16:15:49 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:26 +0000 queue: New debug macros for STAILQ The new STAILQ_ASSERT_EMPTY() macro allows callers to assert that some STAILQ is empty. It leverages the new QMD_STAILQ_CHECK_EMPTY() internal macro. QMD_STAILQ_CHECK_EMPTY() is a check for empty STAILQ, where heads's 'stqh_last' field must point to the 'stqh_first' one. Use it in STAILQ_ASSERT_EMPTY(). QMD_STAILQ_CHECK_TAIL() checks that the tail pointed by 'head' does not have a next element. It is similar to the already existing QMD_TAILQ_CHECK_TAIL(), but without the superfluous 'field' argument and clearer documentation. Use it in STAILQ_INSERT_TAIL(). Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46889 --- sys/sys/queue.h | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/sys/sys/queue.h b/sys/sys/queue.h index 0479d780fd85..8a1c6cd7afbb 100644 --- a/sys/sys/queue.h +++ b/sys/sys/queue.h @@ -339,6 +339,40 @@ struct { \ /* * Singly-linked Tail queue functions. */ +#if (defined(_KERNEL) && defined(INVARIANTS)) +/* + * QMD_STAILQ_CHECK_EMPTY(STAILQ_HEAD *head) + * + * Validates that the stailq head's pointer to the last element's next pointer + * actually points to the head's first element pointer field. + */ +#define QMD_STAILQ_CHECK_EMPTY(head) do { \ + if ((head)->stqh_last != &(head)->stqh_first) \ + panic("Empty stailq %p->stqh_last is %p, not head's " \ + "first field address", (head), (head)->stqh_last); \ +} while (0) + +#define STAILQ_ASSERT_EMPTY(head) do { \ + if (!STAILQ_EMPTY((head))) \ + panic("stailq %p is not empty", (head)); \ +} + +/* + * QMD_STAILQ_CHECK_TAIL(STAILQ_HEAD *head) + * + * Validates that the stailq's last element's next pointer is NULL. + */ +#define QMD_STAILQ_CHECK_TAIL(head) do { \ + if (*(head)->stqh_last != NULL) \ + panic("Stailq %p last element's next pointer is %p, " \ + "not NULL", (head), *(head)->stqh_last); \ +} while (0) +#else +#define QMD_STAILQ_CHECK_EMPTY(head) +#define STAILQ_ASSERT_EMPTY(head) +#define QMD_STAILQ_CHECK_TAIL(head) +#endif /* (_KERNEL && INVARIANTS) */ + #define STAILQ_CONCAT(head1, head2) do { \ if (!STAILQ_EMPTY((head2))) { \ *(head1)->stqh_last = (head2)->stqh_first; \ @@ -347,7 +381,11 @@ struct { \ } \ } while (0) -#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) +#define STAILQ_EMPTY(head) ({ \ + if (STAILQ_FIRST(head) == NULL) \ + QMD_STAILQ_CHECK_EMPTY(head); \ + STAILQ_FIRST(head) == NULL; \ +}) #define STAILQ_FIRST(head) ((head)->stqh_first) @@ -389,6 +427,7 @@ struct { \ } while (0) #define STAILQ_INSERT_TAIL(head, elm, field) do { \ + QMD_STAILQ_CHECK_TAIL(head); \ STAILQ_NEXT((elm), field) = NULL; \ *(head)->stqh_last = (elm); \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ From nobody Mon Dec 16 14:45:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQr3Wddz5hWS5; Mon, 16 Dec 2024 14:45:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQr0mqcz4bqr; Mon, 16 Dec 2024 14:45:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360308; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xID18P8s1twDmP5UHsWgaEnDg7qP/LqtMOjqOG+GQmU=; b=CWm1epvAC7SkiwgEqz+LjyL5Rv5/cBQXYB5hGWEl64bGOZACtFmVhc9lfvSNj9fBh75FSh U5cXfzzZBXqcFOPu4/LSRnrobFNp/GyvfxES9dvRylbfD77Y81G4dnsfeeQeUehKeMQbov GppLDv0Kb4c1mHocaJ4ZW+yNDYM/G28vMYrh1reynX+az284ggxnMfS2KJk4rvTlFNQJtT rpIcUfWNY2WwidwbRXxnStSwOZdawkI29Nk+pYLMvd8vaODM2WCQT65clKzbyYoPtS8g5g m6cBOR2U1gxXu9RgEcW7nm2mLl29u8/H4q2H8Y+9FQPtyNIuNUZbn5Z5vOokKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360308; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xID18P8s1twDmP5UHsWgaEnDg7qP/LqtMOjqOG+GQmU=; b=t5m4Jm9Rp2gPognBuA1rABNFQtjCjdXoysjD+Tnzl/LQREbGeAYQbg5oNviTeCxX5uTTwf 99DuRDqF0gppRjvLm4ofZuY5S1rr2C5hnhRxUPwaYMk0msaJ1GPEzsJkYuadbLzSdEF41a W5GiI+U+MlOTPl9yAwtSnB9vLjCMFAsOc1+6oUNOHU9B78CTJhDdyZlo/dApPOUr/S2zk3 dJBjG4X686ABqi52adaMVWhxOX1vcv7FjGOeTH1A+FqVmAZOOBPKn33BeJLd5nvrnvzLuP yoOIfrVycABuXZZPX4lK2ryofx0LWenqMz8vhkgi6wFqYuBcWSiVsJPAl/rIcA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360308; a=rsa-sha256; cv=none; b=ILFScktOhCUWXAtlpOeT/9nBW2WuVlbQel7SPsMIEvPzjXy0n3jZ5wvYJMr0hC0FJ+fmPx 9YCEXRdsjgbPptUdNfEs2EPBh/UapzQw03RsMN/3w7eRiAgCKK6zmrcS3SLb8U63Spfah0 1scm9ybCcl9F15NMzVwnf3TyRrjhHFOTmk3xUCpZp01ayIXM4XU30WQMAe9R2hkoapaAet se/BJMen8EqRm8wQm8rK5dLFsOEK0ue/BOV6TKukFtJFF1XDll5ma4GDeK/3enecHHwZpY t/ZT2swcXzP/fq7WbbC8LTQOydCGOTxNnJZJzMwRqwLQW10T311cgezdQBPBvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQr0KWRzxWk; Mon, 16 Dec 2024 14:45:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj7CE051109; Mon, 16 Dec 2024 14:45:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj7T9051106; Mon, 16 Dec 2024 14:45:07 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:07 GMT Message-Id: <202412161445.4BGEj7T9051106@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 5140ccf2268b - main - MAC: mac.h: Fix missing includes/typedefs List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5140ccf2268b0e771c89e46f46c60e1fee7637c3 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=5140ccf2268b0e771c89e46f46c60e1fee7637c3 commit 5140ccf2268b0e771c89e46f46c60e1fee7637c3 Author: Olivier Certner AuthorDate: 2024-07-29 14:21:52 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:26 +0000 MAC: mac.h: Fix missing includes/typedefs This fixes inclusion from userspace, and also kernel inclusion for source files not including explicitly nor implicitly . Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46896 --- sys/sys/mac.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/sys/sys/mac.h b/sys/sys/mac.h index facdc14c332d..ae8d8d38f17b 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -47,6 +47,13 @@ #ifndef _SYS_MAC_H_ #define _SYS_MAC_H_ +#include + +#ifndef _SIZE_T_DECLARED +typedef __size_t size_t; +#define _SIZE_T_DECLARED +#endif + #ifndef _POSIX_MAC #define _POSIX_MAC #endif @@ -72,6 +79,13 @@ typedef struct mac *mac_t; #ifndef _KERNEL +#include /* For __BEGIN_DECLS and __END_DECLS. */ + +#ifndef _PID_T_DECLARED +typedef __pid_t pid_t; /* process id */ +#define _PID_T_DECLARED +#endif + /* * Location of the userland MAC framework configuration file. mac.conf * set defaults for MAC-aware applications. From nobody Mon Dec 16 14:45:09 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQs5rSlz5hWKF; Mon, 16 Dec 2024 14:45:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQs1KFHz4cJH; Mon, 16 Dec 2024 14:45:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gsCnBrYNFiD9u21c8gl6Uf39jZv0Ae9cJane4vF7vCs=; b=q3jX9htiKknvaUse54+q/xS4RvVpsiK164n/jQ9A5nVjhhip3J4cepvyst1PnMoPeNB2Gj ymHrts23rQOHOBB8FzTovuIl6v2Hzp5LWBrjv0j8gCN3cbVvtu1ICOjLgbrSTCq32CCNQK Y3QBEfLev+h+Q4EaStYMuGzX9hGNYSWF3KRVm+CnA0TVTM+bio8iWK7NzRlJFoxssziMh3 xrjZPQ3KTtZTx9gJxM6nW/TUCn5+vfm5sPwvLl15omZnlkMdnIHwMH4aplb0EO5yR2JbaR +2fpvDX9YzlFZVfhQF6GvhvVsHknvYlH1Gv95FOk2AP9rie+MeTwDOjIyWtEVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gsCnBrYNFiD9u21c8gl6Uf39jZv0Ae9cJane4vF7vCs=; b=yIM8/pUxkrQIqYYIa9Ag8DTKVvQTGw8DuamUsS1+GuqWk65AqqV6PbSpKFzIlbmCcZneEl USXiJAUQXeOTI4yd8Tdsugx9RWkm4HbE+gU4jv2ZsfidAAbVaAmOsiL5rQIVK9jrGHCEwF d0t/eOPwKb3Mh0ayvhmzJpIlttjqMJK6v3fhnSWJIY2tYQNyZJiRvALN/EhKZgaIO7TZHy XWpBoQE5GB2cLtXzAGkC4xpH/LN5CAHBaVmbRGQuLGGxbvIxa1hU1dMiE4uk9D3AFwyyR5 24MNm/0gOO50SPfSYIybWvHUUS2qmtFEiWTQZHSDlKNdYeN/ypHZ1FfRidnPDQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360309; a=rsa-sha256; cv=none; b=JjG8jwCIlkhInBTVqIBWDQIsNJao4pp8k9ua/1mCvbtBQuDlmoFoa8Y+RwBm/HOlH/SuIX MzFXHoyuU2bSwqAgHt78GG380cbS329h0gpl0eoIUUXAq7IydptCTjfVbFOeIgP2ySJSXx GHHJluCujEIbaWnZEh4aMonsMflkpwCzs5P9xXecK39KA7ZW2rkBzuS42m9JZOS6Gk2gyX FnWHB9Dlt8Y0RT9lGnkrtEWkzV/kC7TS3QYwmV9yAr1f/zv5zSAZarcG59thjYZ9bSwrgi 5dSYYXtXzgRWkIFxUUIYl61jZ4y2v0IBzjJ9nPhT4Ro/v3f++XA9cVpZQiD89g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQs0vWJzy07; Mon, 16 Dec 2024 14:45:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEj9gH051157; Mon, 16 Dec 2024 14:45:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEj9sK051154; Mon, 16 Dec 2024 14:45:09 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:09 GMT Message-Id: <202412161445.4BGEj9sK051154@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: b47f4718c072 - main - MAC: mac.h: Separately test inclusion from userspace List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b47f4718c0725f4ea2e8f88359e86661e8dc4a38 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=b47f4718c0725f4ea2e8f88359e86661e8dc4a38 commit b47f4718c0725f4ea2e8f88359e86661e8dc4a38 Author: Olivier Certner AuthorDate: 2024-07-31 08:52:50 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:26 +0000 MAC: mac.h: Separately test inclusion from userspace Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46897 --- tools/build/test-includes/badfiles.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/build/test-includes/badfiles.inc b/tools/build/test-includes/badfiles.inc index 1d648819cd8c..5f088d3862aa 100644 --- a/tools/build/test-includes/badfiles.inc +++ b/tools/build/test-includes/badfiles.inc @@ -75,7 +75,6 @@ BADHDRS= \ sys/lockf.h \ sys/lockmgr.h \ sys/loginclass.h \ - sys/mac.h \ sys/mbuf.h \ sys/md4.h \ sys/md5.h \ From nobody Mon Dec 16 14:45:10 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQt2jDLz5hW38; Mon, 16 Dec 2024 14:45:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQt22pmz4cJS; Mon, 16 Dec 2024 14:45:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360310; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WhFU8kYgm+eYtXoRif81kx6JTUv8zJriK2506U2hRy0=; b=hZpHh6YQDuSPoJOT76q9PZgZhpJWWw8wdMdqarMC+fuWTshS9R1TF7FEOZ2cMF7p5z/xH8 JnI+oMrNg0oCyPtYBfEGg2i+HsxVdFb9tYJqO4h6k8q2Iv2dbOpEWwwwJ5aVdtJt02lRsr 2OKbYiiJ7YQNHNQPuX/xbCP8C/+R7O02kk6Nb/JeL3t9v0NGvLNtODzaT0dvD9diql7HcL jukhRc0bR6XPrnJcf8PKosqMoXksMqTjHcMRSizFJ1TRGZ+sFeygpsVh5B9cUbif+HrP+l cwWs9NM3wrd6neUNGBY28hyDKQY9+6FbE08v3I/KL3KS38nwSe8JCGnb6JtyMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360310; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WhFU8kYgm+eYtXoRif81kx6JTUv8zJriK2506U2hRy0=; b=Xi7OsNZsjVHzgM4OCw9i0Bkb09f9sPBr9oouXQcFXNQcErhotxx2vus5aghGbeG+n2gRVR Cu9vlt6UyFGD2uFYyFzUPeq15pr5XPF2y/0fmTeWUOnRjemsHO8LEp0JacnRBLc7+FS3fn 0ZdwHT92D6yzSZb6LaRpKv2s42MeCslqshfxuFNp3i7xUqlmCseF/Vt0MRyUEw5ps+RfcO Hi4A2CvPaUPEqwHCOgM5TVR9G2VpmKrlOkcAORvefKXvdWGuAFDSf6om8kaKiqdCwD2Eby FJNIyGga/DGyJB8UeLrhrIACha+a2SnDfHAYFJZrduNUk0h+tclp20iBeKblZQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360310; a=rsa-sha256; cv=none; b=bQK2cO3PQJJk1+TTvLb7RxnUR+mDbvnL044/DUEYqZeksE8k+Q3sjf6KRUtR+0L3K+wKuz sFYRgUXPnnbezAE2x6XCj8sJHa3vS4uDydofH8guwe30U9LaJtqBR43xO9C7XWfxyc6dpI Duw4oc72wxrHXjkqaEwufO79QRooiUyv0vaRR+KguQoHpKNkfhzpnwim7phGNvlyzr89qd HUhs7674mUZ6IbYsznm0kbxx02hL7SD/4hr37iu9p6zvORoDtGqMBEsvfzfqsvzJAoMpuT 6+p3yZS4lf6ZGU2i4LzHpJic+zU+2XVqlUy9sodTdufs7DO2mIR+zGQDFzQN2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQt1g0XzxWl; Mon, 16 Dec 2024 14:45:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjAAk051211; Mon, 16 Dec 2024 14:45:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjAFn051208; Mon, 16 Dec 2024 14:45:10 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:10 GMT Message-Id: <202412161445.4BGEjAFn051208@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 90678c892d7b - main - MAC: 'kernel_mac_support' module: Make an outdated comment more generic List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 90678c892d7b3a90339b7fc19fde16c64fe3cb70 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=90678c892d7b3a90339b7fc19fde16c64fe3cb70 commit 90678c892d7b3a90339b7fc19fde16c64fe3cb70 Author: Olivier Certner AuthorDate: 2024-07-03 14:23:38 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:27 +0000 MAC: 'kernel_mac_support' module: Make an outdated comment more generic No functional change. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46898 --- sys/security/mac/mac_framework.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 78c7c1ac6bd1..e290f837e297 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -105,7 +105,7 @@ SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD MAC policy controls"); /* - * Declare that the kernel provides MAC support, version 3 (FreeBSD 7.x). + * Declare that the kernel provides a specific version of MAC support. * This permits modules to refuse to be loaded if the necessary support isn't * present, even if it's pre-boot. */ From nobody Mon Dec 16 14:45:12 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQw5Wmqz5hW5r; Mon, 16 Dec 2024 14:45:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQw434lz4cM8; Mon, 16 Dec 2024 14:45:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pvcrisfaaKKAXoW14lrX+aOG4q1u1/zGwpr+KqifeG4=; b=uGqmj+lXr7wurk9EgjTOqo5CkfwHdOmXxfst7Qrahg7o88lGE9M6FFmIotqIuo8xvLkjg8 XU2CjnGWPhQnk2Sn+tXHy84pkrz3/8PRlFKwO6LMCza35wFK7+/zrPttLPBLe3pmX9QR0o zT1TZHd53KK5ykmWAnrdn4NLrxZVRuKS+D4lZKyciv1Sjkjjaih8qflkDWFIWVcXidzg+1 BI0JQHG2K0gLG+vsGC9NSiOCkspeQIJnY6FJZEQh3rSHh7d+JCen0lgYowfdFC4RIL0piA Lxlcex8SgBVhnbTM3ZL+Hm8OQnmNYSSy6OGjQiEE+B5/9StOQ8UMOPZbsvxfmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pvcrisfaaKKAXoW14lrX+aOG4q1u1/zGwpr+KqifeG4=; b=U20YwAhgIQ0N5fXAmegUdaf/z3bMqApG1fYfiQoDiQauX4dy7H1MmS9pFxPOZ+kdOufRyR eLs6wYcALlPQD6kWnHi71AMeImrp98H1/ysPVYFpyjRr2Axeu+1Kn20GFgh6TiuWq5nqnQ NmvkyikqZJtD0q62mdL0OqE0rqwsTRCM4gzyiyaLd2yAMQGmbQ75G2D7E+mvu3erOffjpX 1JIvsa7p2qEKyPIdfi3Mue+WKtCWeikJzpidC5HU3ZzlNTBeftpOOdJNs2ZRKoJt3uAYRb UFTW9gETNPWhhmvNOpWya8pbQkQt1IcOkFpfFjllLDKg1IiwkZNoK6T8UxTYFg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360312; a=rsa-sha256; cv=none; b=ULrkjz2vRP0NeVFfd30L6JFBIQ5Jx70nDgbYdC6e6TBpJW+++YhBiTbDC4ojK99MIHnpht c/gUq6RA3FJQs1E0SZLjml0eNesX125vrISBeNf2qm+t7Un2mxcvQqXavNw03HhwTIR5wX J7OEV2lX1oXhcP1hhfkConPLTvlvOkM/cZnQey9mmoNGdh82Ykh2othEQ2bb9NzTkJN6vz uPVuyIQcGRc67aZSqkG21TXQP3HnJHqZVG9SeE0HNbE8NFwCMOIHvDofdwkK0BOc60D0i6 P4VlyHXDBsW6dj+CjD0grGcIYLdxUnPnFCW3NLgRp+D+C1LL51hFhD0E/FuT+Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQw3gD6zxkY; Mon, 16 Dec 2024 14:45:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjCdU051334; Mon, 16 Dec 2024 14:45:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjCIA051331; Mon, 16 Dec 2024 14:45:12 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:12 GMT Message-Id: <202412161445.4BGEjCIA051331@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f8fe6bc73bbb - main - jail.h: Fix whitespace in the param macros declaration block List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f8fe6bc73bbbced506a02ed88783c0c0bb9b49e4 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f8fe6bc73bbbced506a02ed88783c0c0bb9b49e4 commit f8fe6bc73bbbced506a02ed88783c0c0bb9b49e4 Author: Olivier Certner AuthorDate: 2024-07-04 09:01:10 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:27 +0000 jail.h: Fix whitespace in the param macros declaration block Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46900 --- sys/sys/jail.h | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 31928be73502..a5a99e03a27d 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -379,26 +379,26 @@ extern struct sx allprison_lock; SYSCTL_DECL(_security_jail_param); #define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ - SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ - (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ - SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ - CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ - sysctl_jail_param, "A", descr) -#define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ - SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ - CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ - sysctl_jail_param, fmt, descr) + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ + sysctl_jail_param, "A", descr) +#define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr) \ + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ + sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_NODE(module, descr) \ - SYSCTL_NODE(_security_jail_param, OID_AUTO, module, CTLFLAG_MPSAFE, \ - 0, descr) + SYSCTL_NODE(_security_jail_param, OID_AUTO, module, CTLFLAG_MPSAFE, \ + 0, descr) #define SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr) \ - SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, \ - CTLFLAG_MPSAFE, 0, descr) + SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, \ + CTLFLAG_MPSAFE, 0, descr) #define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \ - SYSCTL_JAIL_PARAM_NODE(module, descr); \ - SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ - descr) + SYSCTL_JAIL_PARAM_NODE(module, descr); \ + SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ + descr) /* * Kernel support functions for jail(). From nobody Mon Dec 16 14:45:11 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQv4lgDz5hW7w; Mon, 16 Dec 2024 14:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQv32fSz4c7m; Mon, 16 Dec 2024 14:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SV0rxFEFRHa4wYYqCsg7j9q8jCZbj93rFLGKBW8IphY=; b=jaQ1yAWnVzVLMbK+4CxNvEA3GVmesWpcWx0qk0H2is+qn2nntGIpXahOKRHq14vu5WrR1m SN2+VMd49B61ObArNJCzKHD8nYMxEsKw2BR3wtrUONjVVvLPcVaTJlFKp5R0YL0v8XX1nc na1HdBlldnrGRVqS7gEiu26mXC6ose4DSGZZQSO7W7lZXzGKJ/H+ngVGT9zAD7hxmHrON5 U10Nl4OkmzMfoGpeJnrgsis/pdiRyf0mYWfJBJ9aPZzNlHPod+pJ/99BXE1FFC98DvYj1d u/KohVs3ZBoJ6QAUVybrEcMtUjPSnS3GSGmeb1SmNqilQ+C4/X3AvSai+pUTQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SV0rxFEFRHa4wYYqCsg7j9q8jCZbj93rFLGKBW8IphY=; b=YSLkpvnFrrjstzBTBHdtbAhbucAp+QzRlZT2zrYyqOJFRkgK4TxIaz7Jc16k8ZfT0TaENN WwSod9mH4Nt0kGkvlUa7GoYXlvkJ058oKpEaqKA9kTRMlaTf+njh49/ObaEEA6rfHiRT8C ZfiqXyN/rSed7xqwn5AlURMotA8WirpYQWzc7QwhNkFwjI/WjB1N6ljnTn1BCGmFCmuSbv lA5gF7chAGcv6MYd8gQ8M5snV9+jJJ/XRJDQZvK8u+IVskYC4iEINosxDfuOztECCVO4Iu I5T7SB9uVoXQfcnlc5hmBjN7b8eV7DWFqyQKeIamnik6IBOZAZRhrZ5bAT9e9w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360311; a=rsa-sha256; cv=none; b=wpIqAFSJ7MAfmR5bZsEAiuaA7ts7rbalaLQBx0Ekat4YCzWChFubUUdw5Cu6CX7Tpwhagj mT8T1cqVIqu7JMtnfpIVdPaxP/4j2Ixbk7Yp2XQ4c6g5yNWG8kCOR0SeZ4R3v2hV2z6N0e X8PjAKwdoDDfDoO1swC5oZ/KxHavO271DQ0ERstWICR4TgL2KKSKJfkNKmZYPQ7Rw8xOv1 l338Xt28ifF1UMTAG6obryyTKXTKBkL1vXrvaSM6Z4Lo6RDKQRZyhdJciXHIt6IY6NF2tG Rtx1neEb+L6cR7pu4564xwZQ8DyNiJBUjuvxt8F3Da1jzOGhaUQI//JeIzHVpg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQv2fd0zxH4; Mon, 16 Dec 2024 14:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjBdA051268; Mon, 16 Dec 2024 14:45:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjBwU051265; Mon, 16 Dec 2024 14:45:11 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:11 GMT Message-Id: <202412161445.4BGEjBwU051265@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 5041b20503db - main - MAC: Define a common 'mac' node for MAC's jail parameters List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5041b20503dbb442cc9ebd0a6e4db26905102c72 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=5041b20503dbb442cc9ebd0a6e4db26905102c72 commit 5041b20503dbb442cc9ebd0a6e4db26905102c72 Author: Olivier Certner AuthorDate: 2024-07-03 14:30:19 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:27 +0000 MAC: Define a common 'mac' node for MAC's jail parameters To be used by MAC/do. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46899 --- sys/security/mac/mac_framework.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index e290f837e297..d742b5dcbc3a 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -71,6 +71,7 @@ #include #include #include +#include #include #include #include @@ -104,6 +105,11 @@ SDT_PROBE_DEFINE1(mac, , policy, unregister, SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD MAC policy controls"); +/* + * Root sysctl node for MAC modules' jail parameters. + */ +SYSCTL_JAIL_PARAM_NODE(mac, "Jail parameters for MAC policy controls"); + /* * Declare that the kernel provides a specific version of MAC support. * This permits modules to refuse to be loaded if the necessary support isn't From nobody Mon Dec 16 14:45:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQy3L4Kz5hWMr; Mon, 16 Dec 2024 14:45:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQx6M3Cz4cPp; Mon, 16 Dec 2024 14:45:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360313; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0ztWvEuS4KoFTT3uA+iU7YUy3YJkRdkQWhwhkrOttP8=; b=R7Mcy1qSwOD5ks1jc2QmuAnIIQ4D9jdnLHpImlsN+VwK2XpWVkVTV2apM4zu0W4419iDZI 4K1kaYYFXUKqv5+EXKcbFYkT33ivgF5eoBdPpvZfs27L5KSfLRC1jCDPReBROvQirWhAVe sA0kCcQdcUzsPzwy/X0YCQ3TrFL5gskcESuzKxZGhmDhK5Tz3nGQaruFW4SwEpZXlOAKKY nWcoXLxYws3hBujSK8lw23GwZOidSxaBtDujHodATn0wyftdNV7DpEjRiicA3ew5ai6L1k Z74u/BZquAWf9Tgul5mharnh8dCkW9eYUJT46VZj8HLtW3IG7EZgAlFVeE66vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360313; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0ztWvEuS4KoFTT3uA+iU7YUy3YJkRdkQWhwhkrOttP8=; b=R2/O/yv/pLUYb3s7whV/igHXqp3/AnmefKDroLXCjL1CtstIse3yYJTv5cfUIYYKqprCUB luB3/PFsoTVStdrQjB6wMbex9gOvk2He+xOh9LGETZYktH0wNvcN9PSD3DuucGaX2k0IlI QFSXJm+Bk9jJTA0Kh7JuMrYGyYOqIWMBKk5GIdk5jAnr2LUJV/k51tVFEc88b6cnUAD/o1 gnKbntwi8DwSHKiknoM4JW64+s9bWCqGci+bePzYjN0iFdOjgZvNKOk+EoWLB8Eqb2fF4k 8d2zv9+GFKCmblY1wunANW8JJCH2nfGjgJHLktIkIu+IS11UBGN1y0tzL517FA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360313; a=rsa-sha256; cv=none; b=iG+dIwTon6kB/L+Envv+FYq5vsS/CYaJCIyKImJ6edcZNNCgYXtsFIawP0sMU31jnqm3TV 8XM0/qT5Vz6PS1HvMhhXWAYBUNCj+PRo391MvsH02uhQH39cOO/vnhX59wN6ZqD+QUZvX0 XvFXfOwbbJ7T6RYfw6EKo0Jx1rQ4Ieq+Uexzvs3rx7XcFNBatL3lAdFZlSakYFaBMc7LVW vLjMhqwhE0yYKvJRwAuT0cr1NFxeKFTJHBmHrBP2HWc4F1qbsxZ8QKvu89wYCURuo6dJOb KQc+UuaSxpUzErtshWwEZOt0Mo1zI6PqbZNpbvLcj01SrHiDqwgN94OPX15BgQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQx4dWHzxWm; Mon, 16 Dec 2024 14:45:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjD71051390; Mon, 16 Dec 2024 14:45:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjDnu051387; Mon, 16 Dec 2024 14:45:13 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:13 GMT Message-Id: <202412161445.4BGEjDnu051387@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 9f8020e65ba8 - main - jail.h: New SYSCTL_JAIL_PARAM_SYS_SUBNODE() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9f8020e65ba8f2398bf79505037b75670340e5fa Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=9f8020e65ba8f2398bf79505037b75670340e5fa commit 9f8020e65ba8f2398bf79505037b75670340e5fa Author: Olivier Certner AuthorDate: 2024-07-04 09:05:44 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:27 +0000 jail.h: New SYSCTL_JAIL_PARAM_SYS_SUBNODE() Same as SYSCTL_JAIL_PARAM_SYS_NODE() but allowing another level of hierarchy. To be used with MAC policies, so that they can have their own node under "security.jail.param.mac". Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46901 --- sys/sys/jail.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/sys/jail.h b/sys/sys/jail.h index a5a99e03a27d..94533ef1e8b5 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -399,6 +399,10 @@ SYSCTL_DECL(_security_jail_param); SYSCTL_JAIL_PARAM_NODE(module, descr); \ SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ descr) +#define SYSCTL_JAIL_PARAM_SYS_SUBNODE(parent, module, access, descr) \ + SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr); \ + SYSCTL_JAIL_PARAM(_##parent##_##module, , CTLTYPE_INT | (access), \ + "E,jailsys", descr) /* * Kernel support functions for jail(). From nobody Mon Dec 16 14:45:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjQz0GgVz5hWSB; Mon, 16 Dec 2024 14:45:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjQy5nb7z4cFN; Mon, 16 Dec 2024 14:45:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360314; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vh5+t6w0pKCvg2WcTHHNny2mTPeDy4qw6L9zkV0IXIw=; b=W01x4JuW9zGVfBRc2M1tZGhyhZnioEnPQbWDJ222p9ZXjbo/UNZ9VquO307mpTnduhQp/y VaXkWQGyHI1zsidQv165Y7/zgHEPyk42WKIT45I+duD9oc0s5wd1l7WuC2hjQxq/EHfnem ec4B+yvWmgEG6g+UxwWrAFJ8MUhq3Vq2VWZHK4yiGYL7tvwzE2kTnX6U7iGsOlVDHBQJua gSPIK3/VadJPd/cN5QQdD9Fuy7Et5ISsotYyk8P3GahmbEgMkqFhToCyb5i7qJEJPUg7hm SlRXVRtWJ93521c/gRzPorIh9dOCmPxg91D7YVDXhce2Ax5rGzmJT8ccioRDZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360314; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vh5+t6w0pKCvg2WcTHHNny2mTPeDy4qw6L9zkV0IXIw=; b=iVjAfRzJms9ah1JXWnn4yH6U2s7B8qcuG43/1nxL5FMZoN+KGAWS18DAdEk5FGd/itW1Ew i3h+eTo8Hu6Pj8p4wOJjIXi4TlOXOAtOAFgtD2F2vuEKSAMi7wRGF+FvqqK7giIO+rmQls YXtq9QIjUorcr1/Q/hF3aJqu8flRRSDSledDK2PI9Z8AgAIboIOrTZmD4KhRUtcPpfBLuq AlMsbu3BFsDJa6Zv14eJQ5Cd6wOXORxxjEyxfPvnn7tfl6RXtAy/2t/5ySbqgmUHQj+OCK XQ5p4tUqOzB964tmdh0pn1mX6HOSKRMMRAji78JQ9CYlqpurf7sKdXKDtNN4+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360314; a=rsa-sha256; cv=none; b=B9guWsgKrstP3HsSpwfmAEXA+ykJb8S6BWDf6d7GBuWcIramn5BOAIGukFUOnMYcpNYUKj CuoPoOXE6jzXs8g77CVQdr7BDcds6Jztk0wwhxo5znLCNjCVQwIkCMdZ8X6AT3LpTF7vsJ zvJRzkdf9wjUdjL82Slg9hK0tThxwEgw19kSk7XjMGRh+vmvkpIICwDY6ASWKy7eUZYZVk DXMzDUn+DMLr8A/UnNLgXSDClPomSYiGO/WRFUppmIy/QcLXnxRC6wSaAjRrBnO1iEOauK k8paskheR07T46AqC8Rm8d6twJk6y61cv5+eCZcY7+j2Mh0J7naLvteKN+jGmQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQy5PqMzxWn; Mon, 16 Dec 2024 14:45:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjEtV051426; Mon, 16 Dec 2024 14:45:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjELw051423; Mon, 16 Dec 2024 14:45:14 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:14 GMT Message-Id: <202412161445.4BGEjELw051423@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f7bda491ef05 - main - jail.h: New SYSCTL_JAIL_PARAM_DECL() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f7bda491ef05717fb4fe6c89083485599db951b8 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f7bda491ef05717fb4fe6c89083485599db951b8 commit f7bda491ef05717fb4fe6c89083485599db951b8 Author: Olivier Certner AuthorDate: 2024-07-04 09:50:04 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:28 +0000 jail.h: New SYSCTL_JAIL_PARAM_DECL() Like SYSCTL_DECL(), additionally prepending the well-known jail parameters' sysctl prefix. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46902 --- sys/sys/jail.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 94533ef1e8b5..72799dbf172f 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -378,6 +378,8 @@ extern struct sx allprison_lock; */ SYSCTL_DECL(_security_jail_param); +#define SYSCTL_JAIL_PARAM_DECL(name) \ + SYSCTL_DECL(_security_jail_param_##name) #define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) From nobody Mon Dec 16 14:45:16 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR12xpDz5hWKQ; Mon, 16 Dec 2024 14:45:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR10lpTz4cVT; Mon, 16 Dec 2024 14:45:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tw2Cm8pSM8O/ocFc3uFd7rF0yF/7jwgs+E0kHKAQR48=; b=dJWGEHsU+3Ppubh5ivPFrL9ysoCW6u2jmrOqxecZ3+hd3n8PtHMJhgDhs6Rp7tu3jUex58 Q0cCEA67zT6akM6X6r0NAZvHOWmiS8Wyl1B5qKd2cSAJ31MpCvCA1A2AiN00kGSpvzRLaW Myp9oV8dxgcD43BJAz1ZjujTdY+SazA+F3DWLrhcGZYcrq5DpRiHfTypv22TZ0zaAMYA5s RmOUZAS+x1GESfB0Dz3nDdECpPnSSgX3UaGBJ9w5wPMUhVmGbDDD8yVfyGebZj9DMng3yf P7Fa3+tu/roiJgDVllsO8/B8fcXcXLdKlUvtU3x8SsoND08p08eZ9HNlLJuinw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tw2Cm8pSM8O/ocFc3uFd7rF0yF/7jwgs+E0kHKAQR48=; b=GHbxaPmIif2h/GmAHItRExB8Q+5X4a/nhCxME9RvepXij3KOv1+W1/G/P1MeeiWS5ti9Hg sz4zDCxzY9aEV44zbsdwTzuPraJ8+ktMjVRYzlv7HSJhFRQIcwOdncAHSZh4YNqdS69sEX Z5s7wbuYPu0Xk8ejxC8tHlGldBrhDB7L+xzIlsA1dfc8PSVLg/ApHajKFBZm9z96gl4hZm +kPfcnmkjbBipKljgXGmKlhAd2emUloLjpoUX/lzbck9fYGzk8Ze2VW7rg3tUSSS0IO5EK HAZUd97uWlfflZt1OYe2P6k5e0YbpwcVomMjx+TUB6c+gQmBtXYMXr6zRaLlFg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360317; a=rsa-sha256; cv=none; b=Im7bH4X9vcStQVhgkpks/sE1vLmnKU2UK25DnOOfe0NY1hWiQ7K3eCrXgmgZawSR9+LJlC 1/uK0mEXwRwbWx6WQAcjgIH/hV/yF/NVLWYVonxfPRwCiXMHviCDSNIZQrewkqGDZ6dzB4 uuFZmt3OfW4q19Ju/OHZ+LWpmegzfDsrytRvTGZpP2Md+mgNO9YsfS6h0luEQTdfQsU6KU Xwg3PISgaYZL6csd21Jq1uEXQyH4fsikkeFioAZRQzzWxITITe/KKYQJJKp0jkDcENkSwz HDjgl8Yol5XHjyDsmV4QiHMIQQ++TNBC/k5UmD2Ol9O0peQ4WnvsgXRJIgp4Eg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR10GHHzxB8; Mon, 16 Dec 2024 14:45:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjGpf051553; Mon, 16 Dec 2024 14:45:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjGQj051548; Mon, 16 Dec 2024 14:45:16 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:16 GMT Message-Id: <202412161445.4BGEjGQj051548@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2e593dd3b5e1 - main - MAC: syscalls: Factor out common label copy-in code List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2e593dd3b5e1c515d57b3d3f929e544a6622b04a Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2e593dd3b5e1c515d57b3d3f929e544a6622b04a commit 2e593dd3b5e1c515d57b3d3f929e544a6622b04a Author: Olivier Certner AuthorDate: 2024-07-26 14:40:22 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:28 +0000 MAC: syscalls: Factor out common label copy-in code Besides simplifying existing code, this will later enable the new setcred() system call to copy MAC labels. MFC after: 2 weeks Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46904 --- sys/security/mac/mac_syscalls.c | 201 +++++++++++++++++----------------------- 1 file changed, 83 insertions(+), 118 deletions(-) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 56aaba935442..74db8625114e 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -78,26 +78,67 @@ static int kern___mac_get_path(struct thread *td, const char *path_p, static int kern___mac_set_path(struct thread *td, const char *path_p, struct mac *mac_p, int follow); +/* + * Copyin a 'struct mac', including the string pointed to by 'm_string'. + * + * On success (0 returned), fills '*mac', whose associated storage must be freed + * after use by calling free_copied_label() (which see). On success, 'u_string' + * if not NULL is filled with the userspace address for 'u_mac->m_string'. + */ +static int +mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, + char **const u_string) +{ + char *buffer; + int error; + + error = copyin(u_mac, mac, sizeof(*mac)); + if (error != 0) + return (error); + + error = mac_check_structmac_consistent(mac); + if (error != 0) + return (error); + + /* 'm_buflen' not too big checked by function call above. */ + buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); + error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); + if (error != 0) { + free(buffer, M_MACTEMP); + return (error); + } + + MPASS(error == 0); + if (u_string != NULL) + *u_string = mac->m_string; + mac->m_string = buffer; + return (0); +} + +static void +free_copied_label(const struct mac *const mac) +{ + free(mac->m_string, M_MACTEMP); +} + int sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap) { - char *elements, *buffer; + char *buffer, *u_buffer; struct mac mac; struct proc *tproc; struct ucred *tcred; int error; - error = copyin(uap->mac_p, &mac, sizeof(mac)); - if (error) - return (error); - - error = mac_check_structmac_consistent(&mac); + error = mac_label_copyin(uap->mac_p, &mac, &u_buffer); if (error) return (error); tproc = pfind(uap->pid); - if (tproc == NULL) - return (ESRCH); + if (tproc == NULL) { + error = ESRCH; + goto free_mac_and_exit; + } tcred = NULL; /* Satisfy gcc. */ error = p_cansee(td, tproc); @@ -105,58 +146,40 @@ sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap) tcred = crhold(tproc->p_ucred); PROC_UNLOCK(tproc); if (error) - return (error); - - elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); - if (error) { - free(elements, M_MACTEMP); - crfree(tcred); - return (error); - } + goto free_mac_and_exit; buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - error = mac_cred_externalize_label(tcred->cr_label, elements, + error = mac_cred_externalize_label(tcred->cr_label, mac.m_string, buffer, mac.m_buflen); if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); - + error = copyout(buffer, u_buffer, strlen(buffer)+1); free(buffer, M_MACTEMP); - free(elements, M_MACTEMP); crfree(tcred); + +free_mac_and_exit: + free_copied_label(&mac); return (error); } int sys___mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap) { - char *elements, *buffer; + char *buffer, *u_buffer; struct mac mac; int error; - error = copyin(uap->mac_p, &mac, sizeof(mac)); + error = mac_label_copyin(uap->mac_p, &mac, &u_buffer); if (error) return (error); - error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - - elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); - if (error) { - free(elements, M_MACTEMP); - return (error); - } - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); error = mac_cred_externalize_label(td->td_ucred->cr_label, - elements, buffer, mac.m_buflen); + mac.m_string, buffer, mac.m_buflen); if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); + error = copyout(buffer, u_buffer, strlen(buffer)+1); free(buffer, M_MACTEMP); - free(elements, M_MACTEMP); + free_copied_label(&mac); return (error); } @@ -167,30 +190,18 @@ sys___mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) struct label *intlabel; struct proc *p; struct mac mac; - char *buffer; int error; if (!(mac_labeled & MPC_OBJECT_CRED)) return (EINVAL); - error = copyin(uap->mac_p, &mac, sizeof(mac)); - if (error) - return (error); - - error = mac_check_structmac_consistent(&mac); + error = mac_label_copyin(uap->mac_p, &mac, NULL); if (error) return (error); - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); - if (error) { - free(buffer, M_MACTEMP); - return (error); - } - intlabel = mac_cred_label_alloc(); - error = mac_cred_internalize_label(intlabel, buffer); - free(buffer, M_MACTEMP); + error = mac_cred_internalize_label(intlabel, mac.m_string); + free_copied_label(&mac); if (error) goto out; @@ -224,7 +235,7 @@ out: int sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) { - char *elements, *buffer; + char *u_buffer, *buffer; struct label *intlabel; struct file *fp; struct mac mac; @@ -234,21 +245,10 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) cap_rights_t rights; int error; - error = copyin(uap->mac_p, &mac, sizeof(mac)); + error = mac_label_copyin(uap->mac_p, &mac, &u_buffer); if (error) return (error); - error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - - elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); - if (error) { - free(elements, M_MACTEMP); - return (error); - } - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); error = fget(td, uap->fd, cap_rights_init_one(&rights, CAP_MAC_GET), &fp); @@ -267,7 +267,7 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); mac_vnode_copy_label(vp->v_label, intlabel); VOP_UNLOCK(vp); - error = mac_vnode_externalize_label(intlabel, elements, + error = mac_vnode_externalize_label(intlabel, mac.m_string, buffer, mac.m_buflen); mac_vnode_label_free(intlabel); break; @@ -282,7 +282,7 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) PIPE_LOCK(pipe); mac_pipe_copy_label(pipe->pipe_pair->pp_label, intlabel); PIPE_UNLOCK(pipe); - error = mac_pipe_externalize_label(intlabel, elements, + error = mac_pipe_externalize_label(intlabel, mac.m_string, buffer, mac.m_buflen); mac_pipe_label_free(intlabel); break; @@ -297,7 +297,7 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) SOCK_LOCK(so); mac_socket_copy_label(so->so_label, intlabel); SOCK_UNLOCK(so); - error = mac_socket_externalize_label(intlabel, elements, + error = mac_socket_externalize_label(intlabel, mac.m_string, buffer, mac.m_buflen); mac_socket_label_free(intlabel); break; @@ -306,12 +306,12 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) error = EINVAL; } if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); + error = copyout(buffer, u_buffer, strlen(buffer)+1); out_fdrop: fdrop(fp, td); out: free(buffer, M_MACTEMP); - free(elements, M_MACTEMP); + free_copied_label(&mac); return (error); } @@ -333,7 +333,7 @@ static int kern___mac_get_path(struct thread *td, const char *path_p, struct mac *mac_p, int follow) { - char *elements, *buffer; + char *u_buffer, *buffer; struct nameidata nd; struct label *intlabel; struct mac mac; @@ -342,21 +342,10 @@ kern___mac_get_path(struct thread *td, const char *path_p, struct mac *mac_p, if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); - error = copyin(mac_p, &mac, sizeof(mac)); - if (error) - return (error); - - error = mac_check_structmac_consistent(&mac); + error = mac_label_copyin(mac_p, &mac, &u_buffer); if (error) return (error); - elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); - if (error) { - free(elements, M_MACTEMP); - return (error); - } - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); NDINIT(&nd, LOOKUP, LOCKLEAF | follow, UIO_USERSPACE, path_p); error = namei(&nd); @@ -365,18 +354,18 @@ kern___mac_get_path(struct thread *td, const char *path_p, struct mac *mac_p, intlabel = mac_vnode_label_alloc(); mac_vnode_copy_label(nd.ni_vp->v_label, intlabel); - error = mac_vnode_externalize_label(intlabel, elements, buffer, + error = mac_vnode_externalize_label(intlabel, mac.m_string, buffer, mac.m_buflen); vput(nd.ni_vp); NDFREE_PNBUF(&nd); mac_vnode_label_free(intlabel); if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); + error = copyout(buffer, u_buffer, strlen(buffer)+1); out: free(buffer, M_MACTEMP); - free(elements, M_MACTEMP); + free_copied_label(&mac); return (error); } @@ -392,24 +381,12 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) struct vnode *vp; struct mac mac; cap_rights_t rights; - char *buffer; int error; - error = copyin(uap->mac_p, &mac, sizeof(mac)); + error = mac_label_copyin(uap->mac_p, &mac, NULL); if (error) return (error); - error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); - if (error) { - free(buffer, M_MACTEMP); - return (error); - } - error = fget(td, uap->fd, cap_rights_init_one(&rights, CAP_MAC_SET), &fp); if (error) @@ -423,7 +400,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) goto out_fdrop; } intlabel = mac_vnode_label_alloc(); - error = mac_vnode_internalize_label(intlabel, buffer); + error = mac_vnode_internalize_label(intlabel, mac.m_string); if (error) { mac_vnode_label_free(intlabel); break; @@ -447,7 +424,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) goto out_fdrop; } intlabel = mac_pipe_label_alloc(); - error = mac_pipe_internalize_label(intlabel, buffer); + error = mac_pipe_internalize_label(intlabel, mac.m_string); if (error == 0) { pipe = fp->f_data; PIPE_LOCK(pipe); @@ -464,7 +441,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) goto out_fdrop; } intlabel = mac_socket_label_alloc(M_WAITOK); - error = mac_socket_internalize_label(intlabel, buffer); + error = mac_socket_internalize_label(intlabel, mac.m_string); if (error == 0) { so = fp->f_data; error = mac_socket_label_set(td->td_ucred, so, @@ -479,7 +456,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) out_fdrop: fdrop(fp, td); out: - free(buffer, M_MACTEMP); + free_copied_label(&mac); return (error); } @@ -505,30 +482,18 @@ kern___mac_set_path(struct thread *td, const char *path_p, struct mac *mac_p, struct nameidata nd; struct mount *mp; struct mac mac; - char *buffer; int error; if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); - error = copyin(mac_p, &mac, sizeof(mac)); + error = mac_label_copyin(mac_p, &mac, NULL); if (error) return (error); - error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - - buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); - if (error) { - free(buffer, M_MACTEMP); - return (error); - } - intlabel = mac_vnode_label_alloc(); - error = mac_vnode_internalize_label(intlabel, buffer); - free(buffer, M_MACTEMP); + error = mac_vnode_internalize_label(intlabel, mac.m_string); + free_copied_label(&mac); if (error) goto out; From nobody Mon Dec 16 14:45:15 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR03WLTz5hVxp; Mon, 16 Dec 2024 14:45:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR001J8z4cKG; Mon, 16 Dec 2024 14:45:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360316; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JMLuIZaPk/DGIUowNAVjKO2v5GnCjZbewCpwlqNHCQc=; b=Q1abBdJ1jPyU/50FZXlH//LxjN4qsNogGivb+UtdVnGQFD+/Ce4Z2wuSl0m3v9n0yBdnXN VO70HaDEbadUiRZODnaMEPI9mILIVyhcZi0I8ksvqXoGAItjAxS7o2R6rDwQXcpv9TMBDG HucRG0Lw0amAryNit+HgOF2Fwz+h8k1VK6WkzqAwbEIDbYSXECF56iLY7KyfvLTd4Qu7jt actV8sflQ4kDkG+W4X7t8qP3UtoUVDwQMEwibFTYD9uWjgCnFgSvk3MvuVc5FkLR3TC1P9 27ceXjuY029fdhf6/sH896qXQrteM9uDHh/ZeXidHjb5FC5M+mQMV5JU9Odb7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360316; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JMLuIZaPk/DGIUowNAVjKO2v5GnCjZbewCpwlqNHCQc=; b=wTaVYDjJyMOJ1JtEhFWdr7u2hOKgHIWKT9o6GYsJIBpNCNyN41bq6GcbxSJJArbYEQZ+bc 2xbgZFeLj3PBd0A292sZE+QYwDMkduG4ojSlvzeSs+DwxNrwVoFn2usPjmbstJS9JfyerV EM32XdifS3eYUCqky+PNyEBVkDIfODvYEllaNz+uwywDOZkdbMV/efDufEQ2Eyn1KHPoyM BnXtQaJKI5oe5S+DnZPyKOwtwhHaQ6LQCx3Z2YgKvUQ3Xd4LKhk/ABTQESlh4dTGdb1cLa 5RsetDeSXaH97cgvlEjOxfwOfsItphZOR4qA1QBw6lxvro3mCE4J9r1uxEILZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360316; a=rsa-sha256; cv=none; b=T1O/dxyEGSkTqsuMhKdaYP08qnoaVJ/rYI/SjM5XB4+pi5l5BEE266HP96ioPhOt6KQuJh tcAR3/d4pRVomsqBwiZ0rLaWWlUnGOY1oK0InaUniCcQ8UWptYRrtjKaHG6dgWwSU+MGxX BFUeec0Z/jMwXYRkyBUfskK1gEiUDDdcDT+L1bnqygMdusYjJ960t56GAEekwcbaVjrB6P oNNSKs6RTc6PM7dakWlS8iPFMCnFTNzqg39sumCmNtGodbpzCkit6VlRpTXMuP12BSXrup LVr00FCAk9J05lEIgJmyo6f7lYDGYDy3sZfYtgVjOyrfSUyDxma9/2EX9Sbz4Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjQz6Y7LzxB7; Mon, 16 Dec 2024 14:45:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjFVJ051494; Mon, 16 Dec 2024 14:45:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjFvU051488; Mon, 16 Dec 2024 14:45:15 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:15 GMT Message-Id: <202412161445.4BGEjFvU051488@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: db33c6f3ae9d - main - MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: db33c6f3ae9d1231087710068ee4ea5398aacca7 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=db33c6f3ae9d1231087710068ee4ea5398aacca7 commit db33c6f3ae9d1231087710068ee4ea5398aacca7 Author: Olivier Certner AuthorDate: 2024-07-04 14:08:20 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:28 +0000 MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes Do this only when the headers for these functionalities were included prior to this one. Indeed, if they need to be included, style(9) mandates they should have been so before this one. Remove the common MAC sysctl declaration from , as it is now redundant (all its includers also include ). Remove local such declarations from all policies' files. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46903 --- sys/security/mac/mac_internal.h | 7 ------- sys/security/mac/mac_policy.h | 15 +++++++++++++++ sys/security/mac_biba/mac_biba.c | 2 -- sys/security/mac_bsdextended/mac_bsdextended.c | 2 -- sys/security/mac_grantbylabel/mac_grantbylabel.c | 1 - sys/security/mac_ifoff/mac_ifoff.c | 2 -- sys/security/mac_ipacl/mac_ipacl.c | 2 -- sys/security/mac_lomac/mac_lomac.c | 2 -- sys/security/mac_mls/mac_mls.c | 2 -- sys/security/mac_ntpd/mac_ntpd.c | 2 -- sys/security/mac_partition/mac_partition.c | 2 -- sys/security/mac_pimd/mac_pimd.c | 2 -- sys/security/mac_portacl/mac_portacl.c | 2 -- sys/security/mac_priority/mac_priority.c | 2 -- sys/security/mac_seeotheruids/mac_seeotheruids.c | 2 -- sys/security/mac_stub/mac_stub.c | 2 -- sys/security/mac_test/mac_test.c | 2 -- sys/security/mac_veriexec/mac_veriexec.c | 2 -- 18 files changed, 15 insertions(+), 38 deletions(-) diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 89f74a65c803..aeef59017d18 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -56,13 +56,6 @@ #include #include -/* - * MAC Framework sysctl namespace. - */ -#ifdef SYSCTL_DECL -SYSCTL_DECL(_security_mac); -#endif /* SYSCTL_DECL */ - /* * MAC Framework SDT DTrace probe namespace, macros for declaring entry * point probes, macros for invoking them. diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index cf101bc4414e..084684e57497 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -1064,4 +1064,19 @@ int mac_policy_modevent(module_t mod, int type, void *data); intptr_t mac_label_get(struct label *l, int slot); void mac_label_set(struct label *l, int slot, intptr_t v); +/* + * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations. + * + * Headers and normally have to be included before + * this header as style(9) hints to. If they weren't, just forego the + * corresponding declarations, assuming they are not needed. + */ +#ifdef SYSCTL_DECL +SYSCTL_DECL(_security_mac); +#endif + +#ifdef SYSCTL_JAIL_PARAM_DECL +SYSCTL_JAIL_PARAM_DECL(mac); +#endif + #endif /* !_SECURITY_MAC_MAC_POLICY_H_ */ diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 5d66e2fd4b9b..e991e05311df 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -88,8 +88,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_biba policy controls"); diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 95efc537735a..8a6549214380 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -68,8 +68,6 @@ static struct mtx ugidfw_mtx; -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD extended BSD MAC policy controls"); diff --git a/sys/security/mac_grantbylabel/mac_grantbylabel.c b/sys/security/mac_grantbylabel/mac_grantbylabel.c index 4d14577820eb..af080e8e34e0 100644 --- a/sys/security/mac_grantbylabel/mac_grantbylabel.c +++ b/sys/security/mac_grantbylabel/mac_grantbylabel.c @@ -49,7 +49,6 @@ #define MAC_GRANTBYLABEL_FULLNAME "MAC/grantbylabel" -SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, grantbylabel, CTLFLAG_RW, 0, "MAC/grantbylabel policy controls"); diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index d84b9c85a5be..cffe93b4d9a9 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -58,8 +58,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_ifoff policy controls"); diff --git a/sys/security/mac_ipacl/mac_ipacl.c b/sys/security/mac_ipacl/mac_ipacl.c index bed77e7866f2..eed3eddace89 100644 --- a/sys/security/mac_ipacl/mac_ipacl.c +++ b/sys/security/mac_ipacl/mac_ipacl.c @@ -70,8 +70,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ipacl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_ipacl policy controls"); diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index aa9abf458721..23acc7b7a592 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -89,8 +89,6 @@ struct mac_lomac_proc { struct mtx mtx; }; -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, lomac, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_lomac policy controls"); diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index a22b504c3362..54a32b6d564d 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -89,8 +89,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, mls, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_mls policy controls"); diff --git a/sys/security/mac_ntpd/mac_ntpd.c b/sys/security/mac_ntpd/mac_ntpd.c index 3125bc057be8..1aeaeb032bb8 100644 --- a/sys/security/mac_ntpd/mac_ntpd.c +++ b/sys/security/mac_ntpd/mac_ntpd.c @@ -34,8 +34,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_ntpd policy controls"); diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 2cff042cb33a..2f0189b79ace 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -61,8 +61,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, partition, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_partition policy controls"); diff --git a/sys/security/mac_pimd/mac_pimd.c b/sys/security/mac_pimd/mac_pimd.c index 19ee307c918d..a9276a73b433 100644 --- a/sys/security/mac_pimd/mac_pimd.c +++ b/sys/security/mac_pimd/mac_pimd.c @@ -35,8 +35,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, pimd, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_pimd policy controls"); diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index 184ec4b4738c..b3a5e06c0e2a 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -79,8 +79,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, portacl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_portacl policy controls"); diff --git a/sys/security/mac_priority/mac_priority.c b/sys/security/mac_priority/mac_priority.c index f460e5195cb9..1e5bfb5386cb 100644 --- a/sys/security/mac_priority/mac_priority.c +++ b/sys/security/mac_priority/mac_priority.c @@ -35,8 +35,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, priority, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_priority policy controls"); diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c index 1677b092daad..9cd2e0f3c0fc 100644 --- a/sys/security/mac_seeotheruids/mac_seeotheruids.c +++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c @@ -59,8 +59,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_seeotheruids policy controls"); diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 9a2650ea32f4..c602c639ec95 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -88,8 +88,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_stub policy controls"); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 267666555f22..7a6a76ce23cc 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -78,8 +78,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_test policy controls"); diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index 490601863197..20005ffc75b8 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -81,8 +81,6 @@ static int sysctl_mac_veriexec_state(SYSCTL_HANDLER_ARGS); static int sysctl_mac_veriexec_db(SYSCTL_HANDLER_ARGS); static struct mac_policy_ops mac_veriexec_ops; -SYSCTL_DECL(_security_mac); - SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "MAC/veriexec policy controls"); From nobody Mon Dec 16 14:45:19 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR34m3Yz5hWN1; Mon, 16 Dec 2024 14:45:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR32byDz4cf7; Mon, 16 Dec 2024 14:45:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5Ky0aaJbFlWzBnSrpkrkxBSigNT0CcyINJC/kp/+1gU=; b=jGvX4R6kyy+UPTCbnDDGvrCd/DANQCY69NsVhxZIpzPGysv9dPAB69EZWPnZ9OLN5vkQqk sVn9d/Hb3hcojJM8UEOMXSakfAAbxqRGxnbrsbIHpPT7kRKgVuudt3j88ncTJDJQAavNzY VfnssLhYUlbr9jhnqNpxEiSyWjiRd4Xm9W0hxdTytHVmSkhNgOT+7A84YYHZq6gKXL8Thk xyx2hrZ6hf8/WlrSI5vVz/yPCK+dMaeRI1a2o65w3BnSiG7RSIkaEz4ul8AxA7o324hQA6 GO1NMcWwR7BRJkN5vfhLAqt4rRPPqCFQGGXJRPG7J12glk4wW4QpJhrApTN53w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5Ky0aaJbFlWzBnSrpkrkxBSigNT0CcyINJC/kp/+1gU=; b=AEeR1maMb/VSl7NyJ+pwnj2fwBWJ1i4VpRstjt/eiGJuRD6DLQ/Qkm1BWyFkG2F44x0Ueo NC7lcjGv+LCdEsAbTh7YdVSCf+IoPdHF/TjwBZJs4qZee5FwdVOlxuBKPSAtvXF3cGp2sV Td6uGNBwOkR/MbTnzu0I6uYmdX4G6C2Czp9PZRgCrBycQTmpbrWEQYjCvQPKfv7FiUkbT8 JhTPdwkZskLkYOdWbisIkded4G7b4s26DdHbr4b6Kyc/AFVhKw1XrO1696LCXfbnriZMFQ Mmec/Yy1nwc10OPLNiS6KT59qccI7UFUzyfshaGd0SJzDH7KOVVFPKCk10U+ag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360319; a=rsa-sha256; cv=none; b=cs2VVF6qTITeLJp64cW38I+QPEYqGA3CxueIjXED79Xqqgsc8EhaqYjgKhI4kZOm1kyPOs DuN6ur3zqn/rQwkaS4VK8w6wQDOfTXz+wxKk3/vjAh6DkD5BWXMYCCfkpYbNsRzEkwjKrb AXPzJPCiJSHZCK2Tv2xU57A7ZW5712EQd6U2RofFUrxsTvoixUuYnuzjeGXLr2r+fnteag I19NcXsfNJJsCK/BgraFbCwGXek2JNHxKhyysn/18Xvlc/Jo5z0cXfDhaOJlZbOT+oLt1I iuHInpnZ5MgZBwZHflDFc3bCNp0Kqbu6otffZaC7ais22q3IRwJTZXXwFaBegw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR328J0zxYJ; Mon, 16 Dec 2024 14:45:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjJpd051650; Mon, 16 Dec 2024 14:45:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjJLA051647; Mon, 16 Dec 2024 14:45:19 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:19 GMT Message-Id: <202412161445.4BGEjJLA051647@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 3bdc5ba2ac76 - main - MAC: syscalls: mac_label_copyin(): 32-bit compatibility List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3bdc5ba2ac760634056c66c3c98b6b3452258a5b Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=3bdc5ba2ac760634056c66c3c98b6b3452258a5b commit 3bdc5ba2ac760634056c66c3c98b6b3452258a5b Author: Olivier Certner AuthorDate: 2024-12-02 10:23:18 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:29 +0000 MAC: syscalls: mac_label_copyin(): 32-bit compatibility Needed by the upcoming setcred() system call. More generally, is a step on the way to support 32-bit compatibility for MAC-related system calls. Reviewed by: brooks Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47878 --- sys/security/mac/mac_syscalls.c | 50 ++++++++++++++++++++++++++++++++++++----- sys/security/mac/mac_syscalls.h | 7 ++++++ 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index e97a7dc09700..26181781a394 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -46,6 +46,7 @@ #include "opt_mac.h" #include +#include #include #include #include @@ -79,6 +80,13 @@ static int kern___mac_get_path(struct thread *td, const char *path_p, static int kern___mac_set_path(struct thread *td, const char *path_p, struct mac *mac_p, int follow); +#ifdef COMPAT_FREEBSD32 +struct mac32 { + uint32_t m_buflen; /* size_t */ + uint32_t m_string; /* char * */ +}; +#endif + /* * Copyin a 'struct mac', including the string pointed to by 'm_string'. * @@ -86,16 +94,30 @@ static int kern___mac_set_path(struct thread *td, const char *path_p, * after use by calling free_copied_label() (which see). On success, 'u_string' * if not NULL is filled with the userspace address for 'u_mac->m_string'. */ -int -mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, - char **const u_string) +static int +mac_label_copyin_impl(const void *const u_mac, struct mac *const mac, + char **const u_string, bool is_32bit) { char *buffer; int error; - error = copyin(u_mac, mac, sizeof(*mac)); - if (error != 0) - return (error); +#ifdef COMPAT_FREEBSD32 + if (is_32bit) { + struct mac32 mac32; + + error = copyin(u_mac, &mac32, sizeof(mac32)); + if (error != 0) + return (error); + + CP(mac32, *mac, m_buflen); + PTRIN_CP(mac32, *mac, m_string); + } else +#endif + { + error = copyin(u_mac, mac, sizeof(*mac)); + if (error != 0) + return (error); + } error = mac_check_structmac_consistent(mac); if (error != 0) @@ -116,12 +138,28 @@ mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, return (0); } +int +mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, + char **const u_string) +{ + return (mac_label_copyin_impl(u_mac, mac, u_string, false)); +} + void free_copied_label(const struct mac *const mac) { free(mac->m_string, M_MACTEMP); } +#ifdef COMPAT_FREEBSD32 +int +mac_label_copyin32(const struct mac32 *const u_mac, + struct mac *const mac, char **const u_string) +{ + return (mac_label_copyin_impl(u_mac, mac, u_string, true)); +} +#endif + int sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap) { diff --git a/sys/security/mac/mac_syscalls.h b/sys/security/mac/mac_syscalls.h index 37445eafe364..4efeaf300d31 100644 --- a/sys/security/mac/mac_syscalls.h +++ b/sys/security/mac/mac_syscalls.h @@ -23,6 +23,13 @@ int mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, char **const u_string); void free_copied_label(const struct mac *const mac); +#ifdef COMPAT_FREEBSD32 +struct mac32; + +int mac_label_copyin32(const struct mac32 *const u_mac, + struct mac *const mac, char **const u_string); +#endif /* COMPAT_FREEBSD32 */ + int mac_set_proc_prepare(struct thread *const td, const struct mac *const mac, void **const mac_set_proc_data); int mac_set_proc_core(struct thread *const td, struct ucred *const newcred, From nobody Mon Dec 16 14:45:18 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR262C3z5hVxx; Mon, 16 Dec 2024 14:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR21y90z4cQl; Mon, 16 Dec 2024 14:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360318; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EtPhipPJ+6SeGM6rioFJumETNlATeckCJKKnaw5lUaE=; b=BMm5QIJ09F961/6Hkf08CIjfue2bnAY9s/Z7kNX0SIAWkUD0p32W4CdjED4ToJY8B5uHgC WpyXIIahwFBB9FN4lk9s9GvSukWr2mihbVmrB2EllLnhPTuyKDVJihfVc9H/9y69zKaSB0 m/esZCB3D/s9fEYI1+ihsij+uXNE1inzsj89VlOoVHXsIlXYf7dbE3M/H/Bgl5gIr4JxwY CuDtJ3r7hxHJjeiKO2KwGTyBbfSvEtTXbS5jMSFisW0SQWkICzUrRsZEDY9mHZwEfctA6w I962XayVXN/BQAhpuA901cpDtzwYGYsAEVdzSB8CXtsYjAR3htsFkW8O0JBtjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360318; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EtPhipPJ+6SeGM6rioFJumETNlATeckCJKKnaw5lUaE=; b=qLb5GM+k5sujGebLjRwRGrvjEvhUimUVGnwsa02YdUHH9jvxIAxERBXc4fwvlB5ixDVrNx Wlp8MMJzPokRSSX3gEhbKeWT33PhkC2A2ZrRHFd+oG908dQac/JdC/Oo+ei4CiU9vh0Bjp HCTJqxEErO6YogyKcyD1Mq7fPdbvynXecwfk0niUS6fVffq2ttgRGnfPJ1TwLBeLxbzORu 9W2JL9w2u+ginGPstXc6CWKQEfbQ+HdMIrn5KTUe/8Mhp1AQw6z1yqh6nz1NW1DP+nuU8+ YjAw+A031RW1DgTZDVxZLZ8POZ52eIORWTq16tN7o0u1lZXtN7GttwPYxqSF4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360318; a=rsa-sha256; cv=none; b=Ao9CALkmuY/cvL/1yi663wbUWj7qjBeHtZtJXBS7avQ7swP+RJKgiJNGRf3rz/9Yu3Ihmw 4O5rv2+8ExQnqIUT+sVS2zcgX5QuwlKGfUJGpAushKGtLuSYXvZaawbFpU6iyZoGKex/1w MoBs0CSBJaEzM7dqzxShiMOXHlt3Ra834AMuWr/SSKBHwj3bvWT6YWdN7W9cV96Q85I1/P qij2TjM0vauWZSgXReVWQNkCv8/E/E7PM4aSbKm41O6StsUqZrm5DADhTlNsYDmtUyhqjk Ulovj4chnQt3mm2VRde3R3OwAHOHCXyCrR9EILq3nfFPTwA3iVRdD/jtLq2OQA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR21GBczxYH; Mon, 16 Dec 2024 14:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjIOV051602; Mon, 16 Dec 2024 14:45:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjIw8051599; Mon, 16 Dec 2024 14:45:18 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:18 GMT Message-Id: <202412161445.4BGEjIw8051599@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 8a4d24a39098 - main - MAC: syscalls: Split mac_set_proc() into reusable pieces List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8a4d24a39098ed8170a37ca2aa83bf1da1976de1 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8a4d24a39098ed8170a37ca2aa83bf1da1976de1 commit 8a4d24a39098ed8170a37ca2aa83bf1da1976de1 Author: Olivier Certner AuthorDate: 2024-07-27 08:31:16 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:28 +0000 MAC: syscalls: Split mac_set_proc() into reusable pieces This is in preparation for enabling the new setcred() system call to set a process' MAC label. No functional change (intended). MFC after: 2 weeks Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46905 --- sys/security/mac/mac_syscalls.c | 115 +++++++++++++++++++++++++++++++++------- sys/security/mac/mac_syscalls.h | 33 ++++++++++++ 2 files changed, 128 insertions(+), 20 deletions(-) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 74db8625114e..e97a7dc09700 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -68,6 +68,7 @@ #include #include #include +#include #ifdef MAC @@ -85,7 +86,7 @@ static int kern___mac_set_path(struct thread *td, const char *path_p, * after use by calling free_copied_label() (which see). On success, 'u_string' * if not NULL is filled with the userspace address for 'u_mac->m_string'. */ -static int +int mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, char **const u_string) { @@ -115,7 +116,7 @@ mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, return (0); } -static void +void free_copied_label(const struct mac *const mac) { free(mac->m_string, M_MACTEMP); @@ -183,52 +184,126 @@ sys___mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap) return (error); } +/* + * Performs preparation (including allocations) for mac_set_proc(). + * + * No lock should be held while calling this function. On success, + * mac_set_proc_finish() must be called to free the data associated to + * 'mac_set_proc_data', even if mac_set_proc_core() fails. 'mac_set_proc_data' + * is not set in case of error, and is set to a non-NULL value on success. + */ int -sys___mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) +mac_set_proc_prepare(struct thread *const td, const struct mac *const mac, + void **const mac_set_proc_data) { - struct ucred *newcred, *oldcred; struct label *intlabel; - struct proc *p; - struct mac mac; int error; + PROC_LOCK_ASSERT(td->td_proc, MA_NOTOWNED); + if (!(mac_labeled & MPC_OBJECT_CRED)) return (EINVAL); + intlabel = mac_cred_label_alloc(); + error = mac_cred_internalize_label(intlabel, mac->m_string); + if (error) { + mac_cred_label_free(intlabel); + return (error); + } + + *mac_set_proc_data = intlabel; + return (0); +} + +/* + * Actually sets the MAC label on 'newcred'. + * + * The current process' lock *must* be held. This function only sets the label + * on 'newcred', but does not put 'newcred' in place on the current process' + * (consequently, it also does not call setsugid()). 'mac_set_proc_data' must + * be the pointer returned by mac_set_proc_prepare(). If called, this function + * must be so between a successful call to mac_set_proc_prepare() and + * mac_set_proc_finish(), but calling it is not mandatory (e.g., if some other + * error occured under the process lock that obsoletes setting the MAC label). + */ +int +mac_set_proc_core(struct thread *const td, struct ucred *const newcred, + void *const mac_set_proc_data) +{ + struct label *const intlabel = mac_set_proc_data; + struct proc *const p = td->td_proc; + int error; + + MPASS(td == curthread); + PROC_LOCK_ASSERT(p, MA_OWNED); + + error = mac_cred_check_relabel(p->p_ucred, intlabel); + if (error) + return (error); + + mac_cred_relabel(newcred, intlabel); + return (0); +} + +/* + * Performs mac_set_proc() last operations, without the process lock. + * + * 'proc_label_set' indicates whether the label was actually set by a call to + * mac_set_proc_core() that succeeded. 'mac_set_proc_data' must be the pointer + * returned by mac_set_proc_prepare(), and its associated data will be freed. + */ +void +mac_set_proc_finish(struct thread *const td, bool proc_label_set, + void *const mac_set_proc_data) +{ + struct label *const intlabel = mac_set_proc_data; + + PROC_LOCK_ASSERT(td->td_proc, MA_NOTOWNED); + + if (proc_label_set) + mac_proc_vm_revoke(td); + mac_cred_label_free(intlabel); +} + +int +sys___mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) +{ + struct ucred *newcred, *oldcred; + void *intlabel; + struct proc *const p = td->td_proc; + struct mac mac; + int error; + error = mac_label_copyin(uap->mac_p, &mac, NULL); if (error) return (error); - intlabel = mac_cred_label_alloc(); - error = mac_cred_internalize_label(intlabel, mac.m_string); - free_copied_label(&mac); + error = mac_set_proc_prepare(td, &mac, &intlabel); if (error) - goto out; + goto free_label; newcred = crget(); - p = td->td_proc; PROC_LOCK(p); oldcred = p->p_ucred; + crcopy(newcred, oldcred); - error = mac_cred_check_relabel(oldcred, intlabel); + error = mac_set_proc_core(td, newcred, intlabel); if (error) { PROC_UNLOCK(p); crfree(newcred); - goto out; + goto finish; } setsugid(p); - crcopy(newcred, oldcred); - mac_cred_relabel(newcred, intlabel); proc_set_cred(p, newcred); - PROC_UNLOCK(p); - crfree(oldcred); - mac_proc_vm_revoke(td); -out: - mac_cred_label_free(intlabel); + crfree(oldcred); +finish: + mac_set_proc_finish(td, error == 0, intlabel); +free_label: + free_copied_label(&mac); return (error); } diff --git a/sys/security/mac/mac_syscalls.h b/sys/security/mac/mac_syscalls.h new file mode 100644 index 000000000000..37445eafe364 --- /dev/null +++ b/sys/security/mac/mac_syscalls.h @@ -0,0 +1,33 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024 The FreeBSD Foundation + * + * This software was developed by Olivier Certner at + * Kumacom SARL under sponsorship from the FreeBSD Foundation. + */ + +/* + * Prototypes for functions used to implement system calls that must manipulate + * MAC labels. + */ + +#ifndef _SECURITY_MAC_MAC_SYSCALLS_H_ +#define _SECURITY_MAC_MAC_SYSCALLS_H_ + +#ifndef _KERNEL +#error "no user-serviceable parts inside" +#endif + +int mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, + char **const u_string); +void free_copied_label(const struct mac *const mac); + +int mac_set_proc_prepare(struct thread *const td, + const struct mac *const mac, void **const mac_set_proc_data); +int mac_set_proc_core(struct thread *const td, struct ucred *const newcred, + void *const mac_set_proc_data); +void mac_set_proc_finish(struct thread *const td, bool proc_label_set, + void *const mac_set_proc_data); + +#endif /* !_SECURITY_MAC_MAC_SYSCALLS_H_ */ From nobody Mon Dec 16 14:45:20 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR46YNVz5hWQL; Mon, 16 Dec 2024 14:45:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR43ND5z4cfV; Mon, 16 Dec 2024 14:45:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360320; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kLHqemCUUASqo/nca+0wBiYEVCPhtqIsrgNUuF1keac=; b=s3h7dLZXbomtA+QujXiZPeFsSpNw08u5fu0AclM/koO5ji2iQiebODO8BuVYAPsldalgJT hOFFfP5Gi5Sm9i8LUzD95LdzdQdVsPrslN/7wrRbpOAM8+OfY/hcMVgXQYvJW2D+51PCRo Z4v6eisHHUkTKXs+CMPTr1N16V1I0nJabeslvceUPfgK/GklWtkox3ijYTwK6q+zsicPi6 ZbQSnat4rG0gGABXLl3XnDlmO64ikqb3CnhsvSpBQ1C2iJyVUMHxViaeBwcfWB7NbOx4PH eHQiX49FFVymCk9q5TLSu7ToapHGkcQD0LbLKZASxVtwAwUjW6kAaTV0ev6gNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360320; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kLHqemCUUASqo/nca+0wBiYEVCPhtqIsrgNUuF1keac=; b=utIwA4DoM4DYw5dcZPmbiBPtY/SjNNKDqppBWUjp5k+ZrC6S13n8VKXxNeHyrg02XG1Vzz rLbwRnHV9lJFdXykrx+0DhMOGTXqhPxzIJsXMBI8QQF97tJ4nhV/wbLZPa6+Np5HXNHWHp OqEGidKo/tAQzdQ1QeovM0edMpQap/2cHz+KPbhcqMQo2Z3OFE4nI32KWo2R7XPwhDCojP 1NFWkwEdjL/ZZaRSJrT7rnEhvtLfVns7sxHaiAfrHgcpCk0HWrN/CdAPKohWb9Q5yzMDCI jsn7G9r5SRZmQccYk1RF5nBr9r01NjLmQLDub+6o3ZT7hjKGF63XGTWGQMJ2ZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360320; a=rsa-sha256; cv=none; b=lIdxvkbvJl6pJes7NwBY1tZJ64UsNmBzKRqW3FKkFTd1K593WkEZZFYg18ME5AEWXk9y7z QftCpeUsHStDzfMfLhs02dR2bXpZPaydbqmeLi/eh5LKn2LrlvoCprn0cAsf7Oz/+pAgpp P83foe/d4v0lHSQcqbYSKGErn78zD3/LRx9tdHWAA29oKTbbATGEsdpmg9+kXK+B+NuiTc mjClU2KeaaJJQz3v50+BYrhG+EnUWKelZWFsuPGrcUNA7YPPsTTpc0sNYSw2WQq+UOeWbf yEEtEKIdYWkheLUdHaDVQxVigCSLUH3W7zPfXj/sl2ey8rGoAW9vnOylKQdRLA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR42zsDzxnH; Mon, 16 Dec 2024 14:45:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjKJK051692; Mon, 16 Dec 2024 14:45:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjKH9051689; Mon, 16 Dec 2024 14:45:20 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:20 GMT Message-Id: <202412161445.4BGEjKH9051689@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 09290c3a0c82 - main - cred: Hide internal flag CRED_FLAG_CAPMODE List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 09290c3a0c82524138973b14f393379edf733753 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=09290c3a0c82524138973b14f393379edf733753 commit 09290c3a0c82524138973b14f393379edf733753 Author: Olivier Certner AuthorDate: 2024-07-16 16:07:40 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:29 +0000 cred: Hide internal flag CRED_FLAG_CAPMODE This flag is used in field 'cr_flags', which is never directly visible outside the kernel. That field is however exported through 'struct kinfo_proc' objects (field 'ki_cr_flags'), either from the kernel via sysctls or from libkvm, and is supposed to contain exported flags prefixed with KI_CRF_ (currently, KI_CRF_CAPABILITY_MODE and KI_CRF_GRP_OVERFLOW, this second one being a purely userland one signaling overflow of 'ki_groups'). Make sure that KI_CRF_CAPABILITY_MODE is the flag actually exported and tested by userland programs, and hide the internal CRED_FLAG_CAPMODE. As both flags are currently defined to the same value, this doesn't change the KBI, but of course does change the KPI. A code search via GitHub and Google fortunately doesn't reveal any outside uses for CRED_FLAG_CAPMODE. While here, move assignment of 'ki_uid' to a more logical place in kvm_proclist(), and definition of XU_NGROUPS as well in 'sys/ucred.h' (no functional/interface changes intended). Reviewed by: mhorne Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46909 --- bin/ps/print.c | 2 +- lib/libkvm/kvm_proc.c | 6 ++++-- sys/sys/ucred.h | 12 ++++++------ usr.bin/procstat/procstat_cred.c | 2 +- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/bin/ps/print.c b/bin/ps/print.c index 59631fb66a10..13ef646ea462 100644 --- a/bin/ps/print.c +++ b/bin/ps/print.c @@ -265,7 +265,7 @@ state(KINFO *k, VARENT *ve __unused) *cp++ = 'V'; if ((flag & P_SYSTEM) || k->ki_p->ki_lock > 0) *cp++ = 'L'; - if ((k->ki_p->ki_cr_flags & CRED_FLAG_CAPMODE) != 0) + if ((k->ki_p->ki_cr_flags & KI_CRF_CAPABILITY_MODE) != 0) *cp++ = 'C'; if (k->ki_p->ki_kiflag & KI_SLEADER) *cp++ = 's'; diff --git a/lib/libkvm/kvm_proc.c b/lib/libkvm/kvm_proc.c index 6d2879f34d8f..b2b7c6ecce56 100644 --- a/lib/libkvm/kvm_proc.c +++ b/lib/libkvm/kvm_proc.c @@ -142,11 +142,14 @@ kvm_proclist(kvm_t *kd, int what, int arg, struct proc *p, if (proc.p_state == PRS_NEW) continue; if (KREAD(kd, (u_long)proc.p_ucred, &ucred) == 0) { + kp->ki_uid = ucred.cr_uid; kp->ki_ruid = ucred.cr_ruid; kp->ki_svuid = ucred.cr_svuid; kp->ki_rgid = ucred.cr_rgid; kp->ki_svgid = ucred.cr_svgid; - kp->ki_cr_flags = ucred.cr_flags; + kp->ki_cr_flags = 0; + if (ucred.cr_flags & CRED_FLAG_CAPMODE) + kp->ki_cr_flags |= KI_CRF_CAPABILITY_MODE; if (ucred.cr_ngroups > KI_NGROUPS) { kp->ki_ngroups = KI_NGROUPS; kp->ki_cr_flags |= KI_CRF_GRP_OVERFLOW; @@ -154,7 +157,6 @@ kvm_proclist(kvm_t *kd, int what, int arg, struct proc *p, kp->ki_ngroups = ucred.cr_ngroups; kvm_read(kd, (u_long)ucred.cr_groups, kp->ki_groups, kp->ki_ngroups * sizeof(gid_t)); - kp->ki_uid = ucred.cr_uid; if (ucred.cr_prison != NULL) { if (KREAD(kd, (u_long)ucred.cr_prison, &pr)) { _kvm_err(kd, kd->program, diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 75156cca09a5..25dff911241b 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -38,11 +38,14 @@ #endif #include +#if defined(_KERNEL) || defined(_WANT_UCRED) struct loginclass; -#define XU_NGROUPS 16 +/* + * Flags for cr_flags. + */ +#define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */ -#if defined(_KERNEL) || defined(_WANT_UCRED) /* * Number of groups inlined in 'struct ucred'. It must stay reasonably low as * it is also used by some functions to allocate an array of this size on the @@ -96,10 +99,7 @@ struct ucred { #define FSCRED ((struct ucred *)-1) /* filesystem credential */ #endif /* _KERNEL || _WANT_UCRED */ -/* - * Flags for cr_flags. - */ -#define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */ +#define XU_NGROUPS 16 /* * This is the external representation of struct ucred. diff --git a/usr.bin/procstat/procstat_cred.c b/usr.bin/procstat/procstat_cred.c index 7f1efeab9d4c..decb7b9ca7df 100644 --- a/usr.bin/procstat/procstat_cred.c +++ b/usr.bin/procstat/procstat_cred.c @@ -62,7 +62,7 @@ procstat_cred(struct procstat *procstat, struct kinfo_proc *kipp) xo_emit("{:rgid/%5d} ", kipp->ki_rgid); xo_emit("{:svgid/%5d} ", kipp->ki_svgid); xo_emit("{:umask/%5s} ", get_umask(procstat, kipp)); - xo_emit("{:cr_flags/%s}", kipp->ki_cr_flags & CRED_FLAG_CAPMODE ? + xo_emit("{:cr_flags/%s}", kipp->ki_cr_flags & KI_CRF_CAPABILITY_MODE ? "C" : "-"); xo_emit("{P: }"); From nobody Mon Dec 16 14:45:21 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR60KTCz5hWSK; Mon, 16 Dec 2024 14:45:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR54V1nz4cWM; Mon, 16 Dec 2024 14:45:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d1za96c72dRnfa+8J7VQsHfbMRtmpx3qTxLNtmussMg=; b=sd1iOFiHJNQ0kgJ2K+o+gBWXbfcjHyQ2XFsuSeOF6P1+FWbW2/iWPzRjhSg80tuLtsm6+Q AOlf+ioLfcSABM+Xqdbg3NGQ4FOihAog8w9PqPYZDWBx1hTBAWHb97pczMBfOWQUvqL9Cp hcm3qr3AHaH9c4tN02n20v75vnYC3cNAS0Tr1zOZyetXt0nsd1No/mVwh/sXOKZs0LuUZZ nj9hTFWiL+xmWyO7YROyBZo8UKWzeTfrl2z0SxytgE6mzYl0OAz+tGDkGlRAJwD5ic7Bi1 +c3PBPbNBV9PSY4SBLggeWcBTAZBTXOboFcsFIa/PH+Y5QFkcnowUxln43137g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d1za96c72dRnfa+8J7VQsHfbMRtmpx3qTxLNtmussMg=; b=DPYJrTO8lxckoBs69U44PZkgdPTdWInDMLMU1CpoLknSYIsi9JZt4kEW+oUjtUWFBuQqaL sY1Q9MHiSk86Ng7jpG2+OGxjf7+sGVyT1KErsg6KjmKaVebkQNJRjvVhy1h4pb73YFFMDT qBy7PIynqj6RLnX2d2Ib6DEeTsHfSLCBn7hB1dNCISswregutm2eRdPxsCMzwh+1vWcu5S t+sFWVsCE7rJZIrie1kczjXpPWbJwbvJl3suoj+91rBSAEv5TRFfo3LeIuw/FjdMmabofR 4U3u1Bgeo8pNuF4jyIIaRnvldECPZKpdjoP69Az/xeNz9UgAVC6ITy4bD63U8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360321; a=rsa-sha256; cv=none; b=P5lgMn6DuV3qArXSJVBv/DLrvy23JgnKEqtfe/cIEd/GHvv8A9fofrbwnf3Qul25Izilyr PDM1We96qrYoHdrdkRiQ7d/5zy7DTv4S4sbvvHs23seTmTPTly7/Lb0TBGU5gLeEyVa19u OyibRuCpk8jup1sEJ4wg/rvAn86pdsz5KTgWBEdb5t+6hA3CJeaMv5cBh9qS7HNCiVZWg4 QR2X7q7sIpKGz2meGxYMYBjZtEVbFn/VqhXJWEmn1LkArfO13YuuDx9jLjnXbOlmbqvMqi 4LVw7wu0TsMzXRPGP8tFYgueZNv6jNnLfrGu6R/0GtGBMY1wr7php+m3QOSaaQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR546bYzxWp; Mon, 16 Dec 2024 14:45:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjLE4051740; Mon, 16 Dec 2024 14:45:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjL59051737; Mon, 16 Dec 2024 14:45:21 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:21 GMT Message-Id: <202412161445.4BGEjL59051737@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f5b46856918c - main - cred: crget(): Compute initial 'cr_agroups' with nitems() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f5b46856918cc6cc3ea49e3ab95163d318563ece Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f5b46856918cc6cc3ea49e3ab95163d318563ece commit f5b46856918cc6cc3ea49e3ab95163d318563ece Author: Olivier Certner AuthorDate: 2024-07-16 20:32:19 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:29 +0000 cred: crget(): Compute initial 'cr_agroups' with nitems() No functional change (intended). Reviewed by: mhorne, emaste Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46910 --- sys/kern/kern_prot.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index d29833f944ab..0b15937d13f3 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2119,8 +2119,7 @@ crget(void) mac_cred_init(cr); #endif cr->cr_groups = cr->cr_smallgroups; - cr->cr_agroups = - sizeof(cr->cr_smallgroups) / sizeof(cr->cr_smallgroups[0]); + cr->cr_agroups = nitems(cr->cr_smallgroups); return (cr); } From nobody Mon Dec 16 14:45:23 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR81kRnz5hWND; Mon, 16 Dec 2024 14:45:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR801Hyz4cqy; Mon, 16 Dec 2024 14:45:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3POhBwzW5kJVBvDLwxWLtWQgdoanfKU9IskXhthI40E=; b=N8JGslYzt5WXPHLorWQlaPL7RTu0Uc3B5mYC3r0zmZViiW/DwbTW9PT/EP85Tt8O3/snHD 7DrLPqwxTot6vEhblabxRcs8bS7Zt5Raw2xbl8UBYPux33zeJJ8VdvCNbSQYK7oYtF0iDq 8krmUQ1GLzKaPrUQnIoJxfdazxDlb6Z2r0DudwASLFNB4Y1DZnkv3n+UHMbUkuAVgN42iA P7DSHASI0kbCt6e5RJznh/Rq1Yz0D0EVgbgAbCiL89g1tE3vhY68ZGDZR32DicqPUR8M84 tQVE8ZOG/aEdsH6VlbBi2LuaBMXU6Bqq8uMQbdmktPJfnbmIBYW8+NbNxUNGCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3POhBwzW5kJVBvDLwxWLtWQgdoanfKU9IskXhthI40E=; b=SAOItlW0Iv2BlqWttaVpVOcndAgCWBzpciNMtJSrQdHau3nvGtcMC9fPTAmQjPHGW5b51x cpKC9Ug7AlKGCncgsz9seSThIKm+LKZx3oxVMfoS2NszwB7bhJP8yX7PZ4txbtOLeGj/g6 Kfh774NxWadDlSLddiBGf89HGnlKBSrBvCgJXqe7b71lveAAyB+vd9UvrSYMAWG2uCc0Om rf/cM/r5hnE3Ec7UZw2uLxZE/tm+uGcEnN0u4Cxks1GDZ9jZ/O3fheacM2WvnjnPhgbNig 2J39V5AMWYgrspqp1wZZwL+3+hvemKGDFjwoWzx4MM7jmvHweFwtJ8rbJDFJbA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360324; a=rsa-sha256; cv=none; b=bxSW5KgFty3w/0NcLRhkfz1PdVPahNP/H7DdjTN8XqQxJT92sfd2kDINMBdJHFUKFl7jO+ ibHhjUlooVYZfjqQGf4pTBE1gIEKp4R4HTclxT8aK6epAZIXc3XclcZf4VFSTnFOsqADg9 zEltw/0iyOKHgySv+1Mau0yIeGtKd3oaDRTb32FuJ7YYpLYLXNl4nYveIWt+HAl/YoEuXD 4rUexMzeQqXfUgRXVc9BpBdQcGRphxAy0Tt08WlJuN2N36Ho6KF6Lrt1xn3PxzEpV5yPio cyhYmQ6AzBG7dTRCPLC0TGB+G0Jst/Q/Skoz36Y+m5fEuqOlkyWHt+TDWqXYFw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR76TTTzxB9; Mon, 16 Dec 2024 14:45:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjNRU051839; Mon, 16 Dec 2024 14:45:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjNvf051836; Mon, 16 Dec 2024 14:45:23 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:23 GMT Message-Id: <202412161445.4BGEjNvf051836@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f2d2318fafbb - main - mountd(8): parsecred(): Remove "duplicate compression" List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f2d2318fafbb16c8a7773fe20c724c986f424fa2 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f2d2318fafbb16c8a7773fe20c724c986f424fa2 commit f2d2318fafbb16c8a7773fe20c724c986f424fa2 Author: Olivier Certner AuthorDate: 2024-09-26 17:00:26 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:29 +0000 mountd(8): parsecred(): Remove "duplicate compression" No functional change (intended). This code dates back to 4.4BSD, became wrong after some getgrouplist() (nssswitch-related) change in 2007, was fixed only in 2020 and since then underwent cosmetic changes. It is likely that in fact it never served any useful purpose in FreeBSD, except perhaps at the very beginning. It's most probably not the case today: NFS credentials are normally only used to check for file accesses, whose group is checked against all groups of a credentials indiscriminately (except for the real GID). Consequently, having a single duplicate, which the code would actually remove only if in the first supplementary group slot, doesn't change behavior. Moreover, we are going to regain one slot in a subsequent commit. Discussed with: rmacklem Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46920 --- usr.sbin/mountd/mountd.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index c903431c2ecf..22ed57d8669d 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -3610,7 +3610,6 @@ static void parsecred(char *namelist, struct expcred *cr) { char *name; - int inpos; char *names; struct passwd *pw; struct group *gr; @@ -3652,23 +3651,12 @@ parsecred(char *namelist, struct expcred *cr) ngroups = NGROUPS_MAX + 1; } - /* - * Compress out duplicate. - */ - if (ngroups > 1 && groups[0] == groups[1]) { - ngroups--; - inpos = 2; - } else { - inpos = 1; - } if (ngroups > NGROUPS_MAX) ngroups = NGROUPS_MAX; if (ngroups > SMALLNGROUPS) cr->cr_groups = malloc(ngroups * sizeof(gid_t)); cr->cr_ngroups = ngroups; - cr->cr_groups[0] = groups[0]; - memcpy(&cr->cr_groups[1], &groups[inpos], (ngroups - 1) * - sizeof(gid_t)); + memcpy(cr->cr_groups, groups, ngroups * sizeof(gid_t)); return; } /* From nobody Mon Dec 16 14:45:22 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR71H8xz5hWSN; Mon, 16 Dec 2024 14:45:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR65jkQz4ccT; Mon, 16 Dec 2024 14:45:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9DmuHx4zV2pgVnYpkw4Dto8bHJ4e0Tq0euCCSfw52/k=; b=MA3oqmCanHJnRt51TdMmbQ2R7/NzqCXlnmks+7XOd41yhTWLx9uVUqqmosCUWV12I7DvqD O0Dp2+hGKtnewj/YSE/W6PrYtgDzsZ/n6wSir72WaLpQgwIVrOt+OvI4BWpxvSNWg5P5Jr cNLyWsK/A2okm5wFb8QlXick5rifgORXZeiokaFuYjcdAca041kMoCovXOzHKqW0xgiDtn Vu+P3+xFh7k+1tcZ062h+cya3dOh7XXRq4gMON5aFU7YelMB3bBgMFHptaKXVQ+beyfA+h DYLHQ2ab0OhGfKfLRzthN/XbFLNKB3LsJoNiUBVP1K4vtnMjJNRU+orKh1nHTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9DmuHx4zV2pgVnYpkw4Dto8bHJ4e0Tq0euCCSfw52/k=; b=ucsxEII3knpBtmOpk+VHVcoVQEm8J6GGls4wGf3XdbH/DkbooKcpZAfcgkkl46I83a1FjD Zy/lAOxWFmcjFALxZ2NHaXrFNVI5XW1A+3nBg7iBm7nPsj+V+TglAgHNZJ9MEGALXjycwf ndnEl9Sdz55zzRKSVCVDESJPDjXyWwfmxYxSyCCLFbMqDJDQD+PqUP8JbINdKlF+YNGf8w 9hmpfdxc44ki+wwHj7wzXhwZ7fWKpxpSGz9DdoL87bBeB22V0wdCbvL6V/03aBsCy9sbxk pm8tZRXJVOdhzqA5doW3pZOGWfcTChztzDi7Dq+Wsp+PFQp/STO45j8o6uQ+8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360322; a=rsa-sha256; cv=none; b=ppEJEgWil3yqpifQDGsjPrs5cr3pD0Yr5ubcchzhI3Kx/YIv6Lczc/ku6twBV6yK5uUhaG xkmYUphd7QMv5yNEmYaBtpZgyGIwOaK49p3t/pGOudnxPn+z7S0hfK8zitq/ntl7xz7nnx tKenXayeDJM0XUpnUWJ0vcGobq7FJTEH3AHoOlng7uOC5seyzv2HI500D2sNn4OTZekkhj ALlBP1mmzmR+0CFHuWzDHeduDDj3BZdi+ZGRoDi2uFi1ZFkBCaR63pnxqfVJZqIycptBKx dzD4pV2Q9JMBA5qeBx0TWmpXjTLVg8Dv96mp3ExORbZta04U9ciWu3CvcEgrEQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR65HmDzxWq; Mon, 16 Dec 2024 14:45:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjMiq051793; Mon, 16 Dec 2024 14:45:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjM7r051790; Mon, 16 Dec 2024 14:45:22 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:22 GMT Message-Id: <202412161445.4BGEjM7r051790@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: ae22a4bb7437 - main - mountd(8): parsecred(): uid:gid:... loop: Simplify a bit List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ae22a4bb7437019e34fc593e101a6ac14c9d7959 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=ae22a4bb7437019e34fc593e101a6ac14c9d7959 commit ae22a4bb7437019e34fc593e101a6ac14c9d7959 Author: Olivier Certner AuthorDate: 2024-09-26 16:16:16 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:29 +0000 mountd(8): parsecred(): uid:gid:... loop: Simplify a bit No functional change intended. Reviewed by: rmacklem (older version) Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46919 --- usr.sbin/mountd/mountd.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 00309ed58136..c903431c2ecf 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -3684,7 +3684,9 @@ parsecred(char *namelist, struct expcred *cr) cr->cr_uid = name_ul; } cr->cr_ngroups = 0; - while (names != NULL && *names != '\0' && cr->cr_ngroups < NGROUPS_MAX) { + while (names != NULL && *names != '\0') { + gid_t group; + name = strsep_quote(&names, ":"); name_ul = strtoul(name, &end, 10); if (*end != '\0' || end == name) { @@ -3692,13 +3694,16 @@ parsecred(char *namelist, struct expcred *cr) syslog(LOG_ERR, "unknown group: %s", name); continue; } - groups[cr->cr_ngroups++] = gr->gr_gid; + group = gr->gr_gid; } else { - groups[cr->cr_ngroups++] = name_ul; + group = name_ul; + } + if (cr->cr_ngroups == NGROUPS_MAX) { + syslog(LOG_ERR, "too many groups"); + break; } + groups[cr->cr_ngroups++] = group; } - if (names != NULL && *names != '\0' && cr->cr_ngroups == NGROUPS_MAX) - syslog(LOG_ERR, "too many groups"); if (cr->cr_ngroups > SMALLNGROUPS) cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t)); memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t)); From nobody Mon Dec 16 14:45:24 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjR93tjyz5hWVv; Mon, 16 Dec 2024 14:45:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjR90qYyz4cnj; Mon, 16 Dec 2024 14:45:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y10kAF0Lt2mUmZPJo9V7h8DYEwJksUZUXTLHtU5Ac1M=; b=hSL4bGK6tjZljQAffcqKRR4iitsCDDvFU8ljqfYtRwnHUQCPhr/Kt9voIOhWU0W05lyW8P UWIuHMrBR80QaLhXWc3eI9Y557YNRdkH/t4RciL3wB3V19ERz9EHpDyLniTyzSLYjQfsJ3 +BGR3sSyjWSnDMSk3N13PL4E0CnAYY3iJUYoiN3SEQ2wxGFLKIQ321HFPc5kW5GfXjEnbt 0fMVjiHdrhc+chRAzzuX/ChcWvK4gMT1X69CM9ry45DHRU6GbbgyVwejk0tQtM8kV9zAzK qb+pf8HB6AJb+0eRrKoL6tobQFILZEYyDmjMp9/M6x3DcevN/z5WaKdyt9LxSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y10kAF0Lt2mUmZPJo9V7h8DYEwJksUZUXTLHtU5Ac1M=; b=bpddUeyhCYWmICJdZbRRZID4aZA3T7ozOaYzSvWGxdn9Otjxni7kuSW1dhrRu0e3856LY/ 1GfVZmGBvqIPWdP821TbnpMPrVe2sfBHDfiTqe4DaiZQJq8Dm/4j/4JsBu6Aj2JDi+Qjn2 S6FuPqQ13U1pKi58SLmBKNDE2bNraLLjrm4hqnfSBWqBNiOhP37GVqGG3375GsULwDcFFt UAstkv5huWzi7YNUFrHALH7b3Vdr+luVjYstt+dLi28X4gYQ7ZkqXtqCBrZWZyOlKsqji2 WNuhH2pdzjB09H41aXziKX8+jV//UNIpB5Unn6lMiE/C8zU02N+7F2+F0WnaCQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360325; a=rsa-sha256; cv=none; b=YyN54LV0ghlzRFTfgNjM5Z7pzsyww8fQfPq6phcxoDDpP4pv0NDyQq2ORcEzmjXVg2uvAQ jUp/nlfsE15chRufdBsfMmm52XsYGyiQwXVWaOaP9xQuIYHUBKx9kyQN2C7/MYvsuRsyBG Xm6BeVeLAdeto/saVlhYN/pMgceHFpcAE/8HmyGGTI9I8SMXRN/xXGRwrLTWRaNltFKs/J 06eFBtffb+lHg7/gz8op5bFB6HxnpD4TBV5wSwy4ssJgSn0WA5xvKG9GXJXGPvrAUago/J 5agtWXH4cb6zS7aocCHuzbZvwTNHSTKH2dHIo0dj5OoS5Jn/dBkgg8YVhAADHg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjR90PKDzxH5; Mon, 16 Dec 2024 14:45:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjOTL051894; Mon, 16 Dec 2024 14:45:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjOGk051891; Mon, 16 Dec 2024 14:45:24 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:24 GMT Message-Id: <202412161445.4BGEjOGk051891@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: bdc259ef382f - main - mountd(8): parsecred(): Fallback to "nogroup" or GID_NOGROUP List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bdc259ef382f76b1821d4356049d5b856c42901a Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=bdc259ef382f76b1821d4356049d5b856c42901a commit bdc259ef382f76b1821d4356049d5b856c42901a Author: Olivier Certner AuthorDate: 2024-10-08 09:21:17 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:30 +0000 mountd(8): parsecred(): Fallback to "nogroup" or GID_NOGROUP In the 'uid:gid:gid:...' case (for '-maproot' or '-mapall'), if no GID is specified at all (i.e., input is of the form 'uid:', with the colon at the end), mountd(8) would pass credentials with an empty array of groups to the kernel. For security reasons, we have put in place a kernel fallback a while ago, which is to use the single group GID_NOGROUP (see commits cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have at least one group") and 5169d4307eb9 ("nfs: Fallback to GID_NOGROUP on no groups")). Here, as we are in userland, we first try to find the GID number corresponding to "nogroup", and only then fall back to GID_NOGROUP, as nfsuserd(8) does. Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47011 --- usr.sbin/mountd/mountd.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 22ed57d8669d..585eb266e261 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -264,6 +264,8 @@ static int xdr_mlist(XDR *, caddr_t); static void terminate(int); static void cp_cred(struct expcred *, struct expcred *); +static gid_t nogroup(); + #define EXPHASH(f) (fnv_32_buf((f), sizeof(fsid_t), 0) % exphashsize) static struct exportlisthead *exphead = NULL; static struct exportlisthead *oldexphead = NULL; @@ -1587,7 +1589,7 @@ get_exportlist_one(int passno) anon.cr_groups = anon.cr_smallgrps; anon.cr_uid = UID_NOBODY; anon.cr_ngroups = 1; - anon.cr_groups[0] = GID_NOGROUP; + anon.cr_groups[0] = nogroup(); exflags = MNT_EXPORTED; got_nondir = 0; opt_flags = 0; @@ -3623,7 +3625,7 @@ parsecred(char *namelist, struct expcred *cr) */ cr->cr_groups = cr->cr_smallgrps; cr->cr_uid = UID_NOBODY; - cr->cr_groups[0] = GID_NOGROUP; + cr->cr_groups[0] = nogroup(); cr->cr_ngroups = 1; /* * Get the user's password table entry. @@ -3692,6 +3694,11 @@ parsecred(char *namelist, struct expcred *cr) } groups[cr->cr_ngroups++] = group; } + if (cr->cr_ngroups == 0) { + /* cr->cr_groups[0] filled at start with nogroup(). */ + cr->cr_ngroups = 1; + return; + } if (cr->cr_ngroups > SMALLNGROUPS) cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t)); memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t)); @@ -4077,3 +4084,19 @@ cp_cred(struct expcred *outcr, struct expcred *incr) memcpy(outcr->cr_groups, incr->cr_groups, incr->cr_ngroups * sizeof(gid_t)); } + +static gid_t +nogroup() +{ + static gid_t nogroup = 0; /* 0 means unset. */ + + if (nogroup == 0) { + const struct group *gr = getgrnam("nogroup"); + + if (gr != NULL && gr->gr_gid != 0) + nogroup = gr->gr_gid; + else + nogroup = GID_NOGROUP; + } + return (nogroup); +} From nobody Mon Dec 16 14:45:27 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRC58w3z5hWY9; Mon, 16 Dec 2024 14:45:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRC2nDJz4cd5; Mon, 16 Dec 2024 14:45:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxhBs+cq3AaJUIeZNxE/8riqQ09Ml0Z5Wjc5Pfe11sg=; b=fTgDSkhCTbS8qmMAg6fjcZ2Nv9TlRvLphAjPMmX9IK8qoD+CmSCY6bNYCzS7RkL1wB2VCp TWophcdc5Bz/10C03XvZDCxv69pE9U7+/fVEeKykMcGuYHheCtw/bVs/k4jnFYj7ovkagy JQqw5+uuLfYnOrZzNM9bf2tDkSLksgdTk5QD+JW5vPUnxKeqwCKJn6U4UMiGAbqeKNRKte yintU/O1BvxM2isYeenvjbXh5XSERwUphtsDz7JA/gsOTcNOl+GFdHyXnMeTFATTckDk4B iVH1m1fA212hkdkSkRKZN2keXXygeJ7vIsPsr9qFUSIaUsxpTOYsaMQIU02ZdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxhBs+cq3AaJUIeZNxE/8riqQ09Ml0Z5Wjc5Pfe11sg=; b=kk57hnETgUJZVe84wXsjxtkRoO2W2FR9z9r2IWGwmat4Lv/ivyAExSG/NYMDp2WVZZqQWn /P/9C9JT9y9nll3kXm3wscxhP0cImOxcZd4qbV6+qtF0ITiJL7hrDkC4+RkliezAYzlEsB 0u2w14zeONuiCU7qfeS195knpoM/2j2v3wWp+EOAl6x8EA1poMlO2pkQHtmCuD4nJ1lpjH ldL+mmaYJRvYOZ5KtigjZnrBo2pdZ+7CNCMf1HifnlCPw0wxkyxIOuXk4GwCLtHyyRlhf9 VN7ud1IOsaRTns8dsBhwUWamKUFDJl7dedN/sTRA05ZF/skGE1+eOmAk92SJ2Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360327; a=rsa-sha256; cv=none; b=fHqZIRW67oKTxaOn4xPW+OfvJb+L1+wkmVAL3sTv2+aB5X/sGnum/3aT9N94n4zpfTtkb5 1zhnAKbNf9LVvnxskyzbu4A9Nz37ncf85n3VM57MCPGYtAa0ZAuXMp+5XdD/u2vsAmEQtc GGIzncAfJpn5rQsy/oBY5lj6EtSJYjs9adXVhidRa5pHZ4aFjpHRqZJAHVqQD4d4drX9XW R4wsGyEEkLigBJHL+7n38ymQGMaJPtzn6LSzCDt2PXT6AFOT1e6Ezw2v5HY2cUrqQS2F9f qT4tXUrkqI2p8XwEFDCawUsbTF5uxC5usKD1eHrIaMWpuB/C8bFwQCSV4ArkZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRC2Nmhzy08; Mon, 16 Dec 2024 14:45:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjR7U052005; Mon, 16 Dec 2024 14:45:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjRCT052002; Mon, 16 Dec 2024 14:45:27 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:27 GMT Message-Id: <202412161445.4BGEjRCT052002@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 7f7f3b6cafac - main - mountd(8): parsecred(): Groups limit: NGROUPS_MAX => NGROUPS_MAX + 1 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7f7f3b6cafac6e8ab993a14386e34991224f86f3 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=7f7f3b6cafac6e8ab993a14386e34991224f86f3 commit 7f7f3b6cafac6e8ab993a14386e34991224f86f3 Author: Olivier Certner AuthorDate: 2024-10-03 14:49:40 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:30 +0000 mountd(8): parsecred(): Groups limit: NGROUPS_MAX => NGROUPS_MAX + 1 Lift this unnecessary limitation. Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46921 --- usr.sbin/mountd/mountd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 585eb266e261..76a5fc6fae93 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -3653,8 +3653,6 @@ parsecred(char *namelist, struct expcred *cr) ngroups = NGROUPS_MAX + 1; } - if (ngroups > NGROUPS_MAX) - ngroups = NGROUPS_MAX; if (ngroups > SMALLNGROUPS) cr->cr_groups = malloc(ngroups * sizeof(gid_t)); cr->cr_ngroups = ngroups; @@ -3688,7 +3686,7 @@ parsecred(char *namelist, struct expcred *cr) } else { group = name_ul; } - if (cr->cr_ngroups == NGROUPS_MAX) { + if (cr->cr_ngroups == NGROUPS_MAX + 1) { syslog(LOG_ERR, "too many groups"); break; } From nobody Mon Dec 16 14:45:26 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRB6Pzcz5hWSW; Mon, 16 Dec 2024 14:45:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRB23HVz4cjd; Mon, 16 Dec 2024 14:45:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Amatx3kXvWn7xRz+LnnPZUmZNst6ohzRkObhmeSmqWk=; b=cm/pw4qPg1SifXa9R9If8n00xUhP2vHsta0cfqTsJUwbcXgjOmudxV6dSgx9CmSrRvIKkn qf8SfDW3ocEc1UZ8yXnL/GsMq9R5x37iTldYeq82WiFLtzi0UURUSjXq9eb0v04TCYSPy9 c0TuHgGHaaAZ5ZtiZ3txsjN/aDqEmAWvnXay9TE1/uLJA1a7msWCidco6bizZXTUBTyG/8 lpE3Am3n+1U1NaF/ra1gOLym2kh3J4Vr04RhsJLj7begfJUTKFwO7wk6ZdpQZ4HSnvuUG2 TVMTNrJN9MR6jGPNElK287bdeNoaoP9J20lzeI17lebN+ZRsMD6lZj7y0PhDTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Amatx3kXvWn7xRz+LnnPZUmZNst6ohzRkObhmeSmqWk=; b=QZDI8RkS4ofiTQleNZZn/YpMW7MASCsy9i7WTx6D4IQn3YVa1q2hJZv23PhnD8t8irYJD+ UCzNL0yfKbe1rqho1Oly/wXMiYv+npYzpwqZP4fuV1NQtHnWoET5ioOjhMEmDRpGRlX+PD iM2u9OSYpeysbfH+oz1LtRV/tafPQdzj5txByrZvvY6UH+n0CdptzLUeuCz4dfBm14nTIN smYmDymrk8wgGTn3T0ts3Evtt2GKFsgl3+HNEaAtnSoBTmfPlvfmaVMWemfhIJ2ICIZrWc FWWCZJBC2aIVlLwywRPQFMUYRgYSMvB2uJoxvrBsYCCvyqox8cc1ZbHzhRkJ9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360326; a=rsa-sha256; cv=none; b=IBKGwwtTvp1wjWPjcyqn6gTK3vbf8p1m5YYTXdTX/PQktvLXKUxERaiKQeAyY2i/cF0SZI 1IB7thyqvFRb3enyglfuZxRXaXzOiluW7IlbejhF8+xuE84LicImKcGuZvUdJVwEVWQ/63 Km3bNjZvbOVZmfOtU2pblor0kP+s8z59ZSiBWv1zqOV1qt04GSE+y6DErdKs6VA9ZC4MMb 78vmvhSrjjf3CYrnPSe3Xpyw7FBOGVsAHhwamr1VGsgwOod8oc9xL2lXo8bt2wVHuTjWe8 X8U5Uyj+lKho0DMn5/0q/iC3Yv6u9NDvlDeaCwoUhMAhRnbQlTc2aqI7mWviFw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRB1cjGzxH6; Mon, 16 Dec 2024 14:45:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjQ4P051951; Mon, 16 Dec 2024 14:45:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjQsi051948; Mon, 16 Dec 2024 14:45:26 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:26 GMT Message-Id: <202412161445.4BGEjQsi051948@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2ef608de9062 - main - exports(5): -maproot, -mapall: Explain the fallback on no group List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2ef608de90629df37c29043afc638f8ff99ecfc4 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2ef608de90629df37c29043afc638f8ff99ecfc4 commit 2ef608de90629df37c29043afc638f8ff99ecfc4 Author: Olivier Certner AuthorDate: 2024-10-08 09:34:44 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:30 +0000 exports(5): -maproot, -mapall: Explain the fallback on no group Reviewed by: rmacklem (older version) Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47012 --- usr.sbin/mountd/exports.5 | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/usr.sbin/mountd/exports.5 b/usr.sbin/mountd/exports.5 index ee3e9a89f114..6436e586cab9 100644 --- a/usr.sbin/mountd/exports.5 +++ b/usr.sbin/mountd/exports.5 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 16, 2024 +.Dd October 08, 2024 .Dt EXPORTS 5 .Os .Sh NAME @@ -170,8 +170,23 @@ The user string may be quoted, or use backslash escaping. The colon separated list is used to specify the precise credential to be used for remote access by root. The elements of the list may be either names or numbers. -Note that user: should be used to distinguish a credential containing -no groups from a complete credential for that user. +Note that +.Cm user: +should be used to specify a credential containing no groups, in which case the +established credential will use +.Ql nogroup , +else 65533 +.Pq Dv GID_NOGROUP , +as the fallback group +.Pq a credential object must have at least one group internally . +Using just +.Cm user +.Pq without colon at end +falls into the +.Sm off +.Fl maproot Li = Sy user +.Sm on +case described above. The group names may be quoted, or use backslash escaping. .Pp .Sm off From nobody Mon Dec 16 14:45:29 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRG08Qbz5hWKy; Mon, 16 Dec 2024 14:45:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRF5HPYz4cmT; Mon, 16 Dec 2024 14:45:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJ/LNvEdaYlKHxSgAJeYG31CbKupDiWDH0OcXxyYj/Y=; b=cHeTnKuE07dm0MyDSlRlH7Fc3FP/CGlvVDdx4Z7eijqiP/9G/wyK6kdGv553eQQESjhnr6 449Raq1DEVXdtp6lAHpIBMwvle/BJTXxidCiWUTsvsytMeK3NAsPgypGTIxUwyE9mzmt9D ft+DJNdN/HiQxybMcNYeDlcKBDJ0MJglNg5wmIBv4v/FoifM2iFtmAEsf0OI/prNV3ylrl beMXRsFetlA0I34/LXWRhT+Kc3tXEiwu8P9KUaVnEwAX2r3eLOQMfn/7hc1a8KyEdnY7VV XK3AvhHbBmSKx947bkf7p2BvVmCm9MnkVU9lx6vZLgPoUxV4d9kAWUut69/pGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJ/LNvEdaYlKHxSgAJeYG31CbKupDiWDH0OcXxyYj/Y=; b=ufHaFd45LzNjZhW4UrqOTfkIqCY0u+Ng2XWsmRmVpEuCOn9d6voXwA4GbzI4f4W+mopFbH uiR5YCsKWnXpve67YSpYhsnKK3+FcpCXAHdndqW71l3zVuos5Ld+MOzlPa0DIgKlf7ExCx Yp+CG9DZaZbK03qOSTYZDAVL+mZhTuHRxdFKyAx0/RIuS+tpJ2afU8uF/N6srjiKmO0Ni3 /24OSNPF+QFMTtwiFi6EOWpRLboW4m421AhueZXdVHt5ne59DkUvF4q/pcPMvjwAuBPyi2 epTh1R0nZjiwNUibu+wVII879UPHt2hrE0VBXz56Pvdb9/mrSkNeZox/0u9FKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360329; a=rsa-sha256; cv=none; b=nGz/LNc656Hy40QvzwrIEYCczvnOWHuZjHtedLiuMXXT7Ai3a/lGSdjH1X739EaDh5Ke84 YoExZsznof/x5Ud1hfLAVYAV6UeHu4CdDRvp3hKu+BQjmfUNVAuEg4WcSdTY6Rmhs7Hg7K /9FkeUhzH/1KXlUhLA3pCPC6/mNtH3DEGT6yGP+hsyU77Px6FxZvlyTfsgFlfXWO9uUpzb YR+DKeLkugVh0JVQaj8h7neGzmArD6t7DivCSKZSoPH6mT7dM0nlyRiUl/v2waUaHStZKE EMcVVKbmd8l/FmI6AvHbf50S5qymYFiFAaGa3McTG1HFjJJz1KpEM7vaZ4ZxoQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRF4ntMzxnJ; Mon, 16 Dec 2024 14:45:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjT9o052110; Mon, 16 Dec 2024 14:45:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjTEY052107; Mon, 16 Dec 2024 14:45:29 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:29 GMT Message-Id: <202412161445.4BGEjTEY052107@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 0b011b5cddb5 - main - mountd(8): parsecred(): Remove comment on non-existent bug List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0b011b5cddb5b17cf5b8f50ff580f3eb4abaeeef Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=0b011b5cddb5b17cf5b8f50ff580f3eb4abaeeef commit 0b011b5cddb5b17cf5b8f50ff580f3eb4abaeeef Author: Olivier Certner AuthorDate: 2024-10-08 09:44:06 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:31 +0000 mountd(8): parsecred(): Remove comment on non-existent bug 'name' can never be NULL, as it is equal to 'names' and 'namelist', which was passed by do_cred() only if the actual parameter wasn't NULL. Reviewed by: rmacklem Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47014 --- usr.sbin/mountd/mountd.c | 1 - 1 file changed, 1 deletion(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 76a5fc6fae93..653d7135ef79 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -3632,7 +3632,6 @@ parsecred(char *namelist, struct expcred *cr) */ names = namelist; name = strsep_quote(&names, ":"); - /* Bug? name could be NULL here */ name_ul = strtoul(name, &end, 10); if (*end != '\0' || end == name) pw = getpwnam(name); From nobody Mon Dec 16 14:45:28 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRF0WrFz5hWW4; Mon, 16 Dec 2024 14:45:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRD4D7Yz4ctM; Mon, 16 Dec 2024 14:45:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D3eM65N/Ur55LOpyYdE9VorZdShupPox0VnNUPWt1UA=; b=CMENu61BocDbeIIuBeT/ykrxzj1GDkbj7BGVNWq25F60SUtDYkL7poavwgeHVPJhgHTlwX U6E0mkQrRP+TaWlmbu9tUt61cIayJJvX+n5kzeZ9Cirr+s3ogu51Uz176gYExk1aGF2/E2 JX62tMSmAf+S5IRvLrMi9+LmHTuRNohPDOaHzGs54vhoAKMsc82RHM80IHN9B4+OwB+wnF zJRpYbwgfbTMXZsSmEGybqgS+nn3sF36PoLerz5X/Zg4ouDM6mSWHC9x420X/qmsj5DXF9 feO5phig3stmIhOqSd5Iyiz2jJYJzT1KadndbPfhuIFabu4wS/iKVqBZ479fTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D3eM65N/Ur55LOpyYdE9VorZdShupPox0VnNUPWt1UA=; b=j8OFyW6FZz5j47+sb9qs4QWVi6eoZ6UcpRPS/t3ASL3FKGTGxakIbH2O3iLfA1v2M7JnSR l2SKIa5JUj0/F8UR9clZUYqckfBj9eNBNTDf2IYte4kbbSmFytZFYV7spNyJdCwMZOqbgG UyrQJtPK+iWQujOLxIkI2esl2K8aRlcdl6v15/ZS+aR2mt75tSTyHws8dzlYxh+Qz8Pj4J +trbzWfBa8AI7FVR03ngOMMz1yUJVFPfJWsEfdVS7T5bkdpafGxUZPRFNuu99Yw9RAuUs4 dp7nmzBwArlfJZOhEwRfkL0Rf3zcYuh9bYXPIrZoaiwnWeyO2Kmugdye1+FR4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360328; a=rsa-sha256; cv=none; b=neaGRWq71X7Kbzsy5QTEOfsG/1Y2ea8k4NH0dW+XyuSbejTrMQVToV3hLwPK+vpThCXupy pBgfWAMQ6HaT5ny+dFWo6ZO8eWOFuWicvSwndvaMCVuMoKzb50RHiVxiZBP6KxKQBF/w2X TjHCY/OaOmiBjbB5jAAKkIS0E6JY55MG9oFDNAZlHQ/iHYlnnMc/jrHg/QuR+peDWDKKib 5a14MDGDwTrq8zn8GeBw+oRJMYgsyf1MD25zIVZFSJsbxHYp//wWGoJmucBhmeOfsfne70 0B/pb9MI1reYknWvQG84S4muCCRb5JyWRoTYbuvnM3gtRd2LJBjNBRJ98drXQA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRD3nHbzxBB; Mon, 16 Dec 2024 14:45:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjSl8052062; Mon, 16 Dec 2024 14:45:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjS0I052059; Mon, 16 Dec 2024 14:45:28 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:28 GMT Message-Id: <202412161445.4BGEjS0I052059@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 84337218786b - main - nmount(2), NFS: Accept 'ngroups_max + 1' groups in "export" credentials List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 84337218786b13f0ebfa834d28de41dce02bc937 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=84337218786b13f0ebfa834d28de41dce02bc937 commit 84337218786b13f0ebfa834d28de41dce02bc937 Author: Olivier Certner AuthorDate: 2024-10-08 09:39:08 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:30 +0000 nmount(2), NFS: Accept 'ngroups_max + 1' groups in "export" credentials There is no technical reason to limit that to NGROUPS_MAX, which is off by one and just our minimum maximum value. Reviewed by: rmacklem Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47013 --- sys/kern/vfs_mount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index f5ff8d54fadd..a09a3049d79c 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -1497,7 +1497,7 @@ vfs_domount_update( bcopy(bufp, &export, len); grps = NULL; if (export.ex_ngroups > 0) { - if (export.ex_ngroups <= NGROUPS_MAX) { + if (export.ex_ngroups <= ngroups_max + 1) { grps = malloc(export.ex_ngroups * sizeof(gid_t), M_TEMP, M_WAITOK); export_error = copyin(export.ex_groups, From nobody Mon Dec 16 14:45:31 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRJ3cKzz5hWSd; Mon, 16 Dec 2024 14:45:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRH6tR5z4cv3; Mon, 16 Dec 2024 14:45:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TgkepBd2aozEO+aBAVgn9RK7hjEkl/1xSXZo/9JQIaw=; b=H/GBOfAHnPvOeRVOUD5dYuMprJYZVFMH0Mc+4MzOsPj/ulQTjXbPk6cRxcvH1U1vf1I/Qv DSw6dyfkQYr9zjX2ixIy0alOOvnSafM3FDC1LWcxNVUR8J06zkWw/P8mKHd9TKudRgTGT9 NO2QiVW0IkQgsATfmNhM4OPJKShjoTBDQUjwFdXjYNZIXzbKPwVLi1ihAQggh9/dO2kpaw 6toXSCINx38w+0PzGH0K6WdFxx9/pqIMCBLl3QaXUR2ddt9OWpm4o5wylHT3ibb6CAVibs uurZMNcMSBkCWdgUrubXETqs55xXS3DDMM/peezzVb0+t8lvdMieM14M2FSiKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TgkepBd2aozEO+aBAVgn9RK7hjEkl/1xSXZo/9JQIaw=; b=q2J07ZQ0gukch/kDjHUiiDB6PcO5grZcUm1CZncuU0RlhzR/evGs88z0EHPGFl3HQH9AAN jSXWcPLh95ehLscC1pbnxm+LEMef5xFGjkoJC4yx4yDx8hn/rCjCEjjXeE6ZUpSBkx+Phq /Fa/xTvI6yyf6/5QnnCsa/xRSXBKUYLD43t1IolRVrpI5PhHILXqUTz8RkXB9tvFq8ls/l tyJX2vRXOJM+5a6qvoihoigmsr4zTkDDmj3uEs8t7r1WPBBrP5qOVSF/cxEJhvXBJAWhOa OXP4NyREH4IY06Hmxcl3DxlSF/ORrtsG9fCsmr4/nqtTb6aqZmluRAAGOUhzQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360332; a=rsa-sha256; cv=none; b=kqPWiw3whK1dcaQNSGSsnvcxmO7MAOkhgGrktEVv2i6sdRIEEEKRbz7cV5hf3PoK8yI8EM oc3pRw11QCkk4yDio4hcuKugQ9V2cRxzUkPrawEkEpLL/zouoZwo91mQUdZd1qyMCwMDuL scaYyxxrO9iY9OTJSYS1rCC3WvPbv+uPNA6MWoZscdSb9jZENrf8s7wv2Kl+tD2xt6Spr3 LLBbewd5Xym1F1XNawmk1FZIn/yBRSl2+bUC1myzUaEGQjQP2u7ilLIW6t2SyZpNyYQ+i2 VhVk+D1AJQkjRmHz7Roz1kqfsLTUQyn8iDtHtDbY5hR0JxaNsw7trCqg8CTeKA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRH6RYdzy09; Mon, 16 Dec 2024 14:45:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjVlZ052229; Mon, 16 Dec 2024 14:45:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjVPL052224; Mon, 16 Dec 2024 14:45:31 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:31 GMT Message-Id: <202412161445.4BGEjVPL052224@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: e87848a8150e - main - mountd(8): Allow to pass {NGROUPS_MAX} + 1 groups List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e87848a8150ed75da29d99a7d0c0bba6cc5129b8 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=e87848a8150ed75da29d99a7d0c0bba6cc5129b8 commit e87848a8150ed75da29d99a7d0c0bba6cc5129b8 Author: Olivier Certner AuthorDate: 2024-10-08 12:30:03 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:31 +0000 mountd(8): Allow to pass {NGROUPS_MAX} + 1 groups NGROUPS_MAX is just the minimum maximum of the number of allowed supplementary groups. The actual runtime value may be greater. Allow more groups to be specified accordingly (now that, a few commits ago, nmount(2) has been changed similarly). To this end, we just allocate once and for all a static array called 'tmp_groups' big enough to hold {NGROUPS_MAX} + 1 groups (the maximum number of supplementary groups plus the effective GID, which we store in a variable named 'tngroups_max' to avoid confusion with the kernel variable 'ngroups_max' holding only the maximum number of *supplementary* groups) in main() and use this temporary space in get_exportlist_one(), do_opt() and parsecred(). Doing so in passing fixes a (benign) memory leak in case "-maproot" and/or "-mapall" were specified multiple times and the first option comprised more than SMALLNGROUPS. parsecred() does not use 'cr_smallgrps' anymore, but we have kept 'cr_smallgrps'/SMALLNGROUPS as 'struct expcred' is also included in 'struct exportlist' and 'struct grouplist', and thus this preallocated field still results in an optimization for the common case of small number of groups (although its real impact is probably negligible and arguably was not worth the trouble). While here, in do_mount(), remove some unnecessary groups array allocation and copying. Reviewed by: rmacklem (older version) Approved by: markj (mentor) MFC after: 2 weeks Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47016 --- usr.sbin/mountd/mountd.c | 70 +++++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 27d22ba06fa4..cb87535f6c3b 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -57,6 +57,7 @@ #include +#include #include #include #include @@ -245,7 +246,7 @@ static void huphandler(int sig); static int makemask(struct sockaddr_storage *ssp, int bitlen); static void mntsrv(struct svc_req *, SVCXPRT *); static void nextfield(char **, char **); -static void out_of_mem(void); +static void out_of_mem(void) __dead2; static void parsecred(char *, struct expcred *); static int parsesec(char *, struct exportlist *); static int put_exlist(struct dirlist *, XDR *, struct dirlist *, @@ -302,6 +303,11 @@ static int has_publicfh = 0; static int has_set_publicfh = 0; static struct pidfh *pfh = NULL; + +/* Temporary storage for credentials' groups. */ +static long tngroups_max; +static gid_t *tmp_groups = NULL; + /* Bits for opt_flags above */ #define OP_MAPROOT 0x01 #define OP_MAPALL 0x02 @@ -434,6 +440,18 @@ main(int argc, char **argv) warn("cannot open or create pidfile"); } + openlog("mountd", LOG_PID, LOG_DAEMON); + + /* How many groups do we support? */ + tngroups_max = sysconf(_SC_NGROUPS_MAX); + if (tngroups_max == -1) + tngroups_max = NGROUPS_MAX; + /* Add space for the effective GID. */ + ++tngroups_max; + tmp_groups = malloc(tngroups_max); + if (tmp_groups == NULL) + out_of_mem(); + s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP); if (s < 0) have_v6 = 0; @@ -539,7 +557,6 @@ main(int argc, char **argv) exnames = argv; else exnames = exnames_default; - openlog("mountd", LOG_PID, LOG_DAEMON); if (debug) warnx("getting export list"); get_exportlist(0); @@ -1571,9 +1588,9 @@ get_exportlist_one(int passno) int unvis_len; v4root_phase = 0; - anon.cr_groups = NULL; dirhead = (struct dirlist *)NULL; unvis_dir[0] = '\0'; + while (get_line()) { if (debug) warnx("got line %s", line); @@ -1586,9 +1603,9 @@ get_exportlist_one(int passno) * Set defaults. */ has_host = FALSE; - anon.cr_groups = anon.cr_smallgrps; anon.cr_uid = UID_NOBODY; anon.cr_ngroups = 1; + anon.cr_groups = tmp_groups; anon.cr_groups[0] = nogroup(); exflags = MNT_EXPORTED; got_nondir = 0; @@ -1918,10 +1935,6 @@ nextline: free_dir(dirhead); dirhead = (struct dirlist *)NULL; } - if (anon.cr_groups != anon.cr_smallgrps) { - free(anon.cr_groups); - anon.cr_groups = NULL; - } } } @@ -3187,11 +3200,11 @@ do_mount(struct exportlist *ep, struct grouplist *grp, uint64_t exflags, eap->ex_flags = exflags; eap->ex_uid = anoncrp->cr_uid; eap->ex_ngroups = anoncrp->cr_ngroups; - if (eap->ex_ngroups > 0) { - eap->ex_groups = malloc(eap->ex_ngroups * sizeof(gid_t)); - memcpy(eap->ex_groups, anoncrp->cr_groups, eap->ex_ngroups * - sizeof(gid_t)); - } + /* + * Use the memory pointed to by 'anoncrp', as it outlives 'eap' which is + * local to this function. + */ + eap->ex_groups = anoncrp->cr_groups; LOGDEBUG("do_mount exflags=0x%jx", (uintmax_t)exflags); eap->ex_indexfile = ep->ex_indexfile; if (grp->gr_type == GT_HOST) @@ -3381,7 +3394,6 @@ skip: if (cp) *cp = savedc; error_exit: - free(eap->ex_groups); /* free strings allocated by strdup() in getmntopts.c */ if (iov != NULL) { free(iov[0].iov_base); /* fstype */ @@ -3609,21 +3621,19 @@ get_line(void) * Parse a description of a credential. */ static void -parsecred(char *namelist, struct expcred *cr) +parsecred(char *names, struct expcred *cr) { char *name; - char *names; struct passwd *pw; - gid_t groups[NGROUPS_MAX + 1]; - int ngroups; unsigned long name_ul; char *end = NULL; + assert(cr->cr_groups == tmp_groups); + /* * Parse the user and if possible get its password table entry. * 'cr_uid' is filled when exiting this block. */ - names = namelist; name = strsep_quote(&names, ":"); name_ul = strtoul(name, &end, 10); if (*end != '\0' || end == name) @@ -3650,17 +3660,13 @@ parsecred(char *namelist, struct expcred *cr) "can't determine groups", name); goto nogroup; } - cr->cr_uid = pw->pw_uid; - ngroups = NGROUPS_MAX + 1; - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) { + + cr->cr_ngroups = tngroups_max; + if (getgrouplist(pw->pw_name, pw->pw_gid, + cr->cr_groups, &cr->cr_ngroups) != 0) { syslog(LOG_ERR, "too many groups"); - ngroups = NGROUPS_MAX + 1; + cr->cr_ngroups = tngroups_max; } - - if (ngroups > SMALLNGROUPS) - cr->cr_groups = malloc(ngroups * sizeof(gid_t)); - cr->cr_ngroups = ngroups; - memcpy(cr->cr_groups, groups, ngroups * sizeof(gid_t)); return; } @@ -3684,17 +3690,14 @@ parsecred(char *namelist, struct expcred *cr) } else { group = name_ul; } - if (cr->cr_ngroups == NGROUPS_MAX + 1) { + if (cr->cr_ngroups == tngroups_max) { syslog(LOG_ERR, "too many groups"); break; } - groups[cr->cr_ngroups++] = group; + cr->cr_groups[cr->cr_ngroups++] = group; } if (cr->cr_ngroups == 0) goto nogroup; - if (cr->cr_ngroups > SMALLNGROUPS) - cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t)); - memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t)); return; nogroup: @@ -4063,6 +4066,7 @@ huphandler(int sig __unused) static void terminate(int sig __unused) { + free(tmp_groups); pidfile_remove(pfh); rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); From nobody Mon Dec 16 14:45:30 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRH3KQWz5hW3d; Mon, 16 Dec 2024 14:45:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRG6Mj8z4csb; Mon, 16 Dec 2024 14:45:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FCjlWvefYcvlEWoo+so7MywdQx4mTFM8x7UHAPW2jAU=; b=wsoQnSPU7myZOw8GL4yq1PNAWMxYLWkX9vn0Izo+yrI1itrVLlKn2SHU3gfimrRcgih4d1 RTeTdL7Dnw6wR2lH588AvVhg+4ARbx6LldTIjQmg9t1n0XN4CMJ/lIGmRhxFPvGFEFdsya gAREoN3duhTS+eXnadjzdR6sxtoU2eefSfoiwMcB+Dik6qRbzsh0wdPsEVfxSLKoimz38O ouhj6HRLZv13XeFu8oSwi+PgoSK6PH/d5VC995keRalCjtKtXalB/jYbU+0IYor2v/Od5Q 0o6DCxtCjYZqR8WCMUJZiIHIUW/cV4QScEaBprHy5Hi4Nfk2e8plyHYroRKmnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FCjlWvefYcvlEWoo+so7MywdQx4mTFM8x7UHAPW2jAU=; b=vFqd/a9Lmeuuck5Nt4S/eZWaQukHoZyxxOA/Y8wfiZaZNfiJJIagDomV5kutRPo5EykVlO byz7MjjIH9TsLWhDJMDW/kksBGHyO6oMg306bgkYwZM+x4ke0c6lEnv855K+VjMxR5WZ0W HBp03Nq+/JecYhCIMGfKCdasrTcSryi4DVABC8MwDVXVkAOASnF7GrgTNWMCsylWcofVey UDf6JdGYqMNRX63tBYRzuo/kiLSw45zRLr3wFluYDYaC+N2Yr6sO6qDjpcDTpqpAD1SYAE s++IcPko4EWPJQJ2tgZQoHVQV7JsP7WlvvTIlEThq+9sagz9X/JF7IS18qS/iA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360330; a=rsa-sha256; cv=none; b=UWryUILcJ0qJ2cA4vm68olxO7+9BCwWdkWh1B+LkfrvCgvIv0WhnJEodkncXHdUSwqh7zn 0zc4oi2ejy/9ngtNGOKYGwwe7R44Ijf6g+AF9mZY1aikxlYNkHYE+6pjDC604F9A89OYDj B4jAu25PR9RKsHuw5r4o8qEgRsmiHcj3PpowcpDWOy04CVvYlcdarNx57kOUtTxgq4kYLD VhYLlLAzwvuThryw9Pj2Bapqfldu04edWJJ7WGjB78KmiZ8XWu/Ho1SqPvfY+aTCYSCmDm H+ABp6Bmbgs6E7esOEslrnb4vde7yDVYkVZpt31Frg1nel6yM8QXge2JncLZEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRG5rCWzxYK; Mon, 16 Dec 2024 14:45:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjUlR052169; Mon, 16 Dec 2024 14:45:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjUiV052166; Mon, 16 Dec 2024 14:45:30 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:30 GMT Message-Id: <202412161445.4BGEjUiV052166@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: a20d50245f28 - main - mountd(8): parsecred(): Re-order operations for clarity List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a20d50245f280be404cb8e3b5c9d570ded9594b9 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=a20d50245f280be404cb8e3b5c9d570ded9594b9 commit a20d50245f280be404cb8e3b5c9d570ded9594b9 Author: Olivier Certner AuthorDate: 2024-10-08 10:06:55 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:31 +0000 mountd(8): parsecred(): Re-order operations for clarity No functional change (intended). Reviewed by: rmacklem (older version) Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47015 --- usr.sbin/mountd/mountd.c | 53 ++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 653d7135ef79..27d22ba06fa4 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -3614,21 +3614,14 @@ parsecred(char *namelist, struct expcred *cr) char *name; char *names; struct passwd *pw; - struct group *gr; gid_t groups[NGROUPS_MAX + 1]; int ngroups; unsigned long name_ul; char *end = NULL; /* - * Set up the unprivileged user. - */ - cr->cr_groups = cr->cr_smallgrps; - cr->cr_uid = UID_NOBODY; - cr->cr_groups[0] = nogroup(); - cr->cr_ngroups = 1; - /* - * Get the user's password table entry. + * Parse the user and if possible get its password table entry. + * 'cr_uid' is filled when exiting this block. */ names = namelist; name = strsep_quote(&names, ":"); @@ -3637,13 +3630,25 @@ parsecred(char *namelist, struct expcred *cr) pw = getpwnam(name); else pw = getpwuid((uid_t)name_ul); + if (pw != NULL) { + cr->cr_uid = pw->pw_uid; + } else if (*end != '\0' || end == name) { + syslog(LOG_ERR, "unknown user: %s", name); + cr->cr_uid = UID_NOBODY; + goto nogroup; + } else { + cr->cr_uid = name_ul; + } + /* - * Credentials specified as those of a user. + * Credentials specified as those of a user (i.e., use its associated + * groups as specified in the password database). */ if (names == NULL) { if (pw == NULL) { - syslog(LOG_ERR, "unknown user: %s", name); - return; + syslog(LOG_ERR, "no passwd entry for user: %s, " + "can't determine groups", name); + goto nogroup; } cr->cr_uid = pw->pw_uid; ngroups = NGROUPS_MAX + 1; @@ -3658,20 +3663,14 @@ parsecred(char *namelist, struct expcred *cr) memcpy(cr->cr_groups, groups, ngroups * sizeof(gid_t)); return; } + /* - * Explicit credential specified as a colon separated list: + * Explicit credentials specified as a colon separated list: * uid:gid:gid:... */ - if (pw != NULL) { - cr->cr_uid = pw->pw_uid; - } else if (*end != '\0' || end == name) { - syslog(LOG_ERR, "unknown user: %s", name); - return; - } else { - cr->cr_uid = name_ul; - } cr->cr_ngroups = 0; while (names != NULL && *names != '\0') { + const struct group *gr; gid_t group; name = strsep_quote(&names, ":"); @@ -3691,14 +3690,16 @@ parsecred(char *namelist, struct expcred *cr) } groups[cr->cr_ngroups++] = group; } - if (cr->cr_ngroups == 0) { - /* cr->cr_groups[0] filled at start with nogroup(). */ - cr->cr_ngroups = 1; - return; - } + if (cr->cr_ngroups == 0) + goto nogroup; if (cr->cr_ngroups > SMALLNGROUPS) cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t)); memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t)); + return; + +nogroup: + cr->cr_ngroups = 1; + cr->cr_groups[0] = nogroup(); } #define STRSIZ (MNTNAMLEN+MNTPATHLEN+50) From nobody Mon Dec 16 14:45:34 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRL62Mzz5hWbg; Mon, 16 Dec 2024 14:45:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRL1TfVz4d0x; Mon, 16 Dec 2024 14:45:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aziH66Bu57+T7u3JrqsUGlGPPT0vVA1ly+CCeK50xQg=; b=Tvd8CEcnBImj5OQMFjlf7TtezUOMgAuROhoAku7srDxALO8MBaJ/k/8XiKvLv5dRS3E17/ lvb8E4axxASZSW53LlLLdpySH2TKE51R+XN7fkAKILkEZ+ilClILGNNuqonVpRmkuUsLW1 GSA7B0/vNxBIYwhw3ZgMopFMnAIGcDo0CksKXvPDxmFt95RxqG41QBrevoClwxmRGlAUpR IE3vQLGmCq+hsUhX4HPQH9imeQCmrLaF/KZYOR9Ox06ksOacSRULMiaL9dmSoIuG+KMotP R10bSE4V7Gz0cQl0yzKqPExO2RhpIWJbzBLw+XFjqSIqQAw4TuTt10huMFdYpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aziH66Bu57+T7u3JrqsUGlGPPT0vVA1ly+CCeK50xQg=; b=UH/kyczxvaFH41vguvHK9hjAwI0V/fK3AhucFbDZo/I1FD+Ykorx4ydRY+BF306IIWASFf sRs3X2eFotNv22StLRvM0o9B/YU96iOuRg/Y+PjkfslV3FW8ebDet/kPgZWU/HxzKqujnf 9YPWxkpJml9UUU3amc0ubaoRCYhRwc2js3rbijJy1El6coaZAUy1E0XPmXcMtZ3JFmu3iZ hXAzBWgFSXYSRvEHQFXF0hhutaP68GwJApB8QeFOf2iLdtWnHBl8axKht8zQSn636iHi37 wKgS/Z1a2LTxILHsqW4iUbKG64p+Y7TeeQ/TJuwZQ3YTRLXGx+UP3cyI9FI8Ng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360334; a=rsa-sha256; cv=none; b=ZPSewRGn0dXxnNqil2AP1uAPLGefkNlYMoV8TX5r0Y8/jyVA89IHAtguSdRYyBmfkGJNRu +LiCS3asQamDdy9Dxh2KsIfo9ULjXWDPqA5G4HuPN/tX5aKXIqklUPznjIAbkMqCzo5oWt vHta65u4+Fxk22UzGXgtJzJdITZMoq7BrXE10uYUrd7V06102KzkUdmy1sTnpFZu+5VP/W SefSAHXZ89e8gFhj8pLHyqxy2/AVcrczN0BGk1n6nebYtXQTyErQgmymGVng/fV1YsWhCB 6y21KHN7mcSNVMNBwk8aiOALOcJm0s1GzjPzkqB0SgsRW6bX8QK0K/j5nxlNbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRL15TFzxWr; Mon, 16 Dec 2024 14:45:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjYDg052323; Mon, 16 Dec 2024 14:45:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjYvf052320; Mon, 16 Dec 2024 14:45:34 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:34 GMT Message-Id: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d2be7ed63affd8af5fe6203002b7cc3cbe7f7891 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=d2be7ed63affd8af5fe6203002b7cc3cbe7f7891 commit d2be7ed63affd8af5fe6203002b7cc3cbe7f7891 Author: Olivier Certner AuthorDate: 2024-08-02 15:57:51 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:32 +0000 cred: proc_set_cred(), proc_unset_cred(): Update user's process count As a process really changes credentials at the moment proc_set_cred() or proc_unset_cred() is called, these functions are the proper locations to perform the update of the new and old real users' process count (using chgproccnt()). Before this change, change_ruid() instead would perform that update, although it operates only on a passed credential which is a priori not tied to the calling process (or not to any process at all). This was arguably a flaw of commit b1fc0ec1a7a49ded, r77183, based on its commit message, and in particular the portion "(...) In each case, the call now acts on a credential not a process (...)". Fixing this makes using change_ruid() more natural when building candidate credentials that in the end are not applied to a process, e.g., because of some intervening privilege check. Also, it removes a hack around this unwanted process count change in unionfs. We also introduce the new proc_set_cred_enforce_proc_lim() so that callers can respect the per-user process limit, and will use it for the upcoming setcred(). We plan to change all callers of proc_set_cred() to call this new function instead at some point. In the meantime, both proc_set_cred() and the new function will coexist. As detailed in some proc_set_cred_enforce_proc_lim()'s comment, checking against the process limit is currently flawed as the kernel doesn't really maintain the number of processes per UID (besides RLIMIT_NPROC, this in fact also applies to RLIMIT_KQUEUES, RLIMIT_NPTS, RLIMIT_SBSIZE and RLIMIT_SWAP). The applied limit is currently that of the old real UID. Root (or a process granted with PRIV_PROC_LIMIT) is not subject to this limit. Approved by: markj (mentor) Fixes: b1fc0ec1a7a49ded MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46923 --- sys/fs/unionfs/union_subr.c | 6 ---- sys/kern/kern_exit.c | 10 ++---- sys/kern/kern_fork.c | 2 +- sys/kern/kern_prot.c | 81 +++++++++++++++++++++++++++++++++++---------- sys/sys/ucred.h | 5 +-- 5 files changed, 71 insertions(+), 33 deletions(-) diff --git a/sys/fs/unionfs/union_subr.c b/sys/fs/unionfs/union_subr.c index b731c562f97d..edcc6716b674 100644 --- a/sys/fs/unionfs/union_subr.c +++ b/sys/fs/unionfs/union_subr.c @@ -920,11 +920,6 @@ unionfs_mkshadowdir(struct vnode *dvp, struct vnode *vp, /* Authority change to root */ rootinfo = uifind((uid_t)0); cred = crdup(cnp->cn_cred); - /* - * The calls to chgproccnt() are needed to compensate for change_ruid() - * calling chgproccnt(). - */ - chgproccnt(cred->cr_ruidinfo, 1, 0); change_euid(cred, rootinfo); change_ruid(cred, rootinfo); change_svuid(cred, (uid_t)0); @@ -1046,7 +1041,6 @@ unionfs_mkshadowdir_relock: unionfs_mkshadowdir_finish: unionfs_clear_in_progress_flag(vp, UNIONFS_COPY_IN_PROGRESS); cnp->cn_cred = credbk; - chgproccnt(cred->cr_ruidinfo, -1, 0); crfree(cred); return (error); diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index f6263cd46d06..a67d6b422964 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -999,11 +999,6 @@ proc_reap(struct thread *td, struct proc *p, int *status, int options) ruadd(&q->p_stats->p_cru, &q->p_crux, &p->p_ru, &p->p_rux); PROC_UNLOCK(q); - /* - * Decrement the count of procs running with this uid. - */ - (void)chgproccnt(p->p_ucred->cr_ruidinfo, -1, 0); - /* * Destroy resource accounting information associated with the process. */ @@ -1017,9 +1012,10 @@ proc_reap(struct thread *td, struct proc *p, int *status, int options) racct_proc_exit(p); /* - * Free credentials, arguments, and sigacts. + * Free credentials, arguments, and sigacts, and decrement the count of + * processes running with this uid. */ - proc_unset_cred(p); + proc_unset_cred(p, true); pargs_drop(p->p_args); p->p_args = NULL; sigacts_free(p->p_sigacts); diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index a66bc4be62a8..9deb21aca11d 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -1086,7 +1086,7 @@ fail0: #endif racct_proc_exit(newproc); fail1: - proc_unset_cred(newproc); + proc_unset_cred(newproc, false); fail2: if (vm2 != NULL) vmspace_free(vm2); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 17917d2c3360..c51210a2b29b 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -568,7 +568,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap) #endif { /* - * Set the real uid and transfer proc count to new user. + * Set the real uid. */ if (uid != oldcred->cr_ruid) { change_ruid(newcred, uip); @@ -594,6 +594,9 @@ sys_setuid(struct thread *td, struct setuid_args *uap) change_euid(newcred, uip); setsugid(p); } + /* + * This also transfers the proc count to the new user. + */ proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); @@ -2279,31 +2282,76 @@ cru2xt(struct thread *td, struct xucred *xcr) /* * Change process credentials. + * * Callers are responsible for providing the reference for passed credentials - * and for freeing old ones. + * and for freeing old ones. Calls chgproccnt() to correctly account the + * current process to the proper real UID, if the latter has changed. Returns + * whether the operation was successful. Failure can happen only on + * 'enforce_proc_lim' being true and if no new process can be accounted to the + * new real UID because of the current limit (see the inner comment for more + * details) and the caller does not have privilege (PRIV_PROC_LIMIT) to override + * that. */ -void -proc_set_cred(struct proc *p, struct ucred *newcred) +static bool +_proc_set_cred(struct proc *p, struct ucred *newcred, bool enforce_proc_lim) { - struct ucred *cr; + struct ucred *const oldcred = p->p_ucred; - cr = p->p_ucred; - MPASS(cr != NULL); + MPASS(oldcred != NULL); PROC_LOCK_ASSERT(p, MA_OWNED); KASSERT(newcred->cr_users == 0, ("%s: users %d not 0 on cred %p", __func__, newcred->cr_users, newcred)); - mtx_lock(&cr->cr_mtx); - KASSERT(cr->cr_users > 0, ("%s: users %d not > 0 on cred %p", - __func__, cr->cr_users, cr)); - cr->cr_users--; - mtx_unlock(&cr->cr_mtx); + KASSERT(newcred->cr_ref == 1, ("%s: ref %ld not 1 on cred %p", + __func__, newcred->cr_ref, newcred)); + + if (newcred->cr_ruidinfo != oldcred->cr_ruidinfo) { + /* + * XXXOC: This check is flawed but nonetheless the best we can + * currently do as we don't really track limits per UID contrary + * to what we pretend in setrlimit(2). Until this is reworked, + * we just check here that the number of processes for our new + * real UID doesn't exceed this process' process number limit + * (which is meant to be associated with the current real UID). + */ + const int proccnt_changed = chgproccnt(newcred->cr_ruidinfo, 1, + enforce_proc_lim ? lim_cur_proc(p, RLIMIT_NPROC) : 0); + + if (!proccnt_changed) { + if (priv_check_cred(oldcred, PRIV_PROC_LIMIT) != 0) + return (false); + (void)chgproccnt(newcred->cr_ruidinfo, 1, 0); + } + } + + mtx_lock(&oldcred->cr_mtx); + KASSERT(oldcred->cr_users > 0, ("%s: users %d not > 0 on cred %p", + __func__, oldcred->cr_users, oldcred)); + oldcred->cr_users--; + mtx_unlock(&oldcred->cr_mtx); p->p_ucred = newcred; newcred->cr_users = 1; PROC_UPDATE_COW(p); + if (newcred->cr_ruidinfo != oldcred->cr_ruidinfo) + (void)chgproccnt(oldcred->cr_ruidinfo, -1, 0); + return (true); +} + +void +proc_set_cred(struct proc *p, struct ucred *newcred) +{ + bool success = _proc_set_cred(p, newcred, false); + + MPASS(success); +} + +bool +proc_set_cred_enforce_proc_lim(struct proc *p, struct ucred *newcred) +{ + return (_proc_set_cred(p, newcred, true)); } void -proc_unset_cred(struct proc *p) +proc_unset_cred(struct proc *p, bool decrement_proc_count) { struct ucred *cr; @@ -2318,6 +2366,8 @@ proc_unset_cred(struct proc *p) KASSERT(cr->cr_ref > 0, ("%s: ref %ld not > 0 on cred %p", __func__, cr->cr_ref, cr)); mtx_unlock(&cr->cr_mtx); + if (decrement_proc_count) + (void)chgproccnt(cr->cr_ruidinfo, -1, 0); crfree(cr); } @@ -2602,8 +2652,7 @@ change_egid(struct ucred *newcred, gid_t egid) /*- * Change a process's real uid. * Side effects: newcred->cr_ruid will be updated, newcred->cr_ruidinfo - * will be updated, and the old and new cr_ruidinfo proc - * counts will be updated. + * will be updated. * References: newcred must be an exclusive credential reference for the * duration of the call. */ @@ -2611,12 +2660,10 @@ void change_ruid(struct ucred *newcred, struct uidinfo *ruip) { - (void)chgproccnt(newcred->cr_ruidinfo, -1, 0); newcred->cr_ruid = ruip->ui_uid; uihold(ruip); uifree(newcred->cr_ruidinfo); newcred->cr_ruidinfo = ruip; - (void)chgproccnt(newcred->cr_ruidinfo, 1, 0); } /*- diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 25dff911241b..ecc624dd76e6 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -156,8 +156,9 @@ void crcopy(struct ucred *dest, struct ucred *src); struct ucred *crcopysafe(struct proc *p, struct ucred *cr); struct ucred *crdup(struct ucred *cr); void crextend(struct ucred *cr, int n); -void proc_set_cred(struct proc *p, struct ucred *cr); -void proc_unset_cred(struct proc *p); +void proc_set_cred(struct proc *p, struct ucred *newcred); +bool proc_set_cred_enforce_proc_lim(struct proc *p, struct ucred *newcred); +void proc_unset_cred(struct proc *p, bool decrement_proc_count); void crfree(struct ucred *cr); struct ucred *crcowsync(void); struct ucred *crget(void); From nobody Mon Dec 16 14:45:32 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRK6L82z5hWQd; Mon, 16 Dec 2024 14:45:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRK0qDwz4d39; Mon, 16 Dec 2024 14:45:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xCcb1u6B1o4lT9114pOv5TcjwMxLVDkj7WFwdprStqE=; b=gZR0gsEkmb1Q2CqJ5yYSTefOJ6jtyoRqkbpuIemLmvHErHjGqKKvQv6n/YKf/xxiEu1oQO GBRzxOMaC+LcT7R7D/+LcsxrZ/eMeqW0pL/NPo6eQXxZLHfE6aAS3oH2w74PovWFTMi8Tv dYnKb2zpLhFU5VpXEukjEKGT7qES6J+wZNxSEfEV+rKLBjUP/0fda6MWrpjBhwsHlMXPHI +X+eHikETrS0O9wI8AbQnUc2tqgd3760hIoMCVhREOVdbqhsMnhZs+jfiL8U2Xt6sxEhaG aQfK5eDccnUtHDHcUIWVXPOpKwhEs9dRcJVAUmuok0sUqLjLI54bos5V1kIhzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xCcb1u6B1o4lT9114pOv5TcjwMxLVDkj7WFwdprStqE=; b=Og3ktgdzWB/Y8qriDvabnfupkRZHjRA0WOUjM2iMPxx9IrTh/UCpJ0/hWc7JWQ+jWsQEbv lBrGwYxSGaP7Ld8tpQGCe1ypOSYrE/WronSAdieCE0KGsRCxTR5aHxG50jB/KWoEiucBnY Xhj/npgrpXL3Y3GL34qxJtefsrMl8JP0W8U0REyRLXNLMwI3NWx93lQi94+ljXdBWZxEvx fmEiuB2Z7Y2VIQEtKd+22PTTbXrVjv0FtW+fzE+fcPs0R9jlRbQ1Chc4k81n6JbxgHdAdI XMEP1dBDOU8NAAAq6IMuRdKQ9WyLDn/tFyjkEG9BJQMdg+SLLyMKdtiXQ+jAiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360333; a=rsa-sha256; cv=none; b=fa0c+Njg3pw4TyzK+FHinE+6QbjH/AOd2jfuVrtTBDq9+jbBAwIVzAXlffNUW9QlGk+Zs2 Ulf8b99eVre1zFIym+5vMNs8yy2mmY97jYaZJ+lvilHP+RRooiwCyfuz2h9jrFW3eEoBvl 5s9hd8oxBTC9FPUinNpw9XVkMxXH4vyj24NydZfgo0biqoXW1VwPYgCcAMUKKIuP9L6ugB Gel27Jb6kY4mTFrBYIVtvFGJ5o1qNhV8b0LiIybmwlxYD9hetbo46aX4NiZbNidgPzJLhv Pkm37HSQZ5+iQgxrw09dwnCji+dEN+RxNotPO5rVo3l8mnU88dkN9HTKUycGSA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRK0NHSzy0B; Mon, 16 Dec 2024 14:45:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjWUi052273; Mon, 16 Dec 2024 14:45:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjWcX052270; Mon, 16 Dec 2024 14:45:32 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:32 GMT Message-Id: <202412161445.4BGEjWcX052270@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 07c9edac7bcd - main - cred: proc_set_cred(): Remove obsolete comments List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 07c9edac7bcd75095724ff3c91d0aeec792a4f26 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=07c9edac7bcd75095724ff3c91d0aeec792a4f26 commit 07c9edac7bcd75095724ff3c91d0aeec792a4f26 Author: Olivier Certner AuthorDate: 2024-08-01 10:19:52 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:31 +0000 cred: proc_set_cred(): Remove obsolete comments These have been obsoleted since they were first written (in commit "cred: add proc_set_cred helper", daf63fd2f9a8d040, r280130) by some subsequent commits ("proc: refactor clearing credentials into proc_unset_cred", 5a90435ccfed8e1e, r361448; "cred: distribute reference count per thread", 1724c563e62fa800, r361993). No functional change. Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46922 --- sys/kern/kern_prot.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 0b15937d13f3..17917d2c3360 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2281,11 +2281,6 @@ cru2xt(struct thread *td, struct xucred *xcr) * Change process credentials. * Callers are responsible for providing the reference for passed credentials * and for freeing old ones. - * - * Process has to be locked except when it does not have credentials (as it - * should not be visible just yet) or when newcred is NULL (as this can be - * only used when the process is about to be freed, at which point it should - * not be visible anymore). */ void proc_set_cred(struct proc *p, struct ucred *newcred) From nobody Mon Dec 16 14:45:36 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRN69dZz5hWQj; Mon, 16 Dec 2024 14:45:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRN3JDnz4dC3; Mon, 16 Dec 2024 14:45:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KOYl4Fx8efWrAZYSU8GoKURY1AZd/SHuE8OyAGyp4Ak=; b=VatFipCTpv1zLIK2GQmSA64drthJukErlOOJV7naqc0uWelpBzCQu6mHJ//Uh4R+CZNoX8 6tvZkoW2/qOSgrFHRVdOMewYqIqqU1QuLDW+2nlmnzzwAjxFLaKXMe10JaIbFYDzmcWX1n HL3dXBnrGvxIOdTJRqdPYBo97EG89rPs2IJn0sb66kA/MWpBZXs2MFx1IIfpj/NlRpdYBT T14LTG10HvJUCs2qCNjPikPenYp9dIUSpSYdBw4O1J+0Nhj+DYieu1+7HOgt2YK85Km4Hp 12TLToM3hUzLciZ2kegrH2cnNv5wM11Fv/9gG8it+ZnW+4krPbv2cNMr951YgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KOYl4Fx8efWrAZYSU8GoKURY1AZd/SHuE8OyAGyp4Ak=; b=M4f34jekQGKdNcimrDu1L237Uj4/89hWpG0vd85MoMusKiNA6vWM/rcYCoW7aqHVTT/9nt 8pngIFwV6FI8eVNYTvHiugHUv+woMXPdDTHWJqUTdEjnEBRn6dguOrZR++fH29SaAqP+gG V/a5Mr4ffxC01u8JwC1DyUr5XfYNUQqmp94rSkmpyEeGOf//bwdVWda1iCm0QFyz0oztiN J/9XHIi7FG+ei9xxZ0xMU2wS9DA+yVrC5syl3t4Uey73ywBaJqWLnslnEvkdMBsXUUHM2d E1UFOgioRXFRPHc5S9BvZUhvl7FII8Plyw59hqr39UHySQ0Mjax80zZm0T7Fvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360336; a=rsa-sha256; cv=none; b=ebTcmibATUVzpYdx333hYA0urrX49zt2PzVSwSsa7kYS+hoMjDgPkF2IwedSbqwF6G6RrS mZtLuCfeqUVgxyssDcXXNudlxusE5Q2oNnFxeq4ArDfz0qyQPGI4diWB5IkQEJE3Nqme2s 2Szk7k5gjsdmtPsvD6yoLnf5Bv9bmrVmwbzI8IaHtlRs5KHXhw/ijbqvs87axpgsOytqUr G575ClgYL4vnLzK7Mr7ShyXeXkKKXpEXX1jW9AW0c0dBEW9CUP32pwKn91o0wfPm1aj/JV AtH7dsxF/hL5L9+z6CBHAAj4qcfs6UNz51M+E90wJdlxB3w8CedKYO3DmdEIqg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRN2wsXzxBC; Mon, 16 Dec 2024 14:45:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjaGD052443; Mon, 16 Dec 2024 14:45:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjawQ052440; Mon, 16 Dec 2024 14:45:36 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:36 GMT Message-Id: <202412161445.4BGEjawQ052440@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f0600c41e754 - main - MAC/do: Sort header inclusions List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f0600c41e754f32b388af804fb542b0f0ea89dee Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f0600c41e754f32b388af804fb542b0f0ea89dee commit f0600c41e754f32b388af804fb542b0f0ea89dee Author: Olivier Certner AuthorDate: 2024-11-25 14:46:41 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:32 +0000 MAC/do: Sort header inclusions In accordance with style(9). Reviewed by: bapt, emaste Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47771 --- sys/security/mac_do/mac_do.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 1aad37f549bc..e72ffed2ff04 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -5,10 +5,11 @@ */ #include -#include +#include #include #include #include +#include #include #include #include @@ -17,7 +18,6 @@ #include #include #include -#include #include #include From nobody Mon Dec 16 14:45:35 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRM4Dkvz5hWWG; Mon, 16 Dec 2024 14:45:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRM2NSqz4d3Z; Mon, 16 Dec 2024 14:45:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360335; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vyBLJkxYVj5rN1irKFl8rWUxQ0Nb8eTRfV+TgOUhhoA=; b=eFKZiL6S5QcAqPRusrJrGy/4+x6JnIBpyP0l5H+lUemEdzE4WT8GpvHA4/n7XFe9duSLre VG/eo1tIuL7qCilxUs9oxiEWYLIT12FunhjUqj1y06Z5ULunZIrWr6tzBh4TGZYsk1Qw6v amdUlfTjjw9S/W0NgdIzuZuPWzCHl58ddS6Bk1zLku+NH/fLeo83dQdJ+7OoWxcUekWiJs p+3PPGRCTPrh4CAtg0n1TfdlbmHlgmU22nDX6LBLR26i4baxfkqnCNX3O595NjYuZEPK5f ovTpUSVmRoOVIhl+gm+R4rMQ7Z/KOQC9BkFQPH/mIy9frgViWVJwKbTHm7EqBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360335; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vyBLJkxYVj5rN1irKFl8rWUxQ0Nb8eTRfV+TgOUhhoA=; b=uNjA2Bzy71cgUy/UYie8wB5FK5kMeexQc5PoTBoBQwwZBui68PeygqhQtsYLeWbNlhUTTU xm28fgNXl6ANiBDwQ6FpOCR2I6m04JC0/p6gpg2ZuHJmSlRBv3CJXv65oixJrPeQUtHu+F HaznaCo1Uthf76oE0JvThJHObz4nHunj3qkH8nqGv2sURiRpLc/kqC3D58fM+V8vJ4qJvO wCBQDQY4RMsb6dncuh/JXiSM9OE41a/hpS0Gi/rym8C0GVu/eRZge2tn9ZYV7LSY85CdIv V6E3NqwVRoXUdojOS0/cnu6uAOPgqsCHWYxx54SD5TMaC0emZEBACjCQd+YBJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360335; a=rsa-sha256; cv=none; b=C/u2cQzMsAJA/TVbICu7+n/aHkh+Bi3l/YJsMDXxYoihuFG16NkbAiGlb/tfSd4kIVtOyM veUCytp0ZJtsm1ax7hy1lyODLwpJk7LNwZvpE3pc4lSoQzs/0gGmRqUxUDoPAd/nx0pITi /H9mbP9fvp+L6RN69SSgkyyy3VKvCJ2tSruP/pFPBzFGvEcyk33uI/FQrnDh/p2G0D7ZJP By6obnHa3/C3NTA2V/LCIxaYCdZps1ezGKBEDWi4fQyIk/6PSXqsa0ANp/We8sci1rMsTc BZ4ZgKH8eWpfT6PV7s6JcFaXaO2Sguy5DwxTj/swCCtYCzZoKMLJatnDOXnt+Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRM1s33zxnK; Mon, 16 Dec 2024 14:45:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjZjL052377; Mon, 16 Dec 2024 14:45:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjZbI052374; Mon, 16 Dec 2024 14:45:35 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:35 GMT Message-Id: <202412161445.4BGEjZbI052374@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 8cdb0458e12e - main - syscallsubr.h: Header inclusions: Explicit , sort List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8cdb0458e12e6fac577cfb2277e7e85d3c21fa09 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8cdb0458e12e6fac577cfb2277e7e85d3c21fa09 commit 8cdb0458e12e6fac577cfb2277e7e85d3c21fa09 Author: Olivier Certner AuthorDate: 2024-12-02 15:06:29 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:32 +0000 syscallsubr.h: Header inclusions: Explicit , sort is currently brought in by other headers but some of its type definition are directly used in this header, so it should appear explicitly. It is necessary as lots of prototypes in there use types it defines ( wouldn't be enough). Sort header inclusions as per style(9). No functional change (intended). Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47881 --- sys/sys/syscallsubr.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sys/sys/syscallsubr.h b/sys/sys/syscallsubr.h index a7f3d2307df1..29b0a455970b 100644 --- a/sys/sys/syscallsubr.h +++ b/sys/sys/syscallsubr.h @@ -28,13 +28,14 @@ #ifndef _SYS_SYSCALLSUBR_H_ #define _SYS_SYSCALLSUBR_H_ -#include -#include -#include -#include +#include #include #include #include +#include +#include +#include +#include struct __wrusage; struct cpuset_copy_cb; From nobody Mon Dec 16 14:45:38 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRR04nCz5hWWK; Mon, 16 Dec 2024 14:45:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRQ4yxWz4cyR; Mon, 16 Dec 2024 14:45:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gG/rj6BFeeMeDZKrCRMKrg/GBXtv1TQ3peJoFIH+Sok=; b=OiTH3nuoeBRCzVQEMUl+VC8KZKfNze/B6ka7n+bkIo7ninj+DxUzqIBCkt/jITweJjQRXq ZXBD8e/mjt52JrAI7IJAk84DQMkpMm9jJPC3QUGdB1NJ73zL2Yj56bD2ubShbUFubQDffB lBflIeh6pJxueZHD0vqmm2XulCp3I20zUiSgoF4Ntku88lKNNX9wwzzEFU8MGuT5e7n49j Dg7vB7YitcYjPtK0pxggo7VKtxVJJLYcY9Fob2e9qrfyCw28T6hdoHOiIBsnD/ff4Gx1xT 5FJN4rNdN2gDDa09exuYwxhABP2g42hytosDWABXjN6ksFopdxdcsfymzP6lGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gG/rj6BFeeMeDZKrCRMKrg/GBXtv1TQ3peJoFIH+Sok=; b=fJXWFISMykoPg2Xbh4OmIO5U+/O8pghfdaHzjHYcsmPhHl+Jb1lsssBNdtCHQGpHq0+gfl 40DSe/MmVakAO1t4YLV36wbcn0Foo+qQIzhAPbKCTmA2urDyUoBr4eHRNkbcb408IIjf+H MiE7vKjLZiy3MBycvxNZ1s3Fbho705xEaLF0oai4jY+9FGqvRMhe6jRV1de6/TG9kW6gMW tSRVyw/ww8yk4u2srfXyI7ElfTpl1c8PAhLLk+IrLoJXuqaeINCvf4n6i0dJquIjVA6CFS Q0Su9wM5nGU+Gp45bNorn8G1IcS5+RAZ2oY/aAr/Va5VJSGrKSiEFkvbC1zC2Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360338; a=rsa-sha256; cv=none; b=B5nff95wK1//hSX7v3ju8cBbNMtgW2rHU6+8xixkk44mEjK04VwhNudvpAfikqeffr/eoz x8bYO5iKEw8Fy+DCbMvf3V9n+FcXAm9FspU+M8mY9eQrFSy026ZvHSKsv4V5GEXzOXANt8 qkksysAPVysmn00i7eUL9ZrHPk5bllEoeO01GAP9SIRI88Nu9lq1m/UnKfIHb7cxbFcLDN jmKRhxfj5zlJUKmoPGA2FNjQM5PNtuxrx6h1UQy13XBjx2Rpy6gIqWSJNlKZS4nXdGF88Z 6izo739ek9SPjOkNB4a8k5e7T+Gl8v6qLGJRgpiUyadPQA25E26HYQQ0HrzJ0A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRQ4YpZzy0D; Mon, 16 Dec 2024 14:45:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjcXj052542; Mon, 16 Dec 2024 14:45:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjcIR052539; Mon, 16 Dec 2024 14:45:38 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:38 GMT Message-Id: <202412161445.4BGEjcIR052539@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: ccae2774897c - main - MAC/do: Rename rule_is_valid() => rule_applies() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ccae2774897c1f8bb11f696d5895fb686db98176 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=ccae2774897c1f8bb11f696d5895fb686db98176 commit ccae2774897c1f8bb11f696d5895fb686db98176 Author: Olivier Certner AuthorDate: 2024-07-01 13:24:47 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:33 +0000 MAC/do: Rename rule_is_valid() => rule_applies() This function checks whether a rule applies in the current context, i.e., if the subject's users/groups match that of the rule. By contrast, it doesn't check if the rule as specified by the user is valid (i.e., consistent). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47592 --- sys/security/mac_do/mac_do.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 2ddc13d62b4f..4cc2a7971545 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -406,7 +406,7 @@ init(struct mac_policy_conf *mpc) } static bool -rule_is_valid(struct ucred *cred, struct rule *r) +rule_applies(struct ucred *cred, struct rule *r) { if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid) return (true); @@ -427,7 +427,7 @@ priv_grant(struct ucred *cred, int priv) rule = mac_do_rule_find(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { - if (rule_is_valid(cred, r)) { + if (rule_applies(cred, r)) { switch (priv) { case PRIV_CRED_SETGROUPS: case PRIV_CRED_SETUID: @@ -466,7 +466,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) rule = mac_do_rule_find(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { - if (rule_is_valid(cred, r)) { + if (rule_applies(cred, r)) { mtx_unlock(&pr->pr_mtx); return (0); } From nobody Mon Dec 16 14:45:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRP697jz5hWNm; Mon, 16 Dec 2024 14:45:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRP46hZz4d6k; Mon, 16 Dec 2024 14:45:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JamKJEjjUP6/+bJCXoH12LLtx6Qjy+p4FZZsphsn5a8=; b=jUG+jUpwuhWjVN+Eg7wyXR3TnT6ihOpg8jvl9iP4NvIjshdxOCUtR3qoYLFAgqJwghqrFE wuRb+gtrPokAZ5yN0P2tPSvBRH9Etj4GyJ9zA6qXw18q241zuS5ZbgJQoEVrhzdZet936f mCLtR1LZ4gkrH8gKi64KNaTOQ83Md1Cg4FwWySMMo/haMzccU+Ol2ZAtK4aiJrwhXBWYnT 9ylsrHgrJ6d7vS7Bw48q80xNsdqx/SJCY+55IYvSxCefs7PeUiSnVlQi68jFwM2MaYHIR2 AJ2PZyWoBw2zivO4hqmriIQ4VJXEAmpT7foR6CW/k+kqCNtcdwce92hZNmFg4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JamKJEjjUP6/+bJCXoH12LLtx6Qjy+p4FZZsphsn5a8=; b=kiooPjhepe5z3SSCGmglPYp0dixdC8h4Vmk0NckVDtXXPOQoKqkWJf40Ip2gtkKzbzg5fO aaijXxanOm/tUzHHBxg0MY1JZ5T0binC38oSl8gasz2uPAF9FiZzODdyT6Q+3/XvEMAMeq v/SDukG2i4WMjOuAcjU/j8rsyWisCNcw9H0MriF00Kx2u0qTa0PL1o2iBRh6y9MmydJHIC YfTmzEdLEHplndx6AuVPD5qa1s+FI2dCWBIR9bD7KBh2zjUTnpnbdo4VBmkZqxkHDZfGWY KbSW7rEyw5ifdbDK2oPb4PFNN2/n9+WB9ALID+4h3Dmcl+279xpRhUmYRXWPiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360337; a=rsa-sha256; cv=none; b=HFY71KnbNG0WuWzOVSsfIs6CS+bIIs97kkSyhKVvzIbGfPSqDHau7WaOi6ZitJTmLpm1ee M6BVmREZez96ja1aobgy6dB7xGd/QqzwstHUk6xUSzQSeXgYD/Qy/bQmlw+YVAk4Xz4+UR TjgInJQaTRUVclXletmrQ6L7YhRDpzZdmmG3BIvklWesCkCqLq1VaEioFaVFG5EIc3X4wF 0fFoPyoSIKt9wQltDlFZ4/ERUWxRgmlsBg1C3zBI9y44VwMfSyZ7xe2Rb3cLfmQXruBT/3 6sNyj+32TlOSpvR14g0d1u24kN64wIzSgUj45/SGOTUppxaNzrC8BHOPvri57Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRP3jY1zy0C; Mon, 16 Dec 2024 14:45:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjbHZ052494; Mon, 16 Dec 2024 14:45:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjbs5052491; Mon, 16 Dec 2024 14:45:37 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:37 GMT Message-Id: <202412161445.4BGEjbs5052491@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2200a3ec711b - main - MAC/do: parse_rules(): Copy input string on its own List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2200a3ec711baa98c20a4b65868957dc40912f0f Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2200a3ec711baa98c20a4b65868957dc40912f0f commit 2200a3ec711baa98c20a4b65868957dc40912f0f Author: Olivier Certner AuthorDate: 2024-06-28 15:14:30 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:32 +0000 MAC/do: parse_rules(): Copy input string on its own Since all callers have to do it, save them that burden and do it in parse_rules() instead. While here, replace "strlen(x) == 0" with the simpler and more efficient "x[0] == '\0'". Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47591 --- sys/security/mac_do/mac_do.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index e72ffed2ff04..2ddc13d62b4f 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -130,23 +130,26 @@ out: } static int -parse_rules(char *string, struct rulehead *head) +parse_rules(const char *const string, struct rulehead *const head) { struct rule *new; + char *const copy = strdup(string, M_DO); + char *p = copy; char *element; int error = 0; - while ((element = strsep(&string, ",")) != NULL) { - if (strlen(element) == 0) + while ((element = strsep(&p, ",")) != NULL) { + if (element[0] == '\0') continue; error = parse_rule_element(element, &new); - if (error) + if (error != 0) { + toast_rules(head); goto out; + } TAILQ_INSERT_TAIL(head, new, r_entries); } out: - if (error != 0) - toast_rules(head); + free(copy, M_DO); return (error); } @@ -175,7 +178,7 @@ mac_do_rule_find(struct prison *spr, struct prison **prp) static int sysctl_rules(SYSCTL_HANDLER_ARGS) { - char *copy_string, *new_string; + char *new_string; struct rulehead head, saved_head; struct prison *pr; struct mac_do_rule *rules; @@ -196,10 +199,8 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) if (error) goto out; - copy_string = strdup(new_string, M_DO); TAILQ_INIT(&head); - error = parse_rules(copy_string, &head); - free(copy_string, M_DO); + error = parse_rules(new_string, &head); if (error) goto out; TAILQ_INIT(&saved_head); @@ -272,7 +273,7 @@ mac_do_prison_set(void *obj, void *data) struct vfsoptlist *opts = data; struct rulehead head, saved_head; struct mac_do_rule *rules; - char *rules_string, *copy_string; + char *rules_string; int error, jsys, len; error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys)); @@ -293,10 +294,8 @@ mac_do_prison_set(void *obj, void *data) mac_do_alloc_prison(pr, &rules); if (rules_string == NULL) break; - copy_string = strdup(rules_string, M_DO); TAILQ_INIT(&head); - error = parse_rules(copy_string, &head); - free(copy_string, M_DO); + error = parse_rules(rules_string, &head); if (error) return (1); TAILQ_INIT(&saved_head); From nobody Mon Dec 16 14:45:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRS47m9z5hWQq; Mon, 16 Dec 2024 14:45:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRR5z8Cz4d9b; Mon, 16 Dec 2024 14:45:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N93wm6J3mOnuwSzH6bfueUsuQi7IA+Es8CqrmawNY1U=; b=yrgbCb34ysxHPUCXZY8JOej3+6nJr4mCzAG6Pw2fW9gvsDronn7N8mDENdHEAJCkWtCc/R POdQy3pp5zsHwdvMwVhDL06fOMhz/aU89v+BrIpDaVM1iChJn9UyU52T4zTl0f0Did3VQD r9jn9hal5yLWEsbajAIWJceHO1+/QUiMLOhKsCyVho0Zj8/CK4M+13Ld2Pm6fVHHM2kost ImfVCsNpnpJVU6SOcBCbfiQ0+rpB29B2YSYMBFJQh/qCA8dQkrB5u3HBy82KoF6/oFFh7S KfdipVD32tnXWREQwLOC5jnQwJ/fASpU8XLcv6/k1CSr0ndVeM2b1HlCCwrBlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N93wm6J3mOnuwSzH6bfueUsuQi7IA+Es8CqrmawNY1U=; b=IqMPn4cuPXJH8JBPDb3LfU83pnHNfPl6jTHJMA+z3KEM5ymXnIULx7QbloKApcYSmNryKq 2JF2yfZazuPkrrunx7D7A94gOG6SkolY0cg8VaSasY6lkE9iVP/yTXXG9xzWkmHposp9zp InoRomUUdDtCD1VlbKwwQE6vAvhYzl1nbztTWxMJ5f65t31T6ghjBJ2bzfz5I+OXMtyCYA YIa8aZqr8GnDx8UQ3H1fR5SbArZm98DM3kTvXuXHzOfTqTd3LgUBr1trSd2UcatEVMmC6H zhcGNvZmd2InylTZ6KSP0lTwJ0L9FiWk+vEZ4mugurYHYxPzi4O52WWIhNFY+w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360339; a=rsa-sha256; cv=none; b=sChxeTWz5BJPuO/upW6MwbJWvoTUTYzsn2dMMbEA7Nas+bllagqcdDo+G/8OsItDgsQ+EI zcpbJfZ1GOWfskRYz2MWt8x1wCZRNWa8hHu42HqdJDm63c0WGj70sYjmcbdAAJ7z7AAn7U Se9mMNUV0ExC32nfkmWGZXOaR8PKwNGxOeDnS6tobDGOaR2HaRkQ2bA3K55oliga9kOgPv w9v7QKiOtP6eIEgwOLCdYOySAZ40xM5egVPyvExArxiVbAgETzw+rGatXPmVNLJPzAE3n2 SvV4I7gxC1EQa16/xtHqdygpr67JOWCgxMezPzTmEAhtFKOURNjgWU3XVAnI2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRR5ZKWzxWs; Mon, 16 Dec 2024 14:45:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjdWK052590; Mon, 16 Dec 2024 14:45:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjdNj052587; Mon, 16 Dec 2024 14:45:39 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:39 GMT Message-Id: <202412161445.4BGEjdNj052587@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 02ed945ccec4 - main - MAC/do: Rename private struct 'mac_do_rule' => 'rules' List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 02ed945ccec43340208d3a9c152fb98f55dbed69 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=02ed945ccec43340208d3a9c152fb98f55dbed69 commit 02ed945ccec43340208d3a9c152fb98f55dbed69 Author: Olivier Certner AuthorDate: 2024-07-01 14:28:20 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:33 +0000 MAC/do: Rename private struct 'mac_do_rule' => 'rules' To simplify and be consistent with 'struct rule'. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47593 --- sys/security/mac_do/mac_do.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 4cc2a7971545..5ac77974379c 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -53,12 +53,12 @@ struct rule { TAILQ_ENTRY(rule) r_entries; }; -struct mac_do_rule { +struct rules { char string[MAC_RULE_STRING_LEN]; TAILQ_HEAD(rulehead, rule) head; }; -static struct mac_do_rule rules0; +static struct rules rules0; static void toast_rules(struct rulehead *head) @@ -153,11 +153,11 @@ out: return (error); } -static struct mac_do_rule * +static struct rules * mac_do_rule_find(struct prison *spr, struct prison **prp) { struct prison *pr; - struct mac_do_rule *rules; + struct rules *rules; for (pr = spr;; pr = pr->pr_parent) { mtx_lock(&pr->pr_mtx); @@ -181,7 +181,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) char *new_string; struct rulehead head, saved_head; struct prison *pr; - struct mac_do_rule *rules; + struct rules *rules; int error; rules = mac_do_rule_find(req->td->td_ucred->cr_prison, &pr); @@ -229,10 +229,10 @@ destroy(struct mac_policy_conf *mpc) } static void -mac_do_alloc_prison(struct prison *pr, struct mac_do_rule **lrp) +mac_do_alloc_prison(struct prison *pr, struct rules **lrp) { struct prison *ppr; - struct mac_do_rule *rules, *new_rules; + struct rules *rules, *new_rules; void **rsv; rules = mac_do_rule_find(pr, &ppr); @@ -261,7 +261,7 @@ done: static void mac_do_dealloc_prison(void *data) { - struct mac_do_rule *r = data; + struct rules *r = data; toast_rules(&r->head); } @@ -272,7 +272,7 @@ mac_do_prison_set(void *obj, void *data) struct prison *pr = obj; struct vfsoptlist *opts = data; struct rulehead head, saved_head; - struct mac_do_rule *rules; + struct rules *rules; char *rules_string; int error, jsys, len; @@ -319,7 +319,7 @@ mac_do_prison_get(void *obj, void *data) { struct prison *ppr, *pr = obj; struct vfsoptlist *opts = data; - struct mac_do_rule *rules; + struct rules *rules; int jsys, error; rules = mac_do_rule_find(pr, &ppr); @@ -348,7 +348,7 @@ static int mac_do_prison_remove(void *obj, void *data __unused) { struct prison *pr = obj; - struct mac_do_rule *r; + struct rules *r; mtx_lock(&pr->pr_mtx); r = osd_jail_get(pr, mac_do_osd_jail_slot); @@ -420,7 +420,7 @@ priv_grant(struct ucred *cred, int priv) { struct rule *r; struct prison *pr; - struct mac_do_rule *rule; + struct rules *rule; if (do_enabled == 0) return (EPERM); @@ -449,7 +449,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) char *fullpath = NULL; char *freebuf = NULL; struct prison *pr; - struct mac_do_rule *rule; + struct rules *rule; if (do_enabled == 0) return (0); @@ -484,7 +484,7 @@ check_setuid(struct ucred *cred, uid_t uid) char *fullpath = NULL; char *freebuf = NULL; struct prison *pr; - struct mac_do_rule *rule; + struct rules *rule; if (do_enabled == 0) return (0); From nobody Mon Dec 16 14:45:40 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRT2mxbz5hWSr; Mon, 16 Dec 2024 14:45:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRS73gCz4d7X; Mon, 16 Dec 2024 14:45:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360341; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lLK5aAVi3dlQmhI0b5G7Zl1vb8ckI0UGcPB54Dr0GSU=; b=fzSAsa1gGvg5oyjWb025Qr+8rr3xyKAmnoG2lcwbog3kFWhTdgVsQs7V58tHYV3SvMLahT sJmquZUDUH+FILHTWX80jqeb8q5lGHAb0om445/iWO1HREBm5z/SIb5Re8O8vBCv2juhED ic7tpmvsU4cXmUgwEZZgtuNPVTfz4wEZHW9Exs/AqAnAsAsVaUUfanOKpoyyNruSi+pZlp uCDilfmDxvQfxYLe6fDImVnVE0+qX0ix+kc2rGYP6AtuzIDp0AaWgKgnCSea3DdWYnLymV M+9uRI7wXCbMjy5/5HtX3ZLNHpESVZbsOzaim2bh0Wy52H9BjNLB+iWk5o3DYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360341; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lLK5aAVi3dlQmhI0b5G7Zl1vb8ckI0UGcPB54Dr0GSU=; b=eZQGkL0jLHYVAHavHS02RhCOMBrFoJYQFjRJv41fp6SS/titqcuiQQrDHxLnp/gEACrZVT G0wsSBI3zlKom+yA9yzyeqsYhrmS/NEKzk/ilF7VtgafMV1iM3bcNjlTcC8aThKiC1n74u ezfsoV9DCz7JlE9Vfer8/S3NaT9I91K5OmzXtJiDwH7Oet/5zab8fDIp0yF4Cah3Pn7sy8 e7IhLCRewZhODLYTaJUigNgWPJdUOACteGn+0LCkYAxsZt1MzL32XKBkbCFYKFC79SMqtk xoIt/Qa4ea5xLHQ5zLiiIwwvVnwJ/2OcGm+Yf0AiNL5sKNi2QNaV6ALdA4ucrA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360341; a=rsa-sha256; cv=none; b=Q+DCAgn/haC/VZK//F19U/jVvPPiv9fAkrEncGe3HzSAaIPWhskMDxA8+dU8AGOPD/qhkD /JyYNgzizDDKu5RPenOL4usqMqX0e8bBcUF4TRseISInXdDt8+Ku7ktSpXK53cKI+mtlP2 wVwMQVt4covzFWmsjcDogKxsRMhNaiJXo2Kss1rSTQ4VwjGUUlgw+eHfRp7C8F6cjZ/tXQ W03GAbphklhqWD0oVPUI8JDlk+7T4g5N7WQFG0v6yovq4v8SYBXXLimTgah20j3IyJ/Qpj sxc65eU46HA2FRbZobJFeRNdtcYonLvB4uCwzjhIcp1512jyFL6g60l07oHP7g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRS6YY0zxkZ; Mon, 16 Dec 2024 14:45:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjelN052635; Mon, 16 Dec 2024 14:45:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjeoJ052632; Mon, 16 Dec 2024 14:45:40 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:40 GMT Message-Id: <202412161445.4BGEjeoJ052632@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 8ce577060498 - main - MAC/do: Rename internal mac_do_rule_find() => find_rules() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8ce5770604981a19884604ad532f9528e087c69a Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8ce5770604981a19884604ad532f9528e087c69a commit 8ce5770604981a19884604ad532f9528e087c69a Author: Olivier Certner AuthorDate: 2024-07-01 14:35:12 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:33 +0000 MAC/do: Rename internal mac_do_rule_find() => find_rules() To simplify, be consistent with the rename 'struct mac_do_rule' => 'struct rules' and other functions, and because this function is internal (and thus is never the first mac_do(4)'s function to appear in a stack trace). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47594 --- sys/security/mac_do/mac_do.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 5ac77974379c..1037a4811ada 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -154,7 +154,7 @@ out: } static struct rules * -mac_do_rule_find(struct prison *spr, struct prison **prp) +find_rules(struct prison *spr, struct prison **prp) { struct prison *pr; struct rules *rules; @@ -184,7 +184,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) struct rules *rules; int error; - rules = mac_do_rule_find(req->td->td_ucred->cr_prison, &pr); + rules = find_rules(req->td->td_ucred->cr_prison, &pr); mtx_unlock(&pr->pr_mtx); if (req->newptr == NULL) return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req)); @@ -235,14 +235,14 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp) struct rules *rules, *new_rules; void **rsv; - rules = mac_do_rule_find(pr, &ppr); + rules = find_rules(pr, &ppr); if (ppr == pr) goto done; mtx_unlock(&ppr->pr_mtx); new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO); rsv = osd_reserve(mac_do_osd_jail_slot); - rules = mac_do_rule_find(pr, &ppr); + rules = find_rules(pr, &ppr); if (ppr == pr) { free(new_rules, M_PRISON); osd_free_reserved(rsv); @@ -322,7 +322,7 @@ mac_do_prison_get(void *obj, void *data) struct rules *rules; int jsys, error; - rules = mac_do_rule_find(pr, &ppr); + rules = find_rules(pr, &ppr); error = vfs_setopt(opts, "mdo", &jsys, sizeof(jsys)); if (error != 0 && error != ENOENT) goto done; @@ -425,7 +425,7 @@ priv_grant(struct ucred *cred, int priv) if (do_enabled == 0) return (EPERM); - rule = mac_do_rule_find(cred->cr_prison, &pr); + rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { if (rule_applies(cred, r)) { switch (priv) { @@ -464,7 +464,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) } free(freebuf, M_TEMP); - rule = mac_do_rule_find(cred->cr_prison, &pr); + rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { if (rule_applies(cred, r)) { mtx_unlock(&pr->pr_mtx); @@ -500,7 +500,7 @@ check_setuid(struct ucred *cred, uid_t uid) free(freebuf, M_TEMP); error = EPERM; - rule = mac_do_rule_find(cred->cr_prison, &pr); + rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { if (r->from_type == RULE_UID) { if (cred->cr_uid != r->f_uid) From nobody Mon Dec 16 14:45:41 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRV3xCSz5hWWV; Mon, 16 Dec 2024 14:45:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRV0qpjz4dG5; Mon, 16 Dec 2024 14:45:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SZr4Y/UAYOgO5ltGNK4hw26KSL7xheDHDH7Tt45E2X4=; b=PvUXk6IJyELeQhLSLSX4rqdJNjo6N8vaZIuglTy1kQ/CUVQs5VqxdT2DMeG7RyuJHyLvaj TIuIg8HvnifwvR2GjgT0umMH858ffWIHJRCeAUMBwfNcb3Y9zZR39iG8uU0geb4DZAd3w7 i4IIrU2CDd2yHretE76gj3QlYMOFWaX73Lw/KVNSLn/rApWts0rBxqQ7jqh+pimxG99evs eBNMdkpq084ACuj3VUWb4m6noVpqtWclb9Bsa+zJ+loTW7R3GWfBLOIdRsPzVmh1+1NFao UmamuGyqB6Iu1fm48odKsEvfxAqO7/E++E39SNSt+2Fgf20qSe6ZiUTlO5oj2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SZr4Y/UAYOgO5ltGNK4hw26KSL7xheDHDH7Tt45E2X4=; b=MPGTX+P83S59v7tvGFAjwEGmEttOKN/xttqokrttnkytphVXLJxw5/FRHiVFYeODHTmSKw fMbBvemu5a3ffMn1tTTjXE4GvpHUnIqF3pNf6UqcK7JPfgj4AzCVYeQ91surweaFPIoNTM pRPRGqhxKS1cNJPJXrhqdYCDk1mC+5i+ETfQq8rKaTc+86BtHgBxNr9ROIcOD1TUafY1Gv lZ4JgCwGKy1wDqvAFEh5V5yKf1dVCcvYkVLj5LoV8lyWaIlGx4YyO3KeAQy89W6vlmWT+W KP7KJZqG8VGwmqgPaqi4j29eNrOx8vItpJ6wfwZBvkeuIUfcLiv4Foiv8CXSsA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360342; a=rsa-sha256; cv=none; b=d1awaOBQKeMCLePaNqXL8kBXasjvpFJpWbA9K+YLM3dFIan3dWgnI52MHBW0A9W5ftITZr qfjzSG7P2Tj5NSFUZmvaRLDfdajoqYOnSFadPxNC+n9tqHM/bXEcG68DYy+s7ap8+8CRIu Oz88xi2dus0nEgLs10SvZWvJHNAZMQJ/FxR3r8x2h/Hv79ZitAuQmZg1h5STz8YJFkSatI Vy7CBXWfE3xnrBoqZzA9DY7G/DtSbWWSJHZHjFvfK5BbPihF6RY0or/E8QRGqDrErdzfaH j/8Mx4oYyW2ybuzRgHb+/yCDLNrEqCyhUbKeMwmE/sREeRoyaiUtHaUlAHZmdA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRV0QZ1zxkb; Mon, 16 Dec 2024 14:45:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjfSe052677; Mon, 16 Dec 2024 14:45:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjfmo052674; Mon, 16 Dec 2024 14:45:41 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:41 GMT Message-Id: <202412161445.4BGEjfmo052674@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 83fcbbff6b01 - main - MAC/do: Use prison_lock()/prison_unlock() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 83fcbbff6b01ebbd1d8538cb5396d87d0a816db6 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=83fcbbff6b01ebbd1d8538cb5396d87d0a816db6 commit 83fcbbff6b01ebbd1d8538cb5396d87d0a816db6 Author: Olivier Certner AuthorDate: 2024-07-01 14:50:40 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:33 +0000 MAC/do: Use prison_lock()/prison_unlock() Instead of fiddling directly with 'pr_mtx'. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47595 --- sys/security/mac_do/mac_do.c | 46 ++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 1037a4811ada..ce4ab7fa9e3a 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -160,7 +160,7 @@ find_rules(struct prison *spr, struct prison **prp) struct rules *rules; for (pr = spr;; pr = pr->pr_parent) { - mtx_lock(&pr->pr_mtx); + prison_lock(pr); if (pr == &prison0) { rules = &rules0; break; @@ -168,7 +168,7 @@ find_rules(struct prison *spr, struct prison **prp) rules = osd_jail_get(pr, mac_do_osd_jail_slot); if (rules != NULL) break; - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); } *prp = pr; @@ -185,15 +185,15 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) int error; rules = find_rules(req->td->td_ucred->cr_prison, &pr); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); if (req->newptr == NULL) return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req)); new_string = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK|M_ZERO); - mtx_lock(&pr->pr_mtx); + prison_lock(pr); strlcpy(new_string, rules->string, MAC_RULE_STRING_LEN); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); error = sysctl_handle_string(oidp, new_string, MAC_RULE_STRING_LEN, req); if (error) @@ -204,11 +204,11 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) if (error) goto out; TAILQ_INIT(&saved_head); - mtx_lock(&pr->pr_mtx); + prison_lock(pr); TAILQ_CONCAT(&saved_head, &rules->head, r_entries); TAILQ_CONCAT(&rules->head, &head, r_entries); strlcpy(rules->string, new_string, MAC_RULE_STRING_LEN); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); toast_rules(&saved_head); out: @@ -239,7 +239,7 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp) if (ppr == pr) goto done; - mtx_unlock(&ppr->pr_mtx); + prison_unlock(ppr); new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO); rsv = osd_reserve(mac_do_osd_jail_slot); rules = find_rules(pr, &ppr); @@ -248,14 +248,14 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp) osd_free_reserved(rsv); goto done; } - mtx_lock(&pr->pr_mtx); + prison_lock(pr); osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules); TAILQ_INIT(&new_rules->head); done: if (lrp != NULL) *lrp = rules; - mtx_unlock(&pr->pr_mtx); - mtx_unlock(&ppr->pr_mtx); + prison_unlock(pr); + prison_unlock(ppr); } static void @@ -286,9 +286,9 @@ mac_do_prison_set(void *obj, void *data) jsys = JAIL_SYS_NEW; switch (jsys) { case JAIL_SYS_INHERIT: - mtx_lock(&pr->pr_mtx); + prison_lock(pr); osd_jail_del(pr, mac_do_osd_jail_slot); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); break; case JAIL_SYS_NEW: mac_do_alloc_prison(pr, &rules); @@ -299,11 +299,11 @@ mac_do_prison_set(void *obj, void *data) if (error) return (1); TAILQ_INIT(&saved_head); - mtx_lock(&pr->pr_mtx); + prison_lock(pr); TAILQ_CONCAT(&saved_head, &rules->head, r_entries); TAILQ_CONCAT(&rules->head, &head, r_entries); strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); toast_rules(&saved_head); break; } @@ -329,7 +329,7 @@ mac_do_prison_get(void *obj, void *data) error = vfs_setopts(opts, "mdo.rules", rules->string); if (error != 0 && error != ENOENT) goto done; - mtx_unlock(&ppr->pr_mtx); + prison_unlock(ppr); error = 0; done: return (0); @@ -350,9 +350,9 @@ mac_do_prison_remove(void *obj, void *data __unused) struct prison *pr = obj; struct rules *r; - mtx_lock(&pr->pr_mtx); + prison_lock(pr); r = osd_jail_get(pr, mac_do_osd_jail_slot); - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); toast_rules(&r->head); return (0); } @@ -431,14 +431,14 @@ priv_grant(struct ucred *cred, int priv) switch (priv) { case PRIV_CRED_SETGROUPS: case PRIV_CRED_SETUID: - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); return (0); default: break; } } } - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); return (EPERM); } @@ -467,11 +467,11 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { if (rule_applies(cred, r)) { - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); return (0); } } - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); return (EPERM); } @@ -527,7 +527,7 @@ check_setuid(struct ucred *cred, uid_t uid) } } } - mtx_unlock(&pr->pr_mtx); + prison_unlock(pr); return (error); } From nobody Mon Dec 16 14:45:43 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRW4Px3z5hWc4; Mon, 16 Dec 2024 14:45:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRW1nF7z4dR8; Mon, 16 Dec 2024 14:45:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KporskfEq90bAnh+PgbsywbaHQxKE1JrSGQjUM+unzs=; b=hKxR1Aqi8qfxjod26TEcgvkddbOWEg5z3s909NyVCegSSgLIxlJnaktavX5gm5QgpELu/a Z3wcs3THUVh8TzWt004a8dstuwZFC0EDWNrQpVjCxeUzO3AFbB9RMzdZIG1gSHcyEk8nxN RrIVr4dfJ+i15hSFq042nrFHRZdtDfKqxIHGWoPFmPXCFNEChPSk007OtF7bYoEmsNw3lN gPMLpNK5V+k0uTKc+0xps7UL5Qi+6xjTUs+V8mCn7tUQo+6pB1mQH4eM5Y9fu77/+nPpy3 L/63aUWZONv2RTzIG4Xe07PutKLir0nNkMYA3NiY0ktYBakf68JYuY8msEtSUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KporskfEq90bAnh+PgbsywbaHQxKE1JrSGQjUM+unzs=; b=GUKCZ9RkLH5jK343hqhBY3mraCN5u3e31uTXtK3CPm/1Ijkj5lG+OGygmY2TVMwqUTZ3mX WHpAUKT28MUKcVzBHRiM9UC8kyNJpG5tPHbQkPDTqpk2Mdly3T7WhgSEBZmCrtuKfMIY0l q62mcpVeCRuBsmaG9dIOTlOcxKQ6Uc+Yqs3ZE5zSOrG1E3/AXbKZEYswFN7xubKTGy2TBu HTM71BQr6XlHbP1FI2LOdsr/tEC9mIT6cjXF3i4IBsL4X8wbVEwbCINkkfbCtshF/ZXsEa k1XJE4Qqi8ErmBv/eqYjc0xyTC4fAAbdPk2Q0txl7OR5NvLNqINE8LMELIHA1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360343; a=rsa-sha256; cv=none; b=ANl80B6mQ69qM+rMFULIUupNwNfE7yL058PipGI4/Es/65QRordjlXSluTMfBZ4qhwXOxW J3PSCNeHTumlClWTunlwi20uAxchmest/Urb0Ak3qtd4nMZH/Dox2ESEjQY6yyBv04xYws PE/LHaI2Kju/6vYzkanXOv3Gwh6ISF4bDncL3NMYApMSzwyF/M7malXsfjB07zycjE5BT+ pGy4sqy9AqVGvH98TYLYj1xLWIWPOPf3dj/vzfHI8uaVrhMX1xEQF/SnrUW9JDo7HrlUny YTivIygV0kDKXzaLi4qJQmw/VccEuJDx3h+VYHQIP2QAv2Qfq2xV8qgCj3GfJg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRW1P8Rzxkc; Mon, 16 Dec 2024 14:45:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjhiY052719; Mon, 16 Dec 2024 14:45:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjhiU052716; Mon, 16 Dec 2024 14:45:43 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:43 GMT Message-Id: <202412161445.4BGEjhiU052716@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: b2c661fe7e0b - main - MAC/do: find_rules(): Clarify the contract List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b2c661fe7e0b0dff859767a6a8714198b38dc235 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=b2c661fe7e0b0dff859767a6a8714198b38dc235 commit b2c661fe7e0b0dff859767a6a8714198b38dc235 Author: Olivier Certner AuthorDate: 2024-07-03 13:11:12 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:33 +0000 MAC/do: find_rules(): Clarify the contract While here, rename an internal variable. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47596 --- sys/security/mac_do/mac_do.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index ce4ab7fa9e3a..dca5a1809966 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -153,24 +153,32 @@ out: return (error); } +/* + * Find rules applicable to the passed prison. + * + * Returns the applicable rules (and never NULL). 'pr' must be unlocked. + * 'aprp' is set to the (ancestor) prison holding these, and it must be unlocked + * once the caller is done accessing the rules. '*aprp' is equal to 'pr' if and + * only if the current jail has its own set of rules. + */ static struct rules * -find_rules(struct prison *spr, struct prison **prp) +find_rules(struct prison *const pr, struct prison **const aprp) { - struct prison *pr; + struct prison *cpr; struct rules *rules; - for (pr = spr;; pr = pr->pr_parent) { - prison_lock(pr); - if (pr == &prison0) { + for (cpr = pr;; cpr = cpr->pr_parent) { + prison_lock(cpr); + if (cpr == &prison0) { rules = &rules0; break; } - rules = osd_jail_get(pr, mac_do_osd_jail_slot); + rules = osd_jail_get(cpr, mac_do_osd_jail_slot); if (rules != NULL) break; - prison_unlock(pr); + prison_unlock(cpr); } - *prp = pr; + *aprp = cpr; return (rules); } From nobody Mon Dec 16 14:45:44 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRX5sjLz5hWYl; Mon, 16 Dec 2024 14:45:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRX2rJCz4dWt; Mon, 16 Dec 2024 14:45:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=irbL7jzIiWi3n8Dhr77LcLhS2fvEAPA8gBqcSRePQt4=; b=q6mkDMIxY14qJtbcPo97108MK0iBqhVHkFoXV1d+Jcpbpm76BCzMtfMQtu7ZuEwAadoRKc ZHH/segpc3+8jbDkBmQNmC7140cnXRxqAou2dcqV93Y/YCCvgyG3auVSaC4tM4gs1CPi79 4kd3YTDQ3+XVzg+eGSvgyM89OJs7emhCQGmO1/b05cYg/sLrGvYEDoc79NY05MptVRRD+5 7WBMV0CcHyPpYC1bX7jcC3n+aEHUVSp7IbdgfwnBHcCjvLMOLuNcvjKSig4YX4Xn1Bol0U ZCT69VBGbvLD+sV/tx6lMy/6vX/eQidmG1qQfoDJWMZGJHP/VUhIChepynDUQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=irbL7jzIiWi3n8Dhr77LcLhS2fvEAPA8gBqcSRePQt4=; b=b+/8MhFEZRlZcq6KXk6CAFNCpFJI2pp7acahsUJ2ot4eoIySFebIFpNiKjUtDrfC8PPgNi o5+SHSIKEn01wXLQGfFyk4seeHEhHMoBRPEreKajxGVJYYivoHWgWBy87gLV6UA+RMwBPR gDlssf8Uc3CJ6W0PDTME9hAfL4Zia95BvqTId3nk4x9MyNtoyoxvxfRO/ogvN46ENet/VS dKIz0eF6ssA8YAZZYi0IPBhdmRzY0Odp2SFFX11XZrStnBTnaZk9WcxMC5U4QmZcx0FgJJ YrZdZTbg93RpkStliBeVVjSzHw4TniFMbPl95hmKP2KatxDFW6JXeLK51XQw5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360344; a=rsa-sha256; cv=none; b=Ta7zaumcps0JbQaxj13UAZpMtxBs+xCBfv90jiC4zHpao9b86n2jXy14oiiPEPnLCFEOE3 rJwj2TRcvpH3kFJHUNOQxfFfSEEnWOFBKiIv+EHF79E6kojZTP9tRG6yvTLdw3mn6T2LuI 22On+oS+wdEN3vNx0VbLgl7fiN9iEieHHJFaLhGGSsJf65nfuLbpytktfme90y8b5mvR1n RaoH9scwy1Lq3g9TVPPx9ZtJOwg/r6E4tLLcoF/i/kJQ64rXSt6Nx8D8uNkV+Z+X9maxch 9bINJdatl+e4XzjfYvEZKB3Hcjsr7tXODM3eQzwt8uSYGWAvzqcWbs78uGok9Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRX2Qvyzy0F; Mon, 16 Dec 2024 14:45:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjiTe052764; Mon, 16 Dec 2024 14:45:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjim5052761; Mon, 16 Dec 2024 14:45:44 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:44 GMT Message-Id: <202412161445.4BGEjim5052761@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: bbf8af664dc9 - main - MAC/do: Factor out setting/destroying rule structures List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bbf8af664dc94804c219cd918788c0c127a5c310 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=bbf8af664dc94804c219cd918788c0c127a5c310 commit bbf8af664dc94804c219cd918788c0c127a5c310 Author: Olivier Certner AuthorDate: 2024-07-02 17:07:25 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:34 +0000 MAC/do: Factor out setting/destroying rule structures This generally removes duplicate code and clarifies higher-level operations, allowing to fix several important bugs. New (internal) functions: - ensure_rules(): Ensure that a jail has a populated 'mac_do_osd_jail_slot', and returns the corresponding 'struct rules'. - dealloc_rules(): Destroy the 'mac_do_osd_jail_slot' slot of a jail. - set_rules(): Assign already parsed rules to a jail. Leverages ensure_rules(). - parse_and_set_rules(): Combination of parse_rules() and set_rules(). Bugs fixed in mac_do_prison_set(): - A panic if "mdo" is explicitly passed to JAIL_SYS_NEW but "mdo.rules" is absent, in which case 'rules_string' wasn't set (setting 'rules' at this point would do nothing). - In the JAIL_SYS_NEW case, would release the prison lock and reacquire it, but still using the same 'rules' pointer that can have been freed and changed concurrently, as the prison lock is temporary unlocked. (This is generally a bug of the mac_do_alloc_prison()'s interface when 'lrp' is not NULL.) Suppress mac_do_alloc_prison(), as it has the following bugs: - The interface bug mentioned just above. - Wrong locking, leading to deadlocks in case of setting jail parameters multiple times (concurrently or not). It has been replaced by either parse_and_set_rules(), or by ensure_rules() directly coupled with prison_unlock(). Rename mac_do_dealloc_prison(), the OSD destructor, to dealloc_osd(), and make it free the 'struct rules' itself (which was leaking). While here, in parse_rules(): Clarify the contract by adding comments, and check (again) for the rules specification's length. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47597 --- sys/security/mac_do/mac_do.c | 235 ++++++++++++++++++++++++++++--------------- 1 file changed, 156 insertions(+), 79 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index dca5a1809966..61c305547d39 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -69,6 +69,7 @@ toast_rules(struct rulehead *head) TAILQ_REMOVE(head, r, r_entries); free(r, M_DO); } + TAILQ_INIT(head); } static int @@ -129,15 +130,38 @@ out: return (error); } +/* + * Parse rules specification and produce rule structures out of it. + * + * 'head' must be an empty list head. Returns 0 on success, with 'head' filled + * with structures representing the rules. On error, 'head' is left empty and + * the returned value is non-zero. If 'string' has length greater or equal to + * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned. If it is not in the expected + * format (comma-separated list of clauses of the form "=:", + * where is "uid" or "gid", an UID or GID (depending on ) and + * is "*", "any" or some UID), EINVAL is returned. + */ static int parse_rules(const char *const string, struct rulehead *const head) { - struct rule *new; - char *const copy = strdup(string, M_DO); - char *p = copy; + const size_t len = strlen(string); + char *copy; + char *p; char *element; + struct rule *new; int error = 0; + QMD_TAILQ_CHECK_TAIL(head, r_entries); + MPASS(TAILQ_EMPTY(head)); + + if (len >= MAC_RULE_STRING_LEN) + return (ENAMETOOLONG); + + copy = malloc(len + 1, M_DO, M_WAITOK); + bcopy(string, copy, len + 1); + MPASS(copy[len] == '\0'); /* Catch some races. */ + + p = copy; while ((element = strsep(&p, ",")) != NULL) { if (element[0] == '\0') continue; @@ -183,11 +207,125 @@ find_rules(struct prison *const pr, struct prison **const aprp) return (rules); } +/* + * Ensure the passed prison has its own 'struct rules'. + * + * On entry, the prison must be unlocked, but will be returned locked. Returns + * the newly allocated and initialized 'struct rules', or the existing one. + */ +static struct rules * +ensure_rules(struct prison *const pr) +{ + struct rules *rules, *new_rules; + void **rsv; + + if (pr == &prison0) { + prison_lock(pr); + return (&rules0); + } + + /* Optimistically try to avoid memory allocations. */ +restart: + prison_lock(pr); + rules = osd_jail_get(pr, mac_do_osd_jail_slot); + if (rules != NULL) + return (rules); + prison_unlock(pr); + + new_rules = malloc(sizeof(*new_rules), M_DO, M_WAITOK|M_ZERO); + TAILQ_INIT(&new_rules->head); + rsv = osd_reserve(mac_do_osd_jail_slot); + prison_lock(pr); + rules = osd_jail_get(pr, mac_do_osd_jail_slot); + if (rules != NULL) { + /* + * We could cleanup while holding the prison lock (given the + * current implementation of osd_free_reserved()), but be safe + * and a good citizen by not keeping it more than strictly + * necessary. The only consequence is that we have to relookup + * the rules. + */ + prison_unlock(pr); + osd_free_reserved(rsv); + free(new_rules, M_DO); + goto restart; + } + osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules); + return (new_rules); +} + +/* + * OSD destructor for slot 'mac_do_osd_jail_slot'. + * + * Called with 'value' not NULL. + */ +static void +dealloc_osd(void *const value) +{ + struct rules *const rules = value; + + toast_rules(&rules->head); + free(rules, M_DO); +} + +/* + * Deallocate the rules associated to a prison. + * + * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail. + */ +static void +dealloc_rules(struct prison *const pr) +{ + prison_lock(pr); + /* This calls destructor dealloc_osd(). */ + osd_jail_del(pr, mac_do_osd_jail_slot); + prison_unlock(pr); +} + +/* + * Assign already parsed rules to a jail. + */ +static void +set_rules(struct prison *const pr, const char *const rules_string, + struct rulehead *const head) +{ + struct rules *rules; + struct rulehead old_head; + + MPASS(rules_string != NULL); + MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN); + + TAILQ_INIT(&old_head); + rules = ensure_rules(pr); + strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN); + TAILQ_CONCAT(&old_head, &rules->head, r_entries); + TAILQ_CONCAT(&rules->head, head, r_entries); + prison_unlock(pr); + toast_rules(&old_head); +} + +/* + * Parse a rules specification and assign them to a jail. + * + * Returns the same error code as parse_rules() (which see). + */ +static int +parse_and_set_rules(struct prison *const pr, const char *rules_string) +{ + struct rulehead head; + int error; + + error = parse_rules(rules_string, &head); + if (error != 0) + return (error); + set_rules(pr, rules_string, &head); + return (0); +} + static int sysctl_rules(SYSCTL_HANDLER_ARGS) { char *new_string; - struct rulehead head, saved_head; struct prison *pr; struct rules *rules; int error; @@ -207,17 +345,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) if (error) goto out; - TAILQ_INIT(&head); - error = parse_rules(new_string, &head); - if (error) - goto out; - TAILQ_INIT(&saved_head); - prison_lock(pr); - TAILQ_CONCAT(&saved_head, &rules->head, r_entries); - TAILQ_CONCAT(&rules->head, &head, r_entries); - strlcpy(rules->string, new_string, MAC_RULE_STRING_LEN); - prison_unlock(pr); - toast_rules(&saved_head); + error = parse_and_set_rules(pr, new_string); out: free(new_string, M_DO); @@ -236,51 +364,11 @@ destroy(struct mac_policy_conf *mpc) toast_rules(&rules0.head); } -static void -mac_do_alloc_prison(struct prison *pr, struct rules **lrp) -{ - struct prison *ppr; - struct rules *rules, *new_rules; - void **rsv; - - rules = find_rules(pr, &ppr); - if (ppr == pr) - goto done; - - prison_unlock(ppr); - new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO); - rsv = osd_reserve(mac_do_osd_jail_slot); - rules = find_rules(pr, &ppr); - if (ppr == pr) { - free(new_rules, M_PRISON); - osd_free_reserved(rsv); - goto done; - } - prison_lock(pr); - osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules); - TAILQ_INIT(&new_rules->head); -done: - if (lrp != NULL) - *lrp = rules; - prison_unlock(pr); - prison_unlock(ppr); -} - -static void -mac_do_dealloc_prison(void *data) -{ - struct rules *r = data; - - toast_rules(&r->head); -} - static int mac_do_prison_set(void *obj, void *data) { struct prison *pr = obj; struct vfsoptlist *opts = data; - struct rulehead head, saved_head; - struct rules *rules; char *rules_string; int error, jsys, len; @@ -289,33 +377,19 @@ mac_do_prison_set(void *obj, void *data) jsys = -1; error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len); if (error == ENOENT) - rules = NULL; + rules_string = ""; else jsys = JAIL_SYS_NEW; switch (jsys) { case JAIL_SYS_INHERIT: - prison_lock(pr); - osd_jail_del(pr, mac_do_osd_jail_slot); - prison_unlock(pr); + dealloc_rules(pr); + error = 0; break; case JAIL_SYS_NEW: - mac_do_alloc_prison(pr, &rules); - if (rules_string == NULL) - break; - TAILQ_INIT(&head); - error = parse_rules(rules_string, &head); - if (error) - return (1); - TAILQ_INIT(&saved_head); - prison_lock(pr); - TAILQ_CONCAT(&saved_head, &rules->head, r_entries); - TAILQ_CONCAT(&rules->head, &head, r_entries); - strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN); - prison_unlock(pr); - toast_rules(&saved_head); + error = parse_and_set_rules(pr, rules_string); break; } - return (0); + return (error); } SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters"); @@ -346,9 +420,10 @@ done: static int mac_do_prison_create(void *obj, void *data __unused) { - struct prison *pr = obj; + struct prison *const pr = obj; - mac_do_alloc_prison(pr, NULL); + (void)ensure_rules(pr); + prison_unlock(pr); return (0); } @@ -405,11 +480,13 @@ init(struct mac_policy_conf *mpc) }; struct prison *pr; - mac_do_osd_jail_slot = osd_jail_register(mac_do_dealloc_prison, methods); + mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods); TAILQ_INIT(&rules0.head); sx_slock(&allprison_lock); - TAILQ_FOREACH(pr, &allprison, pr_list) - mac_do_alloc_prison(pr, NULL); + TAILQ_FOREACH(pr, &allprison, pr_list) { + (void)ensure_rules(pr); + prison_unlock(pr); + } sx_sunlock(&allprison_lock); } From nobody Mon Dec 16 14:45:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRZ6tmcz5hWP2; Mon, 16 Dec 2024 14:45:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRZ50Wbz4dGr; Mon, 16 Dec 2024 14:45:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nsXfM0QvCely/vx2TP+84lHCLr5H7t1nRqPUgBEwH98=; b=fCXqyEB7qQ3Ve+7FeM+jLkaGmlFZiJERDQKRzx9Fr3xNE32ULttuIipvQtf+8cXFSzLJaD hLE4EOVfgkjEs++4HJOJZCic7KBCWCOcE8qmsjgBFhdzf63HsFsXymiqp6kOHuCKmNxJYq RMkoRdFZkn63ij3EVHyoI11UHjIy6TvLpSb6ps+fHPnhy/mqPv9OQmaJCAe7TeZR1vREVo 3m7SwLvcJyzv9It64NcZwGaCub1NEVWXnHDtG2mDBN6+NhkGXfM/Lfs72eeq4/j1hGlcLM 3c6mzYmf20pZ/kTTsvAvcxCdBZmE9vEC3K00Xfrsl7ZybavoBMOiUcKy3nDbgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nsXfM0QvCely/vx2TP+84lHCLr5H7t1nRqPUgBEwH98=; b=tiY9iXuQQyMba1rcTj2GP7yYg+qZMYPboxO/d4ucryPzLY8O2Yx/vcUfwZufx0DxON6tc6 fVI5GvfxHLeerjxCwIxH8MMURaeQcLc1u4aq8VeM4eBbaPIak+3f0ai/KguX/n9xyekbds vT9hxT2XKbZB1YaUL2RO2gbW9/tXv7uXDbnC3/NLW/IiZtf+LZVnRzzjRUvOWXPYlJUd9f QzwwxLd99Ky9Yj8Rh+zJLcfyQLOZfdvb1f2dTpoGXjijZ5HJfVxMfhnxx/jUiiYfR/EbH0 6nygSMCUu8N1JfG8T7VVcDxcMkzXhU6P+dOgyZb0oZMJDq/AXLdg0lUm24k1Og== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360346; a=rsa-sha256; cv=none; b=CX7Nq9GZCb4RApQeAGGSA7FXGerzW1BhfJ5hY+17IzVNKoCpr4b46DDs0KcZV4gctxiL4Y 30T3t6WkWxcz1vZOlhLKol/aiX9aK+z/VBYrRBLQtbW3KKilUPXmy1pSv5b1Rr+pfemmvH 7S8v59MBOSMd+Z03p6VForPmH5OCZPcaH6AVzimEsjhsNbKcqRdAxYzk4gRdNgPbbbIV9c hLyKqtufitUxs17km8ArnlRdjDGrpQyEgcEO3d+bhQfUYSX2+1wQEQVZmkafsup8PD5UNr 83XUmCVGqqo59Qk3u510Aboivnxq1NEs+MACmglpHjjqN+UmVUIA2dyK7TFPbw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRZ4ZZ6zxWt; Mon, 16 Dec 2024 14:45:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjk9a052849; Mon, 16 Dec 2024 14:45:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjkBF052846; Mon, 16 Dec 2024 14:45:46 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:46 GMT Message-Id: <202412161445.4BGEjkBF052846@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 301eeb10dc19 - main - MAC/do: Remove PR_METHOD_REMOVE method List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 301eeb10dc197986b2b6261b064cbfe96333f7fb Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=301eeb10dc197986b2b6261b064cbfe96333f7fb commit 301eeb10dc197986b2b6261b064cbfe96333f7fb Author: Olivier Certner AuthorDate: 2024-07-03 12:22:35 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:34 +0000 MAC/do: Remove PR_METHOD_REMOVE method It isn't really needed, since common jail code destroys jail OSD storage at jail destruction (via osd_jail_exit()), triggering our destructor dealloc_osd(). Leveraging this mechanism is arguably even better as it causes deallocation to always happen without the 'allprison_lock' lock. While here, make the static definition of 'methods' top-level, renaming it to 'osd_methods'. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47599 --- sys/security/mac_do/mac_do.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 3f7964220ca4..ed4c984ff559 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -410,15 +410,6 @@ mac_do_prison_create(void *obj, void *data __unused) return (0); } -static int -mac_do_prison_remove(void *obj, void *data __unused) -{ - struct prison *pr = obj; - - remove_rules(pr); - return (0); -} - static int mac_do_prison_check(void *obj, void *data) { @@ -447,19 +438,26 @@ mac_do_prison_check(void *obj, void *data) return (error); } +/* + * OSD jail methods. + * + * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail + * code (see prison_cleanup()), which triggers a run of our dealloc_osd() + * destructor. + */ +static const osd_method_t osd_methods[PR_MAXMETHOD] = { + [PR_METHOD_CREATE] = mac_do_prison_create, + [PR_METHOD_GET] = mac_do_prison_get, + [PR_METHOD_SET] = mac_do_prison_set, + [PR_METHOD_CHECK] = mac_do_prison_check, +}; + static void init(struct mac_policy_conf *mpc) { - static osd_method_t methods[PR_MAXMETHOD] = { - [PR_METHOD_CREATE] = mac_do_prison_create, - [PR_METHOD_GET] = mac_do_prison_get, - [PR_METHOD_SET] = mac_do_prison_set, - [PR_METHOD_CHECK] = mac_do_prison_check, - [PR_METHOD_REMOVE] = mac_do_prison_remove, - }; struct prison *pr; - mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods); + mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods); rules0 = alloc_rules(); sx_slock(&allprison_lock); TAILQ_FOREACH(pr, &allprison, pr_list) From nobody Mon Dec 16 14:45:45 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRY4XKvz5hWR1; Mon, 16 Dec 2024 14:45:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRY3xKFz4dTt; Mon, 16 Dec 2024 14:45:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AaZG3bfFkifHbzxdOXzsggI1Zvz+8TiynjBOzqt8Y7A=; b=QQLwsb3HBYnMwS0/fBbxBpjmWrOAH5gwyFzHGsJvzE95I34oad1GGZIt+X/PsRaC7t6Yan WuHk6v6mCTDHUg2dOkvrbTtPoCWPwKxoy6+73xkoGkv9iiwPE4WZPBfJSjPmTKWSBSr4nD cey/5tFNSlHetlG5sgrQMAwzPp7OGDDqFF/nwr4uuER/OahKs0CVQa1Y71tYMo6Woer+q6 wt2iBmNcARZ/Dv51Jt+5hrD/kwMHtm2ySVdFszGHT5lnlShCGn+exH/9B4u3QhEcPkClkF so4gDlwU18jOy/l0TK0HGvYuNF4/rSpUuEYiurAILUuj/eWISvShy9s6ZKSnTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AaZG3bfFkifHbzxdOXzsggI1Zvz+8TiynjBOzqt8Y7A=; b=hVklTDB0OxdJrH2paBXRgX6u0ZuJKQd0zfPWOMRicjNEgxFbX5I6K/0MONgEs11sJGiKrE DJScDxbGliuAZ6tQa140s55ORyRZnosy4be4h20Vh7cuWHv2qGTb/OTVB6IZ7FmOJDNwOA PKYElNYb73MvGy2dLI36+ri8wI3e0xuhDDPSY5lmZiS63T8vz3qJdGf4zaO6FiHkHehWAM xrO/LnTr2UOvyj+muS9ACMkBODXq84ehUOE+3uBWqCez7mOOJHU/3N40wnW2yZAAZaRYRQ LQPoGIi2jNAj5TVGohG/3osCXyciqhvO7D/seW0ScBZYHQAKpncPcRD/Sb/xiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360345; a=rsa-sha256; cv=none; b=kBjtP7sezEeIpEFh9kXwyl49ozLXVeMgWT2hX9eflG6OXCmN8sCKlAHLDWbc/8xT7xRdx3 txiBFr82JPm4Jjxtc6KN2AUMby0nr4rEi9EovUoLaJi2Og/guyTuNovFruRXEttPVE3Kgl X+g9SMcnwcHC/fiHoZXqCVdvoGZxcsjeRCepDeqvW3Mj22qBXP+2+Zf5TxcI59f7GYE4UT qNTO4OBmTwiTMumvkxC1P2SAWI0tniASb6mDyxm+BP8J0vgo0rklIXAP7gttB22Mgn7DGN jGfdxcqiIeR4/oBNol3OmUHVaLtFifInxVfZNfA6ggq9JStSEUVHea0QBztEcw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRY3YKmzxH7; Mon, 16 Dec 2024 14:45:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjjPI052810; Mon, 16 Dec 2024 14:45:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjjhI052807; Mon, 16 Dec 2024 14:45:45 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:45 GMT Message-Id: <202412161445.4BGEjjhI052807@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 3186b192e4db - main - MAC/do: Allocate/deallocate rules as a whole List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3186b192e4db7896bae22a9116ab915bf852fa27 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=3186b192e4db7896bae22a9116ab915bf852fa27 commit 3186b192e4db7896bae22a9116ab915bf852fa27 Author: Olivier Certner AuthorDate: 2024-07-15 15:12:47 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:34 +0000 MAC/do: Allocate/deallocate rules as a whole Stop recycling the top-level 'struct rules' already assigned to jails. This considerably simplifies the code, as now changing rules on a jail amounts to just changing the OSD pointer. Also, this is to increase potential concurrency in preparation for incoming fixes about enforcing rules. Indeed, keeping these changes relatively simple requires rules assigned to a jail to slightly outlive resetting them, which is most easily done by just operating on pointers to separate rules objects. The (negligible) price to pay for this change is that setting rules on a jail now systematically needs to allocate memory (and also that the OSD slot needs to be accessed twice, once to get the old rules to free them and another one to set the rules, which was already the case before when memory had to be allocated). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47598 --- sys/security/mac_do/mac_do.c | 173 +++++++++++++++++++------------------------ 1 file changed, 75 insertions(+), 98 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 61c305547d39..3f7964220ca4 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -58,18 +58,30 @@ struct rules { TAILQ_HEAD(rulehead, rule) head; }; -static struct rules rules0; +static struct rules *rules0; static void -toast_rules(struct rulehead *head) +toast_rules(struct rules *const rules) { - struct rule *r; + struct rulehead *const head = &rules->head; + struct rule *rule; - while ((r = TAILQ_FIRST(head)) != NULL) { - TAILQ_REMOVE(head, r, r_entries); - free(r, M_DO); + while ((rule = TAILQ_FIRST(head)) != NULL) { + TAILQ_REMOVE(head, rule, r_entries); + free(rule, M_DO); } - TAILQ_INIT(head); + free(rules, M_DO); +} + +static struct rules * +alloc_rules(void) +{ + struct rules *const rules = malloc(sizeof(*rules), M_DO, M_WAITOK); + + _Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!"); + rules->string[0] = 0; + TAILQ_INIT(&rules->head); + return (rules); } static int @@ -133,30 +145,32 @@ out: /* * Parse rules specification and produce rule structures out of it. * - * 'head' must be an empty list head. Returns 0 on success, with 'head' filled - * with structures representing the rules. On error, 'head' is left empty and - * the returned value is non-zero. If 'string' has length greater or equal to + * Returns 0 on success, with '*rulesp' made to point to a 'struct rule' + * representing the rules. On error, the returned value is non-zero and + * '*rulesp' is unchanged. If 'string' has length greater or equal to * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned. If it is not in the expected * format (comma-separated list of clauses of the form "=:", * where is "uid" or "gid", an UID or GID (depending on ) and * is "*", "any" or some UID), EINVAL is returned. */ static int -parse_rules(const char *const string, struct rulehead *const head) +parse_rules(const char *const string, struct rules **const rulesp) { const size_t len = strlen(string); char *copy; char *p; char *element; + struct rules *rules; struct rule *new; int error = 0; - QMD_TAILQ_CHECK_TAIL(head, r_entries); - MPASS(TAILQ_EMPTY(head)); - if (len >= MAC_RULE_STRING_LEN) return (ENAMETOOLONG); + rules = alloc_rules(); + bcopy(string, rules->string, len + 1); + MPASS(rules->string[len] == '\0'); /* Catch some races. */ + copy = malloc(len + 1, M_DO, M_WAITOK); bcopy(string, copy, len + 1); MPASS(copy[len] == '\0'); /* Catch some races. */ @@ -167,11 +181,13 @@ parse_rules(const char *const string, struct rulehead *const head) continue; error = parse_rule_element(element, &new); if (error != 0) { - toast_rules(head); + toast_rules(rules); goto out; } - TAILQ_INSERT_TAIL(head, new, r_entries); + TAILQ_INSERT_TAIL(&rules->head, new, r_entries); } + + *rulesp = rules; out: free(copy, M_DO); return (error); @@ -194,7 +210,7 @@ find_rules(struct prison *const pr, struct prison **const aprp) for (cpr = pr;; cpr = cpr->pr_parent) { prison_lock(cpr); if (cpr == &prison0) { - rules = &rules0; + rules = rules0; break; } rules = osd_jail_get(cpr, mac_do_osd_jail_slot); @@ -207,53 +223,6 @@ find_rules(struct prison *const pr, struct prison **const aprp) return (rules); } -/* - * Ensure the passed prison has its own 'struct rules'. - * - * On entry, the prison must be unlocked, but will be returned locked. Returns - * the newly allocated and initialized 'struct rules', or the existing one. - */ -static struct rules * -ensure_rules(struct prison *const pr) -{ - struct rules *rules, *new_rules; - void **rsv; - - if (pr == &prison0) { - prison_lock(pr); - return (&rules0); - } - - /* Optimistically try to avoid memory allocations. */ -restart: - prison_lock(pr); - rules = osd_jail_get(pr, mac_do_osd_jail_slot); - if (rules != NULL) - return (rules); - prison_unlock(pr); - - new_rules = malloc(sizeof(*new_rules), M_DO, M_WAITOK|M_ZERO); - TAILQ_INIT(&new_rules->head); - rsv = osd_reserve(mac_do_osd_jail_slot); - prison_lock(pr); - rules = osd_jail_get(pr, mac_do_osd_jail_slot); - if (rules != NULL) { - /* - * We could cleanup while holding the prison lock (given the - * current implementation of osd_free_reserved()), but be safe - * and a good citizen by not keeping it more than strictly - * necessary. The only consequence is that we have to relookup - * the rules. - */ - prison_unlock(pr); - osd_free_reserved(rsv); - free(new_rules, M_DO); - goto restart; - } - osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules); - return (new_rules); -} - /* * OSD destructor for slot 'mac_do_osd_jail_slot'. * @@ -264,17 +233,19 @@ dealloc_osd(void *const value) { struct rules *const rules = value; - toast_rules(&rules->head); - free(rules, M_DO); + toast_rules(rules); } /* - * Deallocate the rules associated to a prison. + * Remove the rules specifically associated to a prison. + * + * In practice, this means that the rules become inherited (from the closest + * ascendant that has some). * * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail. */ static void -dealloc_rules(struct prison *const pr) +remove_rules(struct prison *const pr) { prison_lock(pr); /* This calls destructor dealloc_osd(). */ @@ -283,25 +254,38 @@ dealloc_rules(struct prison *const pr) } /* - * Assign already parsed rules to a jail. + * Assign already built rules to a jail. */ static void -set_rules(struct prison *const pr, const char *const rules_string, - struct rulehead *const head) +set_rules(struct prison *const pr, struct rules *const rules) { - struct rules *rules; - struct rulehead old_head; + struct rules *old_rules; + void **rsv; - MPASS(rules_string != NULL); - MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN); + rsv = osd_reserve(mac_do_osd_jail_slot); - TAILQ_INIT(&old_head); - rules = ensure_rules(pr); - strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN); - TAILQ_CONCAT(&old_head, &rules->head, r_entries); - TAILQ_CONCAT(&rules->head, head, r_entries); + prison_lock(pr); + if (pr == &prison0) { + old_rules = rules0; + rules0 = rules; + } else { + old_rules = osd_jail_get(pr, mac_do_osd_jail_slot); + osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules); + } prison_unlock(pr); - toast_rules(&old_head); + if (old_rules != NULL) + toast_rules(old_rules); +} + +/* + * Assigns empty rules to a jail. + */ +static void +set_empty_rules(struct prison *const pr) +{ + struct rules *const rules = alloc_rules(); + + set_rules(pr, rules); } /* @@ -312,13 +296,13 @@ set_rules(struct prison *const pr, const char *const rules_string, static int parse_and_set_rules(struct prison *const pr, const char *rules_string) { - struct rulehead head; + struct rules *rules; int error; - error = parse_rules(rules_string, &head); + error = parse_rules(rules_string, &rules); if (error != 0) return (error); - set_rules(pr, rules_string, &head); + set_rules(pr, rules); return (0); } @@ -361,7 +345,7 @@ static void destroy(struct mac_policy_conf *mpc) { osd_jail_deregister(mac_do_osd_jail_slot); - toast_rules(&rules0.head); + toast_rules(rules0); } static int @@ -382,7 +366,7 @@ mac_do_prison_set(void *obj, void *data) jsys = JAIL_SYS_NEW; switch (jsys) { case JAIL_SYS_INHERIT: - dealloc_rules(pr); + remove_rules(pr); error = 0; break; case JAIL_SYS_NEW: @@ -422,8 +406,7 @@ mac_do_prison_create(void *obj, void *data __unused) { struct prison *const pr = obj; - (void)ensure_rules(pr); - prison_unlock(pr); + set_empty_rules(pr); return (0); } @@ -431,12 +414,8 @@ static int mac_do_prison_remove(void *obj, void *data __unused) { struct prison *pr = obj; - struct rules *r; - prison_lock(pr); - r = osd_jail_get(pr, mac_do_osd_jail_slot); - prison_unlock(pr); - toast_rules(&r->head); + remove_rules(pr); return (0); } @@ -481,12 +460,10 @@ init(struct mac_policy_conf *mpc) struct prison *pr; mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods); - TAILQ_INIT(&rules0.head); + rules0 = alloc_rules(); sx_slock(&allprison_lock); - TAILQ_FOREACH(pr, &allprison, pr_list) { - (void)ensure_rules(pr); - prison_unlock(pr); - } + TAILQ_FOREACH(pr, &allprison, pr_list) + set_empty_rules(pr); sx_sunlock(&allprison_lock); } From nobody Mon Dec 16 14:45:47 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRc1cJ4z5hWR6; Mon, 16 Dec 2024 14:45:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRb5l9Sz4dRx; Mon, 16 Dec 2024 14:45:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GbZGQnte3cQyhpuxCEf8twNwFXaRuy5TqW5+JscmXqg=; b=abFGhf8NmYMhjR6VdnbQY0nZ5kfrLIMzfDEfKT6RFFeCHhRwoym4OH2bn3zeFHQv/PqLFT zR4F+5PokVcUw4pV8Lu3zX2QpAr2XfP9cPfEM78Dro91yCYm0JPItLpbR7G484MeatUode bzxRU/6/pKQoDGeucD7GZ3oeWMfu77L8pxXHsmrhIAgF72uAKCVBlHT2JyUiBPOQvzXYnQ DUFdAKMfAC//74WSF5navmA3caF3gwNin2hiRoLXpMLGf3Siy6OcpLreDHUWJtUjVr1Dhd FnjNpDyMFg1DSouKhNFo3Q3dN0Bgvrq9tJkb2DjQmgEDOUk+058oJdgFcGWxtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GbZGQnte3cQyhpuxCEf8twNwFXaRuy5TqW5+JscmXqg=; b=NNJp1jnwZJLLrBmysc8qqVJYKSinuXGe78sSI1QD9QATWJL8T0Ir67V5sWDmYMuou7EBFE 0eBf9Nkdl8rbqKSy5Y0P9+0X3Uagux/FrtbPuEAvpysXa4C/CuWuBUOUou2IG0/o3wHlPa zH9CXxsg3C6PQNVJ7JcvQ+VN9x4JbNb+5fDRkegPHb30h0wx/J9GELsxl/0gIs1eKYKoKZ 2GiRvJIal08h3GUYcap8MQEdM038OaB+W9VobsAcHoXqfuGoxTpZpYkRRbUKt1rWgZIH1h bo4VXfpOzLkRSLP9jkWSNjKdQH1wwOwbHTBEBcEnSDjl/uqtugEqaNt/esGh7g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360347; a=rsa-sha256; cv=none; b=QCEZK+MTF5hHMQaypZUyOamn5g4wO3Ep+kKirVpq62c8uzfJl/bqEJqE9msH9vP16jwsBB zM/9Eoe6XuuNQCDBRO6lpGDY/1pFGUWtNNXaG2spv6PaZ333aKQOoeKlIboHtX8M4l770u 6Yr6/di5c3O9lCuRoh/nmiOrGu2k32ayu+xesRzNKb/dtolg5dvW3jJZLESivwdzuBC8m+ 3soETNQIOmPeoL2tCl/rvvV3RK9IbwDRaat/IunebXP20IwAnLJ+QH6gwSXae/pvmtjviC kUDjjkJ84BpFpDUb0q2O5HxBgcbfYpOyHw64fffrbP34w+6S/+WCiqFoUTAcpA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRb5MMPzxH8; Mon, 16 Dec 2024 14:45:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjlt2052916; Mon, 16 Dec 2024 14:45:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjlef052913; Mon, 16 Dec 2024 14:45:47 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:47 GMT Message-Id: <202412161445.4BGEjlef052913@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 292c814931d9 - main - MAC/do: sysctl_rules(): Always copy the rules specification string List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 292c814931d975d56d5ffa7c3c85191d56a059c4 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=292c814931d975d56d5ffa7c3c85191d56a059c4 commit 292c814931d975d56d5ffa7c3c85191d56a059c4 Author: Olivier Certner AuthorDate: 2024-07-03 12:52:38 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:34 +0000 MAC/do: sysctl_rules(): Always copy the rules specification string We are not guaranteed that the 'rules' storage stays stable if we don't hold the prison lock. For this reason, always copy the specification string (under the lock). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47600 --- sys/security/mac_do/mac_do.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index ed4c984ff559..94fe7b99fc9d 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -309,30 +309,22 @@ parse_and_set_rules(struct prison *const pr, const char *rules_string) static int sysctl_rules(SYSCTL_HANDLER_ARGS) { - char *new_string; + char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK); struct prison *pr; struct rules *rules; int error; rules = find_rules(req->td->td_ucred->cr_prison, &pr); + strlcpy(buf, rules->string, MAC_RULE_STRING_LEN); prison_unlock(pr); - if (req->newptr == NULL) - return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req)); - new_string = malloc(MAC_RULE_STRING_LEN, M_DO, - M_WAITOK|M_ZERO); - prison_lock(pr); - strlcpy(new_string, rules->string, MAC_RULE_STRING_LEN); - prison_unlock(pr); - - error = sysctl_handle_string(oidp, new_string, MAC_RULE_STRING_LEN, req); - if (error) + error = sysctl_handle_string(oidp, buf, MAC_RULE_STRING_LEN, req); + if (error != 0 || req->newptr == NULL) goto out; - error = parse_and_set_rules(pr, new_string); - + error = parse_and_set_rules(pr, buf); out: - free(new_string, M_DO); + free(buf, M_DO); return (error); } From nobody Mon Dec 16 14:45:48 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRd2hfjz5hWTD; Mon, 16 Dec 2024 14:45:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRd063Jz4dK8; Mon, 16 Dec 2024 14:45:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RKzN52J/BgtSXKBMd0JTYVA2zLc06VCYGPdEXhBsQd4=; b=Pe9ssmt0DY1VB+MCa7mZS58B2xDmHbz5E2d+4iRxL4rCElrLEy28urg9ycwZCRYscApWG0 rWi/8pBleVvMoIlpLDdVWCpszBIGrZ1+eAFLb28/V6kio6MDYFUugoIXtJ9zolKin3revg cF4jEHcZ12ZBf0pv6HYk8QXfn0g2XiR6BTiTe/KVMrNLhtZ5b8gqB2MY8T1SP+kmoIGJkf iqz25VHBBaoa2Zcq19j0T12MBXmpWqbvFru9WaMu6OC4DQFdQSiAaPVY6pBsshcs/ZdySu rbEl16D1fdHoMzbbI2eWhhUOMq2aOjU5D+mjJHz8clQnEZUug2K2dewotKyblg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RKzN52J/BgtSXKBMd0JTYVA2zLc06VCYGPdEXhBsQd4=; b=ZNgAnbhUnOMMMkZRgxANJMZzNo1bXgiWpZWeLhX2JHvqsMCeafPs8kISIC75hod3Nr2yNe WhQurHXelzE99B0fZ9CboE1+8/LTmABA41J90YzewMSI70u0eN0tStD9BBrRvM9bOA5BEs L++LcTVXwz5MxsQcJ2TOGV+PHEw9eOfr37Zd77OD8f750XyU50KI5gjK+xgO8iONKKz5w/ Olj+66yZUAQJ2nH6QmBmW16bqs9zPbMop7FcV1ERArMvJKkK74+YfXdibDVA4d6doSc3zM fQIMKDje4fh3qJgc8ivuM/CgPTzlyCFNrDlomy1FwzVvqXCsYZCP8/6HHCuy5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360349; a=rsa-sha256; cv=none; b=q747pdnpAJ20zs7D7ezjqTAe5QxOwWFqchvjx+BD9FhoPhR8jfpWpge+mu3ich1iXegKiH YO3IN+t9UtGR93zHPgTB2Ui447+snjh7ZeycbMkHuXdwp7fSAXciAREYnbHOCUhLHQej8f J1FMrG0sFiqO9Xc8D/kGiP7sukk/9vdDT4hk3xxELXzOc8dwFQDAz/e1HE1wEjMkivtnnB aI9+5vSHbaWIAyYO3/iPVclA6TpcCoHJkUlJWDS/iX2hJIP/qRwAeVWBB+zYDkPARHe4Hr v0jhQMnkcADmisjimIJcxXR88SoWftf0x7Fa8zBwgKgzpC92azG/pmlQ1f78/A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRc6jZmzxnL; Mon, 16 Dec 2024 14:45:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjmWK052967; Mon, 16 Dec 2024 14:45:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjmVq052964; Mon, 16 Dec 2024 14:45:48 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:48 GMT Message-Id: <202412161445.4BGEjmVq052964@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 53d2e0d48549 - main - MAC/do: sysctl_rules(): Set the requesting's thread's jail's rules List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 53d2e0d4854997005271ee60791ab114bd6e0099 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=53d2e0d4854997005271ee60791ab114bd6e0099 commit 53d2e0d4854997005271ee60791ab114bd6e0099 Author: Olivier Certner AuthorDate: 2024-07-03 12:59:12 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: sysctl_rules(): Set the requesting's thread's jail's rules Allowing to change the rules specification on a jail other than the requesting's thread one is a security issue, as it will immediately apply to the jail we inherited from and all its other descendants that inherit from it. With this change, setting the 'mdo_rules' sysctl in a jail forces that jail to no more inherit from its parent. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47601 --- sys/security/mac_do/mac_do.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 94fe7b99fc9d..98bace7052f6 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -310,11 +310,12 @@ static int sysctl_rules(SYSCTL_HANDLER_ARGS) { char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK); + struct prison *const td_pr = req->td->td_ucred->cr_prison; struct prison *pr; struct rules *rules; int error; - rules = find_rules(req->td->td_ucred->cr_prison, &pr); + rules = find_rules(td_pr, &pr); strlcpy(buf, rules->string, MAC_RULE_STRING_LEN); prison_unlock(pr); @@ -322,7 +323,8 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) if (error != 0 || req->newptr == NULL) goto out; - error = parse_and_set_rules(pr, buf); + /* Set our prison's rules, not that of the jail we inherited from. */ + error = parse_and_set_rules(td_pr, buf); out: free(buf, M_DO); return (error); From nobody Mon Dec 16 14:45:49 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRf53zzz5hWLV; Mon, 16 Dec 2024 14:45:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRf0ytbz4db9; Mon, 16 Dec 2024 14:45:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Rjab6T+sbbuvgz0LJGARhfKP8XWZEjrr1fXvqwL4YLA=; b=ktkmBYqQpeSzOue6+pOK0gVEKGxbudgmEx63RuaHLPUg9202Lnnh+OoBCpo2F5Cusrfzd7 a200WpaaYt5QH4TD9G5KcCzktg8CoMAvFd4A5VROVFd2tuPe/fwxLQcMfzQLITL2HXdoBB StANgzE/X/2HWzCmp7qWrkA5qEP0dR+0tq+XxYbG6HA2MVyyGAdMBW1AXR/VstFDTQSYvo /qupvsUF4r2IERmgyjrNklnn5nlnRq1MTfRx5v38yPLrsk+LbnG7pPu8UGvBPKE+fv7POO bPOaD2V0a+L4FOqcrwctx7V9dkVDUfYDL1R8MJV575fo/dp5qhQYBbmi4qkHzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Rjab6T+sbbuvgz0LJGARhfKP8XWZEjrr1fXvqwL4YLA=; b=jJunsER7LOv7MtEHBRZy81COBrFHO3ZDWwXA0fGfN9l/DWvT7PJOYBsMhpa5ZlmYj9oBnY bi5vQXFKOvkczC9mYYewC7NIBPqrhrbW+RUP/qE8sVi3pd9GJocu7vCpJJGgVoD2nrA4A3 XayvnlzI7OSngQ6hpLvR+J4rc7BrReA8i/s3+xZvnXbR6jnptydE3luoMzdvpe9LfLiZ/r j5kwGrHs3knGZBCceW2RVD9pAnzqYl3IdQS4DVEKgOu6wc5tQIKhWi8SDMzUgd+rgYSIpj T7WHMDY8Pm5hUoxd35LP8tH6FV0LZH8ze0t6DzSR9KOI1CVw/TFk/h/fhyA5EA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360350; a=rsa-sha256; cv=none; b=gbdttolzleFYmSzdBMLLIHPa+0hO1UYZMntrsxSE5dYnDB9nC7Rp6gN32ivlCdzzRFYsue RnEYoH6IwPg3CH4+ClZvcTJm7H+CdCe100wx7pa+SUi3xtsc/pAs0Rt96ue8z7+HNzXlgy GHWw6rhRtt/tD2IJLSYlPCkl0ltg0mKmqo0PKAdMVQfRSsDBtxs/1E9xSZlG3Sx7FJcmuU JabET2dZBuIv0mkntBgJcnQcBo1s13Bh8tWqVfltF3GKe+DZC3lwgG4/Q1y5e3gGQifenl jvhSEEWDPIU/s5eft8ty629hVWbCmPju8WVgywA40paUvIaPIX6i/fb4ZlO+hw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRf0ZlPzxkd; Mon, 16 Dec 2024 14:45:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjnox053015; Mon, 16 Dec 2024 14:45:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjnvp053012; Mon, 16 Dec 2024 14:45:49 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:49 GMT Message-Id: <202412161445.4BGEjnvp053012@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: b3f93680e39b - main - MAC/do: Enable changing 'security.mac.do.rules' from a jail List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b3f93680e39b90c02ddabdaf98f9c9a669d24c00 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=b3f93680e39b90c02ddabdaf98f9c9a669d24c00 commit b3f93680e39b90c02ddabdaf98f9c9a669d24c00 Author: Olivier Certner AuthorDate: 2024-07-03 13:49:51 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: Enable changing 'security.mac.do.rules' from a jail Now that sysctl_rules() has been fixed to behave. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47602 --- sys/security/mac_do/mac_do.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 98bace7052f6..787790cb2b34 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -331,7 +331,7 @@ out: } SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, - CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_MPSAFE, + CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE, 0, 0, sysctl_rules, "A", "Rules"); From nobody Mon Dec 16 14:45:51 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRg3bWJz5hWWl; Mon, 16 Dec 2024 14:45:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRg1ltcz4ddT; Mon, 16 Dec 2024 14:45:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aVLOWAfFThYoevWYMuXeDnT1DvvKrsrbPbH1ryhZfBo=; b=mlV3WnjJzLRykRIPTLxHO7DGZFOZdFWChel36+voww1GwIUvyuPL2JSQml/SrAtgOOZdH3 ULNVHqt2057EpirRtc+UbcPDLhKXCwCYRh6KGQjR7sK7BQqbOZpBEDsZAuwstBz9psQHTL nxACyxNDmbFOX8Z4syYWfp/pwlQU63nZenmP6I1EXU2a0XIjTm+epBg23yEEVFpa+x68JQ n3ftJX2srMThzVProydRpZiJtz+/ybB85qAdA4U4JqmngNZNAzb8y6cUOMzhRpK7ij+pSW TLQY2GuloZt5dyI9eGFP8rW23Dz6s1+oA0h7NAoO/gFitz/0K7/6XiujV7LtHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aVLOWAfFThYoevWYMuXeDnT1DvvKrsrbPbH1ryhZfBo=; b=jG2tNBWf/raWkcmh2HcJZcv9ot4uHg5ncukQx9v+c7KRru8eD5jtI7ee5sCfpmHyy1A8mr +J/0M3e+cE06JH/wp4JcmpxpyzkipXX8/oFeXEJTVizeA8TRjkR8KY9vOFc+EyhiWjD8F4 Uka8OoOgDFKTieCjR2dpDLj/j2DsirE51u9SAHxsYyySuzEuvLZwljJaGR7RjlWWmSt9Ip cfrVFA31DRSXjGr5VVMpLuAUZ/ON7o4g3oQie6m5Enwm9eJTYsiVlKe4h8XJ2dt/eO2kUf 2NhkaFuJ1Ooe+53eCaKXVezwTQdMQsduM4S3gcC+Ag6XdZEyHm4r9mvEFgVydQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360351; a=rsa-sha256; cv=none; b=j29O6nVS3l/LonfZ9w3d5U9IW08v21b/SLeSnFXIa2GaAtTgbK9qxAZKNhfwYABgvCvyH2 2be9Fq1NnLiUTQ2BVBLMYxA4dGacsxdqIbNjGmjaLBfrMnli2gd6N4lMH4hh4JHoROMNiS 8xOLbK9ubbPmL4JtPzdn399eKCaQO8HJq6eWIwwuBQvHjUsU4jJZsa1beT2IDa/0OHoW8t X7/WZEGw8F1bJBY3KtISCg4QBGKuzjdMUkDA/Ku0tIQKHs0O9r7741YdtixyAFvfN4I/sB yeMXv+SffKJEPh60YJCW/gkm1my7v+0jMX4L0eI2PerCkThNyX/rDvaKKAATcQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRg1N5yzxWv; Mon, 16 Dec 2024 14:45:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjpQL053088; Mon, 16 Dec 2024 14:45:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjpI2053085; Mon, 16 Dec 2024 14:45:51 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:51 GMT Message-Id: <202412161445.4BGEjpI2053085@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: beb5603c51e0 - main - MAC/do: Remove the 'prison0' special cases in the common paths List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: beb5603c51e0323e267ceff8f83b3c95151f0822 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=beb5603c51e0323e267ceff8f83b3c95151f0822 commit beb5603c51e0323e267ceff8f83b3c95151f0822 Author: Olivier Certner AuthorDate: 2024-07-03 13:23:26 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: Remove the 'prison0' special cases in the common paths The rules on 'prison0' are initialized in init(), now using set_empty_rules(). Until the jail is destroyed, they can never be uninitialized by a call to osd_jail_del(), since the only chain to call it is mac_do_prison_set() -> remove_rules() -> osd_jail_del(), and mac_do_prison_set() (method PR_METHOD_SET) can never be called on 'prison0'. This guarantees that find_rules() always find a valid 'rules' pointer to return. There's no need to do anything special in destroy() for 'prison0', as osd_jail_deregister() now takes care of it. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47603 --- sys/security/mac_do/mac_do.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 787790cb2b34..8ce84d7ba099 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -58,8 +58,6 @@ struct rules { TAILQ_HEAD(rulehead, rule) head; }; -static struct rules *rules0; - static void toast_rules(struct rules *const rules) { @@ -204,19 +202,20 @@ out: static struct rules * find_rules(struct prison *const pr, struct prison **const aprp) { - struct prison *cpr; + struct prison *cpr, *ppr; struct rules *rules; - for (cpr = pr;; cpr = cpr->pr_parent) { + cpr = pr; + for (;;) { prison_lock(cpr); - if (cpr == &prison0) { - rules = rules0; - break; - } rules = osd_jail_get(cpr, mac_do_osd_jail_slot); if (rules != NULL) break; prison_unlock(cpr); + + ppr = cpr->pr_parent; + MPASS(ppr != NULL); /* prison0 always has rules. */ + cpr = ppr; } *aprp = cpr; @@ -265,13 +264,8 @@ set_rules(struct prison *const pr, struct rules *const rules) rsv = osd_reserve(mac_do_osd_jail_slot); prison_lock(pr); - if (pr == &prison0) { - old_rules = rules0; - rules0 = rules; - } else { - old_rules = osd_jail_get(pr, mac_do_osd_jail_slot); - osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules); - } + old_rules = osd_jail_get(pr, mac_do_osd_jail_slot); + osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules); prison_unlock(pr); if (old_rules != NULL) toast_rules(old_rules); @@ -339,7 +333,6 @@ static void destroy(struct mac_policy_conf *mpc) { osd_jail_deregister(mac_do_osd_jail_slot); - toast_rules(rules0); } static int @@ -452,7 +445,7 @@ init(struct mac_policy_conf *mpc) struct prison *pr; mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods); - rules0 = alloc_rules(); + set_empty_rules(&prison0); sx_slock(&allprison_lock); TAILQ_FOREACH(pr, &allprison, pr_list) set_empty_rules(pr); From nobody Mon Dec 16 14:45:52 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRh6qCKz5hWcQ; Mon, 16 Dec 2024 14:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRh2vfFz4dKl; Mon, 16 Dec 2024 14:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360352; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O3KAaF2XtozGOTPSqlEtFWuwHZJhf8RJ/8+jq4Pst3k=; b=EkbfLEbAOjY4n79s8jACiD2++Zbbxs5DPqJ3yPCa60ufTJRVcobwC9LE5jlTgSU+c3aGME AUp+yW/LYkV6OtCBI/uCTpiOdljzy73VJrpDU+p9LHhOkoja9leFcrlgnvwpRcvBnCmr+z tSiPK9muRcPiX8gZ7lzP5fg883GNyfW3S5gHj7k+3QcrtIqxurPyM5S5V2HzYv3khYPbMc lzezOqUJxnUFhU+QUK2U+D+3s4sATOt+3kK443HeAMHrqmWYDDEiQu+A+MT+FGj+uw5FLX iuqSyQOBXtD6ypIpiVRYRRcLrbv2618nZuGTPmwcXNG8ecPw/MEfSE+KqiGMQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360352; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O3KAaF2XtozGOTPSqlEtFWuwHZJhf8RJ/8+jq4Pst3k=; b=RPEc6guBuIL3nLyp+CfeuTOY2uRO2FHya3pdCVHMk9M05Rq0x6OqXQunfwPSlUj13uZmG3 QB9g/UUP5iWxpQx90zQf7UQvJAIAM4sCAAsOm+SDWcghekliaztu9fQ3dragp4cObx3+Dj RGDO4samFjH7vLS9Yg8HU6y3CTj6R1I/UnPl1pp8dPM/O18jZfyQTKaRQmRI6jbNyM/GTa kj9MVEuKsVPSfnx9mCpf6QuzVAG7UeLnjD8oZ+xp6CzlpgocpULkbsHkwLM17uf1SsryJ0 si5WCZXRXsIOeWIcYTmTVWYoroT7Qy4RaWLXoZDyu2LvDZ2LZE5XGgURTakuWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360352; a=rsa-sha256; cv=none; b=G3iW1xaTFkd8jU6VFYhbsqP5qYNEmHjbzm+LzHXqSGFKAhe7aFEn4fiujM+ggH1jb1vme9 io5HYVLitL9moAHNXIeweXSfEJng9PWB0NcZiWKxZY2E8E5CibhedUZAyAdboeUGM35mlh 3mk/euibX1TGDkhv98KFFaN8/B3s8x/0NoBC3iANFE13BooihauZrRUYZyTmoZRFQCWf8y KempmBQ79ppGuUQcHeHtXLnSz4gnNQsnfaTqLI9BAsWvWLOxgIBqMANTkJxc+4mNUdZfOU i2zeZ9sT82k8ZlpdxFOGeaWcX4M6CRImZR1nxy/LHgWYBzpc9ErARwP/lQF59g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRh2PBWzxWw; Mon, 16 Dec 2024 14:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjqO1053143; Mon, 16 Dec 2024 14:45:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjqiV053140; Mon, 16 Dec 2024 14:45:52 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:52 GMT Message-Id: <202412161445.4BGEjqiV053140@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 73cecc0ef78e - main - MAC/do: Move destroy() to a better place List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 73cecc0ef78e49295cd9cd8df1bf271f5b8c437d Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=73cecc0ef78e49295cd9cd8df1bf271f5b8c437d commit 73cecc0ef78e49295cd9cd8df1bf271f5b8c437d Author: Olivier Certner AuthorDate: 2024-07-03 13:52:33 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: Move destroy() to a better place No functional change intended. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47604 --- sys/security/mac_do/mac_do.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 8ce84d7ba099..cb166cfd6128 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -329,12 +329,6 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, 0, 0, sysctl_rules, "A", "Rules"); -static void -destroy(struct mac_policy_conf *mpc) -{ - osd_jail_deregister(mac_do_osd_jail_slot); -} - static int mac_do_prison_set(void *obj, void *data) { @@ -452,6 +446,12 @@ init(struct mac_policy_conf *mpc) sx_sunlock(&allprison_lock); } +static void +destroy(struct mac_policy_conf *mpc) +{ + osd_jail_deregister(mac_do_osd_jail_slot); +} + static bool rule_applies(struct ucred *cred, struct rule *r) { From nobody Mon Dec 16 14:45:53 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRj53Rxz5hWLf; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRj3nLpz4ddx; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f0mZO9hybjNpZbQ+lyipPvJkzTrapqN0iTwQ1D0JJ6g=; b=T3ATj+uh7FlbH6Im1f0pGKPNnQq5J4dXyE70uAw264PVbUuHVw8Q1oHszAi0xchVCNK4Dz zN7sKzlqv8AQPGv253RsCLbpneT7lDzyGAVShawj27RAIzMC8VGFrvK5FSC0cBbbYzkBjj 3/hhfeYP2hAthPYiuTRKSOtDDmI+l0UiOUuEDr/g9VmSkaFhI7YboVGX0Qu5s4V7nOp7IC aHniRPWDR8uuWc08CCpLVRwIXZCwpYRfzmi8de2ekhqv07j9zj+LKB221f2RoZU/GAIZSf ZeLZ7NeAiOzjlUSe2+/JBDyk6z7f/xKdUyQvXhkkI6qZIVh7eUTORKWvNmcV7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f0mZO9hybjNpZbQ+lyipPvJkzTrapqN0iTwQ1D0JJ6g=; b=MtaWp1ktSjp6sIgdLCIANlFtoXcGTPkRwcSjK+LfYAkS58ebj1pJ2Zytyn6H8D1eQwsnoc YHoqkc/0WTPB/O967xFFH9SFqB40onriUQs92S5Glg70eqTIzZrLHSyNChZc/mre9D/Bg6 Z2cwYn6zYD2GvBwf/9h8wS849Dgjq2WUVi04DuNHQ7jn2QMuLiYvdaLVV2UIYUxsy7XIhh 9E7YHMD2NbGDGSUxvivpZuYgkZb/a0+9O/kSc/joJyVk4VJvElZbZaoURZYif8JN+47SN+ XCeLhfoyNLCnybSmBAg/g0v0szlQ1Wn2SJB4EZBSzCUtana9gh7STR5W0ifBqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360353; a=rsa-sha256; cv=none; b=d9UB/TVRKrqC2UJDM8S35L5Y4fLqD9XsepF/vZUi3cR49Sj6bkAX3CTqJz7zrrOM65TP8k D6ZZUaa6j9bAeyHc0MKrN4Yi+1ey1J60Fk1ot6gWd6iQWcAk658OpSIzRuapt9TR3lBY9r fy4yAZvbz58FVQA43M5zj6vwMEZ1wXmSSLdWN3/FfoZwFz37ZZRI48ykHBmAhsnVPF4x9a VUi6PA+x1dzqVUnczc3C4d0MjaHda8vk968jUamqGUbifmJal7GqdzKLXwZIPf6oXuTm50 kw5xNILqVqVuIwOLmOONq6YeowK1B8vPq5SglKJYYgA0YaMltEut4kqAhmPnbg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRj3PyhzxYL; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjr1N053209; Mon, 16 Dec 2024 14:45:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjrxQ053206; Mon, 16 Dec 2024 14:45:53 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:53 GMT Message-Id: <202412161445.4BGEjrxQ053206@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: add521c1a5d2 - main - MAC/do: parse_rule_element(): Fix a panic, harden, simplify List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: add521c1a5d21ec84454009d42d1dcd688d77008 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=add521c1a5d21ec84454009d42d1dcd688d77008 commit add521c1a5d21ec84454009d42d1dcd688d77008 Author: Olivier Certner AuthorDate: 2024-07-03 14:13:33 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: parse_rule_element(): Fix a panic, harden, simplify The panic is caused by dereferencing 'element' at a point where it can be NULL (if string ends at the ':'). Harden and simplify by enforcing the control flow rule in this function that jumping to the end is reserved for error cases. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47605 --- sys/security/mac_do/mac_do.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index cb166cfd6128..3327711fa9b9 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -94,7 +94,7 @@ parse_rule_element(char *element, struct rule **rule) type = strsep(&element, "="); if (type == NULL) { error = EINVAL; - goto out; + goto error; } if (strcmp(type, "uid") == 0) { new->from_type = RULE_UID; @@ -102,24 +102,30 @@ parse_rule_element(char *element, struct rule **rule) new->from_type = RULE_GID; } else { error = EINVAL; - goto out; + goto error; } id = strsep(&element, ":"); if (id == NULL) { error = EINVAL; - goto out; + goto error; } - if (new->from_type == RULE_UID) + switch (new->from_type) { + case RULE_UID: new->f_uid = strtol(id, &p, 10); - if (new->from_type == RULE_GID) + break; + case RULE_GID: new->f_gid = strtol(id, &p, 10); + break; + default: + __assert_unreachable(); + } if (*p != '\0') { error = EINVAL; - goto out; + goto error; } - if (*element == '\0') { + if (element == NULL || *element == '\0') { error = EINVAL; - goto out; + goto error; } if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) { new->to_type = RULE_ANY; @@ -128,15 +134,17 @@ parse_rule_element(char *element, struct rule **rule) new->t_uid = strtol(element, &p, 10); if (*p != '\0') { error = EINVAL; - goto out; + goto error; } } -out: - if (error != 0) { - free(new, M_DO); - *rule = NULL; - } else - *rule = new; + + MPASS(error == 0); + *rule = new; + return (0); +error: + MPASS(error != 0); + free(new, M_DO); + *rule = NULL; return (error); } From nobody Mon Dec 16 14:45:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRm2k4Hz5hWLk; Mon, 16 Dec 2024 14:45:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRl5qGHz4dYx; Mon, 16 Dec 2024 14:45:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+HcbE3KVFTfVR63bJxcnhItnn7BbUXU4KT/pGLnF3VI=; b=soXEG1QshjudQzOQZ/u+zIXoiKEhvtwwKnvjuBV9rAJFSRD9HU9VYyjbbdnpnA3EkOp2Rs SxfeDYCY8uhAWPeLD1cuX6CLB8QQ4V8MoHO2eMwZcksnjCZ/guYIjpMwe8FoHNHfCfGaR1 Fp1d9HMNUIcpD5M0rK5ZXueTPWpcEalx8jEqVQbl0E2Hpfmyrl3PALnrA6LCR0oJxAbeLM DV4qjJxhCvp30pVbAUoONWD7Afd3OWrl5TgLlW2sTXD0k6cAaj7OuZpQqG/+SI92SIwzrY mbWeaNBdp9PzuP/QLFfLriybavJGjBBM8xIQO1fqPVjdk4wZCzLIME1uJ01g+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+HcbE3KVFTfVR63bJxcnhItnn7BbUXU4KT/pGLnF3VI=; b=HOa0n/QVW7DU0B6BMzEsF4spnMlmSa6o54KqImbmVv5PGrDe1fsqYIxTclOjU62jWjMevN nDYw7udfOuXz2QfRmvP46ZQX76bf3Fg+/CEpxABSX5W8E0OhuEgnzM7RJgtea3neXISCaa kwiaUpWoCjzokwiM5/GcMFqcVfxxgE9IY6TaTQNkxlmk0BpBi8JNeQLz1pHAlf0Dn7OT/9 /HVno4ZGyn/3hACHYHees+WHvyCJmYqX0RTCD9/gqc6nQwACn8EnlXCZomxvAburDD8Of2 voHFlW1pwd47l/ktfxZx1lqiaoQnAtK66zaWJt4dsHZrGf3ZS4lqfI4fRTrX2Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360355; a=rsa-sha256; cv=none; b=BIl1H6WhtNof9VBvzLhCorEIF53+rrFp3P/XCKDHjd+NDkQZNmXC5xeO3x+jWENM3VazZa t52GFP3BrLGWc6ojZh82QlxtX6CNAehedICJhESD2OQ4GrSHbDGUxEOl2feshGwXOafv0U 9r/EhKIIc4WD+/fqy2RDKYSpD+FkD9Lei7K+qlCzcGFfujjJSimCreisEFGGoLZmwOmxrL 7nl43hAADKdUaC0Iy7FTJPOxVu4iQrTY6ota8BHHlBK4gq1rphSDPz4JHvkDluf9YIMBR0 k16ATF+7A+l1HkkMas0lTwMEOEYoLog9bQi6byoaBDWI+ikwa41vF4pLEpCVWg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRl5PwGzxBD; Mon, 16 Dec 2024 14:45:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjtTD053316; Mon, 16 Dec 2024 14:45:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjtkE053313; Mon, 16 Dec 2024 14:45:55 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:55 GMT Message-Id: <202412161445.4BGEjtkE053313@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 11ba1f2fe2d4 - main - MAC/do: Prefix internal functions used as hooks/callbacks List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 11ba1f2fe2d4e151ffc0a66d03a0691a7b8d2866 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=11ba1f2fe2d4e151ffc0a66d03a0691a7b8d2866 commit 11ba1f2fe2d4e151ffc0a66d03a0691a7b8d2866 Author: Olivier Certner AuthorDate: 2024-07-30 13:14:02 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:36 +0000 MAC/do: Prefix internal functions used as hooks/callbacks So that we immediately know whether a kernel stack involves MAC/do. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47607 --- sys/security/mac_do/mac_do.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 78c05e9be260..a57c29c407b8 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -309,7 +309,7 @@ parse_and_set_rules(struct prison *const pr, const char *rules_string) } static int -sysctl_rules(SYSCTL_HANDLER_ARGS) +mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) { char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK); struct prison *const td_pr = req->td->td_ucred->cr_prison; @@ -334,7 +334,7 @@ out: SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE, - 0, 0, sysctl_rules, "A", + 0, 0, mac_do_sysctl_rules, "A", "Rules"); @@ -445,7 +445,7 @@ static const osd_method_t osd_methods[PR_MAXMETHOD] = { static void -init(struct mac_policy_conf *mpc) +mac_do_init(struct mac_policy_conf *mpc) { struct prison *pr; @@ -458,7 +458,7 @@ init(struct mac_policy_conf *mpc) } static void -destroy(struct mac_policy_conf *mpc) +mac_do_destroy(struct mac_policy_conf *mpc) { osd_jail_deregister(mac_do_osd_jail_slot); } @@ -474,7 +474,7 @@ rule_applies(struct ucred *cred, struct rule *r) } static int -priv_grant(struct ucred *cred, int priv) +mac_do_priv_grant(struct ucred *cred, int priv) { struct rule *r; struct prison *pr; @@ -501,7 +501,7 @@ priv_grant(struct ucred *cred, int priv) } static int -check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) +mac_do_check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) { struct rule *r; char *fullpath = NULL; @@ -535,7 +535,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) } static int -check_setuid(struct ucred *cred, uid_t uid) +mac_do_check_setuid(struct ucred *cred, uid_t uid) { struct rule *r; int error; @@ -590,11 +590,11 @@ check_setuid(struct ucred *cred, uid_t uid) } static struct mac_policy_ops do_ops = { - .mpo_destroy = destroy, - .mpo_init = init, - .mpo_cred_check_setuid = check_setuid, - .mpo_cred_check_setgroups = check_setgroups, - .mpo_priv_grant = priv_grant, + .mpo_destroy = mac_do_destroy, + .mpo_init = mac_do_init, + .mpo_cred_check_setuid = mac_do_check_setuid, + .mpo_cred_check_setgroups = mac_do_check_setgroups, + .mpo_priv_grant = mac_do_priv_grant, }; MAC_POLICY_SET(&do_ops, mac_do, "MAC/do", From nobody Mon Dec 16 14:45:54 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRl1hMxz5hWcb; Mon, 16 Dec 2024 14:45:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRk4vxcz4dk9; Mon, 16 Dec 2024 14:45:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3YE1pgwD5/kBl5irAQ28kVi6nsuCkVAu7Kaug0QT5k0=; b=dNtI7aNRWB+Oa64M87VGPAqyoBOFaeUo+op/jB6ZJeecWO3xH49c9lurUecmbVcJmZhk36 BDKgV8JtftM8lS5h74nbkO2WPXMN9/WwgKCjT0x2TLqQ/IMYaOsfZ+g96iXCFMk5vELq72 U1fe0nKee2SgtpbZcNEYe+JNSm8P2/1O0rl8eeefje0Pr7/nEcBKQjiOtQvsIUPNQ0ZySR VCt1XLbw/lF4jsCK5ElMHd5RTNH8ajnNt5szOEzF1S9/hpof1mQBZYXtqSG4GNdYPCgAyf 0ayc1Kn916gcOwqTKQKwtA0mYgEId/Yg9Mdwqrx93eaqNPNrgHc4ndCKkwI/Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3YE1pgwD5/kBl5irAQ28kVi6nsuCkVAu7Kaug0QT5k0=; b=qYwHAssBcnCH61Jor3xxYA2kUd1DYrPQRAkQEFR6vk2E55Cd9oV9Mh8QM6YjIm8Ruc+fQ1 mBp6lP7lrOEr+WkZajTvjIdJmaWbnrWysjdGMbt88t51S2I9fcgJhdbIGVi5cV0wEKbamQ WyNXmNVLbfMUxHwlYxyHIwppYzZ+RFkvQz92F9pkTZcV7R81wCdMcCbYEsB2uVp9JbEAWB qf8d6gkOzrJ1QNyk/w3mspnm9m7PD6te3p3B+KKo7COblQuk91/MCjT8O8TntUHc328yXj xghF1BNs9sofOlfSqFW8RLtmE/zQ2IBWZHtE+XA+E9RoKThe40r+YrRBuavUQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360354; a=rsa-sha256; cv=none; b=NzJ42AXoxAX0fhd8rzh/+8KJ/T0U/h75gGNds9PxSio8VYkHmCl0hjrdcMJ6akBZbdgHQQ Q8B6v/Ej7UqIl8/6NWVcwjoZlRCFm0wfS33VMkoG6FzxmdU5dr9xOuI00ShRGXqEH4kknP 2tGU4XK4Z3TBNttJTI+inDbAgxHCvnoD1qGHR2ZnCBCZlqgC2RcdVZKwY9683W0xeiTz8P ehi9VfgeccTIJe+3lw3r/oCPRDcs3IgzllOpXYaUdWI5SwT22rTMj9QbRN3RhmeueHzqfe FSaTelo1MsnLQy83PJSTMPaCouqxJ9PWBLAJB3W/a5IQfR9K99u0wmjO6x+zXw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRk4QD5zxnM; Mon, 16 Dec 2024 14:45:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjs3q053257; Mon, 16 Dec 2024 14:45:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjsNn053254; Mon, 16 Dec 2024 14:45:54 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:54 GMT Message-Id: <202412161445.4BGEjsNn053254@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2b2c19b7f697 - main - MAC/do: Re-order jail methods more logically, rename List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2b2c19b7f697cc88d4da3e8e13051139cd0a4f96 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2b2c19b7f697cc88d4da3e8e13051139cd0a4f96 commit 2b2c19b7f697cc88d4da3e8e13051139cd0a4f96 Author: Olivier Certner AuthorDate: 2024-07-03 15:00:43 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:36 +0000 MAC/do: Re-order jail methods more logically, rename No functional change intended. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47606 --- sys/security/mac_do/mac_do.c | 87 +++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 3327711fa9b9..78c05e9be260 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -337,40 +337,23 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, 0, 0, sysctl_rules, "A", "Rules"); -static int -mac_do_prison_set(void *obj, void *data) -{ - struct prison *pr = obj; - struct vfsoptlist *opts = data; - char *rules_string; - int error, jsys, len; - - error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys)); - if (error == ENOENT) - jsys = -1; - error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len); - if (error == ENOENT) - rules_string = ""; - else - jsys = JAIL_SYS_NEW; - switch (jsys) { - case JAIL_SYS_INHERIT: - remove_rules(pr); - error = 0; - break; - case JAIL_SYS_NEW: - error = parse_and_set_rules(pr, rules_string); - break; - } - return (error); -} SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters"); SYSCTL_JAIL_PARAM_STRING(_mdo, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN, "Jail MAC/do rules"); + static int -mac_do_prison_get(void *obj, void *data) +mac_do_jail_create(void *obj, void *data __unused) +{ + struct prison *const pr = obj; + + set_empty_rules(pr); + return (0); +} + +static int +mac_do_jail_get(void *obj, void *data) { struct prison *ppr, *pr = obj; struct vfsoptlist *opts = data; @@ -391,16 +374,7 @@ done: } static int -mac_do_prison_create(void *obj, void *data __unused) -{ - struct prison *const pr = obj; - - set_empty_rules(pr); - return (0); -} - -static int -mac_do_prison_check(void *obj, void *data) +mac_do_jail_check(void *obj, void *data) { struct vfsoptlist *opts = data; char *rules_string; @@ -427,6 +401,34 @@ mac_do_prison_check(void *obj, void *data) return (error); } +static int +mac_do_jail_set(void *obj, void *data) +{ + struct prison *pr = obj; + struct vfsoptlist *opts = data; + char *rules_string; + int error, jsys, len; + + error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys)); + if (error == ENOENT) + jsys = -1; + error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len); + if (error == ENOENT) + rules_string = ""; + else + jsys = JAIL_SYS_NEW; + switch (jsys) { + case JAIL_SYS_INHERIT: + remove_rules(pr); + error = 0; + break; + case JAIL_SYS_NEW: + error = parse_and_set_rules(pr, rules_string); + break; + } + return (error); +} + /* * OSD jail methods. * @@ -435,12 +437,13 @@ mac_do_prison_check(void *obj, void *data) * destructor. */ static const osd_method_t osd_methods[PR_MAXMETHOD] = { - [PR_METHOD_CREATE] = mac_do_prison_create, - [PR_METHOD_GET] = mac_do_prison_get, - [PR_METHOD_SET] = mac_do_prison_set, - [PR_METHOD_CHECK] = mac_do_prison_check, + [PR_METHOD_CREATE] = mac_do_jail_create, + [PR_METHOD_GET] = mac_do_jail_get, + [PR_METHOD_CHECK] = mac_do_jail_check, + [PR_METHOD_SET] = mac_do_jail_set, }; + static void init(struct mac_policy_conf *mpc) { From nobody Mon Dec 16 14:45:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRn2RKDz5hWRL; Mon, 16 Dec 2024 14:45:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRm6pX8z4dsd; Mon, 16 Dec 2024 14:45:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360357; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UFAqYOmbOMxPGZd10D1F4H2I4UbfDemFya54mRzQIVA=; b=vhL3D2Zk4/BHqwutWwIz7m8p44Aoz7WFCH/piAdHjSEmyghib0sT5ScuOAvjxTRaixhJ1A boUSKBs/UuMoACnfKr3iEpMZD9GwO0GfRtDXWAjtWqSOfM/Xe2h4A5E7sP98FNFNorfnnG Dn1fghsZT020tSMKteHS6vlt76ELxf1ZSOOxqP7O1DnMNPhxsxfawI+5BzBk7j2F2uOHmj ecOUMcLlsOIvXzJbtzR58aLHvLVR/7ezatEnDt9ehaVoodNbttzppOdREBwcU4TN1Kp4rL LpfiHae7ofClWH/DiqL8iPT/Zqyx7d85yq0mMe5aJmMTWE66MvmyqVYXaX8G5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360357; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UFAqYOmbOMxPGZd10D1F4H2I4UbfDemFya54mRzQIVA=; b=XdLQq9nVRl+WP/BQq6ZRSbwBpeUOOaMxLJFnS/aZbbm9qxdLuOjyr8gkpZeMaUBuuIGYXJ pCWWxFlA7xVfghBUhb0vO8xLbqQTo9nBYvv3Wh6GbtaOFo2ZZoHh9NrJshZIPKsZf0N6+D 1ZDWuzcpeSZLMaM6omyHtYZRqT6eHZ9FWCb3TS2OJ3OxuFdAJDTL6pKuwzYKMo7Ib4r1Sm UVoPCZYrmm8LCIcWZLLK6zNaCaXzXDS5G2YOeNcSpZh4XzU9PZG6iLxmVgyFNDL0qoWqhk l+x76YMnbftlBrGZ8beEnAQwUF1x3tkUF5HLNcDWmU4nanYwgxqqGNTySks2aQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360357; a=rsa-sha256; cv=none; b=fpoDwTdUPOB8lBhj7MxME9OzBw2f1NrTgJsjabVbMAg7ODt6YyMX59zJfpce7ziP8YGxby k3nXmdESQJUXpLlkd3VEy0llPCSeIltavw21c0r+f1Rud9sJJ6qt0P9U7fTq+o9WHhRMju YKXZZsz7LCuKBhgne9IEWTbEFpKZk1eaQC2mX4Dv0RXIFJrUMQ4a1JkvTkdaBdWDFyx4I4 t2EY301ZkvH122RgywBGslqd3nZGzP3XcAhGABpR7CpoPyoz3yr290GyKJ8jUnPADkD6m1 ne4rYlo8twjmDVorI8/fHfMacJswD5kV4IjmNxYlczpYE7xrFuJkTooUx7YldA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRm65PmzxBF; Mon, 16 Dec 2024 14:45:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjuFR053367; Mon, 16 Dec 2024 14:45:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjuCs053364; Mon, 16 Dec 2024 14:45:56 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:56 GMT Message-Id: <202412161445.4BGEjuCs053364@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f3a06ced2568 - main - MAC/do: Sysctl knobs/jail parameters under MAC's common nodes List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f3a06ced25681b6da40c652203f882ba18be227d Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f3a06ced25681b6da40c652203f882ba18be227d commit f3a06ced25681b6da40c652203f882ba18be227d Author: Olivier Certner AuthorDate: 2024-07-04 09:51:00 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:36 +0000 MAC/do: Sysctl knobs/jail parameters under MAC's common nodes Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47608 --- sys/security/mac_do/mac_do.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index a57c29c407b8..6f68a6f62a79 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -23,8 +23,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, do, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "mac_do policy controls"); @@ -338,8 +336,8 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, "Rules"); -SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters"); -SYSCTL_JAIL_PARAM_STRING(_mdo, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN, +SYSCTL_JAIL_PARAM_SYS_SUBNODE(mac, do, CTLFLAG_RW, "Jail MAC/do parameters"); +SYSCTL_JAIL_PARAM_STRING(_mac_do, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN, "Jail MAC/do rules"); @@ -361,10 +359,10 @@ mac_do_jail_get(void *obj, void *data) int jsys, error; rules = find_rules(pr, &ppr); - error = vfs_setopt(opts, "mdo", &jsys, sizeof(jsys)); + error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error != 0 && error != ENOENT) goto done; - error = vfs_setopts(opts, "mdo.rules", rules->string); + error = vfs_setopts(opts, "mac.do.rules", rules->string); if (error != 0 && error != ENOENT) goto done; prison_unlock(ppr); @@ -380,14 +378,14 @@ mac_do_jail_check(void *obj, void *data) char *rules_string; int error, jsys, len; - error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys)); + error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error != ENOENT) { if (error != 0) return (error); if (jsys != JAIL_SYS_NEW && jsys != JAIL_SYS_INHERIT) return (EINVAL); } - error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len); + error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len); if (error != ENOENT) { if (error != 0) return (error); @@ -409,10 +407,10 @@ mac_do_jail_set(void *obj, void *data) char *rules_string; int error, jsys, len; - error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys)); + error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error == ENOENT) jsys = -1; - error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len); + error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len); if (error == ENOENT) rules_string = ""; else From nobody Mon Dec 16 14:45:57 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRp6TBjz5hWZ4; Mon, 16 Dec 2024 14:45:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRp0MYLz4dt5; Mon, 16 Dec 2024 14:45:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Aa4JFeCF2Omu4Y0RA75MGH0eZI2o0wZThSqEpeXxYYs=; b=lbseZsYzTd2r8IyaUa+vkYgFpRrHIqkgZMtRHucL8s1e68Dbi3CQDTyVDJfIAi+pqtJ+Fz N5m0HI4blgiz72xpqb+AGJYNsBhZ/lbef4yN+hS18k8o9ROND2gr3HycZM8Vw7Kx17sk6I 15td2NZTMZgY5PU1YI1FapNZyDBmiuDwv4YH7DxUbbSPv+uUEL6fMjb2YvIZJkA7+IJz0F 4ZyDz3fEPTT0L1wadbmq7Kmf3HePwiEnjzhMpgOuTU2ESbcUeLup0MO56H3vS8/By9O8xn t2MyDq3BD2FpsCQ0ZJCct2UYjtW/+aMJ6CSvum+s/FHueTA13vfy5msLJH+Vsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Aa4JFeCF2Omu4Y0RA75MGH0eZI2o0wZThSqEpeXxYYs=; b=YNIVZh2HlIwT2OhnZWBN2xlLyGBUk1whjMC2WI4EtHekNHSF8+nkEKmfVGdyeYVpdpLcxn zcQEb3zFfugdBhIVou10+wwccREwkrS2VGD82pYOQE/QO9W7tcpaTrT1EBsWAplt3kUJ+Y M5nlHp8+ztC866AlO+CjIBuQk8W8SY+xJ6eGCh6DzFDAF87GmuJlaC8E27Y4Y5+f9mjzwV L4tHHy7QnvsRnyqsAWW+WC9ihg31wjW2QbYTk7+tP/JSSNMcq5XXcRtc5VeVrPnqCtMpcc rqM+0NyOdZ6LsAv7vWebaS/vfgto1mIW4Effwo6c/nm4IsMTqr2zSJHaJ/FW+w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360358; a=rsa-sha256; cv=none; b=A8yFxBt8D1qR4Y7LcHe6AHx+Zw11CguNfOZGXUqwarG8u2KoulbA/gFxIdVprsNFhkzJrQ lxVaDGrX4MdtWovvFBq8Kzp4onp+wxWL4YtR9QUrd7bnjok4xpt90Mf/+iC+67X+no3rXU OrP9w3dKBvHWcST/aKwSn5D7FT8XdopXuSR1gD5OYdkVdAMH1z9fzSWW92FWLoiwOBUGgB XBXZvvVj1rCThOI83Fa3MKvDDYFBWIDaqJB3lbI9vMMgS/OYx6tELeFtMNg1nH1H/xWlRu 1JfFUR5FTWyDb8QdA9rUYjHA+XOiGp/hTt8lvwQgsNdG4Ow8aTd++Z7GGRDx2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRn74R4zy0G; Mon, 16 Dec 2024 14:45:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjvmj053407; Mon, 16 Dec 2024 14:45:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjvLW053404; Mon, 16 Dec 2024 14:45:57 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:57 GMT Message-Id: <202412161445.4BGEjvLW053404@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2a20ce91dc29 - main - MAC/do: Fix jail_get() (PR_METHOD_GET) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2a20ce91dc29e5a80f4eeb9352cf3169cd1891b9 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2a20ce91dc29e5a80f4eeb9352cf3169cd1891b9 commit 2a20ce91dc29e5a80f4eeb9352cf3169cd1891b9 Author: Olivier Certner AuthorDate: 2024-07-03 15:22:28 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:37 +0000 MAC/do: Fix jail_get() (PR_METHOD_GET) - Properly fill 'jsys' before copying it out (we would leak bytes from the kernel stack). When the current jail has its own 'struct rules', set it to the special value JAIL_SYS_DISABLE if it in fact holds no rules. - Don't forget to unlock the jail holding rules on error. - Correctly return errors. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47609 --- sys/security/mac_do/mac_do.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 6f68a6f62a79..2482221e43a3 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -353,22 +353,28 @@ mac_do_jail_create(void *obj, void *data __unused) static int mac_do_jail_get(void *obj, void *data) { - struct prison *ppr, *pr = obj; - struct vfsoptlist *opts = data; + struct prison *ppr, *const pr = obj; + struct vfsoptlist *const opts = data; struct rules *rules; int jsys, error; rules = find_rules(pr, &ppr); + + jsys = pr == ppr ? + (TAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) : + JAIL_SYS_INHERIT; error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error != 0 && error != ENOENT) goto done; + error = vfs_setopts(opts, "mac.do.rules", rules->string); if (error != 0 && error != ENOENT) goto done; - prison_unlock(ppr); + error = 0; done: - return (0); + prison_unlock(ppr); + return (error); } static int From nobody Mon Dec 16 14:46:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRr4nknz5hWZ7; Mon, 16 Dec 2024 14:46:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRr1nnKz4dlK; Mon, 16 Dec 2024 14:46:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kMkzboLw6YPOJZAK3iqnX0IgHjSbFIr4tde5Hp040Ro=; b=DO9wTar7qcWdBSms2PLDX8Ya07K2brUOs7s57dVlZcUOvAQH/ggEx+6gfNVPuu8zcL04pf WDyiEvp7Q52jToERhfWHhLIqeNI0xKXwZ0nG4uxgB7D18NSBhSvSfWzKAw2jaA3TrV+uNI gwna7yCAGbfZczusSatHD6UEqcnP+jQokdbDQDXa7p6CAe+stnG3p2knE+wQ/UPMbXy4Oq 1CsAkSuYfek1BZKNoYiCBI78zWVE7zuSDjcgGNpmAxLyD/siP174TvfHvyrEjUm3WM3EaC YACrs8JSuvXKs6RV/bk8dJPbSKtEfXmqtbB7SM+V5PhVb/o6acg8FCE1zG6AVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kMkzboLw6YPOJZAK3iqnX0IgHjSbFIr4tde5Hp040Ro=; b=pZOAcVKqKFtRSKt6pnRiiY4HHx5gDhusVVNlVMJ3AyD5CwlZVq+uD1vS0rSFDc7EJqaj1T pG9mCXzuXCn49o7vomXUG4NyMX7DiFrlLddsIK9AIznj9WL49oHr88+TzlGFfvhAT7267j Tapu4qmbTjwPIUThtPHTu70uS1EDw/oA/Ztk9PQKe84lRYysD1LjhZNeT0zpAfFsniw1hr jrF5UxyMuEkpVv0fKKJm9Utf4FeNBPeH0+/eHkcvVgEiASBrE61SPZULFls58ALW3hPyGX k7JokU6tSniO2nQjhQwt5t58Dhr1+oD07dNS5SI5U/Xj40qNNVRQmfRkzwY2fA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360360; a=rsa-sha256; cv=none; b=CTdnBkb+q+i2C/LIKaZ00GMIFUoitedqa/epcAGYMf8oprz2fxG439V+XieLBbdu22Wk3P AUgocV8M+yJFZJmLwQQ2iCEFKzNpGJ+TqUxqupOL/0hsxtczd7kO4OncXYc7IY/z215CHC IKmzymDGlBdftka2/YxNqze8T505MoKTg3w69fIWp3YymI7Aj1HWl14jXKeAAZhNgmaaGJ 9T9ljkxa0KK/1woyR7dH+8RI65J+bLqZ/p1IoRrSp2jYVS7blsHxM21fFg0QkNYzMGpvKQ VeVud3SbVO8flM5zcxLYVI4mwfJ6VFZNNm1rctaPYiFOcY5o53RQLU2h9j/fgw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRr1NbCzxH9; Mon, 16 Dec 2024 14:46:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk0im053507; Mon, 16 Dec 2024 14:46:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk0dP053504; Mon, 16 Dec 2024 14:46:00 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:00 GMT Message-Id: <202412161446.4BGEk0dP053504@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: e4ce30f8da61 - main - MAC/do: parse_rule_element(): Style, more clarity List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e4ce30f8da612db96410b66cccf9fc12ccce282a Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=e4ce30f8da612db96410b66cccf9fc12ccce282a commit e4ce30f8da612db96410b66cccf9fc12ccce282a Author: Olivier Certner AuthorDate: 2024-07-04 16:35:47 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:37 +0000 MAC/do: parse_rule_element(): Style, more clarity Add newlines to separate logical blocks. Remove braces around 'if's non-compound substatements. No functional change (intended). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47611 --- sys/security/mac_do/mac_do.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index ed1d0bcfa43c..4ef9b68bf513 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -94,19 +94,22 @@ parse_rule_element(char *element, struct rule **rule) error = EINVAL; goto error; } - if (strcmp(type, "uid") == 0) { + + if (strcmp(type, "uid") == 0) new->from_type = RULE_UID; - } else if (strcmp(type, "gid") == 0) { + else if (strcmp(type, "gid") == 0) new->from_type = RULE_GID; - } else { + else { error = EINVAL; goto error; } + id = strsep(&element, ":"); if (id == NULL) { error = EINVAL; goto error; } + switch (new->from_type) { case RULE_UID: new->f_uid = strtol(id, &p, 10); @@ -121,13 +124,14 @@ parse_rule_element(char *element, struct rule **rule) error = EINVAL; goto error; } + if (element == NULL || *element == '\0') { error = EINVAL; goto error; } - if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) { + if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) new->to_type = RULE_ANY; - } else { + else { new->to_type = RULE_UID; new->t_uid = strtol(element, &p, 10); if (*p != '\0') { From nobody Mon Dec 16 14:46:01 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRs3k0Tz5hWLw; Mon, 16 Dec 2024 14:46:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRs2bWGz4drb; Mon, 16 Dec 2024 14:46:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rM7cHnRNlSKUSuPnyow7zBl03HQbFxDKkeOOhOAI1uo=; b=mWfeuVQOsu89HUBGiQpt8OlCIeg/1qhdRit/OaAe9vQMNLWt/Gh0ZTKTX5Sk5hbEvrkHyf D9UJ72ztoFzQB9mdeFkul7QLLtophaa5muZazkaiXw3cSoObHLoeknTAztejRayDOo1Sb2 Jzq2/23bYTC+l9XLlcmV7f+rijhsisjvUYnU1YwxEbgJwZyu9vJIOAvTK5RRK/5K6H0JK1 PgK7Se6t2sTIFN7BeamPAx/qqwgs8e/YW0Ubb2TbuZnipjaQ4O2w+KRr+jrI/8XnOiQMjm IYiOdmEkBVarUI3tKF3V1co8y4rynIkycUrN2PbL4qWNTViRGZ6jiv3WA6ZytQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rM7cHnRNlSKUSuPnyow7zBl03HQbFxDKkeOOhOAI1uo=; b=ScqkkRerqRBVI5uYsnRhKurWkJVe8pU9634eJy99ElACZ4k4olodltZnCpeUxHt/lxwRxD +5zPGD/nOIHbZb4VqmUV2/t4ITJxSczYwzOGwt+n1ct6TBsVwiJp5LDeiK2+kN0XKmXjmZ 1iSaqCESxOK/IAFy1Ez1uoXqzCIGVdGFRz4gXKSrLrQ//rQzkyDWcAqlZyVSTQJJJLA5h6 9A8+nY01izcXposy4bj9PhxwGWTutw+teX7jyG/o8FFedxNO2X+SmKpYaG7ZCM8Lc1wlhD GSMV+gf8GNcajSuVH48Kjmw4aDyQSNifW5aYhFFmcFRL2AM6+kykZK9fEYtMHw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360361; a=rsa-sha256; cv=none; b=GcI44o17JcBGEmonLAGscO6lwLv/poJiyr+goaJDy5s8Ef6E0BkInlrjIdMBRh09/yNHKx HdXri503r8c3OWq/HKAl0sSr70YA5G+nBHgLnzims4d3wyGjqICQ5inZaeItBx8Ws8Gnx4 9NS13G4JXGLzG7qIq/0n1uGu1VtR24rijazeuSCAAVPSzoajqzw5EAio+Nk4F77FLQ9drS 6PP2AJsL1Gn57kAkU8M6nAB+6i/VusjpjoDkTi2o9jYZoXHUmebyasPcHBWp4dawhPbFju x7/TOwwbik2hiFeZjS/hKnbx7tSO59C0UA/iqVz7MQQ3KVzAPLghNmQZero47A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRs26m2zxWx; Mon, 16 Dec 2024 14:46:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk1rA053561; Mon, 16 Dec 2024 14:46:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk1EW053558; Mon, 16 Dec 2024 14:46:01 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:01 GMT Message-Id: <202412161446.4BGEk1EW053558@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: fa4352b74580 - main - MAC/do: parse_rule_element(): Bug in parsing the origin ID List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fa4352b74580832d7b501d34d09a564438a82c3d Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=fa4352b74580832d7b501d34d09a564438a82c3d commit fa4352b74580832d7b501d34d09a564438a82c3d Author: Olivier Certner AuthorDate: 2024-07-05 11:49:27 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:37 +0000 MAC/do: parse_rule_element(): Bug in parsing the origin ID The ID field was allowed to be empty, which would be then parsed as 0 by strtol(). There remains bugs in this function, where parsing for from- or to- IDs accepts spaces and produces 0, but this will conveniently be fixed in a later commit introducing strtoui_strict(). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47612 --- sys/security/mac_do/mac_do.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 4ef9b68bf513..edd728ea070a 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -105,7 +105,7 @@ parse_rule_element(char *element, struct rule **rule) } id = strsep(&element, ":"); - if (id == NULL) { + if (id == NULL || *id == '\0') { error = EINVAL; goto error; } From nobody Mon Dec 16 14:45:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRq6PdKz5hWPP; Mon, 16 Dec 2024 14:45:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRq0YCpz4dl6; Mon, 16 Dec 2024 14:45:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nZpbAKxHD2T8txy+JeSn6wK1G/B5VJJZZrzCIVYvhqc=; b=dtu+PbFw5XpyLXvwfpwmXmSPc5NtSCckA3/rTVrmgxVD4jIdlGJd+F+1wEnWysHTKdxTlA kLGW0tABAYq2UQp0Czv/XhU8FvRmsD2LMBAsAY+pbvKutawM+PlKM6vbLlqoyTs8Cu9Mov X6ogYPQSQgoNVMN0EujduaEom0vPL9KgskF7pvF5649kou5yioaTfstPm/2D7wdQcFsG3y fjV5EMflsb98aQJ5TgFuzSf+obsRw3+Rv2xox0sq4pnyoTkBp7qOlhItX+O4V/Or9HbTbL LE9QDbQA+HAXGOkVx7CZM+dw1KnD3K28d5MbCC1fJrtFZq5jES40OUuWfM2a/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nZpbAKxHD2T8txy+JeSn6wK1G/B5VJJZZrzCIVYvhqc=; b=aoCn76F7kK8XptY8E2VJoW0tPHAcJRRKoDec+RXgN7PVZkFawAwBLCoJ3l54FjeOWWTqxm 2jr06YBlrvYg8tNiR1OMfhePKd/ira3hKaFkKfXbkNnM4mA9wBolhR2l77j6faOUzypn6e HNhRQLPV83STRmFS8w1NW2FSZ0ZnLTBjtWyDovMR6OrQDMF3HcNMT6GtBVHS6IGqDladGJ kxtQKw3B0ReKkoGHdJWoWXAOR4es3UGPcF4Va6613zc2citz+94t4v0KdaSfG1vv3ZKYYW xshETJ2iODHNz8kYizoGIGf1pLCk9lgD4FdOpquT+QpqQKyacH7jqdxDDp2+SA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360359; a=rsa-sha256; cv=none; b=Lv//vFMeKFJPBK3GQ7tnN2XTY0W6I6S0dkk7YLK1Sje1EsDlYTgYbeHZahM3s48m5oAXXg J2d6ngXUHtk7A/eZy8kTdti2BsQ6b6iocI9908BKDAT49CAxswkGWuokZYWGSeRR8Y/hm8 gUnBjKVHz8voKvVJtKhjIVCen5rQ1hyjUFtFKLGRbFVWfYWXNf88rr9/pzdmFEKAF1a5+A tBO6oZdTHTC1P/yJOkxyOvc7Jv0/Mb71FyBwoC8Iy0VQb7dg1EcsfaAXA6BIJVv6oDSOLd taRV5JWvImeOiASXGrrrHUABBgMoOlNwbtOL2jjL0Inq/iF82LDhUTBkR7y43g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRq0996zx0P; Mon, 16 Dec 2024 14:45:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjwuh053458; Mon, 16 Dec 2024 14:45:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjwn0053455; Mon, 16 Dec 2024 14:45:58 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:58 GMT Message-Id: <202412161445.4BGEjwn0053455@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 11eb32958f2c - main - MAC/do: jail_check()/jail_set(): Revamp List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 11eb32958f2c6e70892201982c1c92a0140d6864 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=11eb32958f2c6e70892201982c1c92a0140d6864 commit 11eb32958f2c6e70892201982c1c92a0140d6864 Author: Olivier Certner AuthorDate: 2024-07-03 15:44:24 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:37 +0000 MAC/do: jail_check()/jail_set(): Revamp Handle JAIL_SYS_DISABLE the same as JAIL_SYS_NEW with an empty rules specification, coherently with jail_get(). Also accept JAIL_SYS_DISABLE in "mac.do" without "mac.do.rules" being specified. The default value for "mac.do", if not passed explicitly, is either JAIL_SYS_NEW if "mac.do.rules" is present and non-empty, or JAIL_SYS_DISABLE if present and empty or not present. Perform all cheap sanity checks in jail_check(), and have these materialized as well in jail_set() under INVARIANTS. Cheap checks are type and coherency checks between the values of "mac.do" and "mac.do.rules". They don't include parsing the "mac.do.rules" string but just checking its length (when applicable). In a nutshell, JAIL_SYS_DISABLE and JAIL_SYS_INHERIT are allowed iff "mac.do.rules" isn't specified or is with an empty string, and JAIL_SYS_NEW is allowed iff "mac.do.rules" is specified (the latter may be empty, in which case this is equivalent to JAIL_SYS_DISABLE). Normally, vfs_getopts() is the function to use to read string options. Because we need the length of the "mac.do.rules" string to check it, in order to avoid double search within jail options in jail_check(), we use vfs_getopt() instead, but perform some additional checks afterwards (the same as those performed by vfs_getopts()). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47610 --- sys/security/mac_do/mac_do.c | 128 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 111 insertions(+), 17 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 2482221e43a3..ed1d0bcfa43c 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -377,31 +377,94 @@ done: return (error); } +/* + * -1 is used as a sentinel in mac_do_jail_check() and mac_do_jail_set() below. + */ +_Static_assert(-1 != JAIL_SYS_DISABLE && -1 != JAIL_SYS_NEW && + -1 != JAIL_SYS_INHERIT, + "mac_do(4) uses -1 as a sentinel for uninitialized 'jsys'."); + +/* + * We perform only cheap checks here, i.e., we do not really parse the rules + * specification string, if any. + */ static int mac_do_jail_check(void *obj, void *data) { struct vfsoptlist *opts = data; char *rules_string; - int error, jsys, len; + int error, jsys, size; error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys)); - if (error != ENOENT) { + if (error == ENOENT) + jsys = -1; + else { if (error != 0) return (error); - if (jsys != JAIL_SYS_NEW && jsys != JAIL_SYS_INHERIT) + if (jsys != JAIL_SYS_DISABLE && jsys != JAIL_SYS_NEW && + jsys != JAIL_SYS_INHERIT) return (EINVAL); } - error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len); - if (error != ENOENT) { + + /* + * We use vfs_getopt() here instead of vfs_getopts() to get the length. + * We perform the additional checks done by the latter here, even if + * jail_set() calls vfs_getopts() itself later (they becoming + * inconsistent wouldn't cause any security problem). + */ + error = vfs_getopt(opts, "mac.do.rules", (void**)&rules_string, &size); + if (error == ENOENT) { + /* + * Default (in absence of "mac.do.rules") is to disable (and, in + * particular, not inherit). + */ + if (jsys == -1) + jsys = JAIL_SYS_DISABLE; + + if (jsys == JAIL_SYS_NEW) { + vfs_opterror(opts, "'mac.do.rules' must be specified " + "given 'mac.do''s value"); + return (EINVAL); + } + + /* Absence of "mac.do.rules" at this point is OK. */ + error = 0; + } else { if (error != 0) return (error); - if (len > MAC_RULE_STRING_LEN) { - vfs_opterror(opts, "mdo.rules too long"); + + /* Not a proper string. */ + if (size == 0 || rules_string[size - 1] != '\0') { + vfs_opterror(opts, "'mac.do.rules' not a proper string"); + return (EINVAL); + } + + if (size > MAC_RULE_STRING_LEN) { + vfs_opterror(opts, "'mdo.rules' too long"); return (ENAMETOOLONG); } + + if (jsys == -1) + /* Default (if "mac.do.rules" is present). */ + jsys = rules_string[0] == '\0' ? JAIL_SYS_DISABLE : + JAIL_SYS_NEW; + + /* + * Be liberal and accept JAIL_SYS_DISABLE and JAIL_SYS_INHERIT + * with an explicit empty rules specification. + */ + switch (jsys) { + case JAIL_SYS_DISABLE: + case JAIL_SYS_INHERIT: + if (rules_string[0] != '\0') { + vfs_opterror(opts, "'mac.do.rules' specified " + "but should not given 'mac.do''s value"); + return (EINVAL); + } + break; + } } - if (error == ENOENT) - error = 0; + return (error); } @@ -411,24 +474,55 @@ mac_do_jail_set(void *obj, void *data) struct prison *pr = obj; struct vfsoptlist *opts = data; char *rules_string; - int error, jsys, len; + int error, jsys; + + /* + * The invariants checks used below correspond to what has already been + * checked in jail_check() above. + */ error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys)); - if (error == ENOENT) - jsys = -1; - error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len); - if (error == ENOENT) - rules_string = ""; - else - jsys = JAIL_SYS_NEW; + MPASS(error == 0 || error == ENOENT); + if (error != 0) + jsys = -1; /* Mark unfilled. */ + + rules_string = vfs_getopts(opts, "mac.do.rules", &error); + MPASS(error == 0 || error == ENOENT); + if (error == 0) { + MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN); + if (jsys == -1) + /* Default (if "mac.do.rules" is present). */ + jsys = rules_string[0] == '\0' ? JAIL_SYS_DISABLE : + JAIL_SYS_NEW; + else + MPASS(jsys == JAIL_SYS_NEW || + ((jsys == JAIL_SYS_DISABLE || + jsys == JAIL_SYS_INHERIT) && + rules_string[0] == '\0')); + } else { + MPASS(jsys != JAIL_SYS_NEW); + if (jsys == -1) + /* + * Default (in absence of "mac.do.rules") is to disable + * (and, in particular, not inherit). + */ + jsys = JAIL_SYS_DISABLE; + /* If disabled, we'll store an empty rule specification. */ + if (jsys == JAIL_SYS_DISABLE) + rules_string = ""; + } + switch (jsys) { case JAIL_SYS_INHERIT: remove_rules(pr); error = 0; break; + case JAIL_SYS_DISABLE: case JAIL_SYS_NEW: error = parse_and_set_rules(pr, rules_string); break; + default: + __assert_unreachable(); } return (error); } From nobody Mon Dec 16 14:46:02 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRt6XP1z5hWcy; Mon, 16 Dec 2024 14:46:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRt3gq2z4dv6; Mon, 16 Dec 2024 14:46:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B0/d0rjFDPaV3WzrMWvrLr1hGuPV7Ku8jNWq+8CiUi0=; b=FR9ZFSidZJMw+fhvRKbP+9V8zrF6dk71Q8zx08XW5CmdMAlSLHukhv9T15s7Y5ElNXivGt tjN/KlNhpmoZE128lP2mIAZ60gXroU25L3gNgT17MtgGxNd/yM5OFbJFrJF/itsR/dM4UB GEfKY5ep7x/IA0k+pSYLN2n+b/22ldGUXHiA4neccaZERCvhnSknMGsbLwbUKdvIB7f4Pn fafXoQMd7dlc7s2FHCnFkLnTv4CWL/cnKRykcVHm+CQcD5YQNMT8JgYHkiLoUrsKkDmZ+1 FVee1n9QdE/ue5dEFe0gx7gKVJWYj7UrXRripTEQmsoRHaC606XVS6zF6Qtlcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B0/d0rjFDPaV3WzrMWvrLr1hGuPV7Ku8jNWq+8CiUi0=; b=AZKOVmc9bPZPsrzLk3n/Lo1G30C9yJsE8+x8Ar5GBKz8gKBEyZioIYpqx1ba/YHqtm3Pwa ikETg9N1/q0Sf6x3Nmed0jACn3ZuktYJsbCMx9VxcmboMdd3xFwIp9w+3N0QdUZ4wuhgSU olc1hhqkI4trtPNgdGgS8mjBIKWiq3BinzFIf9kS51bweqD+boYK2hu+/AsURbfQqI0yku EUs4vY5vgVVUoUiocDx2HxZ9ySQyZYV1i30pXH2ksvsFPhkeyiVkt8FSC5Mq01YOKGCq2e xEG/PEHYjVpN/Gy9kSzxnz3GdO5MgLI1d4xOKyOvKkL/Z2qKwS/CD3jzrhvJUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360362; a=rsa-sha256; cv=none; b=vTE6QdbPWPcyz5EI/OhxC1pXD4YmwUyZqv8NXynKxLUop9ic2N03sW5SkP+ryx3SeHsckL cl+MqYj6yy0Rs01uLvueC3J1rlTp2ISayFdJVycno55IYHsVhba1QTfNoyRijrpvKm+gW+ 53SloZ2joZ8/X7byU3D5aXUVcV96IunPt50ReqHGsbIJP2A1HVp2Myrrslms7rfJ3jYuji sRSrnYVgeZydZY9pzQERc84eYItucqVjW/BiBtbi3fQ5KoIVs58AAOdNTUdg03VTYILen3 eseDPrnPdluCCUIKbkJdWxGDLmz0mgoIXc66qm7Ugomi13Uk2Igb77qypG/Wyw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRt3HNTzy0H; Mon, 16 Dec 2024 14:46:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk2o5053623; Mon, 16 Dec 2024 14:46:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk2MJ053620; Mon, 16 Dec 2024 14:46:02 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:02 GMT Message-Id: <202412161446.4BGEk2MJ053620@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 6aadc7b2ee05 - main - MAC/do: 'struct rule': IDs and types as 'u_int', rename fields List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6aadc7b2ee055fba58984fec715b6e2a754f9d3e Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=6aadc7b2ee055fba58984fec715b6e2a754f9d3e commit 6aadc7b2ee055fba58984fec715b6e2a754f9d3e Author: Olivier Certner AuthorDate: 2024-07-05 11:43:41 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:37 +0000 MAC/do: 'struct rule': IDs and types as 'u_int', rename fields This is in preparation for introducing a common conversion function for IDs and to simplify code a bit by removing the from-IDs union and not having to introduce a new one for to-IDs in a later commit. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47613 --- sys/security/mac_do/mac_do.c | 102 ++++++++++++++++++------------------------- 1 file changed, 43 insertions(+), 59 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index edd728ea070a..bfd5eb136fc1 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -40,14 +40,19 @@ static unsigned mac_do_osd_jail_slot; #define RULE_GID 2 #define RULE_ANY 3 +/* + * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions + * required for parsing rules specification strings. + */ +_Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 && + sizeof(gid_t) == sizeof(u_int) && (gid_t)-1 >= 0, + "mac_do(4) assumes that 'uid_t' and 'gid_t' are aliases to 'u_int'"); + struct rule { - int from_type; - union { - uid_t f_uid; - gid_t f_gid; - }; - int to_type; - uid_t t_uid; + u_int from_type; + u_int from_id; + u_int to_type; + u_int to_id; TAILQ_ENTRY(rule) r_entries; }; @@ -83,71 +88,50 @@ alloc_rules(void) static int parse_rule_element(char *element, struct rule **rule) { - int error = 0; - char *type, *id, *p; + const char *from_type, *from_id, *to; + char *p; struct rule *new; new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK); - type = strsep(&element, "="); - if (type == NULL) { - error = EINVAL; - goto error; - } + from_type = strsep(&element, "="); + if (from_type == NULL) + goto einval; - if (strcmp(type, "uid") == 0) + if (strcmp(from_type, "uid") == 0) new->from_type = RULE_UID; - else if (strcmp(type, "gid") == 0) + else if (strcmp(from_type, "gid") == 0) new->from_type = RULE_GID; - else { - error = EINVAL; - goto error; - } + else + goto einval; - id = strsep(&element, ":"); - if (id == NULL || *id == '\0') { - error = EINVAL; - goto error; - } + from_id = strsep(&element, ":"); + if (from_id == NULL || *from_id == '\0') + goto einval; - switch (new->from_type) { - case RULE_UID: - new->f_uid = strtol(id, &p, 10); - break; - case RULE_GID: - new->f_gid = strtol(id, &p, 10); - break; - default: - __assert_unreachable(); - } - if (*p != '\0') { - error = EINVAL; - goto error; - } + new->from_id = strtol(from_id, &p, 10); + if (*p != '\0') + goto einval; - if (element == NULL || *element == '\0') { - error = EINVAL; - goto error; - } - if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) + to = element; + if (to == NULL || *to == '\0') + goto einval; + + if (strcmp(to, "any") == 0 || strcmp(to, "*") == 0) new->to_type = RULE_ANY; else { new->to_type = RULE_UID; - new->t_uid = strtol(element, &p, 10); - if (*p != '\0') { - error = EINVAL; - goto error; - } + new->to_id = strtol(to, &p, 10); + if (*p != '\0') + goto einval; } - MPASS(error == 0); *rule = new; return (0); -error: - MPASS(error != 0); +einval: free(new, M_DO); *rule = NULL; - return (error); + return (EINVAL); } /* @@ -568,9 +552,9 @@ mac_do_destroy(struct mac_policy_conf *mpc) static bool rule_applies(struct ucred *cred, struct rule *r) { - if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid) + if (r->from_type == RULE_UID && r->from_id == cred->cr_uid) return (true); - if (r->from_type == RULE_GID && groupmember(r->f_gid, cred)) + if (r->from_type == RULE_GID && groupmember(r->from_id, cred)) return (true); return (false); } @@ -663,25 +647,25 @@ mac_do_check_setuid(struct ucred *cred, uid_t uid) rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { if (r->from_type == RULE_UID) { - if (cred->cr_uid != r->f_uid) + if (cred->cr_uid != r->from_id) continue; if (r->to_type == RULE_ANY) { error = 0; break; } - if (r->to_type == RULE_UID && uid == r->t_uid) { + if (r->to_type == RULE_UID && uid == r->to_id) { error = 0; break; } } if (r->from_type == RULE_GID) { - if (!groupmember(r->f_gid, cred)) + if (!groupmember(r->from_id, cred)) continue; if (r->to_type == RULE_ANY) { error = 0; break; } - if (r->to_type == RULE_UID && uid == r->t_uid) { + if (r->to_type == RULE_UID && uid == r->to_id) { error = 0; break; } From nobody Mon Dec 16 14:46:04 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRx0gszz5hWhj; Mon, 16 Dec 2024 14:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRw5N0Zz4dpq; Mon, 16 Dec 2024 14:46:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/YrsmLnJ4Eh/W+72MqZBSBGagVgrcbbl8IggIPFkL+0=; b=r8mo3r/SDH6KGaiAdDW5gIzjhVWESnt4oFrxwFEhPv/14jD4vBhziAXxZMpgrHq+VdyhVf EEOZATy0hXqJRzykQXNBlpBy6n8vgSmbtqLHeTlYNn0OdWltbwHBEGiyvmLdlosf/tmN5J 7Kvb7B/kqzNMef47GM61F3m/g5g52vr1tKeR2QbFQRtRh5W77hGgD5svg+JK25fhEQNPj2 dqnLD610nspRQ7Q040TpBCdjfcdyF4qUI7on6+caN9N1bVnbbZjfURK4Z/oPhry4VElQ6Y c7moG/XlG+g/DIvmvFsfaE1rOhUJXYVH0ble8z2uu7FUd+wCofHruElPzUiBog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/YrsmLnJ4Eh/W+72MqZBSBGagVgrcbbl8IggIPFkL+0=; b=lTGgLXr45LQDqDgDTbNZDZIOD6ulPozZ1hdN+i/hlchjJtswDkPJPBLe6HDXF4FqJ7I0tM 2lQTIgGpAEMVMZa/lk3X9RbGUcfbYo1iU0D/fZvZYy7PwErbxxJvdZa6vcj21XALsiwwKN ZAp871+h4b8Ga+YwlSDW1LeEvgQJ5RqGbrDVHTrfaSGIUMQpe5Llvr8grigY2DMcV4tTxG vXh2IeZ6Tm75xsdOvTGBVaYNm08D9KBMaqx1sFciOwwd41q4X9BxBmS4MZp2Lwxs0HKt0w 2V3RkdaPwhrd/i8GeK21h2EFr5qR7JDZ2KjAXRRvyroZXKoKG9p4a/pXiOZLEw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360364; a=rsa-sha256; cv=none; b=Z8H7uxElAfd62gnZ2TUu6mx+F4oxnEEd0H8G2ACKXIkFwKAEH8rcHF3yJ+JBfhrYFMJ+QL nUyqOxPJlLzfh6/zC3DKjiswbrk9XSrzd+X+Nel0P5Cj8n8Dm17bQDgSU/faxviGKLutFf 9ASwiyrwzB3ZNLKAnChS6x8X68+hvGfPTlH4YKaPZwA2JNfknKh/a9A+S8Ubg99yD5GRrg NlSZQHbDvRWpBuBPxgUA2hhNd8cLnMfDm+QZf1LbphUqEseH2zasDwFhXQfHJL4/ZsEFck pCMn/onG36ohxJxXB/ZGGkSNaGrDAvJZXmdk2z/Sd2HaNHrkjseohnJSBmeRZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRw4xH6zxnN; Mon, 16 Dec 2024 14:46:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk4mq053746; Mon, 16 Dec 2024 14:46:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk4Wi053743; Mon, 16 Dec 2024 14:46:04 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:04 GMT Message-Id: <202412161446.4BGEk4Wi053743@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 65766063f85d - main - MAC/do: Ease input/output of ID types List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 65766063f85d8b8fe8b24a50250a12a122974c26 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=65766063f85d8b8fe8b24a50250a12a122974c26 commit 65766063f85d8b8fe8b24a50250a12a122974c26 Author: Olivier Certner AuthorDate: 2024-07-05 13:30:15 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:38 +0000 MAC/do: Ease input/output of ID types Have a static constant array mapping numerical ID types to their canonical representations ('id_type_to_str'). New parse_id_type() that parses a type thanks to 'id_type_to_str' and with a special case to accept also 'any'. Have parse_rule_element() use parse_id_type(). A later commit will add a second call to the latter for the destination ID. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47615 --- sys/security/mac_do/mac_do.c | 49 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index e13684c15dab..5bec02ee2e56 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -38,10 +38,20 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do"); static unsigned mac_do_osd_jail_slot; +#define RULE_INVALID 0 /* Must stay 0. */ #define RULE_UID 1 #define RULE_GID 2 #define RULE_ANY 3 +static const char *id_type_to_str[] = { + [RULE_INVALID] = "invalid", + [RULE_UID] = "uid", + [RULE_GID] = "gid", + /* See also parse_id_type(). */ + [RULE_ANY] = "*", + NULL +}; + /* * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions * required for parsing rules specification strings. @@ -129,11 +139,36 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr, return (0); } +static int +parse_id_type(const char *const string, int *const type) +{ + /* + * Special case for "any", as the canonical form for RULE_ANY in + * id_type_to_str[] is "*". + */ + if (strcmp(string, "any") == 0) { + *type = RULE_ANY; + return (0); + } + + /* Start at 1 to avoid parsing "invalid". */ + for (size_t i = 1; id_type_to_str[i] != NULL; ++i) { + if (strcmp(string, id_type_to_str[i]) == 0) { + *type = i; + return (0); + } + } + + *type = RULE_INVALID; + return (EINVAL); +} + static int parse_rule_element(char *element, struct rule **rule) { const char *from_type, *from_id, *to, *p; struct rule *new; + int error; new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK); @@ -141,12 +176,16 @@ parse_rule_element(char *element, struct rule **rule) if (from_type == NULL) goto einval; - if (strcmp(from_type, "uid") == 0) - new->from_type = RULE_UID; - else if (strcmp(from_type, "gid") == 0) - new->from_type = RULE_GID; - else + error = parse_id_type(from_type, &new->from_type); + if (error != 0) goto einval; + switch (new->from_type) { + case RULE_UID: + case RULE_GID: + break; + default: + goto einval; + } from_id = strsep(&element, ":"); if (from_id == NULL || *from_id == '\0') From nobody Mon Dec 16 14:46:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRv6W2fz5hWd0; Mon, 16 Dec 2024 14:46:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRv4Dygz4f2j; Mon, 16 Dec 2024 14:46:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=V7qlMEj/NjVQp7kLMUPekM0aJNUW9Ptlvyr3Ork69dQ=; b=vfOU5R30XoNvvbntr0DDlT/BVB5Ov01O2BEnDIlCm0L4JW4gL3BwLrdc7qzWqvUJyoY1mZ TXD5+pccTeRaQDlNLrkclPkQlOC+C0c8YBNZCTfenxs57m7A6/edKl8YN4f6q46aLZsgja w9/hmsFikLCxZ8/acYAMkDidlvn8Js5Nps4yVpb805HUkH2xZlb2X+sK7YXgtArm1hqzxY lx18kuFMTg5kNwgvzeGQyxrHQuST5P5VhuzeaPJsMNqKkxvnJN1ID573tpV5mRnkcFO83/ Z/qRiopiVA6wRVsK2s2ld3eQgpvoMDjRxDcWMHX8tLnb4iLLCFD4Mk/0vYk/4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=V7qlMEj/NjVQp7kLMUPekM0aJNUW9Ptlvyr3Ork69dQ=; b=ki3rVrkbQqvVcuxdKTqQBz0INdsmEnUb0XHIo7DDnp0+Xsjn+89dKAYn9N/8gr8zH0BjiH TtgOP+LRs1KzWxXbgYCjJ+0Hs5AiqujvzJt9rJT+R6xqmVKOhRNWlh+rNz4yiTGhOf9Ppj s3wMJ7dX22Khz+Fl4Pu6wHumeW7dnWEvqMrKL5ZfuuYr7ceTXKjGjMbAGXSlEoGpIrFWBb KK4B8sqJRbF8jHZh+rgd2jvA9WCFDg0mjH6bkNoMUzGI/B5kJu6BMY/EWmsogYpLnOLl94 FN3/6soBzPIcxZanbdmeh6cL0562F+0i1X6aoJfLzSqPJNYnzq0OIXZ+alxRCg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360363; a=rsa-sha256; cv=none; b=H2ymfBLZVnuAb1dEfqVEgdUlUj4WiLEFkQlLMAU2dH0Zufm+pIIPcCbCOxPmuCOy0qlJR0 ZQLvCeyVAe8vXyl91/EX+zB4M/+Z1hL+pn6jmM2i8DFHEuZHivIzpTiRlQfHtyjL9cHc6G hifPsY4Tnxv/UMjYgJt5G/SF3HA8KhbBSAVB6GtcWP0H74SrpFnlqWdk5+hje/RNmCKKWT vVZMIVjIfhqfa8UgpImrdwBSjepg0JKHCVlJ8vraliAA7WzNHQXq99ozyR++MAg1Omw0Td FhTPiMGVQQD9THWgfiYdByJseWZxS6zecS6y083UTrbo8dOrCFbcmOTmtGtfgA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRv3ryHzy0J; Mon, 16 Dec 2024 14:46:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk3Hm053681; Mon, 16 Dec 2024 14:46:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk3wx053677; Mon, 16 Dec 2024 14:46:03 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:03 GMT Message-Id: <202412161446.4BGEk3wx053677@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 0af43c029048 - main - MAC/do: Better parsing for IDs (strtoui_strict()) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0af43c029048e1ad2f8b140a3baf3851785c12d9 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=0af43c029048e1ad2f8b140a3baf3851785c12d9 commit 0af43c029048e1ad2f8b140a3baf3851785c12d9 Author: Olivier Certner AuthorDate: 2024-07-05 12:16:36 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:38 +0000 MAC/do: Better parsing for IDs (strtoui_strict()) Introduce strtoui_strict(), which signals an error on overflow contrary to the in-kernel strto*() family of functions which have no 'errno' to set and thus do not allow callers to distinguish a genuine maximum value on input and overflow. It is built on top of strtoq() and the 'quad_t' type in order to achieve this distinction and also to still support negative inputs with the usual meaning for these functions. See the introduced comments for more details. Use strtoui_strict() to read IDs instead of strtol(). Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47614 --- sys/security/mac_do/mac_do.c | 55 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index bfd5eb136fc1..e13684c15dab 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -6,8 +6,10 @@ #include #include +#include #include #include +#include #include #include #include @@ -85,11 +87,52 @@ alloc_rules(void) return (rules); } +/* + * String to unsigned int. + * + * Contrary to the "standard" strtou*() family of functions, do not tolerate + * spaces at start nor an empty string, and returns a status code, the 'u_int' + * result being returned through a passed pointer (if no error). + * + * We detour through 'quad_t' because in-kernel strto*() functions cannot set + * 'errno' and thus can't distinguish a true maximum value from one returned + * because of overflow. We use 'quad_t' instead of 'u_quad_t' to support + * negative specifications (e.g., such as "-1" for UINT_MAX). + */ +static int +strtoui_strict(const char *const restrict s, const char **const restrict endptr, + int base, u_int *result) +{ + char *ep; + quad_t q; + + /* Rule out spaces and empty specifications. */ + if (s[0] == '\0' || isspace(s[0])) { + if (endptr != NULL) + *endptr = s; + return (EINVAL); + } + + q = strtoq(s, &ep, base); + if (endptr != NULL) + *endptr = ep; + if (q < 0) { + /* We allow specifying a negative number. */ + if (q < -(quad_t)UINT_MAX - 1 || q == QUAD_MIN) + return (EOVERFLOW); + } else { + if (q > UINT_MAX || q == UQUAD_MAX) + return (EOVERFLOW); + } + + *result = (u_int)q; + return (0); +} + static int parse_rule_element(char *element, struct rule **rule) { - const char *from_type, *from_id, *to; - char *p; + const char *from_type, *from_id, *to, *p; struct rule *new; new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK); @@ -109,8 +152,8 @@ parse_rule_element(char *element, struct rule **rule) if (from_id == NULL || *from_id == '\0') goto einval; - new->from_id = strtol(from_id, &p, 10); - if (*p != '\0') + error = strtoui_strict(from_id, &p, 10, &new->from_id); + if (error != 0 || *p != '\0') goto einval; to = element; @@ -121,8 +164,8 @@ parse_rule_element(char *element, struct rule **rule) new->to_type = RULE_ANY; else { new->to_type = RULE_UID; - new->to_id = strtol(to, &p, 10); - if (*p != '\0') + error = strtoui_strict(to, &p, 10, &new->to_id); + if (error != 0 || *p != '\0') goto einval; } From nobody Mon Dec 16 14:46:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRy1tnhz5hWXD; Mon, 16 Dec 2024 14:46:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRx6Fv1z4f9r; Mon, 16 Dec 2024 14:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bFAlA/+PuahRpR9WgoqZQEWfwzAf8kJM22YfL4Og8qA=; b=LCVcY8g60gHKz9xXjN89F8A8LT/9WFXcLHP0S20wyKMiQqxT81K8UyWhY6bjAiAxa/UulE QISvBVZbs/R1ztkf7+MASZhn+9rWg6MJnJ+0vMaEnqMkXNwQGjQUZXTr5cADpJEfMmN4fS V/KGlQqHyj831YqCYZq56Qgcg8xOZctwYjb0vob7F+Tq9+ejol/gge0i+EYAX85iQochCR R4PUkx2nlHS0klqlqKzZ+eIR1IwBzgDZ+63RpbPULo1sJcVVftSHxH6UAw6sYLIVj7M4jo J1VEkCqWeLlSF2UDaF5e5Lib8YPMRyBEUPG0iw0keXaHFGrx1nhwuW/On0xl9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bFAlA/+PuahRpR9WgoqZQEWfwzAf8kJM22YfL4Og8qA=; b=ANfi8Bhw4WbtdlZwN9HLpQ1+AxLhg1f8lfxpBjCgsmpd3zofMVf2OdXIj7jN5qo6VbhoW5 WjeUeQ06ZKVqAs2VYkS8ysU1RX+ungfVLOYN41GcuTRyVHvKU21dVMwEGKlLsVOfN0iFE5 qze0JEn6zId4N/PaI32GGZ1Q+z0Yf+seGp4M8SekoqLDRKGkXGAUIwi4vD83oXKUqb0oeO xeLUvBD85p8tGT97wC7bjfocrX+FdsHLEkWnEBPlYtXSOVQKWc+i//6QyxDjyMlLwqv2yd 1L9FKPYIBlBcT8Zi6B+P8mZ87BKXpMHumOP3bkmclCXpr2fSupDhS7FM1jPIGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360365; a=rsa-sha256; cv=none; b=BWFCIt5NcXzfEipIdyZE+GXL+V7ES654Nr7NKwH/BwNIWmI/TWlOWIYGn+TqeayuJKX6yH DEubvaSX9BR2BTb6rsfDh6etJD7RJem42HLj1ps3O5m3eUtJT8EUKo0bahnSPRjaUqxqu+ HUovZ2Xn3PdjsLWt78dHtdCqHiCK3grCHD6PoBLZWegFXWWJChTc1tjNat36FI+9N/UsrA qs1Y1hzVBxNHjsgP9TktPsk/Hrx0OQHe7JxZFNZ65i0r4KeQ4TIF+NzvFJya09sejTa8/k ROckFxKoXQ8Fnk8KcFXGfhmYNcGvFs31Kik88giiKOVM4PIR83q0bUkYCKyx3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRx5sstzxYM; Mon, 16 Dec 2024 14:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk5bW053802; Mon, 16 Dec 2024 14:46:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk5xw053799; Mon, 16 Dec 2024 14:46:05 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:05 GMT Message-Id: <202412161446.4BGEk5xw053799@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 40a664a463ba - main - MAC/do: Rename private OSD slot by removing 'mac_do_' prefix List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 40a664a463bab87505c8d42816a71202e8ad7bd9 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=40a664a463bab87505c8d42816a71202e8ad7bd9 commit 40a664a463bab87505c8d42816a71202e8ad7bd9 Author: Olivier Certner AuthorDate: 2024-11-25 15:07:57 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:38 +0000 MAC/do: Rename private OSD slot by removing 'mac_do_' prefix This variable is static and holds the OSD slot number for jails that MAC/do uses to store rules. In the same vein as previous renames, simplify it by removing the redundant prefix, as this name cannot appear in code outside of 'mac_do.c', nor in stack traces on panic. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47772 --- sys/security/mac_do/mac_do.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 5bec02ee2e56..fc1a6de471b6 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -36,7 +36,7 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do"); #define MAC_RULE_STRING_LEN 1024 -static unsigned mac_do_osd_jail_slot; +static unsigned osd_jail_slot; #define RULE_INVALID 0 /* Must stay 0. */ #define RULE_UID 1 @@ -284,7 +284,7 @@ find_rules(struct prison *const pr, struct prison **const aprp) cpr = pr; for (;;) { prison_lock(cpr); - rules = osd_jail_get(cpr, mac_do_osd_jail_slot); + rules = osd_jail_get(cpr, osd_jail_slot); if (rules != NULL) break; prison_unlock(cpr); @@ -299,7 +299,7 @@ find_rules(struct prison *const pr, struct prison **const aprp) } /* - * OSD destructor for slot 'mac_do_osd_jail_slot'. + * OSD destructor for slot 'osd_jail_slot'. * * Called with 'value' not NULL. */ @@ -317,14 +317,14 @@ dealloc_osd(void *const value) * In practice, this means that the rules become inherited (from the closest * ascendant that has some). * - * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail. + * Destroys the 'osd_jail_slot' slot of the passed jail. */ static void remove_rules(struct prison *const pr) { prison_lock(pr); /* This calls destructor dealloc_osd(). */ - osd_jail_del(pr, mac_do_osd_jail_slot); + osd_jail_del(pr, osd_jail_slot); prison_unlock(pr); } @@ -337,11 +337,11 @@ set_rules(struct prison *const pr, struct rules *const rules) struct rules *old_rules; void **rsv; - rsv = osd_reserve(mac_do_osd_jail_slot); + rsv = osd_reserve(osd_jail_slot); prison_lock(pr); - old_rules = osd_jail_get(pr, mac_do_osd_jail_slot); - osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules); + old_rules = osd_jail_get(pr, osd_jail_slot); + osd_jail_set_reserved(pr, osd_jail_slot, rsv, rules); prison_unlock(pr); if (old_rules != NULL) toast_rules(old_rules); @@ -617,7 +617,7 @@ mac_do_init(struct mac_policy_conf *mpc) { struct prison *pr; - mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods); + osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods); set_empty_rules(&prison0); sx_slock(&allprison_lock); TAILQ_FOREACH(pr, &allprison, pr_list) @@ -628,7 +628,7 @@ mac_do_init(struct mac_policy_conf *mpc) static void mac_do_destroy(struct mac_policy_conf *mpc) { - osd_jail_deregister(mac_do_osd_jail_slot); + osd_jail_deregister(osd_jail_slot); } static bool From nobody Mon Dec 16 14:46:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS02DxVz5hWXR; Mon, 16 Dec 2024 14:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS00kxGz4dy2; Mon, 16 Dec 2024 14:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360368; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dIgQ1uA/GUwmqey7ybMbZic/vk6uIzdujzoQg0a0snI=; b=AKKR/dD9/mIkMpptfZPCbPyuRakJt9Db8COy1mL0HlP1pL44UcbvH68bPrAxqzqGn+2Pgd y4Jnqj8PTjD3Hh/myN1cfItKG5HplGYeOQ9RhSIRzlthVEsuWFVTs69c8+ganG71dfDb4m fqpdQMgbSiWyRLM7/2jnZBkC83e7Usl5VL7IC5U6Qcx9o07kXmaOcbBNCyf8z0KyGMImi7 wVTaPBRVRto4T5UjUqybj/ByouO62ousH/gb3FqFV411VWdAKU8xJtfkBsuBdu7L8dMrYx YC7QFyEef9dxWdVHxwiPjKs1aM4DCzOigc0NfAv0F927I8tJwVlno9Mgtxkhjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360368; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dIgQ1uA/GUwmqey7ybMbZic/vk6uIzdujzoQg0a0snI=; b=aBZAMDnZrn928e+R+1P0IC/l8SSFnkQepMbVHit62Eb8V4uZQ9VJ1MOtqKuT1RHFE/yNyb keYDN3OgWCQEPOhXzrScJIbzfkWKJ+QtP62V63AMUCFeeXCIRBOh0fTVK4ZOPdn6xRYsZn XRgx7sK++hnwRvVxIILScCtXotzgir/RS5ytkw2VI/2eYGezRpLwGNMX1QjYCsSEdjyFH5 XI/F+J7M/VRhGurslQNNzbIw9v83h9tcFHqzuNORJ3wU7sjoFZzwqnskkLg9KKEMHnTYz4 zFQy7SmnAhwtlmRBahrU/Nuv+TxLoezwL1ne4pnus1QK+yjVRcxDDwTZX4gOmA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360368; a=rsa-sha256; cv=none; b=KFzApURWshsgfXmJCg0XdLTEK3eDgBqeYKlW8VS2ebSY+NMAwR+iRfi/DV+VUnErVxWx2a YzOLNB3yqoMMtuxNXkzYo8g4r686Lha4ss7JrBtebeL3bopmArKb56NCu86kbfRs06w09P BN+44MLp5RyqQmD3wYOeSfWyM4aB9JDr0ULW9vd0PTsRy4PHDY+/S/argsDbwIYmuuqT6e uhyQNViBVqEvmtXZzEZ/WnlVGUcJN8b+zACFcOSX+risr+FsOTBPk7pzElVGROt+EJ3HfK Q7QB+SfbDuE8TKAwPRwJJbKF3OHAgSevDdkrWxIXc2ttLaoWQjrCpOF4qutZRg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS00GT4zxWy; Mon, 16 Dec 2024 14:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk75S053910; Mon, 16 Dec 2024 14:46:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk7cx053907; Mon, 16 Dec 2024 14:46:07 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:07 GMT Message-Id: <202412161446.4BGEk7cx053907@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 87c06b7d026f - main - MAC/do: Output errors when parsing rules List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 87c06b7d026f2beeb3c2f695567ef72aa3a427ea Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=87c06b7d026f2beeb3c2f695567ef72aa3a427ea commit 87c06b7d026f2beeb3c2f695567ef72aa3a427ea Author: Olivier Certner AuthorDate: 2024-08-07 09:25:00 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:39 +0000 MAC/do: Output errors when parsing rules So that administrators can more easily know what the problem is with the rules they are trying to set. The new sysctl 'security.mac.do.print_parse_error' controls whether trying to set sysctl 'security.mac.do.rules' with invalid rules triggers printing of the error on the system console. Setting jail parameters directlty reports an error to the calling process thanks to the VFS options mechanism used by the jail machinery, so is not controlled by the new sysctl setting. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47617 --- sys/security/mac_do/mac_do.c | 231 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 191 insertions(+), 40 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 92c09d540723..decfb3c756f0 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -23,6 +23,8 @@ #include #include +#include + #include static SYSCTL_NODE(_security_mac, OID_AUTO, do, @@ -32,6 +34,11 @@ static int do_enabled = 1; SYSCTL_INT(_security_mac_do, OID_AUTO, enabled, CTLFLAG_RWTUN, &do_enabled, 0, "Enforce do policy"); +static int print_parse_error = 1; +SYSCTL_INT(_security_mac_do, OID_AUTO, print_parse_error, CTLFLAG_RWTUN, + &print_parse_error, 0, "Print parse errors on setting rules " + "(via sysctl(8))."); + static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do"); #define MAC_RULE_STRING_LEN 1024 @@ -52,6 +59,13 @@ static const char *id_type_to_str[] = { [IT_ANY] = "*", }; +#define PARSE_ERROR_SIZE 256 + +struct parse_error { + size_t pos; + char msg[PARSE_ERROR_SIZE]; +}; + /* * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions * required for parsing rules specification strings. @@ -364,8 +378,32 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr, return (0); } + +static void +make_parse_error(struct parse_error **const parse_error, const size_t pos, + const char *const fmt, ...) +{ + struct parse_error *const err = malloc(sizeof(*err), M_DO, M_WAITOK); + va_list ap; + + err->pos = pos; + va_start(ap, fmt); + vsnprintf(err->msg, PARSE_ERROR_SIZE, fmt, ap); + va_end(ap); + + MPASS(*parse_error == NULL); + *parse_error = err; +} + +static void +free_parse_error(struct parse_error *const parse_error) +{ + free(parse_error, M_DO); +} + static int -parse_id_type(const char *const string, id_type_t *const type) +parse_id_type(const char *const string, id_type_t *const type, + struct parse_error **const parse_error) { /* * Special case for "any", as the canonical form for IT_ANY in @@ -385,6 +423,7 @@ parse_id_type(const char *const string, id_type_t *const type) } *type = IT_INVALID; + make_parse_error(parse_error, 0, "No valid type found."); return (EINVAL); } @@ -426,8 +465,10 @@ has_clauses(const id_nb_t nb, const flags_t type_flags) static int parse_target_clause(char *to, struct rule *const rule, - struct id_list *const uid_list, struct id_list *const gid_list) + struct id_list *const uid_list, struct id_list *const gid_list, + struct parse_error **const parse_error) { + const char *const start = to; char *to_type, *to_id; const char *p; struct id_list *list; @@ -439,21 +480,30 @@ parse_target_clause(char *to, struct rule *const rule, id_type_t type; int error; + MPASS(*parse_error == NULL); MPASS(to != NULL); to_type = strsep(&to, "="); MPASS(to_type != NULL); to_type += parse_gid_flags(to_type, &is.flags, &gid_flags); - error = parse_id_type(to_type, &type); + error = parse_id_type(to_type, &type, parse_error); if (error != 0) goto einval; - if (type != IT_GID && is.flags != 0) + if (type != IT_GID && is.flags != 0) { + make_parse_error(parse_error, to_type - start, + "Expected type 'gid' after flags, not '%s'.", + to_type); goto einval; + } to_id = strsep(&to, ""); switch (type) { case IT_GID: - if (to_id == NULL) + if (to_id == NULL) { + make_parse_error(parse_error, to_type - start, + "No '=' and ID specification after type '%s'.", + to_type); goto einval; + } if (is.flags == 0) { /* No flags: Dealing with a primary group. */ @@ -473,17 +523,33 @@ parse_target_clause(char *to, struct rule *const rule, * supplementary groups). */ if ((is.flags & MDF_PRIMARY) != 0) { - if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0) + if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0) { + make_parse_error(parse_error, + to_id - start, + "'any' specified after another " + "(primary) GID."); goto einval; + } *tflags |= gid_flags | MDF_ANY; } else { /* * If a supplementary group flag was present, it * must be MDF_SUPP_ALLOW ("+"). */ - if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW || - (*tflags & MDF_HAS_SUPP_CLAUSE) != 0) + if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW) { + make_parse_error(parse_error, + to_id - start, + "'any' specified with another " + "flag than '+'."); + goto einval; + } + if ((*tflags & MDF_HAS_SUPP_CLAUSE) != 0) { + make_parse_error(parse_error, + to_id - start, + "'any' with flag '+' specified after " + "another (supplementary) GID."); goto einval; + } *tflags |= gid_flags | MDF_ANY_SUPP; } goto check_type_and_finish; @@ -493,18 +559,32 @@ parse_target_clause(char *to, struct rule *const rule, * category. */ if ((is.flags & MDF_PRIMARY) != 0) { - if ((*tflags & MDF_ANY) != 0) + if ((*tflags & MDF_ANY) != 0) { + make_parse_error(parse_error, + to_id - start, + "Some (primary) GID specified after " + "'any'."); goto einval; + } } else if ((*tflags & MDF_ANY_SUPP) != 0 && - (is.flags & MDF_SUPP_ALLOW) != 0) + (is.flags & MDF_SUPP_ALLOW) != 0) { + make_parse_error(parse_error, + to_id - start, + "Some (supplementary) GID specified after " + "'any' with flag '+'."); goto einval; + } *tflags |= gid_flags; } break; case IT_UID: - if (to_id == NULL) + if (to_id == NULL) { + make_parse_error(parse_error, to_type - start, + "No '=' and ID specification after type '%s'.", + to_type); goto einval; + } list = uid_list; nb = &rule->uids_nb; @@ -513,8 +593,11 @@ parse_target_clause(char *to, struct rule *const rule, /* "*" or "any"? */ if (parse_any(to_id)) { /* There must not be any other clause. */ - if (has_clauses(*nb, *tflags)) + if (has_clauses(*nb, *tflags)) { + make_parse_error(parse_error, to_id - start, + "'any' specified after another UID."); goto einval; + } *tflags |= MDF_ANY; goto check_type_and_finish; } else { @@ -522,22 +605,32 @@ parse_target_clause(char *to, struct rule *const rule, * Check that we haven't already seen "any" for the same * category. */ - if ((*tflags & MDF_ANY) != 0) + if ((*tflags & MDF_ANY) != 0) { + make_parse_error(parse_error, to_id - start, + "Some UID specified after 'any'."); goto einval; + } } break; case IT_ANY: /* No ID allowed. */ - if (to_id != NULL) + if (to_id != NULL) { + make_parse_error(parse_error, to_type - start, + "No '=' and ID allowed after type '%s'.", to_type); goto einval; + } /* * We can't have IT_ANY after any other IT_*, it must be the * only one. */ if (has_clauses(rule->uids_nb, rule->uid_flags) || - has_clauses(rule->gids_nb, rule->gid_flags)) + has_clauses(rule->gids_nb, rule->gid_flags)) { + make_parse_error(parse_error, to_type - start, + "Target clause of type '%s' coming after another " + "clause (must be alone).", to_type); goto einval; + } rule->uid_flags |= MDF_ANY; rule->gid_flags |= MDF_ANY | MDF_ANY_SUPP | MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE; @@ -556,8 +649,12 @@ parse_target_clause(char *to, struct rule *const rule, if ((*tflags & MDF_CURRENT) != 0) { /* Duplicate "." . Try to coalesce. */ error = coalesce_id_flags(is.flags, tflags); - if (error != 0) + if (error != 0) { + make_parse_error(parse_error, to_id - start, + "Incompatible flags with prior clause " + "with same target."); goto einval; + } } else *tflags |= MDF_CURRENT | is.flags; goto check_type_and_finish; @@ -565,8 +662,11 @@ parse_target_clause(char *to, struct rule *const rule, /* Parse an ID. */ error = strtoui_strict(to_id, &p, 10, &is.id); - if (error != 0 || *p != '\0') + if (error != 0 || *p != '\0') { + make_parse_error(parse_error, to_id - start, + "Cannot parse a numerical ID (base 10)."); goto einval; + } /* Explicit ID flags. */ if (type == IT_GID && (is.flags & MDF_SUPP_MUST) != 0) @@ -578,18 +678,22 @@ parse_target_clause(char *to, struct rule *const rule, * (using sorted arrays). */ ++*nb; - if (*nb == 0) + if (*nb == 0) { + make_parse_error(parse_error, 0, + "Too many target clauses of type '%s'.", to_type); return (EOVERFLOW); + } ie = malloc(sizeof(*ie), M_DO, M_WAITOK); ie->spec = is; TAILQ_INSERT_TAIL(list, ie, ie_entries); check_type_and_id_spec(type, &is); -finish: - return (0); check_type_and_finish: check_type_and_type_flags(type, *tflags); +finish: return (0); einval: + /* We must have built a parse error on error. */ + MPASS(*parse_error != NULL); return (EINVAL); } @@ -620,7 +724,8 @@ id_spec_cmp(const void *const p1, const void *const p2) */ static int pour_list_into_rule(const id_type_t type, struct id_list *const list, - struct id_spec *const array, id_nb_t *const nb) + struct id_spec *const array, id_nb_t *const nb, + struct parse_error **const parse_error) { struct id_elem *ie, *ie_next; size_t idx = 0; @@ -658,8 +763,12 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list, case IT_GID: error = coalesce_id_flags(array[idx].flags, &array[ref_idx].flags); - if (error != 0) + if (error != 0) { + make_parse_error(parse_error, 0, + "Incompatible flags or duplicate " + "GID %u.", id); return (EINVAL); + } check_type_and_id_flags(type, array[ref_idx].flags); break; @@ -670,6 +779,8 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list, * of the same UID is an exact redundancy, so * error out. */ + make_parse_error(parse_error, 0, + "Duplicate UID %u.", id); return (EINVAL); default: @@ -697,8 +808,10 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list, * explained in functions checking privileges below. */ static int -parse_single_rule(char *rule, struct rules *const rules) +parse_single_rule(char *rule, struct rules *const rules, + struct parse_error **const parse_error) { + const char *const start = rule; const char *from_type, *from_id, *p; char *to_list; struct id_list uid_list, gid_list; @@ -706,7 +819,7 @@ parse_single_rule(char *rule, struct rules *const rules) struct rule *new; int error; - MPASS(rule != NULL); + MPASS(*parse_error == NULL); TAILQ_INIT(&uid_list); TAILQ_INIT(&gid_list); @@ -715,7 +828,7 @@ parse_single_rule(char *rule, struct rules *const rules) from_type = strsep(&rule, "="); MPASS(from_type != NULL); /* Because 'rule' was not NULL. */ - error = parse_id_type(from_type, &new->from_type); + error = parse_id_type(from_type, &new->from_type, parse_error); if (error != 0) goto einval; switch (new->from_type) { @@ -723,16 +836,23 @@ parse_single_rule(char *rule, struct rules *const rules) case IT_GID: break; default: + make_parse_error(parse_error, 0, "Type '%s' not allowed in " + "the \"from\" part of rules."); goto einval; } from_id = strsep(&rule, ":"); - if (is_null_or_empty(from_id)) + if (is_null_or_empty(from_id)) { + make_parse_error(parse_error, 0, "No ID specified."); goto einval; + } error = strtoui_strict(from_id, &p, 10, &new->from_id); - if (error != 0 || *p != '\0') + if (error != 0 || *p != '\0') { + make_parse_error(parse_error, from_id - start, + "Cannot parse a numerical ID (base 10)."); goto einval; + } /* * We will now parse the "to" list. @@ -747,12 +867,17 @@ parse_single_rule(char *rule, struct rules *const rules) * O(log(n)) instead of linearly. */ to_list = strsep(&rule, ","); - if (to_list == NULL) + if (to_list == NULL) { + make_parse_error(parse_error, 0, "No target list."); goto einval; + } do { - error = parse_target_clause(to_list, new, &uid_list, &gid_list); - if (error != 0) + error = parse_target_clause(to_list, new, &uid_list, &gid_list, + parse_error); + if (error != 0) { + (*parse_error)->pos += to_list - start; goto einval; + } to_list = strsep(&rule, ","); } while (to_list != NULL); @@ -761,7 +886,7 @@ parse_single_rule(char *rule, struct rules *const rules) new->uids = malloc(sizeof(*new->uids) * new->uids_nb, M_DO, M_WAITOK); error = pour_list_into_rule(IT_UID, &uid_list, new->uids, - &new->uids_nb); + &new->uids_nb, parse_error); if (error != 0) goto einval; } @@ -777,7 +902,7 @@ parse_single_rule(char *rule, struct rules *const rules) new->gids = malloc(sizeof(*new->gids) * new->gids_nb, M_DO, M_WAITOK); error = pour_list_into_rule(IT_GID, &gid_list, new->gids, - &new->gids_nb); + &new->gids_nb, parse_error); if (error != 0) goto einval; } @@ -801,6 +926,7 @@ einval: free(ie, M_DO); TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next) free(ie, M_DO); + MPASS(*parse_error != NULL); return (EINVAL); } @@ -811,7 +937,9 @@ einval: * representing the rules. On error, the returned value is non-zero and * '*rulesp' is unchanged. If 'string' has length greater or equal to * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned. If it is not in the expected - * format, EINVAL is returned. + * format, EINVAL is returned. If an error is returned, '*parse_error' is set + * to point to a 'struct parse_error' giving an error message for the problem, + * else '*parse_error' is set to NULL. * * Expected format: A semi-colon-separated list of rules of the form * ":". The part is of the form "=" where @@ -825,15 +953,22 @@ einval: * - "gid=1010:gid=1011,gid=1012,gid=1013" */ static int -parse_rules(const char *const string, struct rules **const rulesp) +parse_rules(const char *const string, struct rules **const rulesp, + struct parse_error **const parse_error) { const size_t len = strlen(string); char *copy, *p, *rule; struct rules *rules; int error = 0; - if (len >= MAC_RULE_STRING_LEN) + *parse_error = NULL; + + if (len >= MAC_RULE_STRING_LEN) { + make_parse_error(parse_error, 0, + "Rule specification string is too long (%zu, max %zu)", + len, MAC_RULE_STRING_LEN - 1); return (ENAMETOOLONG); + } rules = alloc_rules(); bcopy(string, rules->string, len + 1); @@ -847,8 +982,9 @@ parse_rules(const char *const string, struct rules **const rulesp) while ((rule = strsep(&p, ";")) != NULL) { if (rule[0] == '\0') continue; - error = parse_single_rule(rule, rules); + error = parse_single_rule(rule, rules, parse_error); if (error != 0) { + (*parse_error)->pos += rule - copy; toast_rules(rules); goto out; } @@ -957,12 +1093,13 @@ set_empty_rules(struct prison *const pr) * Returns the same error code as parse_rules() (which see). */ static int -parse_and_set_rules(struct prison *const pr, const char *rules_string) +parse_and_set_rules(struct prison *const pr, const char *rules_string, + struct parse_error **const parse_error) { struct rules *rules; int error; - error = parse_rules(rules_string, &rules); + error = parse_rules(rules_string, &rules, parse_error); if (error != 0) return (error); set_rules(pr, rules); @@ -976,6 +1113,7 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) struct prison *const td_pr = req->td->td_ucred->cr_prison; struct prison *pr; struct rules *rules; + struct parse_error *parse_error; int error; rules = find_rules(td_pr, &pr); @@ -987,7 +1125,13 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) goto out; /* Set our prison's rules, not that of the jail we inherited from. */ - error = parse_and_set_rules(td_pr, buf); + error = parse_and_set_rules(td_pr, buf, &parse_error); + if (error != 0) { + if (print_parse_error) + printf("MAC/do: Parse error at index %zu: %s\n", + parse_error->pos, parse_error->msg); + free_parse_error(parse_error); + } out: free(buf, M_DO); return (error); @@ -1137,6 +1281,7 @@ mac_do_jail_set(void *obj, void *data) struct prison *pr = obj; struct vfsoptlist *opts = data; char *rules_string; + struct parse_error *parse_error; int error, jsys; /* @@ -1182,7 +1327,13 @@ mac_do_jail_set(void *obj, void *data) break; case JAIL_SYS_DISABLE: case JAIL_SYS_NEW: - error = parse_and_set_rules(pr, rules_string); + error = parse_and_set_rules(pr, rules_string, &parse_error); + if (error != 0) { + vfs_opterror(opts, + "MAC/do: Parse error at index %zu: %s\n", + parse_error->pos, parse_error->msg); + free_parse_error(parse_error); + } break; default: __assert_unreachable(); From nobody Mon Dec 16 14:46:06 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRz1sLLz5hWXQ; Mon, 16 Dec 2024 14:46:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRz02w5z4f1f; Mon, 16 Dec 2024 14:46:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360367; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LfXW8Uz7lwhISxvLfZJVOLbs5un5A2D8pN1lh/J1BMY=; b=H6zeFcQgAZGk+tcUY3PL70QUJmE5i9sy9zpKDpn9Zjh87o/wbhLpBypUqUahSccWb6D7N7 yyInfbIC8V+i50gHVjZzVglgU0qwUwI5lsGiVd8apFejdGcHOJdcjJPx2FwA0qvG+rcw+L y5Tg/3GFbe3WT5CSyaakFqIIPoeEa1ghX+D5reylOXTaS1OkRBoS43BChFCLAj5ZR/RQrm mTNQFaG0UIdLt8DkfgsRf0wT50sQhZ7VZfgJ1DhVTpG5qlQ5wQwGpIk6Crc958iOPPwz3k yiEvcz9U136p77FUA2FREOuVoQY3bTm1MfZPmKL/B9YZ8V4YcN4ycRt7joBrwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360367; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LfXW8Uz7lwhISxvLfZJVOLbs5un5A2D8pN1lh/J1BMY=; b=Zz42xCAsvEKm5g5I7Vuddsb+WeatlIeQPSKr7gbTHcH+QGiOnl3ukwT2r2WMf4i5TReqdg CSeuweiLigIHRZxLWNd01Dz+wBYaZLbhny4z/EKOoZHhA+Ru1OU7f7xOXfZg/WwtLogCwk hx2+mI+7yvapGshtYlHsUR9w9k+1A80b1OOtujM+7MIaBs51rxPIbU99IfR38UHBREeAOJ RskZ+pcf8A8xPSL5PzH93k1nIDSlrh7RfbS7zIgtDWWFuKSipcLnezSuwb4MuXYIfiLSNv FknjJIg1D6GgpQXR+/knRhguWD5Of7G36bm3CFY3vIi4YfRUv6+hTkHg/mUw6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360367; a=rsa-sha256; cv=none; b=Y2308tFwtrMb7qlqX4B+IyabqyAy35lDmFhQl2rrj5numzp1nsSaD3VsgdSNNtydhu3G3F u3cJDi/NR1/rgogzuMeKOVFJDcYbfMBYeHj0vJNnaGsdtfcwH/B3ehF05Oajsacf6LlkLZ /czH6Re1IiQfNw6IcJl1YARORFNI65bmNwXhxPf4BcxajVSevV5CtsfCjyWIsyPNQN0+0X 0EBZ2hMGD5D+SCjk8sSw6OG7wNiN4KSVcY+9Wuy0Hc147Lmw6/tmSdm1peXCmkItNV2Wkx Rcn/InRhvasdeMPY0goVWiIwvLJr/czWNeQwi71f9eL8LnLif3pyksOvYl+jbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRy6jrSzy0K; Mon, 16 Dec 2024 14:46:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk6pF053861; Mon, 16 Dec 2024 14:46:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk6jq053858; Mon, 16 Dec 2024 14:46:06 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:06 GMT Message-Id: <202412161446.4BGEk6jq053858@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 6c3def74e2de - main - MAC/do: Support multiple users and groups as single rule's targets List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6c3def74e2deb825e7dac4ffebaaf651f547e392 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=6c3def74e2deb825e7dac4ffebaaf651f547e392 commit 6c3def74e2deb825e7dac4ffebaaf651f547e392 Author: Olivier Certner AuthorDate: 2024-07-05 15:56:13 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:38 +0000 MAC/do: Support multiple users and groups as single rule's targets Supporting group targets is a requirement for MAC/do to be able to enforce a limited set of valid new groups passed to setgroups(). Additionally, it must be possible for this set of groups to also depend on the target UID, since users and groups are quite tied in UNIX (users are automatically placed in only the groups specified through '/etc/passwd' (primary group) and '/etc/group' (supplementary ones)). These requirements call for a re-design of the specification of the rules specification string and of 'struct rule'. A rules specification string is now a list of rules separated by ';' (instead of ','). One rule is still composed of a "from" part and a "to" (or "target") part, both being separated by ':' (as before). The first part, "from", is matched against the credentials of the process calling setuid()/setgroups(). Its specification remains unchanged: It is a '=' clause, where is either "uid" or "gid" and an UID or GID. The second part, "to", is now a comma-separated (',') list of '=' clauses similar to that of the "from" part, with the extensions that may also be "*" or "any" or ".", and that may contain at most one of the '+', '-' and '!' characters when is GID. "*" and "any" both designate any ID for the , and are aliases to each other. In front of them, only the "+" flag is allowed (in addition to the previous rules). "." designates the process' current IDs for the , as explained below. For GIDs, an absence of flag indicates that the specified GID is allowed as the real, effective and/or saved GIDs (the "primary" groups). Conversely, the presence of any allowed flag indicates that the specification concerns supplementary groups. The '+' flag in front of "gid" indicates that the ID is allowed as a supplementary group. The '!' flag indicates that the ID is mandatory, i.e., must be listed in the supplementary groups. The '-' flag indicates that the GID must not be listed in the supplementary groups. A specification with '-' is only useful in conjunction with a '+'-tagged specification where only one of them has ".", or if other MAC policies are loaded that would give access to other, unwanted groups. "." indicates some ID that the calling process already has on privilege check. For type "uid", it designates any of the real, effective or saved UIDs. For type "gid", its effect depends on the presence of one of the '+', '-' or '!' flags. If no flag is present, it designates any of the real, effective or saved GIDs. If one is present, it designates any of the supplementary groups. If the "to" part doesn't specify any explicit UID, any of the UIDs of the calling process is implied (it is as if "uid=." had been specified). Similarly, if it doesn't specify any explicit GID, "gid=.,!gid=." is assumed, meaning that all the groups of the calling process are implied and must be present. More precisely, each of the desired real, effective and saved GIDs must be one of the current real, effective or saved GID, whereas all others (the supplementary ones) must be the same as those that are current. No two clauses in a single "to" list may display the same , except for GIDs but only if, each time the same appears, it does so with a different flag (no flag counting as a separate flag) and all the specified flags are not contradictory (e.g., it is possible to have the same GID appear with no flag and the "+" flag, but the same GID with both "+" and "-" will be rejected). 'struct rule' now holds arrays of UIDs (field 'uids') and GIDs (field 'gids') that are admissible as targets, with accompanying flags (such as MDF_SUPP_MUST, representing the '!' flag). Some flags are also held by ID type, including flags associated to individual IDs, as MDF_CURRENT in these flags stands for the process being privilege-checked's current IDs, to which ID flags apply. As a departure from this scheme, "*" or "any" as for GIDs is either represented by MDF_ANY or MDF_ANY_SUPP. This is to make it coexist with a "."/MDF_CURRENT specification for the other category of groups (among primary and supplementary groups), which needs to be qualified by the usual GID flags. This commit contains only the changes to parse the new rules and to build their representation. The privilege granting part is not fixed here, beyond what making compilation work requires (and, in preparation for some subsequent commit, minimal adaptations to the matching logic in check_setuid()). Approved by: markj (mentor) Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47616 --- sys/security/mac_do/mac_do.c | 736 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 659 insertions(+), 77 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index fc1a6de471b6..92c09d540723 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -38,18 +38,18 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do"); static unsigned osd_jail_slot; -#define RULE_INVALID 0 /* Must stay 0. */ -#define RULE_UID 1 -#define RULE_GID 2 -#define RULE_ANY 3 +#define IT_INVALID 0 /* Must stay 0. */ +#define IT_UID 1 +#define IT_GID 2 +#define IT_ANY 3 +#define IT_LAST IT_ANY static const char *id_type_to_str[] = { - [RULE_INVALID] = "invalid", - [RULE_UID] = "uid", - [RULE_GID] = "gid", + [IT_INVALID] = "invalid", + [IT_UID] = "uid", + [IT_GID] = "gid", /* See also parse_id_type(). */ - [RULE_ANY] = "*", - NULL + [IT_ANY] = "*", }; /* @@ -60,19 +60,236 @@ _Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 && sizeof(gid_t) == sizeof(u_int) && (gid_t)-1 >= 0, "mac_do(4) assumes that 'uid_t' and 'gid_t' are aliases to 'u_int'"); +/* + * Internal flags. + * + * They either apply as per-type (t) or per-ID (i) but are conflated because all + * per-ID flags are also valid as per-type ones to qualify the "current" (".") + * per-type flag. Also, some of them are in fact exclusive, but we use one-hot + * encoding for simplicity. + * + * There is currently room for "only" 16 bits. As these flags are purely + * internal, they can be renumbered and/or their type changed as needed. + * + * See also the check_*() functions below. + */ +typedef uint16_t flags_t; + +/* (i,gid) Specification concerns primary groups. */ +#define MDF_PRIMARY (1u << 0) +/* (i,gid) Specification concerns supplementary groups. */ +#define MDF_SUPP_ALLOW (1u << 1) +/* (i,gid) Group must appear as a supplementary group. */ +#define MDF_SUPP_MUST (1u << 2) +/* (i,gid) Group must not appear as a supplementary group. */ +#define MDF_SUPP_DONT (1u << 3) +#define MDF_SUPP_MASK (MDF_SUPP_ALLOW | MDF_SUPP_MUST | MDF_SUPP_DONT) +#define MDF_ID_MASK (MDF_PRIMARY | MDF_SUPP_MASK) + +/* + * (t) All IDs allowed. + * + * For GIDs, MDF_ANY only concerns primary groups. The MDF_PRIMARY and + * MDF_SUPP_* flags never apply to MDF_ANY, but can be present if MDF_CURRENT is + * present also, as usual. + */ +#define MDF_ANY (1u << 8) +/* (t) Current IDs allowed. */ +#define MDF_CURRENT (1u << 9) +#define MDF_TYPE_COMMON_MASK (MDF_ANY | MDF_CURRENT) +/* (t,gid) All IDs allowed as supplementary groups. */ +#define MDF_ANY_SUPP (1u << 10) +/* (t,gid) Some ID or MDF_CURRENT has MDF_SUPP_MUST or MDF_SUPP_DONT. */ +#define MDF_MAY_REJ_SUPP (1u << 11) +/* (t,gid) Some explicit ID (not MDF_CURRENT) has MDF_SUPP_MUST. */ +#define MDF_EXPLICIT_SUPP_MUST (1u << 12) +/* (t,gid) Whether any target clause is about primary groups. Used during + * parsing only. */ +#define MDF_HAS_PRIMARY_CLAUSE (1u << 13) +/* (t,gid) Whether any target clause is about supplementary groups. Used during + * parsing only. */ +#define MDF_HAS_SUPP_CLAUSE (1u << 14) +#define MDF_TYPE_GID_MASK (MDF_ANY_SUPP | MDF_MAY_REJ_SUPP | \ + MDF_EXPLICIT_SUPP_MUST | MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE) +#define MDF_TYPE_MASK (MDF_TYPE_COMMON_MASK | MDF_TYPE_GID_MASK) + +/* + * Persistent structures. + */ + +struct id_spec { + u_int id; + flags_t flags; /* See MDF_* above. */ +}; + +/* + * This limits the number of target clauses per type to 65535. With the current + * value of MAC_RULE_STRING_LEN (1024), this is way more than enough anyway. + */ +typedef uint16_t id_nb_t; +/* We only have a few IT_* types. */ +typedef uint16_t id_type_t; + struct rule { - u_int from_type; - u_int from_id; - u_int to_type; - u_int to_id; TAILQ_ENTRY(rule) r_entries; + id_type_t from_type; + u_int from_id; + flags_t uid_flags; /* See MDF_* above. */ + id_nb_t uids_nb; + flags_t gid_flags; /* See MDF_* above. */ + id_nb_t gids_nb; + struct id_spec *uids; + struct id_spec *gids; }; +TAILQ_HEAD(rulehead, rule); + struct rules { char string[MAC_RULE_STRING_LEN]; - TAILQ_HEAD(rulehead, rule) head; + struct rulehead head; +}; + +/* + * Temporary structures used to build a 'struct rule' above. + */ + +struct id_elem { + TAILQ_ENTRY(id_elem) ie_entries; + struct id_spec spec; }; +TAILQ_HEAD(id_list, id_elem); + +#ifdef INVARIANTS +static void +check_type(const id_type_t type) +{ + if (type > IT_LAST) + panic("Invalid type number %u", type); +} + +static void +panic_for_unexpected_flags(const id_type_t type, const flags_t flags, + const char *const str) +{ + panic("ID type %s: Unexpected flags %u (%s), ", id_type_to_str[type], + flags, str); +} + +static void +check_type_and_id_flags(const id_type_t type, const flags_t flags) +{ + const char *str; + + check_type(type); + switch (type) { + case IT_UID: + if (flags != 0) { + str = "only 0 allowed"; + goto unexpected_flags; + } + break; + case IT_GID: + if ((flags & ~MDF_ID_MASK) != 0) { + str = "only bits in MDF_ID_MASK allowed"; + goto unexpected_flags; + } + if (!powerof2(flags & MDF_SUPP_MASK)) { + str = "only a single flag in MDF_SUPP_MASK allowed"; + goto unexpected_flags; + } + break; + default: + __assert_unreachable(); + } + return; + +unexpected_flags: + panic_for_unexpected_flags(type, flags, str); +} + +static void +check_type_and_id_spec(const id_type_t type, const struct id_spec *const is) +{ + check_type_and_id_flags(type, is->flags); +} + +static void +check_type_and_type_flags(const id_type_t type, const flags_t flags) +{ + const char *str; + + check_type_and_id_flags(type, flags & MDF_ID_MASK); + if ((flags & ~MDF_ID_MASK & ~MDF_TYPE_MASK) != 0) { + str = "only MDF_ID_MASK | MDF_TYPE_MASK bits allowed"; + goto unexpected_flags; + } + if ((flags & MDF_ANY) != 0 && (flags & MDF_CURRENT) != 0 && + (type == IT_UID || (flags & MDF_PRIMARY) != 0)) { + str = "MDF_ANY and MDF_CURRENT are exclusive for UIDs " + "or primary group GIDs"; + goto unexpected_flags; + } + if ((flags & MDF_ANY_SUPP) != 0 && (flags & MDF_CURRENT) != 0 && + (flags & MDF_SUPP_MASK) != 0) { + str = "MDF_SUPP_ANY and MDF_CURRENT with supplementary " + "groups specification are exclusive"; + goto unexpected_flags; + } + if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) && + (flags & MDF_HAS_PRIMARY_CLAUSE) == 0) { + str = "Presence of folded primary clause not reflected " + "by presence of MDF_HAS_PRIMARY_CLAUSE"; + goto unexpected_flags; + } + if (((flags & MDF_SUPP_MASK) != 0 || (flags & MDF_ANY_SUPP) != 0) && + (flags & MDF_HAS_SUPP_CLAUSE) == 0) { + str = "Presence of folded supplementary clause not reflected " + "by presence of MDF_HAS_SUPP_CLAUSE"; + goto unexpected_flags; + } + return; + +unexpected_flags: + panic_for_unexpected_flags(type, flags, str); +} +#else /* !INVARIANTS */ +#define check_type_and_id_flags(...) +#define check_type_and_id_spec(...) +#define check_type_and_type_flags(...) +#endif /* INVARIANTS */ + +/* + * Returns EALREADY if both flags have some overlap, or EINVAL if flags are + * incompatible, else 0 with flags successfully merged into 'dest'. + */ +static int +coalesce_id_flags(const flags_t src, flags_t *const dest) +{ + flags_t res; + + if ((src & *dest) != 0) + return (EALREADY); + + res = src | *dest; + + /* Check for compatibility of supplementary flags, and coalesce. */ + if ((res & MDF_SUPP_MASK) != 0) { + /* MDF_SUPP_DONT incompatible with the rest. */ + if ((res & MDF_SUPP_DONT) != 0 && (res & MDF_SUPP_MASK & + ~MDF_SUPP_DONT) != 0) + return (EINVAL); + /* + * Coalesce MDF_SUPP_ALLOW and MDF_SUPP_MUST into MDF_SUPP_MUST. + */ + if ((res & MDF_SUPP_ALLOW) != 0 && (res & MDF_SUPP_MUST) != 0) + res &= ~MDF_SUPP_ALLOW; + } + + *dest = res; + return (0); +} + static void toast_rules(struct rules *const rules) { @@ -81,6 +298,8 @@ toast_rules(struct rules *const rules) while ((rule = TAILQ_FIRST(head)) != NULL) { TAILQ_REMOVE(head, rule, r_entries); + free(rule->uids, M_DO); + free(rule->gids, M_DO); free(rule, M_DO); } free(rules, M_DO); @@ -97,6 +316,12 @@ alloc_rules(void) return (rules); } +static bool +is_null_or_empty(const char *s) +{ + return (s == NULL || s[0] == '\0'); +} + /* * String to unsigned int. * @@ -140,79 +365,442 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr, } static int -parse_id_type(const char *const string, int *const type) +parse_id_type(const char *const string, id_type_t *const type) { /* - * Special case for "any", as the canonical form for RULE_ANY in + * Special case for "any", as the canonical form for IT_ANY in * id_type_to_str[] is "*". */ if (strcmp(string, "any") == 0) { - *type = RULE_ANY; + *type = IT_ANY; return (0); } /* Start at 1 to avoid parsing "invalid". */ - for (size_t i = 1; id_type_to_str[i] != NULL; ++i) { + for (size_t i = 1; i <= IT_LAST; ++i) { if (strcmp(string, id_type_to_str[i]) == 0) { *type = i; return (0); } } - *type = RULE_INVALID; + *type = IT_INVALID; return (EINVAL); } +static size_t +parse_gid_flags(const char *const string, flags_t *const flags, + flags_t *const gid_flags) +{ + switch (string[0]) { + case '+': + *flags |= MDF_SUPP_ALLOW; + goto has_supp_clause; + case '!': + *flags |= MDF_SUPP_MUST; + *gid_flags |= MDF_MAY_REJ_SUPP; + goto has_supp_clause; + case '-': + *flags |= MDF_SUPP_DONT; + *gid_flags |= MDF_MAY_REJ_SUPP; + goto has_supp_clause; + has_supp_clause: + *gid_flags |= MDF_HAS_SUPP_CLAUSE; + return (1); + } + + return (0); +} + +static bool +parse_any(const char *const string) +{ + return (strcmp(string, "*") == 0 || strcmp(string, "any") == 0); +} + +static bool +has_clauses(const id_nb_t nb, const flags_t type_flags) +{ + return ((type_flags & MDF_TYPE_MASK) != 0 || nb != 0); +} + static int -parse_rule_element(char *element, struct rule **rule) +parse_target_clause(char *to, struct rule *const rule, + struct id_list *const uid_list, struct id_list *const gid_list) { - const char *from_type, *from_id, *to, *p; - struct rule *new; + char *to_type, *to_id; + const char *p; + struct id_list *list; + id_nb_t *nb; + flags_t *tflags; + struct id_elem *ie; + struct id_spec is = {.flags = 0}; + flags_t gid_flags = 0; + id_type_t type; int error; - new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK); + MPASS(to != NULL); + to_type = strsep(&to, "="); + MPASS(to_type != NULL); + to_type += parse_gid_flags(to_type, &is.flags, &gid_flags); + error = parse_id_type(to_type, &type); + if (error != 0) + goto einval; + if (type != IT_GID && is.flags != 0) + goto einval; + + to_id = strsep(&to, ""); + switch (type) { + case IT_GID: + if (to_id == NULL) + goto einval; + + if (is.flags == 0) { + /* No flags: Dealing with a primary group. */ + is.flags |= MDF_PRIMARY; + gid_flags |= MDF_HAS_PRIMARY_CLAUSE; + } + + list = gid_list; + nb = &rule->gids_nb; + tflags = &rule->gid_flags; + + /* "*" or "any"? */ + if (parse_any(to_id)) { + /* + * We check that we have not seen any other clause of + * the same category (i.e., concerning primary or + * supplementary groups). + */ + if ((is.flags & MDF_PRIMARY) != 0) { + if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0) + goto einval; + *tflags |= gid_flags | MDF_ANY; + } else { + /* + * If a supplementary group flag was present, it + * must be MDF_SUPP_ALLOW ("+"). + */ + if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW || + (*tflags & MDF_HAS_SUPP_CLAUSE) != 0) + goto einval; + *tflags |= gid_flags | MDF_ANY_SUPP; + } + goto check_type_and_finish; + } else { + /* + * Check that we haven't already seen "any" for the same + * category. + */ + if ((is.flags & MDF_PRIMARY) != 0) { + if ((*tflags & MDF_ANY) != 0) + goto einval; + } else if ((*tflags & MDF_ANY_SUPP) != 0 && + (is.flags & MDF_SUPP_ALLOW) != 0) + goto einval; + *tflags |= gid_flags; + } + break; + + case IT_UID: + if (to_id == NULL) + goto einval; + + list = uid_list; + nb = &rule->uids_nb; + tflags = &rule->uid_flags; + + /* "*" or "any"? */ + if (parse_any(to_id)) { + /* There must not be any other clause. */ + if (has_clauses(*nb, *tflags)) + goto einval; + *tflags |= MDF_ANY; + goto check_type_and_finish; + } else { + /* + * Check that we haven't already seen "any" for the same + * category. + */ + if ((*tflags & MDF_ANY) != 0) + goto einval; + } + break; + + case IT_ANY: + /* No ID allowed. */ + if (to_id != NULL) + goto einval; + /* + * We can't have IT_ANY after any other IT_*, it must be the + * only one. + */ + if (has_clauses(rule->uids_nb, rule->uid_flags) || + has_clauses(rule->gids_nb, rule->gid_flags)) + goto einval; + rule->uid_flags |= MDF_ANY; + rule->gid_flags |= MDF_ANY | MDF_ANY_SUPP | + MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE; + goto finish; + + default: + /* parse_id_type() returns no other types currently. */ + __assert_unreachable(); + } - from_type = strsep(&element, "="); - if (from_type == NULL) + /* Rule out cases that have been treated above. */ + MPASS((type == IT_UID || type == IT_GID) && !parse_any(to_id)); + + /* "."? */ + if (strcmp(to_id, ".") == 0) { + if ((*tflags & MDF_CURRENT) != 0) { + /* Duplicate "." . Try to coalesce. */ + error = coalesce_id_flags(is.flags, tflags); + if (error != 0) + goto einval; + } else + *tflags |= MDF_CURRENT | is.flags; + goto check_type_and_finish; + } + + /* Parse an ID. */ + error = strtoui_strict(to_id, &p, 10, &is.id); + if (error != 0 || *p != '\0') goto einval; + /* Explicit ID flags. */ + if (type == IT_GID && (is.flags & MDF_SUPP_MUST) != 0) + *tflags |= MDF_EXPLICIT_SUPP_MUST; + + /* + * We check for duplicate IDs and coalesce their 'struct id_spec' only + * at end of parse_single_rule() because it is much more performant then + * (using sorted arrays). + */ + ++*nb; + if (*nb == 0) + return (EOVERFLOW); + ie = malloc(sizeof(*ie), M_DO, M_WAITOK); + ie->spec = is; + TAILQ_INSERT_TAIL(list, ie, ie_entries); + check_type_and_id_spec(type, &is); +finish: + return (0); +check_type_and_finish: + check_type_and_type_flags(type, *tflags); + return (0); +einval: + return (EINVAL); +} + +static int +u_int_cmp(const u_int i1, const u_int i2) +{ + return ((i1 > i2) - (i1 < i2)); +} + +static int +id_spec_cmp(const void *const p1, const void *const p2) +{ + const struct id_spec *const is1 = p1; + const struct id_spec *const is2 = p2; + + return (u_int_cmp(is1->id, is2->id)); +} + +/* + * Transfer content of 'list' into 'array', freeing and emptying list. + * + * 'nb' must be 'list''s length and not be greater than 'array''s size. The + * destination array is sorted by ID. Structures 'struct id_spec' with same IDs + * are coalesced if that makes sense (not including duplicate clauses), else + * EINVAL is returned. On success, 'nb' is updated (lowered) to account for + * coalesced specifications. The parameter 'type' is only for testing purposes + * (INVARIANTS). + */ +static int +pour_list_into_rule(const id_type_t type, struct id_list *const list, + struct id_spec *const array, id_nb_t *const nb) +{ + struct id_elem *ie, *ie_next; + size_t idx = 0; + + /* Fill the array. */ + TAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) { + MPASS(idx < *nb); + array[idx] = ie->spec; + free(ie, M_DO); + ++idx; + } + MPASS(idx == *nb); + TAILQ_INIT(list); + + /* Sort it (by ID). */ + qsort(array, *nb, sizeof(*array), id_spec_cmp); + + /* Coalesce same IDs. */ + if (*nb != 0) { + size_t ref_idx = 0; + + for (idx = 1; idx < *nb; ++idx) { + const u_int id = array[idx].id; + + if (id != array[ref_idx].id) { + ++ref_idx; + if (ref_idx != idx) + array[ref_idx] = array[idx]; + continue; + } + + switch (type) { + int error; + + case IT_GID: + error = coalesce_id_flags(array[idx].flags, + &array[ref_idx].flags); + if (error != 0) + return (EINVAL); + check_type_and_id_flags(type, + array[ref_idx].flags); + break; + + case IT_UID: + /* + * No flags in this case. Multiple appearances + * of the same UID is an exact redundancy, so + * error out. + */ + return (EINVAL); + + default: + __assert_unreachable(); + } + } + *nb = ref_idx + 1; + } + + return (0); +} + +/* + * See also first comments for parse_rule() below. + * + * The second part of a rule, called (or ), is a comma-separated + * (',') list of '=' clauses similar to that of the + * part, with the extensions that may also be "*" or "any" or ".", and that + * may contain at most one of the '+', '-' and '!' characters when + * is "gid" (no flags are allowed for "uid"). No two clauses in a single + * list may list the same . "*" and "any" both designate any ID for + * the , and are aliases to each other. In front of "any" (or "*"), only + * the '+' flag is allowed (in the "gid" case). "." designates the process' + * current IDs for the . The precise meaning of flags and "." is + * explained in functions checking privileges below. + */ +static int +parse_single_rule(char *rule, struct rules *const rules) +{ + const char *from_type, *from_id, *p; + char *to_list; + struct id_list uid_list, gid_list; + struct id_elem *ie, *ie_next; + struct rule *new; + int error; + + MPASS(rule != NULL); + TAILQ_INIT(&uid_list); + TAILQ_INIT(&gid_list); + + /* Freed when the 'struct rules' container is freed. */ + new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO); + + from_type = strsep(&rule, "="); + MPASS(from_type != NULL); /* Because 'rule' was not NULL. */ error = parse_id_type(from_type, &new->from_type); if (error != 0) goto einval; switch (new->from_type) { - case RULE_UID: - case RULE_GID: + case IT_UID: + case IT_GID: break; default: goto einval; } - from_id = strsep(&element, ":"); - if (from_id == NULL || *from_id == '\0') + from_id = strsep(&rule, ":"); + if (is_null_or_empty(from_id)) goto einval; error = strtoui_strict(from_id, &p, 10, &new->from_id); if (error != 0 || *p != '\0') goto einval; - to = element; - if (to == NULL || *to == '\0') + /* + * We will now parse the "to" list. + * + * In order to ease parsing, we will begin by building lists of target + * UIDs and GIDs in local variables 'uid_list' and 'gid_list'. The + * number of each type of IDs will be filled directly in 'new'. At end + * of parse, we will allocate both arrays of IDs to be placed into the + * 'uids' and 'gids' members, sort them, and discard the tail queues + * used to build them. This conversion to sorted arrays at end of parse + * allows to minimize memory allocations and enables searching IDs in + * O(log(n)) instead of linearly. + */ + to_list = strsep(&rule, ","); + if (to_list == NULL) goto einval; + do { + error = parse_target_clause(to_list, new, &uid_list, &gid_list); + if (error != 0) + goto einval; - if (strcmp(to, "any") == 0 || strcmp(to, "*") == 0) - new->to_type = RULE_ANY; - else { - new->to_type = RULE_UID; - error = strtoui_strict(to, &p, 10, &new->to_id); - if (error != 0 || *p != '\0') + to_list = strsep(&rule, ","); + } while (to_list != NULL); + + if (new->uids_nb != 0) { + new->uids = malloc(sizeof(*new->uids) * new->uids_nb, M_DO, + M_WAITOK); + error = pour_list_into_rule(IT_UID, &uid_list, new->uids, + &new->uids_nb); + if (error != 0) + goto einval; + } + MPASS(TAILQ_EMPTY(&uid_list)); + if (!has_clauses(new->uids_nb, new->uid_flags)) { + /* No UID specified, default is "uid=.". */ + MPASS(new->uid_flags == 0); + new->uid_flags = MDF_CURRENT; + check_type_and_type_flags(IT_UID, new->uid_flags); + } + + if (new->gids_nb != 0) { + new->gids = malloc(sizeof(*new->gids) * new->gids_nb, M_DO, + M_WAITOK); + error = pour_list_into_rule(IT_GID, &gid_list, new->gids, + &new->gids_nb); + if (error != 0) goto einval; } + MPASS(TAILQ_EMPTY(&gid_list)); + if (!has_clauses(new->gids_nb, new->gid_flags)) { + /* No GID specified, default is "gid=.,!gid=.". */ + MPASS(new->gid_flags == 0); + new->gid_flags = MDF_CURRENT | MDF_PRIMARY | MDF_SUPP_MUST | + MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE; + check_type_and_type_flags(IT_GID, new->gid_flags); + } - *rule = new; + TAILQ_INSERT_TAIL(&rules->head, new, r_entries); return (0); + einval: + free(new->gids, M_DO); + free(new->uids, M_DO); free(new, M_DO); - *rule = NULL; + TAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next) + free(ie, M_DO); + TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next) + free(ie, M_DO); return (EINVAL); } @@ -223,19 +811,25 @@ einval: * representing the rules. On error, the returned value is non-zero and * '*rulesp' is unchanged. If 'string' has length greater or equal to * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned. If it is not in the expected - * format (comma-separated list of clauses of the form "=:", - * where is "uid" or "gid", an UID or GID (depending on ) and - * is "*", "any" or some UID), EINVAL is returned. + * format, EINVAL is returned. + * + * Expected format: A semi-colon-separated list of rules of the form + * ":". The part is of the form "=" where + * is "uid" or "gid", an UID or GID (depending on ) and is + * "*", "any" or a comma-separated list of '=' clauses (see the + * comment for parse_single_rule() for more details). For convenience, empty + * rules are allowed (and do nothing). + * + * Examples: + * - "uid=1001:uid=1010,gid=1010;uid=1002:any" + * - "gid=1010:gid=1011,gid=1012,gid=1013" */ static int parse_rules(const char *const string, struct rules **const rulesp) { const size_t len = strlen(string); - char *copy; - char *p; - char *element; + char *copy, *p, *rule; struct rules *rules; - struct rule *new; int error = 0; if (len >= MAC_RULE_STRING_LEN) @@ -250,15 +844,14 @@ parse_rules(const char *const string, struct rules **const rulesp) MPASS(copy[len] == '\0'); /* Catch some races. */ p = copy; - while ((element = strsep(&p, ",")) != NULL) { - if (element[0] == '\0') + while ((rule = strsep(&p, ";")) != NULL) { + if (rule[0] == '\0') continue; - error = parse_rule_element(element, &new); + error = parse_single_rule(rule, rules); if (error != 0) { toast_rules(rules); goto out; } - TAILQ_INSERT_TAIL(&rules->head, new, r_entries); } *rulesp = rules; @@ -293,8 +886,8 @@ find_rules(struct prison *const pr, struct prison **const aprp) MPASS(ppr != NULL); /* prison0 always has rules. */ cpr = ppr; } - *aprp = cpr; + *aprp = cpr; return (rules); } @@ -634,9 +1227,9 @@ mac_do_destroy(struct mac_policy_conf *mpc) static bool rule_applies(struct ucred *cred, struct rule *r) { - if (r->from_type == RULE_UID && r->from_id == cred->cr_uid) + if (r->from_type == IT_UID && r->from_id == cred->cr_uid) return (true); - if (r->from_type == RULE_GID && groupmember(r->from_id, cred)) + if (r->from_type == IT_GID && groupmember(r->from_id, cred)) return (true); return (false); } @@ -706,11 +1299,12 @@ static int mac_do_check_setuid(struct ucred *cred, uid_t uid) { struct rule *r; - int error; char *fullpath = NULL; char *freebuf = NULL; struct prison *pr; struct rules *rule; + struct id_spec uid_is = {.id = uid}; + int error; if (do_enabled == 0) return (0); @@ -728,29 +1322,17 @@ mac_do_check_setuid(struct ucred *cred, uid_t uid) error = EPERM; rule = find_rules(cred->cr_prison, &pr); TAILQ_FOREACH(r, &rule->head, r_entries) { - if (r->from_type == RULE_UID) { - if (cred->cr_uid != r->from_id) - continue; - if (r->to_type == RULE_ANY) { - error = 0; - break; - } - if (r->to_type == RULE_UID && uid == r->to_id) { - error = 0; - break; - } - } - if (r->from_type == RULE_GID) { - if (!groupmember(r->from_id, cred)) - continue; - if (r->to_type == RULE_ANY) { - error = 0; - break; - } - if (r->to_type == RULE_UID && uid == r->to_id) { - error = 0; - break; - } + if (!((r->from_type == IT_UID && cred->cr_uid == r->from_id) || + (r->from_type == IT_GID && groupmember(r->from_id, cred)))) + continue; + + if (r->uid_flags & MDF_ANY || + ((r->uid_flags & MDF_CURRENT) && (uid == cred->cr_uid || + uid == cred->cr_ruid || uid == cred->cr_svuid)) || *** 7 LINES SKIPPED *** From nobody Mon Dec 16 14:46:09 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS13MWJz5hWff; Mon, 16 Dec 2024 14:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS11N2cz4dyH; Mon, 16 Dec 2024 14:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360369; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VI7Ni0+ViOM9sAxgQmEPJHXhgCZmNPRJKNwH2PABm0s=; b=m4lhGY3xMEKTtP3sMMGRlrkx289ShJP5CI93O8kc1Oob1pVxIQ0zNBTZMZ+23JKyorPaX/ r/lS5pVu1huYo+rmtUXAG7MdtV70gOrpz7y2NWkNk0mGC75iH8NHPQ7c/2PrAKTgaNpGcu PqKyWz6R9NQ+CQuSQytDnay9QOIJ/SbYIoi2hji7HZ+6ZaHwT6Cj4V3IM9LxKFWLLy/0RR EDRFuUDtLTkFz+Nrha6buYUttSH4WYBSO8DUkZwWHJhT/yJQ5A4PZRp3E/MSJoGnfl5raA AKu+Ph6/MkSbLHGRtXyBEpyMrigeE9npOsIISVN+Z6Rqp9hUsvf9aFCfuBcAKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360369; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VI7Ni0+ViOM9sAxgQmEPJHXhgCZmNPRJKNwH2PABm0s=; b=BhDtJtC6puaMA6lJ5LRakoMC1n6ZgfK/FImGTnWr+H8H0jlunX5IrrOSn3M3RYVYRMBDwp Bjiii4aiGdJP4pUhoYyz0gsXGMIsUFXDtbU2KYPOLI+jbnxYI7T640bJNKJi+z+yTp9Ci4 8mM1+Av1W2bBjAP7I2vIwcpgsA9/4EO4n+It/fuSg8/pHrOC6b2q+wQJLMSmUdv6MhTDl7 jdrjGtHOWcUPcZJNc73VWyUZela7XNa5+etP2AgaOIqSWvZuIcTOZgxHJQEDSwqnDtyg4f g8N7sY6He9gPrwV1rPoMQ2/NXByVWSTmttXelBSAmP3V3t2SpMACY3HqOtdmRA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360369; a=rsa-sha256; cv=none; b=QQD/Yef/ulmPxNk9SS5Uq+MHQUNKctm6BAcjIC/5aCPodgqw4AcrW8VMRs130oFlQpx9F6 IyuORbNznzmHRmD+mDykZef4SylOWerSjEbLnviU8FlvaUO1EXaURnGRMrsodVx6Dm7wRf o907Mjo+pRem+cHL9DIE7cG7xmXMKGpon/iUktnuOWhVEPdsryfo9jM88SNpLV4Wj9ppyC YiuBOcXV/mr1xtqlovQ2Tksg85wN+/+hAfvfDPWF6+qpKsNomOQHilEI96NJ3Fzkt6A6MM avLIDpB2uNUrg6ZnIFAk/QtPVS0OYWq8DG2Lakbfk6X9AsOhqVF7FNjU1gaTdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS10zW5zxX0; Mon, 16 Dec 2024 14:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk9pF053963; Mon, 16 Dec 2024 14:46:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk9WT053960; Mon, 16 Dec 2024 14:46:09 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:09 GMT Message-Id: <202412161446.4BGEk9WT053960@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: ddb3eb4efe55 - main - New setcred() system call and associated MAC hooks List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ddb3eb4efe55e57c206f3534263c77b837aff1dc Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=ddb3eb4efe55e57c206f3534263c77b837aff1dc commit ddb3eb4efe55e57c206f3534263c77b837aff1dc Author: Olivier Certner AuthorDate: 2024-07-18 20:47:43 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:39 +0000 New setcred() system call and associated MAC hooks This new system call allows to set all necessary credentials of a process in one go: Effective, real and saved UIDs, effective, real and saved GIDs, supplementary groups and the MAC label. Its advantage over standard credential-setting system calls (such as setuid(), seteuid(), etc.) is that it enables MAC modules, such as MAC/do, to restrict the set of credentials some process may gain in a fine-grained manner. Traditionally, credential changes rely on setuid binaries that call multiple credential system calls and in a specific order (setuid() must be last, so as to remain root for all other credential-setting calls, which would otherwise fail with insufficient privileges). This piecewise approach causes the process to transiently hold credentials that are neither the original nor the final ones. For the kernel to enforce that only certain transitions of credentials are allowed, either these possibly non-compliant transient states have to disappear (by setting all relevant attributes in one go), or the kernel must delay setting or checking the new credentials. Delaying setting credentials could be done, e.g., by having some mode where the standard system calls contribute to building new credentials but without committing them. It could be started and ended by a special system call. Delaying checking could mean that, e.g., the kernel only verifies the credentials transition at the next non-credential-setting system call (we just mention this possibility for completeness, but are certainly not endorsing it). We chose the simpler approach of a new system call, as we don't expect the set of credentials one can set to change often. It has the advantages that the traditional system calls' code doesn't have to be changed and that we can establish a special MAC protocol for it, by having some cleanup function called just before returning (this is a requirement for MAC/do), without disturbing the existing ones. The mac_cred_check_setcred() hook is passed the flags received by setcred() (including the version) and both the old and new kernel's 'struct ucred' instead of 'struct setcred' as this should simplify evolving existing hooks as the 'struct setcred' structure evolves. The mac_cred_setcred_enter() and mac_cred_setcred_exit() hooks are always called by pairs around potential calls to mac_cred_check_setcred(). They allow MAC modules to allocate/free data they may need in their mac_cred_check_setcred() hook, as the latter is called under the current process' lock, rendering sleepable allocations impossible. MAC/do is going to leverage these in a subsequent commit. A scheme where mac_cred_check_setcred() could return ERESTART was considered but is incompatible with proper composition of MAC modules. While here, add missing includes and declarations for standalone inclusion of both from kernel and userspace (for the latter, it has been working thanks to already including ). Reviewed by: brooks Approved by: markj (mentor) Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47618 --- lib/libsys/Symbol.sys.map | 1 + lib/libsys/_libsys.h | 3 + lib/libsys/syscalls.map | 2 + sys/bsm/audit_kevents.h | 1 + sys/compat/freebsd32/freebsd32_misc.c | 9 + sys/compat/freebsd32/freebsd32_proto.h | 7 + sys/compat/freebsd32/freebsd32_syscall.h | 3 +- sys/compat/freebsd32/freebsd32_syscalls.c | 1 + sys/compat/freebsd32/freebsd32_sysent.c | 1 + sys/compat/freebsd32/freebsd32_systrace_args.c | 30 ++ sys/kern/init_sysent.c | 1 + sys/kern/kern_jail.c | 1 + sys/kern/kern_prot.c | 373 ++++++++++++++++++++++++- sys/kern/syscalls.c | 1 + sys/kern/syscalls.master | 7 + sys/kern/systrace_args.c | 30 ++ sys/security/mac/mac_cred.c | 47 ++++ sys/security/mac/mac_framework.h | 6 +- sys/security/mac/mac_policy.h | 10 +- sys/security/mac_stub/mac_stub.c | 20 ++ sys/security/mac_test/mac_test.c | 29 ++ sys/sys/priv.h | 3 +- sys/sys/syscall.h | 3 +- sys/sys/syscall.mk | 3 +- sys/sys/syscallsubr.h | 2 + sys/sys/sysproto.h | 7 + sys/sys/ucred.h | 80 +++++- 27 files changed, 663 insertions(+), 18 deletions(-) diff --git a/lib/libsys/Symbol.sys.map b/lib/libsys/Symbol.sys.map index 3e2f14497b07..8b5330cbdb87 100644 --- a/lib/libsys/Symbol.sys.map +++ b/lib/libsys/Symbol.sys.map @@ -381,6 +381,7 @@ FBSD_1.8 { fchroot; getrlimitusage; kcmp; + setcred; }; FBSDprivate_1.0 { diff --git a/lib/libsys/_libsys.h b/lib/libsys/_libsys.h index 894f49185fbc..033ee27f8a19 100644 --- a/lib/libsys/_libsys.h +++ b/lib/libsys/_libsys.h @@ -46,6 +46,7 @@ struct rusage; struct sched_param; struct sctp_sndrcvinfo; struct sembuf; +struct setcred; struct sf_hdtr; struct shmid_ds; struct sigaction; @@ -464,6 +465,7 @@ typedef int (__sys_timerfd_settime_t)(int, int, const struct itimerspec *, struc typedef int (__sys_kcmp_t)(pid_t, pid_t, int, uintptr_t, uintptr_t); typedef int (__sys_getrlimitusage_t)(u_int, int, rlim_t *); typedef int (__sys_fchroot_t)(int); +typedef int (__sys_setcred_t)(u_int, const struct setcred *, size_t); void __sys_exit(int rval); int __sys_fork(void); @@ -865,6 +867,7 @@ int __sys_timerfd_settime(int fd, int flags, const struct itimerspec * new_value int __sys_kcmp(pid_t pid1, pid_t pid2, int type, uintptr_t idx1, uintptr_t idx2); int __sys_getrlimitusage(u_int which, int flags, rlim_t * res); int __sys_fchroot(int fd); +int __sys_setcred(u_int flags, const struct setcred * wcred, size_t size); __END_DECLS #endif /* __LIBSYS_H_ */ diff --git a/lib/libsys/syscalls.map b/lib/libsys/syscalls.map index 9e748c659c46..cad6e3ff4132 100644 --- a/lib/libsys/syscalls.map +++ b/lib/libsys/syscalls.map @@ -807,4 +807,6 @@ FBSDprivate_1.0 { __sys_getrlimitusage; _fchroot; __sys_fchroot; + _setcred; + __sys_setcred; }; diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index d06381837aad..0f110d5f9ddd 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -662,6 +662,7 @@ #define AUE_AIO_READV 43268 /* FreeBSD-specific. */ #define AUE_FSPACECTL 43269 /* FreeBSD-specific. */ #define AUE_TIMERFD 43270 /* FreeBSD/Linux. */ +#define AUE_SETCRED 43271 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c index 67ebb5d52589..4cd706e16155 100644 --- a/sys/compat/freebsd32/freebsd32_misc.c +++ b/sys/compat/freebsd32/freebsd32_misc.c @@ -86,6 +86,7 @@ #include #include #include +#include #include #include #include @@ -115,6 +116,7 @@ #endif #include +#include #include #include @@ -4174,3 +4176,10 @@ ofreebsd32_sethostid(struct thread *td, struct ofreebsd32_sethostid_args *uap) sizeof(hostid), NULL, 0)); } #endif + +int +freebsd32_setcred(struct thread *td, struct freebsd32_setcred_args *uap) +{ + /* Last argument is 'is_32bit'. */ + return (user_setcred(td, uap->flags, uap->wcred, uap->size, true)); +} diff --git a/sys/compat/freebsd32/freebsd32_proto.h b/sys/compat/freebsd32/freebsd32_proto.h index cbb95f2b835b..ee634943a4f5 100644 --- a/sys/compat/freebsd32/freebsd32_proto.h +++ b/sys/compat/freebsd32/freebsd32_proto.h @@ -694,6 +694,11 @@ struct freebsd32_timerfd_settime_args { char new_value_l_[PADL_(const struct itimerspec32 *)]; const struct itimerspec32 * new_value; char new_value_r_[PADR_(const struct itimerspec32 *)]; char old_value_l_[PADL_(struct itimerspec32 *)]; struct itimerspec32 * old_value; char old_value_r_[PADR_(struct itimerspec32 *)]; }; +struct freebsd32_setcred_args { + char flags_l_[PADL_(u_int)]; u_int flags; char flags_r_[PADR_(u_int)]; + char wcred_l_[PADL_(const struct setcred32 *)]; const struct setcred32 * wcred; char wcred_r_[PADR_(const struct setcred32 *)]; + char size_l_[PADL_(size_t)]; size_t size; char size_r_[PADR_(size_t)]; +}; int freebsd32_wait4(struct thread *, struct freebsd32_wait4_args *); int freebsd32_ptrace(struct thread *, struct freebsd32_ptrace_args *); int freebsd32_recvmsg(struct thread *, struct freebsd32_recvmsg_args *); @@ -811,6 +816,7 @@ int freebsd32_aio_writev(struct thread *, struct freebsd32_aio_writev_args *); int freebsd32_aio_readv(struct thread *, struct freebsd32_aio_readv_args *); int freebsd32_timerfd_gettime(struct thread *, struct freebsd32_timerfd_gettime_args *); int freebsd32_timerfd_settime(struct thread *, struct freebsd32_timerfd_settime_args *); +int freebsd32_setcred(struct thread *, struct freebsd32_setcred_args *); #ifdef COMPAT_43 @@ -1312,6 +1318,7 @@ int freebsd11_freebsd32_fstatat(struct thread *, struct freebsd11_freebsd32_fsta #define FREEBSD32_SYS_AUE_freebsd32_aio_readv AUE_AIO_READV #define FREEBSD32_SYS_AUE_freebsd32_timerfd_gettime AUE_TIMERFD #define FREEBSD32_SYS_AUE_freebsd32_timerfd_settime AUE_TIMERFD +#define FREEBSD32_SYS_AUE_freebsd32_setcred AUE_SETCRED #undef PAD_ #undef PADL_ diff --git a/sys/compat/freebsd32/freebsd32_syscall.h b/sys/compat/freebsd32/freebsd32_syscall.h index a68154ad9c13..b01ea86551d9 100644 --- a/sys/compat/freebsd32/freebsd32_syscall.h +++ b/sys/compat/freebsd32/freebsd32_syscall.h @@ -509,4 +509,5 @@ #define FREEBSD32_SYS_kcmp 588 #define FREEBSD32_SYS_getrlimitusage 589 #define FREEBSD32_SYS_fchroot 590 -#define FREEBSD32_SYS_MAXSYSCALL 591 +#define FREEBSD32_SYS_freebsd32_setcred 591 +#define FREEBSD32_SYS_MAXSYSCALL 592 diff --git a/sys/compat/freebsd32/freebsd32_syscalls.c b/sys/compat/freebsd32/freebsd32_syscalls.c index daf2e217cf03..cf5d42eefb10 100644 --- a/sys/compat/freebsd32/freebsd32_syscalls.c +++ b/sys/compat/freebsd32/freebsd32_syscalls.c @@ -596,4 +596,5 @@ const char *freebsd32_syscallnames[] = { "kcmp", /* 588 = kcmp */ "getrlimitusage", /* 589 = getrlimitusage */ "fchroot", /* 590 = fchroot */ + "freebsd32_setcred", /* 591 = freebsd32_setcred */ }; diff --git a/sys/compat/freebsd32/freebsd32_sysent.c b/sys/compat/freebsd32/freebsd32_sysent.c index d7fe60a8c5f4..a54744d3b260 100644 --- a/sys/compat/freebsd32/freebsd32_sysent.c +++ b/sys/compat/freebsd32/freebsd32_sysent.c @@ -658,4 +658,5 @@ struct sysent freebsd32_sysent[] = { { .sy_narg = AS(kcmp_args), .sy_call = (sy_call_t *)sys_kcmp, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC }, /* 588 = kcmp */ { .sy_narg = AS(getrlimitusage_args), .sy_call = (sy_call_t *)sys_getrlimitusage, .sy_auevent = AUE_NULL, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC }, /* 589 = getrlimitusage */ { .sy_narg = AS(fchroot_args), .sy_call = (sy_call_t *)sys_fchroot, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC }, /* 590 = fchroot */ + { .sy_narg = AS(freebsd32_setcred_args), .sy_call = (sy_call_t *)freebsd32_setcred, .sy_auevent = AUE_SETCRED, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC }, /* 591 = freebsd32_setcred */ }; diff --git a/sys/compat/freebsd32/freebsd32_systrace_args.c b/sys/compat/freebsd32/freebsd32_systrace_args.c index dd82d0f44f6a..39b93074e5be 100644 --- a/sys/compat/freebsd32/freebsd32_systrace_args.c +++ b/sys/compat/freebsd32/freebsd32_systrace_args.c @@ -3385,6 +3385,15 @@ systrace_args(int sysnum, void *params, uint64_t *uarg, int *n_args) *n_args = 1; break; } + /* freebsd32_setcred */ + case 591: { + struct freebsd32_setcred_args *p = params; + uarg[a++] = p->flags; /* u_int */ + uarg[a++] = (intptr_t)p->wcred; /* const struct setcred32 * */ + uarg[a++] = p->size; /* size_t */ + *n_args = 3; + break; + } default: *n_args = 0; break; @@ -9143,6 +9152,22 @@ systrace_entry_setargdesc(int sysnum, int ndx, char *desc, size_t descsz) break; }; break; + /* freebsd32_setcred */ + case 591: + switch (ndx) { + case 0: + p = "u_int"; + break; + case 1: + p = "userland const struct setcred32 *"; + break; + case 2: + p = "size_t"; + break; + default: + break; + }; + break; default: break; }; @@ -11036,6 +11061,11 @@ systrace_return_setargdesc(int sysnum, int ndx, char *desc, size_t descsz) if (ndx == 0 || ndx == 1) p = "int"; break; + /* freebsd32_setcred */ + case 591: + if (ndx == 0 || ndx == 1) + p = "int"; + break; default: break; }; diff --git a/sys/kern/init_sysent.c b/sys/kern/init_sysent.c index 21860f697940..30cf30b8ed29 100644 --- a/sys/kern/init_sysent.c +++ b/sys/kern/init_sysent.c @@ -657,4 +657,5 @@ struct sysent sysent[] = { { .sy_narg = AS(kcmp_args), .sy_call = (sy_call_t *)sys_kcmp, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC }, /* 588 = kcmp */ { .sy_narg = AS(getrlimitusage_args), .sy_call = (sy_call_t *)sys_getrlimitusage, .sy_auevent = AUE_NULL, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC }, /* 589 = getrlimitusage */ { .sy_narg = AS(fchroot_args), .sy_call = (sy_call_t *)sys_fchroot, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC }, /* 590 = fchroot */ + { .sy_narg = AS(setcred_args), .sy_call = (sy_call_t *)sys_setcred, .sy_auevent = AUE_SETCRED, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC }, /* 591 = setcred */ }; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 80503570b776..d5651f671110 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -3955,6 +3955,7 @@ prison_priv_check(struct ucred *cred, int priv) * Allow jailed processes to manipulate process UNIX * credentials in any way they see fit. */ + case PRIV_CRED_SETCRED: case PRIV_CRED_SETUID: case PRIV_CRED_SETEUID: case PRIV_CRED_SETGID: diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index c51210a2b29b..8edbb7f18f1a 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -47,6 +47,7 @@ #include #include +#include #include #include #include @@ -73,6 +74,10 @@ #include #include +#ifdef MAC +#include +#endif + #include #ifdef REGRESSION @@ -484,6 +489,365 @@ done: return (error); } +static int +gidp_cmp(const void *p1, const void *p2) +{ + const gid_t g1 = *(const gid_t *)p1; + const gid_t g2 = *(const gid_t *)p2; + + return ((g1 > g2) - (g1 < g2)); +} + +/* + * Final storage for groups (including the effective GID) will be returned via + * 'groups'. '*groups' must be NULL on input, and if not equal to 'smallgroups' + * on output, must be freed (M_TEMP) *even if* an error is returned. + */ +static int +kern_setcred_copyin_supp_groups(struct setcred *const wcred, + const u_int flags, gid_t *const smallgroups, gid_t **const groups) +{ + MPASS(*groups == NULL); + + if (flags & SETCREDF_SUPP_GROUPS) { + int error; + + /* + * Check for the limit for number of groups right now in order + * to limit the amount of bytes to copy. + */ + if (wcred->sc_supp_groups_nb > ngroups_max) + return (EINVAL); + + /* + * Since we are going to be copying the supplementary groups + * from userland, make room also for the effective GID right + * now, to avoid having to allocate and copy again the + * supplementary groups. + */ + *groups = wcred->sc_supp_groups_nb < CRED_SMALLGROUPS_NB ? + smallgroups : malloc((wcred->sc_supp_groups_nb + 1) * + sizeof(*groups), M_TEMP, M_WAITOK); + + error = copyin(wcred->sc_supp_groups, *groups + 1, + wcred->sc_supp_groups_nb * sizeof(*groups)); + if (error != 0) + return (error); + wcred->sc_supp_groups = *groups + 1; + } else { + wcred->sc_supp_groups_nb = 0; + wcred->sc_supp_groups = NULL; + } + + return (0); +} + +int +user_setcred(struct thread *td, const u_int flags, + const void *const uwcred, const size_t size, bool is_32bit) +{ + struct setcred wcred; +#ifdef MAC + struct mac mac; + /* Pointer to 'struct mac' or 'struct mac32'. */ + void *umac; +#endif + gid_t smallgroups[CRED_SMALLGROUPS_NB]; + gid_t *groups = NULL; + int error; + + /* + * As the only point of this wrapper function is to copyin() from + * userland, we only interpret the data pieces we need to perform this + * operation and defer further sanity checks to kern_setcred(), except + * that we redundantly check here that no unknown flags have been + * passed. + */ + if ((flags & ~SETCREDF_MASK) != 0) + return (EINVAL); + +#ifdef COMPAT_FREEBSD32 + if (is_32bit) { + struct setcred32 wcred32; + + if (size != sizeof(wcred32)) + return (EINVAL); + error = copyin(uwcred, &wcred32, sizeof(wcred32)); + if (error != 0) + return (error); + /* These fields have exactly the same sizes and positions. */ + memcpy(&wcred, &wcred32, &wcred32.setcred32_copy_end - + &wcred32.setcred32_copy_start); + /* Remaining fields are pointers and need PTRIN*(). */ + PTRIN_CP(wcred32, wcred, sc_supp_groups); + PTRIN_CP(wcred32, wcred, sc_label); + } else +#endif /* COMPAT_FREEBSD32 */ + { + if (size != sizeof(wcred)) + return (EINVAL); + error = copyin(uwcred, &wcred, sizeof(wcred)); + if (error != 0) + return (error); + } +#ifdef MAC + umac = wcred.sc_label; +#endif + /* Also done on !MAC as a defensive measure. */ + wcred.sc_label = NULL; + + /* + * Copy supplementary groups as needed. There is no specific + * alternative for 32-bit compatibility as 'gid_t' has the same size + * everywhere. + */ + error = kern_setcred_copyin_supp_groups(&wcred, flags, smallgroups, + &groups); + if (error != 0) + goto free_groups; + +#ifdef MAC + if ((flags & SETCREDF_MAC_LABEL) != 0) { +#ifdef COMPAT_FREEBSD32 + if (is_32bit) + error = mac_label_copyin32(umac, &mac, NULL); + else +#endif + error = mac_label_copyin(umac, &mac, NULL); + if (error != 0) + goto free_groups; + wcred.sc_label = &mac; + } +#endif + + error = kern_setcred(td, flags, &wcred, groups); + +#ifdef MAC + if (wcred.sc_label != NULL) + free_copied_label(wcred.sc_label); +#endif + +free_groups: + if (groups != smallgroups) + free(groups, M_TEMP); + + return (error); +} + +#ifndef _SYS_SYSPROTO_H_ +struct setcred_args { + u_int flags; /* Flags. */ + const struct setcred *wcred; + size_t size; /* Passed 'setcred' structure length. */ +}; +#endif +/* ARGSUSED */ +int +sys_setcred(struct thread *td, struct setcred_args *uap) +{ + return (user_setcred(td, uap->flags, uap->wcred, uap->size, false)); +} + +/* + * CAUTION: This function normalizes groups in 'wcred'. + * + * If 'preallocated_groups' is non-NULL, it must be an already allocated array + * of size 'wcred->sc_supp_groups_nb + 1', with the supplementary groups + * starting at index 1, and 'wcred->sc_supp_groups' then must point to the first + * supplementary group. + */ +int +kern_setcred(struct thread *const td, const u_int flags, + struct setcred *const wcred, gid_t *preallocated_groups) +{ + struct proc *const p = td->td_proc; + struct ucred *new_cred, *old_cred, *to_free_cred; + struct uidinfo *uip = NULL, *ruip = NULL; +#ifdef MAC + void *mac_set_proc_data = NULL; + bool proc_label_set = false; +#endif + gid_t *groups = NULL; + gid_t smallgroups[CRED_SMALLGROUPS_NB]; + int error; + bool cred_set; + + /* Bail out on unrecognized flags. */ + if (flags & ~SETCREDF_MASK) + return (EINVAL); + + /* + * Part 1: We allocate and perform preparatory operations with no locks. + */ + + if (flags & SETCREDF_SUPP_GROUPS) { + if (wcred->sc_supp_groups_nb > ngroups_max) + return (EINVAL); + if (preallocated_groups != NULL) { + groups = preallocated_groups; + MPASS(preallocated_groups + 1 == wcred->sc_supp_groups); + } else { + groups = wcred->sc_supp_groups_nb < CRED_SMALLGROUPS_NB ? + smallgroups : + malloc((wcred->sc_supp_groups_nb + 1) * + sizeof(*groups), M_TEMP, M_WAITOK); + memcpy(groups + 1, wcred->sc_supp_groups, + wcred->sc_supp_groups_nb * sizeof(*groups)); + } + } + + if (flags & SETCREDF_MAC_LABEL) { +#ifdef MAC + error = mac_set_proc_prepare(td, wcred->sc_label, + &mac_set_proc_data); + if (error != 0) + goto free_groups; +#else + error = ENOTSUP; + goto free_groups; +#endif + } + + if (flags & SETCREDF_UID) { + AUDIT_ARG_EUID(wcred->sc_uid); + uip = uifind(wcred->sc_uid); + } + if (flags & SETCREDF_RUID) { + AUDIT_ARG_RUID(wcred->sc_ruid); + ruip = uifind(wcred->sc_ruid); + } + if (flags & SETCREDF_SVUID) + AUDIT_ARG_SUID(wcred->sc_svuid); + + if (flags & SETCREDF_GID) + AUDIT_ARG_EGID(wcred->sc_gid); + if (flags & SETCREDF_RGID) + AUDIT_ARG_RGID(wcred->sc_rgid); + if (flags & SETCREDF_SVGID) + AUDIT_ARG_SGID(wcred->sc_svgid); + if (flags & SETCREDF_SUPP_GROUPS) { + int ngrp = wcred->sc_supp_groups_nb; + + /* + * Output the raw supplementary groups array for better + * traceability. + */ + AUDIT_ARG_GROUPSET(groups + 1, ngrp); + ++ngrp; + groups_normalize(&ngrp, groups); + wcred->sc_supp_groups_nb = ngrp - 1; + } + + /* + * We first completely build the new credentials and only then pass them + * to MAC along with the old ones so that modules can check whether the + * requested transition is allowed. + */ + new_cred = crget(); + to_free_cred = new_cred; + if (flags & SETCREDF_SUPP_GROUPS) + crextend(new_cred, wcred->sc_supp_groups_nb + 1); + +#ifdef MAC + mac_cred_setcred_enter(); +#endif + + /* + * Part 2: We grab the process lock as to have a stable view of its + * current credentials, and prepare a copy of them with the requested + * changes applied under that lock. + */ + + PROC_LOCK(p); + old_cred = crcopysafe(p, new_cred); + + /* + * Change user IDs. + */ + if (flags & SETCREDF_UID) + change_euid(new_cred, uip); + if (flags & SETCREDF_RUID) + change_ruid(new_cred, ruip); + if (flags & SETCREDF_SVUID) + change_svuid(new_cred, wcred->sc_svuid); + + /* + * Change groups. + * + * crsetgroups_internal() changes both the effective and supplementary + * ones. + */ + if (flags & SETCREDF_SUPP_GROUPS) { + groups[0] = flags & SETCREDF_GID ? wcred->sc_gid : + new_cred->cr_gid; + crsetgroups_internal(new_cred, wcred->sc_supp_groups_nb + 1, + groups); + } else if (flags & SETCREDF_GID) + change_egid(new_cred, wcred->sc_gid); + if (flags & SETCREDF_RGID) + change_rgid(new_cred, wcred->sc_rgid); + if (flags & SETCREDF_SVGID) + change_svgid(new_cred, wcred->sc_svgid); + +#ifdef MAC + /* + * Change the MAC label. + */ + if (flags & SETCREDF_MAC_LABEL) { + error = mac_set_proc_core(td, new_cred, mac_set_proc_data); + if (error != 0) + goto unlock_finish; + proc_label_set = true; + } + + /* + * MAC security modules checks. + */ + error = mac_cred_check_setcred(flags, old_cred, new_cred); + if (error != 0) + goto unlock_finish; +#endif + /* + * Privilege check. + */ + error = priv_check_cred(old_cred, PRIV_CRED_SETCRED); + if (error != 0) + goto unlock_finish; + + /* + * Set the new credentials, noting that they have changed. + */ + cred_set = proc_set_cred_enforce_proc_lim(p, new_cred); + if (cred_set) { + setsugid(p); + to_free_cred = old_cred; + MPASS(error == 0); + } else + error = EAGAIN; + +unlock_finish: + PROC_UNLOCK(p); + /* + * Part 3: After releasing the process lock, we perform cleanups and + * finishing operations. + */ + +#ifdef MAC + if (mac_set_proc_data != NULL) + mac_set_proc_finish(td, proc_label_set, mac_set_proc_data); + mac_cred_setcred_exit(); +#endif + crfree(to_free_cred); + if (uip != NULL) + uifree(uip); + if (ruip != NULL) + uifree(ruip); +free_groups: + if (groups != preallocated_groups && groups != smallgroups) + free(groups, M_TEMP); /* Deals with 'groups' being NULL. */ + return (error); +} + /* * Use the clause in B.4.2.2 that allows setuid/setgid to be 4.2/4.3BSD * compatible. It says that setting the uid/gid to euid/egid is a special @@ -859,15 +1223,6 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap) return (error); } -static int -gidp_cmp(const void *p1, const void *p2) -{ - const gid_t g1 = *(const gid_t *)p1; - const gid_t g2 = *(const gid_t *)p2; - - return ((g1 > g2) - (g1 < g2)); -} - /* * CAUTION: This function normalizes 'groups', possibly also changing the value * of '*ngrpp' as a consequence. diff --git a/sys/kern/syscalls.c b/sys/kern/syscalls.c index 414edab93e33..142350ade770 100644 --- a/sys/kern/syscalls.c +++ b/sys/kern/syscalls.c @@ -596,4 +596,5 @@ const char *syscallnames[] = { "kcmp", /* 588 = kcmp */ "getrlimitusage", /* 589 = getrlimitusage */ "fchroot", /* 590 = fchroot */ + "setcred", /* 591 = setcred */ }; diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index e7f577d48426..d3c4f2c64231 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -3346,5 +3346,12 @@ int fd ); } +591 AUE_SETCRED STD|CAPENABLED { + int setcred( + u_int flags, + _In_reads_bytes_(size) _Contains_ptr_ const struct setcred *wcred, + size_t size + ); + } ; vim: syntax=off diff --git a/sys/kern/systrace_args.c b/sys/kern/systrace_args.c index 63c26f605e88..2b4be1065425 100644 --- a/sys/kern/systrace_args.c +++ b/sys/kern/systrace_args.c @@ -3472,6 +3472,15 @@ systrace_args(int sysnum, void *params, uint64_t *uarg, int *n_args) *n_args = 1; break; } + /* setcred */ + case 591: { + struct setcred_args *p = params; + uarg[a++] = p->flags; /* u_int */ + uarg[a++] = (intptr_t)p->wcred; /* const struct setcred * */ + uarg[a++] = p->size; /* size_t */ + *n_args = 3; + break; + } default: *n_args = 0; break; @@ -9288,6 +9297,22 @@ systrace_entry_setargdesc(int sysnum, int ndx, char *desc, size_t descsz) break; }; break; + /* setcred */ + case 591: + switch (ndx) { + case 0: + p = "u_int"; + break; + case 1: + p = "userland const struct setcred *"; + break; + case 2: + p = "size_t"; + break; + default: + break; + }; + break; default: break; }; @@ -11271,6 +11296,11 @@ systrace_return_setargdesc(int sysnum, int ndx, char *desc, size_t descsz) if (ndx == 0 || ndx == 1) p = "int"; break; + /* setcred */ + case 591: + if (ndx == 0 || ndx == 1) + p = "int"; + break; default: break; }; diff --git a/sys/security/mac/mac_cred.c b/sys/security/mac/mac_cred.c index 304265b783f1..5066de277176 100644 --- a/sys/security/mac/mac_cred.c +++ b/sys/security/mac/mac_cred.c @@ -209,6 +209,53 @@ mac_cred_check_relabel(struct ucred *cred, struct label *newlabel) return (error); } +/* + * Entry hook for setcred(). + * + * Called with no lock held by setcred() so that MAC modules may allocate memory + * in preparation for checking privileges. A call to this hook is always + * followed by a matching call to mac_cred_setcred_exit(). Between these two, + * setcred() may or may not call mac_cred_check_setcred(). + */ +void +mac_cred_setcred_enter(void) +{ + MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_enter); +} + +MAC_CHECK_PROBE_DEFINE3(cred_check_setcred, "unsigned int", "struct ucred *", + "struct ucred *"); + +/* + * Check hook for setcred(). + * + * When called, the current process' lock is held. It thus cannot perform + * memory allocations, which must be done in advance in + * mac_cred_setcred_enter(). It *MUST NOT* tamper with the process' lock. + */ +int +mac_cred_check_setcred(u_int flags, const struct ucred *old_cred, + struct ucred *new_cred) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(cred_check_setcred, flags, old_cred, new_cred); + MAC_CHECK_PROBE3(cred_check_setcred, error, flags, old_cred, new_cred); + + return (error); +} + +/* + * Exit hook for setcred(). + * + * Called with no lock held, exactly once per call to mac_cred_setcred_enter(). + */ +void +mac_cred_setcred_exit(void) +{ + MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_exit); +} + MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t"); int diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index c69b9cd64454..8e43f267f368 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -72,6 +72,7 @@ struct mbuf; struct mount; struct msg; struct msqid_kernel; +struct pipepair; struct proc; struct semid_kernel; struct shmfd; @@ -80,7 +81,6 @@ struct sockaddr; struct socket; struct sysctl_oid; struct sysctl_req; -struct pipepair; struct thread; struct timespec; struct ucred; @@ -115,6 +115,10 @@ int mac_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai); int mac_cred_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia); int mac_cred_check_setauid(struct ucred *cred, uid_t auid); +void mac_cred_setcred_enter(void); +int mac_cred_check_setcred(u_int flags, const struct ucred *old_cred, + struct ucred *new_cred); +void mac_cred_setcred_exit(void); int mac_cred_check_setegid(struct ucred *cred, gid_t egid); int mac_cred_check_seteuid(struct ucred *cred, uid_t euid); int mac_cred_check_setgid(struct ucred *cred, gid_t gid); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 084684e57497..66e489060804 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -144,6 +144,10 @@ typedef int (*mpo_cred_check_setaudit_t)(struct ucred *cred, typedef int (*mpo_cred_check_setaudit_addr_t)(struct ucred *cred, struct auditinfo_addr *aia); typedef int (*mpo_cred_check_setauid_t)(struct ucred *cred, uid_t auid); +typedef void (*mpo_cred_setcred_enter_t)(void); +typedef int (*mpo_cred_check_setcred_t)(u_int flags, + const struct ucred *old_cred, struct ucred *new_cred); +typedef void (*mpo_cred_setcred_exit_t)(void); typedef int (*mpo_cred_check_setegid_t)(struct ucred *cred, gid_t egid); typedef int (*mpo_cred_check_seteuid_t)(struct ucred *cred, uid_t euid); typedef int (*mpo_cred_check_setgid_t)(struct ucred *cred, gid_t gid); @@ -720,6 +724,9 @@ struct mac_policy_ops { mpo_cred_check_setaudit_t mpo_cred_check_setaudit; mpo_cred_check_setaudit_addr_t mpo_cred_check_setaudit_addr; mpo_cred_check_setauid_t mpo_cred_check_setauid; + mpo_cred_setcred_enter_t mpo_cred_setcred_enter; + mpo_cred_check_setcred_t mpo_cred_check_setcred; + mpo_cred_setcred_exit_t mpo_cred_setcred_exit; mpo_cred_check_setuid_t mpo_cred_check_setuid; mpo_cred_check_seteuid_t mpo_cred_check_seteuid; mpo_cred_check_setgid_t mpo_cred_check_setgid; @@ -1033,8 +1040,9 @@ struct mac_policy_conf { * 3 7.x * 4 8.x * 5 14.x + * 6 15.x */ -#define MAC_VERSION 5 +#define MAC_VERSION 6 #define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \ static struct mac_policy_conf mpname##_mac_policy_conf = { \ diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index c602c639ec95..a3b0dd01a76b 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -222,6 +222,23 @@ stub_cred_check_setauid(struct ucred *cred, uid_t auid) return (0); } +static void +stub_cred_setcred_enter(void) +{ +} + +static int +stub_cred_check_setcred(u_int flags, const struct ucred *old_cred, + struct ucred *new_cred) +{ + return (0); +} + +static void +stub_cred_setcred_exit(void) +{ +} + static int stub_cred_check_setegid(struct ucred *cred, gid_t egid) { @@ -1688,6 +1705,9 @@ static struct mac_policy_ops stub_ops = .mpo_cred_check_setaudit = stub_cred_check_setaudit, .mpo_cred_check_setaudit_addr = stub_cred_check_setaudit_addr, .mpo_cred_check_setauid = stub_cred_check_setauid, + .mpo_cred_setcred_enter = stub_cred_setcred_enter, + .mpo_cred_check_setcred = stub_cred_check_setcred, + .mpo_cred_setcred_exit = stub_cred_setcred_exit, .mpo_cred_check_setegid = stub_cred_check_setegid, .mpo_cred_check_seteuid = stub_cred_check_seteuid, .mpo_cred_check_setgid = stub_cred_check_setgid, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 7a6a76ce23cc..890b8328055e 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -257,6 +257,32 @@ test_cred_check_setauid(struct ucred *cred, uid_t auid) *** 245 LINES SKIPPED *** From nobody Mon Dec 16 14:46:10 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS24Qzxz5hWfl; Mon, 16 Dec 2024 14:46:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS221L3z4fBv; Mon, 16 Dec 2024 14:46:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360370; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cuGsfF+q+FFmJLnTF1BD7wXNzDNF3SXX/wHE/+DSJAs=; b=ovzn5CwBlJwKztVn/kEES402USZREisshPMWSDkVGW0H+v59xnNAPEzWBQ2zCYKE+LodHO lxACEMbQfuLFSuGlmnS7tkEwunXxqGog4vmCh65rDfsegC/82ZGrI4iq+kTYuu5RDmhJ0R bfPWis9m6wNsLjjyb/7/lR2ShOHYQ7YPEOTPwO5DyT5CwMXkvZV8Go+3tXmftqkNakt9BT fUCDpj0wUMfoLmPqV6zzrDHSBJY9jl4wbfUzbbjATR02ByYyckUa1FXpW2t2VWtRTh5i11 LUWjRjScI88ejLiFW1KZQiUF1x0S5gVtWjWelPDyNLkbO57Hnv1uGP8R/0Q7Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360370; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cuGsfF+q+FFmJLnTF1BD7wXNzDNF3SXX/wHE/+DSJAs=; b=jEknN1P9L0gXjC5idtDaTULYvaJqqpnC8qxVpKN34nglt7i1u+jIUMr2CmKp8LCbpiAIPz CGO5P8HNAhuxUCRaLdN3/h3rOpeaGHBm4o//MSod5PrqsxwRJ5+6Uj9DvNc2klDJeCYbkX A0lORqd4Q20gXmCK1Uul44OMyJvV2lAUDzwftGkdD8fnvdUNC9ieLrDiMIOP4KHyYHWiNn W0OammbRqhuYaX84iGaaBNvKLrcKVnv612g+5rf2VJAyIS8/QpP4ZE6sUX4EabiiZ+2iz3 MFKjPvb6cTcYr58wJL1vXGUs0H/8MAJSMIfjIiSJPj7s3PeUGPMjQIw6lHqDvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360370; a=rsa-sha256; cv=none; b=ERJ1+4ulqWOPZRO3d9UXdcWkPqpALSfNWW4w9/TP2UpfVTlgL3bYqzqxMcfFbfAa3qqxZs AvQKUJToVi5BE+eNKKHDoBpb35OJ8KPp4q3Cbf6eSaYIzyJ/SDYTk20e3EVILfG5A52zVo Y0HPjvBlYN5ySHfwERjlSiYrjmWYeCCckCgppVYRiuCSoBcoBoHpvD8+lc1XHJXcPg9ACX vp6UGKmNwfVgWRhTXhozbmNIz1Ee4Q32PQm1aNYnkC0w443VkGLIl1sf3apRIUOErUFU++ u6PbLyffUGV7ieLVmGocNpHkuoAdBEkrC40rjGCd2vVmTg+6RNq/8/EuDEmqjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS21dj5zxnP; Mon, 16 Dec 2024 14:46:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkAab054009; Mon, 16 Dec 2024 14:46:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkALn054006; Mon, 16 Dec 2024 14:46:10 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:10 GMT Message-Id: <202412161446.4BGEkALn054006@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 3d8d91a5b32c - main - MAC/do: Introduce rules reference counting List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3d8d91a5b32c219c7ee47840dcacbaf8c7480267 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=3d8d91a5b32c219c7ee47840dcacbaf8c7480267 commit 3d8d91a5b32c219c7ee47840dcacbaf8c7480267 Author: Olivier Certner AuthorDate: 2024-07-19 15:30:00 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:39 +0000 MAC/do: Introduce rules reference counting This is going to be used in subsequent commits to keep rules alive even if disconnected from their jail in the meantime. We'll indeed have to release the prison lock between two uses (outright rejection, final granting) where the rules must absolutely stay the same for security reasons. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47619 --- sys/security/mac_do/mac_do.c | 63 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index decfb3c756f0..7527732eae1a 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -159,8 +160,9 @@ struct rule { TAILQ_HEAD(rulehead, rule); struct rules { - char string[MAC_RULE_STRING_LEN]; - struct rulehead head; + char string[MAC_RULE_STRING_LEN]; + struct rulehead head; + volatile u_int use_count __aligned(CACHE_LINE_SIZE); }; /* @@ -327,6 +329,7 @@ alloc_rules(void) _Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!"); rules->string[0] = 0; TAILQ_INIT(&rules->head); + rules->use_count = 0; return (rules); } @@ -1027,16 +1030,46 @@ find_rules(struct prison *const pr, struct prison **const aprp) return (rules); } +static void +hold_rules(struct rules *const rules) +{ + refcount_acquire(&rules->use_count); +} + +static void +drop_rules(struct rules *const rules) +{ + if (refcount_release(&rules->use_count)) + toast_rules(rules); +} + +#ifdef INVARIANTS +static void +check_rules_use_count(const struct rules *const rules, u_int expected) +{ + const u_int use_count = refcount_load(&rules->use_count); + + if (use_count != expected) + panic("MAC/do: Rules at %p: Use count is %u, expected %u", + rules, use_count, expected); +} +#else +#define check_rules_use_count(...) +#endif /* INVARIANTS */ + /* * OSD destructor for slot 'osd_jail_slot'. * - * Called with 'value' not NULL. + * Called with 'value' not NULL. We have arranged that it is only ever called + * when the corresponding jail goes down or at module unload. */ static void dealloc_osd(void *const value) { struct rules *const rules = value; + /* No one should be using the rules but us at this point. */ + check_rules_use_count(rules, 1); toast_rules(rules); } @@ -1051,10 +1084,28 @@ dealloc_osd(void *const value) static void remove_rules(struct prison *const pr) { + struct rules *old_rules; + int error __unused; + prison_lock(pr); - /* This calls destructor dealloc_osd(). */ + /* + * We go to the burden of extracting rules first instead of just letting + * osd_jail_del() calling dealloc_osd() as we want to decrement their + * use count, and possibly free them, outside of the prison lock. + */ + old_rules = osd_jail_get(pr, osd_jail_slot); + error = osd_jail_set(pr, osd_jail_slot, NULL); + /* osd_set() never fails nor allocate memory when 'value' is NULL. */ + MPASS(error == 0); + /* + * This completely frees the OSD slot, but doesn't call the destructor + * since we've just put NULL in the slot. + */ osd_jail_del(pr, osd_jail_slot); prison_unlock(pr); + + if (old_rules != NULL) + drop_rules(old_rules); } /* @@ -1066,6 +1117,8 @@ set_rules(struct prison *const pr, struct rules *const rules) struct rules *old_rules; void **rsv; + check_rules_use_count(rules, 0); + hold_rules(rules); rsv = osd_reserve(osd_jail_slot); prison_lock(pr); @@ -1073,7 +1126,7 @@ set_rules(struct prison *const pr, struct rules *const rules) osd_jail_set_reserved(pr, osd_jail_slot, rsv, rules); prison_unlock(pr); if (old_rules != NULL) - toast_rules(old_rules); + drop_rules(old_rules); } /* From nobody Mon Dec 16 14:46:11 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS35hPtz5hWTq; Mon, 16 Dec 2024 14:46:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS32bc8z4fFW; Mon, 16 Dec 2024 14:46:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DbB9dzxkjrsqvHwffomEF+sC2dQz0XEFapgpzRXUH0g=; b=iOSTE/CjpICOXi0fGSmEYVwmiwMh8jlzlusYdczgQYsjEoPUHReOi29a9VGJaFhXnMm05O 0ctlHxdj2X4UqcJGnf361IwyeV+8w8VEKySgseGODOfVhk/Ndmwcl08+1xDZbxYytULwZ9 lBWIDGDAQOmST5Be2JqtpCEpXtcbmsee2tDsak0WkOka/AqVgaTw0G7karxnt3Q2ExZtPK eoctvfwA/C5OL64Apg0n6xsrdFGaajZ/HUYnpf+R9i4X+WcoPRmKcy0LakLEu00Eyi7vMk IlIuYnJBfTnK2LztIcdEmoV98RESoGMpMS/lH3KLi70wuA52vaglzzy423YTWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DbB9dzxkjrsqvHwffomEF+sC2dQz0XEFapgpzRXUH0g=; b=oakYX3HqWqZ+14YiWbNkLWAtxGkmPRDUKGkcSECzHWxQAEIuyglYNX8DH353srcX6s7XRq 41sgTynEP7jo4meS4+oC8WPvTApyhCrcEixglLdoaSOHyh/UybneTpNHK7wHhGEZUTSPXS 20zbdsD2ybGOon1VEMXUho4ELdzMrWif1T724G0CuS1PYF6vHxO2feMYaMqHhI8mqhgqvH fNTqoh/yFB1poyfVAGyrFDGP6kSqaMjbLDDCn6fT7SpfshAeusyOQBqqO4yfoGBYcycg/r O09kb6pE7RW9VvjY5rYIuyljX8HPiYSlt223Ay2nXQm8Vg5Kvsx4bHWWxRRaAg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360371; a=rsa-sha256; cv=none; b=p5v57/8cGXk/3WWJy/pp+bqCmloUe4xN78RyzWXzzmbTESQkXvX7laN8gMq2p+gD0CQ85u qnbVtK+RhxMLqPGtUYLcnLVuNHRtc2SaSNu8MlB3X5qa4h1IjtH0W+PXkC3uKo3xbV2cP3 YdNXE+c5PYmhNBWR+XZe9cFOb4we627hsJ2g4G0XcEdrYpqM7hhWEXYjDPN3EiwCPr0ELw XPCwKzso0j/4WSM1jM4hz1rcBCj6aXlw8CqZEOE6JW2cH0UhAW5xgDQIYXz0XoRF9rtDUi E7rnUofi8a/KONsVV3e0oFf25xtrKDEBd9vg0dipv7B3AOsSSUfIktDZa869XQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS323lyzx0Q; Mon, 16 Dec 2024 14:46:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkBLf054062; Mon, 16 Dec 2024 14:46:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkB7R054059; Mon, 16 Dec 2024 14:46:11 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:11 GMT Message-Id: <202412161446.4BGEkB7R054059@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 8f7e8726e3f5 - main - MAC/do: Interpret the new rules specification; Monitor setcred() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8f7e8726e3f5f20b9eed0ad12fc2d2a4ec304d14 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8f7e8726e3f5f20b9eed0ad12fc2d2a4ec304d14 commit 8f7e8726e3f5f20b9eed0ad12fc2d2a4ec304d14 Author: Olivier Certner AuthorDate: 2024-07-22 14:11:34 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:39 +0000 MAC/do: Interpret the new rules specification; Monitor setcred() TL;DR: Now monitor setcred() calls, and reject or grant them according to the new rules specification. Drop monitoring setuid() and setgroups(). As previously explained in the commit introducing the setcred() system call, MAC/do must know the entire new credentials while the old ones are still available to be able to approve or reject the requested changes. To this end, the chosen approach was to introduce a new system call, setcred(), instead of modifying existing ones to be able to participate in a "prepare than commit"-like protocol. ****** The MAC framework typically calls several hooks of its registered policies as part of the privilege checking/granting process. Each system call calls some dedicated hook early, to which it usually passes the same arguments it received, whose goal is to forcibly deny access to the functionality when needed (i.e., a single deny by any policy globally denies the access). Then, the system call usually calls priv_check() or priv_check_cred() an unspecified number of times, each of which may trigger calls to two generic MAC hooks. The first such call is to mac_priv_check(), and always happens. Its role is to deny access early and forcibly, as can be done also in system calls' dedicated early hooks (with different reach, however). The second, mac_priv_grant(), is called only if the priv_check*() and prison_priv_check() generic code doesn't handle the request by itself, i.e., doesn't explicitly grant access (to the super user, or to all users for a few specific privileges). It allows any single policy to grant the requested access (regardless of whether the other policies do so or not). MAC/do currently only has an effect on processes spawned from the '/usr/bin/mdo' executable. It implements all setcred() hooks, called via mac_cred_setcred_enter(), mac_cred_check_setcred() and mac_cred_setcred_exit(). In the first one, implemented in mac_do_setcred_enter(), it checks if MAC/do has to apply to the current process, allocates (or re-uses) per-thread data to be later used by the other hooks (those of setcred() and the mac_priv_grant() one, called by priv_check*()) and fills them with the current context (the rules to apply). This is both because memory allocations cannot be performed while holding the process lock and to ensure that all hooks called by a single setcred() see the same rules to apply (not doing this would be a security hazard as rules are concurrently changed by the administrator, as explained in more details below). In the second one (implemented by mac_do_check_setcred()), it stores in MAC/do's per-thread data the new credentials. Indeed, the next MAC/do's hook implementation to be called, mac_do_priv_grant() (implementing the mac_priv_grant() hook) must have knowledge of the new credentials that setcred() wants to install in order to validate them (or not), which the MAC framework can't provide as the priv_check*() API only passes the current credentials and a specific privilege number to the mac_priv_check() and mac_priv_grant() hooks. By contrast, the very point of MAC/do is to grant the privilege of changing credentials not only based on the current ones but also on the seeked-for ones. The MAC framework's constraints that mac_priv_grant() hooks are called without context and that MAC modules must compose (each module may implement any of the available hooks, and in particular those of setcred()) impose some aspects of MAC/do's design. Because MAC/do's rules are tied to jails, accessing the current rules requires holding the corresponding jail's lock. As other policies might try to grab the same jail's lock in the same hooks, it is not possible to keep the rules' jail's lock between mac_do_setcred_enter() and mac_do_priv_grant() to ensure that the rules are still alive. We have thus augmented 'struct rules' with a reference count, and its lifecyle is now decoupled from being referenced or not by a jail. As a thread enters mac_cred_setcred_enter(), it grabs a hold on the current rules and keeps a pointer to them in the per-thread data. In its mac_do_setcred_exit(), MAC/do just "frees" the per-thread data, in particular by dropping the referenced rules (we wrote "frees" within guillemets, as in fact the per-thread structure is reused, and only freed when a thread exits or the module is unloaded). Additionally, ensuring that all hooks have a consistent view of the rules to apply might become crucial if we augment MAC/do with forceful access denial policies in the future (i.e., policies that forcibly disable access regardless of other MAC policies wanting to grant that access). Indeed, without the above-mentioned design, if newly installed rules start to forcibly deny some specific transitions, and some thread is past the mac_cred_check_setcred() hook but before the mac_priv_grant() one, the latter may grant some privileges that should have been rejected first by the former (depending on the content of user-supplied rules). A previous version of this change used to implement access denial mandated by the '!' and '-' GID flags in mac_do_check_setcred() with the goal to have this rejection prevail over potential other MAC modules authorizing the transition. However, this approach had two drawbacks. First, it was incompatible both conceptually and in the current implementation with multiple rules being treated as an inclusive disjunction, where any single rule granting access is enough for MAC/do to grant access. Explicit denial requested by one matching rule could prevent another rule from granting access. The implementation could have been fixed, but the conflation of rules being considered as disjoint for explicit granting but conjunct for forced denial would have remained. Second, MAC/do applies only to processes spawned from a particular executable, and imposing system-wide restrictions on only these processes is conceptually strange and probably not very useful. In the end, we moved the implementation of explicit access denial into mac_do_priv_grant(), along with the interpretation of other target clauses. The separate definition of 'struct mac_do_data_header' may seem odd, as it is only used in 'struct mac_do_setcred_data'. It is a remnant of an earlier version that was not using setcred(), but rather implemented hooks for setuid() and setgroups(). We however kept it, as it clearly separates the machinery to pass data from dedicated system call hooks to priv_grant() from the actual data that MAC/do needs to monitor a call to setcred() specifically. It may be useful in the future if we evolve MAC/do to also grant privileges through other system calls (each seen as a complete credentials transition on its own). The target supplementary groups are checked with merge-like algorithms leveraging the fact that all supplementary groups in credentials ('struct ucred') and in each rule ('struct rule') are sorted, avoiding to start a binary search for each considered GID which is asymptotically more costly. All access granting/denial is thus at most linear and in at most the sum of the number of requested groups, currently held ones and those contained in the rule, per applicable rule. This should be enough in all practical cases. There is however still room for more optimizations, without or with changes in rules' data structures, if the need ever arises. Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47620 --- sys/security/mac_do/mac_do.c | 712 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 618 insertions(+), 94 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 7527732eae1a..2ce608c754bc 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -45,6 +45,7 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do"); #define MAC_RULE_STRING_LEN 1024 static unsigned osd_jail_slot; +static unsigned osd_thread_slot; #define IT_INVALID 0 /* Must stay 0. */ #define IT_UID 1 @@ -1064,11 +1065,24 @@ check_rules_use_count(const struct rules *const rules, u_int expected) * when the corresponding jail goes down or at module unload. */ static void -dealloc_osd(void *const value) +dealloc_jail_osd(void *const value) { struct rules *const rules = value; - /* No one should be using the rules but us at this point. */ + /* + * If called because the "holding" jail goes down, no one should be + * using the rules but us at this point because no threads of that jail + * (or its sub-jails) should currently be executing (in particular, + * currently executing setcred()). The case of module unload is more + * complex. Although the MAC framework takes care that no hook is + * called while a module is unloading, the unload could happen between + * two calls to MAC hooks in the course of, e.g., executing setcred(), + * where the rules' reference count has been bumped to keep them alive + * even if the rules on the "holding" jail has been concurrently + * changed. These other references are held in our thread OSD slot, so + * we ensure that all thread's slots are freed first in mac_do_destroy() + * to be able to check that only one reference remains. + */ check_rules_use_count(rules, 1); toast_rules(rules); } @@ -1090,8 +1104,8 @@ remove_rules(struct prison *const pr) prison_lock(pr); /* * We go to the burden of extracting rules first instead of just letting - * osd_jail_del() calling dealloc_osd() as we want to decrement their - * use count, and possibly free them, outside of the prison lock. + * osd_jail_del() calling dealloc_jail_osd() as we want to decrement + * their use count, and possibly free them, outside of the prison lock. */ old_rules = osd_jail_get(pr, osd_jail_slot); error = osd_jail_set(pr, osd_jail_slot, NULL); @@ -1398,7 +1412,7 @@ mac_do_jail_set(void *obj, void *data) * OSD jail methods. * * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail - * code (see prison_cleanup()), which triggers a run of our dealloc_osd() + * code (see prison_cleanup()), which triggers a run of our dealloc_jail_osd() * destructor. */ static const osd_method_t osd_methods[PR_MAXMETHOD] = { @@ -1409,148 +1423,658 @@ static const osd_method_t osd_methods[PR_MAXMETHOD] = { }; -static void -mac_do_init(struct mac_policy_conf *mpc) +/* + * Common header structure. + * + * Each structure that is used to pass information between some MAC check + * function and priv_grant() must start with this header. + */ +struct mac_do_data_header { + /* Size of the allocated buffer holding the containing structure. */ + size_t allocated_size; + /* Full size of the containing structure. */ + size_t size; + /* + * For convenience, we use privilege numbers as an identifier for the + * containing structure's type, since there is one distinct privilege + * for each privilege changing function we are supporting. 0 in 'priv' + * indicates this header is uninitialized. + */ + int priv; + /* Rules to apply. */ + struct rules *rules; +}; + +/* + * The case of unusable or absent per-thread data can actually happen as nothing + * prevents, e.g., priv_check*() with privilege 'priv' to be called standalone, + * as it is currently by, e.g., the Linux emulator for PRIV_CRED_SETUID. We + * interpret such calls to priv_check*() as full, unrestricted requests for + * 'priv', contrary to what we're doing here for selected operations, and + * consequently will not grant the requested privilege. + * + * Also, we protect ourselves from a concurrent change of 'do_enabled' while + * a call to setcred() is in progress by storing the rules per-thread + * which is then consulted by each successive hook so that they all have + * a coherent view of the specifications, and we empty the slot (actually, mark + * it as empty) when MAC/do is disabled. + */ +static int +check_data_usable(const void *const data, const size_t size, const int priv) { - struct prison *pr; + const struct mac_do_data_header *const hdr = data; - osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods); - set_empty_rules(&prison0); - sx_slock(&allprison_lock); - TAILQ_FOREACH(pr, &allprison, pr_list) - set_empty_rules(pr); - sx_sunlock(&allprison_lock); + if (hdr == NULL || hdr->priv == 0) + return (ENOENT); + /* + * Impacting changes in the protocols we are based on... Don't crash in + * production. + */ + if (hdr->priv != priv) { + MPASS(hdr->priv == priv); + return (EBUSY); + } + MPASS(hdr->size == size); + MPASS(hdr->size <= hdr->allocated_size); + return (0); } static void -mac_do_destroy(struct mac_policy_conf *mpc) +clear_data(void *const data) { - osd_jail_deregister(osd_jail_slot); + struct mac_do_data_header *const hdr = data; + + if (hdr != NULL) { + drop_rules(hdr->rules); + /* We don't deallocate so as to save time on next access. */ + hdr->priv = 0; + } +} + +static void * +fetch_data(void) +{ + return (osd_thread_get_unlocked(curthread, osd_thread_slot)); } static bool -rule_applies(struct ucred *cred, struct rule *r) +is_data_reusable(const void *const data, const size_t size) { - if (r->from_type == IT_UID && r->from_id == cred->cr_uid) - return (true); - if (r->from_type == IT_GID && groupmember(r->from_id, cred)) - return (true); - return (false); + const struct mac_do_data_header *const hdr = data; + + return (hdr != NULL && size <= hdr->allocated_size); } +static void +set_data_header(void *const data, const size_t size, const int priv, + struct rules *const rules) +{ + struct mac_do_data_header *const hdr = data; + + MPASS(hdr->priv == 0); + MPASS(priv != 0); + MPASS(size <= hdr->allocated_size); + hdr->size = size; + hdr->priv = priv; + hdr->rules = rules; +} + +/* The proc lock (and any other non-sleepable lock) must not be held. */ +static void * +alloc_data(void *const data, const size_t size) +{ + struct mac_do_data_header *const hdr = realloc(data, size, M_DO, + M_WAITOK); + + MPASS(size >= sizeof(struct mac_do_data_header)); + hdr->allocated_size = size; + hdr->priv = 0; + if (hdr != data) { + /* + * This call either reuses the existing memory allocated for the + * slot or tries to allocate some without blocking. + */ + int error = osd_thread_set(curthread, osd_thread_slot, hdr); + + if (error != 0) { + /* Going to make a M_WAITOK allocation. */ + void **const rsv = osd_reserve(osd_thread_slot); + + error = osd_thread_set_reserved(curthread, + osd_thread_slot, rsv, hdr); + MPASS(error == 0); + } + } + return (hdr); +} + +/* Destructor for 'osd_thread_slot'. */ +static void +dealloc_thread_osd(void *const value) +{ + free(value, M_DO); +} + +/* + * Whether to grant access to some primary group according to flags. + * + * The passed 'flags' must be those of a rule's matching GID, or the IT_GID type + * flags when MDF_CURRENT has been matched. + * + * Return values: + * - 0: Access granted. + * - EJUSTRETURN: Flags are agnostic. + */ static int -mac_do_priv_grant(struct ucred *cred, int priv) +grant_primary_group_from_flags(const flags_t flags) { - struct rule *r; - struct prison *pr; - struct rules *rule; + return ((flags & MDF_PRIMARY) != 0 ? 0 : EJUSTRETURN); +} - if (do_enabled == 0) - return (EPERM); +/* + * Same as grant_primary_group_from_flags(), but for supplementary groups. + * + * Return values: + * - 0: Access granted. + * - EJUSTRETURN: Flags are agnostic. + * - EPERM: Access denied. + */ +static int +grant_supplementary_group_from_flags(const flags_t flags) +{ + if ((flags & MDF_SUPP_MASK) != 0) + return ((flags & MDF_SUPP_DONT) != 0 ? EPERM : 0); - rule = find_rules(cred->cr_prison, &pr); - TAILQ_FOREACH(r, &rule->head, r_entries) { - if (rule_applies(cred, r)) { - switch (priv) { - case PRIV_CRED_SETGROUPS: - case PRIV_CRED_SETUID: - prison_unlock(pr); - return (0); - default: + return (EJUSTRETURN); +} + +static int +rule_grant_supplementary_groups(const struct rule *const rule, + const struct ucred *const old_cred, const struct ucred *const new_cred) +{ + const gid_t *const old_groups = old_cred->cr_groups; + const gid_t *const new_groups = new_cred->cr_groups; + const int old_ngroups = old_cred->cr_ngroups; + const int new_ngroups = new_cred->cr_ngroups; + const flags_t gid_flags = rule->gid_flags; + const bool current_has_supp = (gid_flags & MDF_CURRENT) != 0 && + (gid_flags & MDF_SUPP_MASK) != 0; + id_nb_t rule_idx = 0; + int old_idx = 1, new_idx = 1; + + if ((gid_flags & MDF_ANY_SUPP) != 0 && + (gid_flags & MDF_MAY_REJ_SUPP) == 0) + /* + * Any set of supplementary groups is accepted, no need to loop + * over them. + */ + return (0); + + for (; new_idx < new_ngroups; ++new_idx) { + const gid_t gid = new_groups[new_idx]; + bool may_accept = false; + + if ((gid_flags & MDF_ANY_SUPP) != 0) + may_accept = true; + + /* Do we have to check for the current supplementary groups? */ + if (current_has_supp) { + /* + * Linear search, as both supplementary groups arrays + * are sorted. Advancing 'old_idx' with a binary search + * on absence of MDF_SUPP_MUST doesn't seem worth it in + * practice. + */ + for (; old_idx < old_ngroups; ++old_idx) { + const gid_t old_gid = old_groups[old_idx]; + + if (old_gid < gid) { + /* Mandatory but absent. */ + if ((gid_flags & MDF_SUPP_MUST) != 0) + return (EPERM); + } else if (old_gid == gid) { + switch (gid_flags & MDF_SUPP_MASK) { + case MDF_SUPP_DONT: + /* Present but forbidden. */ + return (EPERM); + case MDF_SUPP_ALLOW: + case MDF_SUPP_MUST: + may_accept = true; + break; + default: +#ifdef INVARIANTS + __assert_unreachable(); +#else + /* Better be safe than sorry. */ + return (EPERM); +#endif + } + ++old_idx; + break; + } + else + break; + } + } + + /* + * Search by GID for a corresponding 'struct id_spec'. + * + * Again, linear search, with same note on not using binary + * search optimization as above (the trigger would be absence of + * MDF_EXPLICIT_SUPP_MUST this time). + */ + for (; rule_idx < rule->gids_nb; ++rule_idx) { + const struct id_spec is = rule->gids[rule_idx]; + + if (is.id < gid) { + /* Mandatory but absent. */ + if ((is.flags & MDF_SUPP_MUST) != 0) + return (EPERM); + } else if (is.id == gid) { + switch (is.flags & MDF_SUPP_MASK) { + case MDF_SUPP_DONT: + /* Present but forbidden. */ + return (EPERM); + case MDF_SUPP_ALLOW: + case MDF_SUPP_MUST: + may_accept = true; + break; + case 0: + /* Primary group only. */ + break; + default: +#ifdef INVARIANTS + __assert_unreachable(); +#else + /* Better be safe than sorry. */ + return (EPERM); +#endif + } + ++rule_idx; break; } + else + break; } + + /* 'gid' wasn't explicitly accepted. */ + if (!may_accept) + return (EPERM); } - prison_unlock(pr); - return (EPERM); + + /* + * If we must have all current groups and we didn't browse all + * of them at this point (because the remaining ones have GIDs + * greater than the last requested group), we are simply missing + * them. + */ + if ((gid_flags & MDF_CURRENT) != 0 && + (gid_flags & MDF_SUPP_MUST) != 0 && + old_idx < old_ngroups) + return (EPERM); + /* + * Similarly, we have to finish browsing all GIDs from the rule + * in case some are marked mandatory. + */ + if ((gid_flags & MDF_EXPLICIT_SUPP_MUST) != 0) { + for (; rule_idx < rule->gids_nb; ++rule_idx) { + const struct id_spec is = rule->gids[rule_idx]; + + if ((is.flags & MDF_SUPP_MUST) != 0) + return (EPERM); + } + } + + return (0); } static int -mac_do_check_setgroups(struct ucred *cred, int ngrp, gid_t *groups) +rule_grant_primary_group(const struct rule *const rule, + const struct ucred *const old_cred, const gid_t gid) { - struct rule *r; - char *fullpath = NULL; - char *freebuf = NULL; - struct prison *pr; - struct rules *rule; + struct id_spec gid_is = {.flags = 0}; + const struct id_spec *found_is; + int error; - if (do_enabled == 0) - return (0); - if (cred->cr_uid == 0) + if ((rule->gid_flags & MDF_ANY) != 0) return (0); - if (vn_fullpath(curproc->p_textvp, &fullpath, &freebuf) != 0) - return (EPERM); - if (strcmp(fullpath, "/usr/bin/mdo") != 0) { - free(freebuf, M_TEMP); - return (EPERM); + /* Was MDF_CURRENT specified, and is 'gid' a current GID? */ + if ((rule->gid_flags & MDF_CURRENT) != 0 && + group_is_primary(gid, old_cred)) { + error = grant_primary_group_from_flags(rule->gid_flags); + if (error == 0) + return (0); } - free(freebuf, M_TEMP); - rule = find_rules(cred->cr_prison, &pr); - TAILQ_FOREACH(r, &rule->head, r_entries) { - if (rule_applies(cred, r)) { - prison_unlock(pr); + /* Search by GID for a corresponding 'struct id_spec'. */ + gid_is.id = gid; + found_is = bsearch(&gid_is, rule->gids, rule->gids_nb, + sizeof(*rule->gids), id_spec_cmp); + + if (found_is != NULL) { + error = grant_primary_group_from_flags(found_is->flags); + if (error == 0) return (0); - } } - prison_unlock(pr); return (EPERM); } static int -mac_do_check_setuid(struct ucred *cred, uid_t uid) +rule_grant_primary_groups(const struct rule *const rule, + const struct ucred *const old_cred, const struct ucred *const new_cred) { - struct rule *r; - char *fullpath = NULL; - char *freebuf = NULL; - struct prison *pr; - struct rules *rule; - struct id_spec uid_is = {.id = uid}; int error; - if (do_enabled == 0) + /* Shortcut. */ + if ((rule->gid_flags & MDF_ANY) != 0) + return (0); + + error = rule_grant_primary_group(rule, old_cred, new_cred->cr_gid); + if (error != 0) + return (error); + error = rule_grant_primary_group(rule, old_cred, new_cred->cr_rgid); + if (error != 0) + return (error); + error = rule_grant_primary_group(rule, old_cred, new_cred->cr_svgid); + if (error != 0) + return (error); + return (0); +} + +static bool +user_is_current(const uid_t uid, const struct ucred *const old_cred) +{ + return (uid == old_cred->cr_uid || uid == old_cred->cr_ruid || + uid == old_cred->cr_svuid); +} + +static int +rule_grant_user(const struct rule *const rule, + const struct ucred *const old_cred, const uid_t uid) +{ + struct id_spec uid_is = {.flags = 0}; + const struct id_spec *found_is; + + if ((rule->uid_flags & MDF_ANY) != 0) + return (0); + + /* Was MDF_CURRENT specified, and is 'uid' a current UID? */ + if ((rule->uid_flags & MDF_CURRENT) != 0 && + user_is_current(uid, old_cred)) + return (0); + + /* Search by UID for a corresponding 'struct id_spec'. */ + uid_is.id = uid; + found_is = bsearch(&uid_is, rule->uids, rule->uids_nb, + sizeof(*rule->uids), id_spec_cmp); + + if (found_is != NULL) return (0); - if (cred->cr_uid == uid || cred->cr_uid == 0 || cred->cr_ruid == 0) + + return (EPERM); +} + +static int +rule_grant_users(const struct rule *const rule, + const struct ucred *const old_cred, const struct ucred *const new_cred) +{ + int error; + + /* Shortcut. */ + if ((rule->uid_flags & MDF_ANY) != 0) return (0); - if (vn_fullpath(curproc->p_textvp, &fullpath, &freebuf) != 0) + error = rule_grant_user(rule, old_cred, new_cred->cr_uid); + if (error != 0) + return (error); + error = rule_grant_user(rule, old_cred, new_cred->cr_ruid); + if (error != 0) + return (error); + error = rule_grant_user(rule, old_cred, new_cred->cr_svuid); + if (error != 0) + return (error); + + return (0); +} + +static int +rule_grant_setcred(const struct rule *const rule, + const struct ucred *const old_cred, const struct ucred *const new_cred) +{ + int error; + + error = rule_grant_users(rule, old_cred, new_cred); + if (error != 0) + return (error); + error = rule_grant_primary_groups(rule, old_cred, new_cred); + if (error != 0) + return (error); + error = rule_grant_supplementary_groups(rule, old_cred, new_cred); + if (error != 0) + return (error); + + return (0); +} + +static bool +rule_applies(const struct rule *const rule, const struct ucred *const cred) +{ + if (rule->from_type == IT_UID && rule->from_id == cred->cr_uid) + return (true); + if (rule->from_type == IT_GID && groupmember(rule->from_id, cred)) + return (true); + return (false); +} + +/* + * To pass data between check_setcred() and priv_grant() (on PRIV_CRED_SETCRED). + */ +struct mac_do_setcred_data { + struct mac_do_data_header hdr; + const struct ucred *new_cred; + u_int setcred_flags; +}; + +static int +mac_do_priv_grant(struct ucred *cred, int priv) +{ + struct mac_do_setcred_data *const data = fetch_data(); + const struct rules *rules; + const struct ucred *new_cred; + const struct rule *rule; + u_int setcred_flags; + int error; + + /* Bail out fast if we aren't concerned. */ + if (priv != PRIV_CRED_SETCRED) return (EPERM); - if (strcmp(fullpath, "/usr/bin/mdo") != 0) { - free(freebuf, M_TEMP); + + /* + * Do we have to do something? + */ + if (check_data_usable(data, sizeof(*data), priv) != 0) + /* No. */ return (EPERM); - } - free(freebuf, M_TEMP); + rules = data->hdr.rules; + new_cred = data->new_cred; + KASSERT(new_cred != NULL, + ("priv_check*() called before mac_cred_check_setcred()")); + setcred_flags = data->setcred_flags; + + /* + * Explicitly check that only the flags we currently support are present + * in order to avoid accepting transitions with other changes than those + * we are actually going to check. Currently, this rules out the + * SETCREDF_MAC_LABEL flag. This may be improved by adding code + * actually checking whether the requested label and the current one + * would differ. + */ + if ((setcred_flags & ~(SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID | + SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID | + SETCREDF_SUPP_GROUPS)) != 0) + return (EPERM); + + /* + * Browse rules, and for those that match the requestor, call specific + * privilege granting functions interpreting the "to"/"target" part. + */ error = EPERM; - rule = find_rules(cred->cr_prison, &pr); - TAILQ_FOREACH(r, &rule->head, r_entries) { - if (!((r->from_type == IT_UID && cred->cr_uid == r->from_id) || - (r->from_type == IT_GID && groupmember(r->from_id, cred)))) - continue; + TAILQ_FOREACH(rule, &rules->head, r_entries) + if (rule_applies(rule, cred)) { + error = rule_grant_setcred(rule, cred, new_cred); + if (error != EPERM) + break; + } - if (r->uid_flags & MDF_ANY || - ((r->uid_flags & MDF_CURRENT) && (uid == cred->cr_uid || - uid == cred->cr_ruid || uid == cred->cr_svuid)) || - bsearch(&uid_is, r->uids, r->uids_nb, sizeof(*r->uids), - id_spec_cmp) != NULL) { - error = 0; - break; - } - } - prison_unlock(pr); return (error); } +static int +check_proc(void) +{ + char *path, *to_free; + int error; + + /* + * Only grant privileges if requested by the right executable. + * + * XXXOC: We may want to base this check on a tunable path and/or + * a specific MAC label. Going even further, e.g., envisioning to + * completely replace the path check with the latter, we would need to + * install FreeBSD on a FS with multilabel enabled by default, which in + * practice entails adding an option to ZFS to set MNT_MULTILABEL + * automatically on mounts, ensuring that root (and more if using + * different partitions) ZFS or UFS filesystems are created with + * multilabel turned on, and having the installation procedure support + * setting a MAC label per file (perhaps via additions to mtree(1)). So + * this probably isn't going to happen overnight, if ever. + */ + if (vn_fullpath(curproc->p_textvp, &path, &to_free) != 0) + return (EPERM); + error = strcmp(path, "/usr/bin/mdo") == 0 ? 0 : EPERM; + free(to_free, M_TEMP); + return (error); +} + +static void +mac_do_setcred_enter(void) +{ + struct rules *rules; + struct prison *pr; + struct mac_do_setcred_data * data; + int error; + + /* + * If not enabled, don't prepare data. Other hooks will check for that + * to know if they have to do something. + */ + if (do_enabled == 0) + return; + + /* + * MAC/do only applies to a process launched from a given executable. + * For other processes, we just won't intervene (we don't deny requests, + * nor do we grant privileges to them). + */ + error = check_proc(); + if (error != 0) + return; + + /* + * Find the currently applicable rules. + */ + rules = find_rules(curproc->p_ucred->cr_prison, &pr); + hold_rules(rules); + prison_unlock(pr); + + /* + * Setup thread data to be used by other hooks. + */ + data = fetch_data(); + if (!is_data_reusable(data, sizeof(*data))) + data = alloc_data(data, sizeof(*data)); + set_data_header(data, sizeof(*data), PRIV_CRED_SETCRED, rules); + /* Not really necessary, but helps to catch programming errors. */ + data->new_cred = NULL; + data->setcred_flags = 0; +} + +static int +mac_do_check_setcred(u_int flags, const struct ucred *const old_cred, + struct ucred *const new_cred) +{ + struct mac_do_setcred_data *const data = fetch_data(); + + /* + * Do we have to do something? + */ + if (check_data_usable(data, sizeof(*data), PRIV_CRED_SETCRED) != 0) + /* No. */ + return (0); + + /* + * Keep track of the setcred() flags and the new credentials for + * priv_check*(). + */ + data->new_cred = new_cred; + data->setcred_flags = flags; + + return (0); +} + +static void +mac_do_setcred_exit(void) +{ + struct mac_do_setcred_data *const data = fetch_data(); + + if (check_data_usable(data, sizeof(*data), PRIV_CRED_SETCRED) == 0) + /* + * This doesn't deallocate the small per-thread data storage, + * which can be reused on subsequent calls. (That data is of + * course deallocated as the current thread dies or this module + * is unloaded.) + */ + clear_data(data); +} + +static void +mac_do_init(struct mac_policy_conf *mpc) +{ + struct prison *pr; + + osd_jail_slot = osd_jail_register(dealloc_jail_osd, osd_methods); + set_empty_rules(&prison0); + sx_slock(&allprison_lock); + TAILQ_FOREACH(pr, &allprison, pr_list) + set_empty_rules(pr); + sx_sunlock(&allprison_lock); + + osd_thread_slot = osd_thread_register(dealloc_thread_osd); +} + +static void +mac_do_destroy(struct mac_policy_conf *mpc) +{ + /* + * osd_thread_deregister() must be called before osd_jail_deregister(), + * for the reason explained in dealloc_jail_osd(). + */ + osd_thread_deregister(osd_thread_slot); + osd_jail_deregister(osd_jail_slot); +} + static struct mac_policy_ops do_ops = { - .mpo_destroy = mac_do_destroy, .mpo_init = mac_do_init, - .mpo_cred_check_setuid = mac_do_check_setuid, - .mpo_cred_check_setgroups = mac_do_check_setgroups, + .mpo_destroy = mac_do_destroy, + .mpo_cred_setcred_enter = mac_do_setcred_enter, + .mpo_cred_check_setcred = mac_do_check_setcred, + .mpo_cred_setcred_exit = mac_do_setcred_exit, .mpo_priv_grant = mac_do_priv_grant, }; -MAC_POLICY_SET(&do_ops, mac_do, "MAC/do", - MPC_LOADTIME_FLAG_UNLOADOK, NULL); +MAC_POLICY_SET(&do_ops, mac_do, "MAC/do", MPC_LOADTIME_FLAG_UNLOADOK, NULL); MODULE_VERSION(mac_do, 1); From nobody Mon Dec 16 14:46:12 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS464zlz5hWlN; Mon, 16 Dec 2024 14:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS43SfDz4f6q; Mon, 16 Dec 2024 14:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360372; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c3y2YxUR9YSe6XyN6Ae+TrF9VAc1DbWPbpuBZGj1pQ0=; b=cu3mESuo76LI05NYCI5kg30IAqsGlxETjwus8mCMmoWombkK0p5kp/ejz/Wkl6/J1tVyKZ LsHqbR2ZkYS9jvr9z4Im+lpiIoFBcKX7W2i661VM7iSiNjxBiHtRsxGpCA0rCa4x9ng1cP 8vqKUgqnr3imFfWr2AvhUAPT2uO/taGsnSg7dUd8p10oK8Lk/l4CUUN6vW+i5S2iQt0A45 dQ7mKglQxp37lXuBfNKU8AQ4JJaHanAbHRiGUKu6ibRJBVe85e/blMYza81ZpVfnltL9be 15LCDVYpi9RCf06ft+xOchFW0B0cL6FAEmmQAY1Vpov1vX3FYsdn7RqRmuOClA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360372; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c3y2YxUR9YSe6XyN6Ae+TrF9VAc1DbWPbpuBZGj1pQ0=; b=NkoGJ8SQloRPRx8Bzu5jUj3zVfDor1v3nYtxmloOTi39WZf6Zmo+R94RF+tGGxtlVJmvnl /zBMmqYIrZ3pAaX5hFBZrR7yubej03Et8HexDcjPBOcZK3T1lxT7k+9yvcBOMKQJz7Ky8c Ix1ULDo8bBI7BFlppEWB6Rqnr3ny+qo2COQEhvWqu0M7UPdTWymGTjBI4nmqD3Cqb0g1JV p5sYdgO7i2JMZhfodAGXkYbhlACyP2z2eJwDvp1E2nfLlQJQW7tziIcYG8ST52/O3Udh5E jzhmbCU2nBP+Jsj60ChTje0RK7Hqgnwbx5d9d9/DzbI5R8jaZOYKwjIaVCNckQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360372; a=rsa-sha256; cv=none; b=Sbri6Cbcwb7PxG0e2aSbmR9XfzJu2aAFgiHXiqre5Ilu7dJC/TkoCM2C/qhpdycozMJTAZ xPSRZbiwLLpa0OAfZ3xSmGMHi0YN7ZQ2elXlzr7WfajMSVUGBOmDtdx5r5H3+vcuRSb3cc KlY3reK4Ap9X2GvQ9lSFCaf2GAwOT3olBUE+OyAJZqIxT4Tybd/0qZjWFR4Cb9JXAsx5AX z05WKlR+dM34sNgSPInP2nUPlQxq+ovhNz2OasVKU4BRsxCdZ51KOkRcTr/7uB2YWyi5kR E0TVlNOZHOjDHILS68zNM6HlrhiRTbhrgLXsC8tvei40VU5iU3mBBe1ucpFEvA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS431wmzxHB; Mon, 16 Dec 2024 14:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkCsg054133; Mon, 16 Dec 2024 14:46:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkCaP054130; Mon, 16 Dec 2024 14:46:12 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:12 GMT Message-Id: <202412161446.4BGEkCaP054130@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: e395e354823b - main - mdo(1): Use setcred() to change credentials List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e395e354823b690ba19ecc8e3688bacec6f67ad3 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=e395e354823b690ba19ecc8e3688bacec6f67ad3 commit e395e354823b690ba19ecc8e3688bacec6f67ad3 Author: Olivier Certner AuthorDate: 2024-07-29 14:24:08 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:40 +0000 mdo(1): Use setcred() to change credentials As this is the only system call that MAC/do currently supports, and the only one that really can be for transitions involving simultaneous changes of user and group IDs. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47621 --- usr.bin/mdo/mdo.c | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/usr.bin/mdo/mdo.c b/usr.bin/mdo/mdo.c index 22e2838daa08..8435fc17f26f 100644 --- a/usr.bin/mdo/mdo.c +++ b/usr.bin/mdo/mdo.c @@ -5,6 +5,7 @@ */ #include +#include #include #include @@ -27,6 +28,8 @@ main(int argc, char **argv) { struct passwd *pw; const char *username = "root"; + struct setcred wcred = SETCRED_INITIALIZER; + u_int setcred_flags = 0; bool uidonly = false; int ch; @@ -50,20 +53,45 @@ main(int argc, char **argv) const char *errp = NULL; uid_t uid = strtonum(username, 0, UID_MAX, &errp); if (errp != NULL) - err(EXIT_FAILURE, "%s", errp); + err(EXIT_FAILURE, "invalid user ID '%s'", + username); pw = getpwuid(uid); } if (pw == NULL) err(EXIT_FAILURE, "invalid username '%s'", username); } + + wcred.sc_uid = wcred.sc_ruid = wcred.sc_svuid = pw->pw_uid; + setcred_flags |= SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID; + if (!uidonly) { - if (initgroups(pw->pw_name, pw->pw_gid) == -1) - err(EXIT_FAILURE, "failed to call initgroups"); - if (setgid(pw->pw_gid) == -1) - err(EXIT_FAILURE, "failed to call setgid"); + /* + * If there are too many groups specified for some UID, setting + * the groups will fail. We preserve this condition by + * allocating one more group slot than allowed, as + * getgrouplist() itself is just some getter function and thus + * doesn't (and shouldn't) check the limit, and to allow + * setcred() to actually check for overflow. + */ + const long ngroups_alloc = sysconf(_SC_NGROUPS_MAX) + 2; + gid_t *const groups = malloc(sizeof(*groups) * ngroups_alloc); + int ngroups = ngroups_alloc; + + if (groups == NULL) + err(EXIT_FAILURE, "cannot allocate memory for groups"); + + getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + + wcred.sc_gid = wcred.sc_rgid = wcred.sc_svgid = pw->pw_gid; + wcred.sc_supp_groups = groups + 1; + wcred.sc_supp_groups_nb = ngroups - 1; + setcred_flags |= SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID | + SETCREDF_SUPP_GROUPS; } - if (setuid(pw->pw_uid) == -1) - err(EXIT_FAILURE, "failed to call setuid"); + + if (setcred(setcred_flags, &wcred, sizeof(wcred)) != 0) + err(EXIT_FAILURE, "calling setcred() failed"); + if (*argv == NULL) { const char *sh = getenv("SHELL"); if (sh == NULL) From nobody Mon Dec 16 14:46:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS70M1Lz5hWj3; Mon, 16 Dec 2024 14:46:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS65Q6nz4fLQ; Mon, 16 Dec 2024 14:46:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JC15E3hrYnDf2263pD0dyr1YnyVQXCGJdzzeyGy5B/E=; b=T2Vi535xqhkOt/Sj9u6lIbtE/pG6Lh/Yim8T29LDe4K/nXfghi8tId52ygmPBUOOn1Mow9 1yREoB6f7kZzKS5KuB1TYKkqcY7B4f0UulBEMBY6ojp6EPkPQqaMnkU5OI1B5+ogVNSNEP /n2+NFiFMql9yrQo9YNz1T8dHANotkcA0HhqepV5AuyE2DZz5nCM/WrhHfmZROmufVQUuk XBV7HguwWD4Hv3+pxIpk3bfG/oH0rY6E8bfKaT1JZ5bLEgiGi/O+hVIh/Hc+gByFMD2mk3 UIxwE8bvtiwUlL3wC8Nk1nHIVqBt6svt+WxiDmw/TYQb6uXhbFVtot/IueYVbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JC15E3hrYnDf2263pD0dyr1YnyVQXCGJdzzeyGy5B/E=; b=SajoyXYJvMolvx9Fqry/apVVri13qOPTOEDwoGsnMDtIaDf3+N7ycIlVSivBmUzcX9glw0 2wUz79bBG5JkqntIkXDeNxdj+VFgohY7L+OS8jLPEC4nCLKNmzBk34UEBm+fSsPQ0/dT9U duUsVTq/gttpI3dccTvNS+jxvkPPeAdLBxEj2ksj7PmdXKiumZtoe3RsplLkM6wrXwa4hm RNKtER71I8z14UhQny0avNrSxZJuLFj3ENTj5/z16z1xUk/yq1Kz/4VgeghNIIIEWhBKz6 eIq5rNOcraOj0W2/uHr9y5JRB4VPz3ye2xKkkbnFGdl0BfBAg/6ZlE2u9wPQpA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360374; a=rsa-sha256; cv=none; b=v2BpP7lRAZ8RnQ7nW4sKvUUjY1PlAmtifHqbAUouF3K48v2B05SpxM3M1yu2LuFgOT9rwD 8w5qwfttXUXEm3CyxpMTxf7TcHG2mQgHt12oU7wvFWUSc9mNfCUy0E6lfj03naX9kayjPD HSNd5cKqWAZ89e+acSJooxa8Zy+POYMd/dSe2M/P6+CfKiC4mjZ6FZjbmtaqxst3zvZ+Y7 h9CSa0rP9iPd0JkoPPSgZEv7KQLke4pGvhc0gzOgPNkPqxKc6dubU/1xFLNlfWOkd35SjR gyWno0BFPVpaMZhG304+xkIE2l5pOvig9yJIom14/3xrKPp5eDqnTFmbvNRLeQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS6517hzxHD; Mon, 16 Dec 2024 14:46:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkEdr054217; Mon, 16 Dec 2024 14:46:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkEHw054214; Mon, 16 Dec 2024 14:46:14 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:14 GMT Message-Id: <202412161446.4BGEkEHw054214@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 4a03b64517b3 - main - MAC/do: parse_rules(): Tolerate blanks around tokens List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4a03b64517b3151064c52e213ebbc068ab1430d1 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=4a03b64517b3151064c52e213ebbc068ab1430d1 commit 4a03b64517b3151064c52e213ebbc068ab1430d1 Author: Olivier Certner AuthorDate: 2024-11-12 17:13:26 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:40 +0000 MAC/do: parse_rules(): Tolerate blanks around tokens To this end, we introduce the strsep_noblanks() function, designed to be a drop-in replacement for strstep(), and use it in place of the latter. We had taken care of calling strsep() even when the remaining sub-string was not delimited (i.e., with empty string as its second argument), so this commit only has mechanical replacements of existing calls. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47623 --- sys/security/mac_do/mac_do.c | 61 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 8 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index dc5933930a41..669f0cfefdfb 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -381,6 +381,48 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr, return (0); } +/* + * strsep() variant skipping spaces and tabs. + * + * Skips spaces and tabs at beginning and end of the token before one of the + * 'delim' characters, i.e., at start of string and just before one of the + * delimiter characters (so it doesn't prevent tokens containing spaces and tabs + * in the middle). + */ +static char * +strsep_noblanks(char **const stringp, const char *delim) +{ + char *p = *stringp; + char *ret, *wsp; + size_t idx; + + if (p == NULL) + return (NULL); + + idx = strspn(p, " \t"); + p += idx; + + ret = strsep(&p, delim); + + /* Rewind spaces/tabs at the end. */ + if (p == NULL) + wsp = ret + strlen(ret); + else + wsp = p - 1; + for (; wsp != ret; --wsp) { + switch (wsp[-1]) { + case ' ': + case '\t': + continue; + } + break; + } + *wsp = '\0'; + + *stringp = p; + return (ret); +} + static void make_parse_error(struct parse_error **const parse_error, const size_t pos, @@ -485,7 +527,7 @@ parse_target_clause(char *to, struct rule *const rule, MPASS(*parse_error == NULL); MPASS(to != NULL); - to_type = strsep(&to, "="); + to_type = strsep_noblanks(&to, "="); MPASS(to_type != NULL); to_type += parse_gid_flags(to_type, &is.flags, &gid_flags); error = parse_id_type(to_type, &type, parse_error); @@ -498,7 +540,7 @@ parse_target_clause(char *to, struct rule *const rule, goto einval; } - to_id = strsep(&to, ""); + to_id = strsep_noblanks(&to, ""); switch (type) { case IT_GID: if (to_id == NULL) { @@ -829,7 +871,7 @@ parse_single_rule(char *rule, struct rules *const rules, /* Freed when the 'struct rules' container is freed. */ new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO); - from_type = strsep(&rule, "="); + from_type = strsep_noblanks(&rule, "="); MPASS(from_type != NULL); /* Because 'rule' was not NULL. */ error = parse_id_type(from_type, &new->from_type, parse_error); if (error != 0) @@ -844,7 +886,7 @@ parse_single_rule(char *rule, struct rules *const rules, goto einval; } - from_id = strsep(&rule, ":"); + from_id = strsep_noblanks(&rule, ":"); if (is_null_or_empty(from_id)) { make_parse_error(parse_error, 0, "No ID specified."); goto einval; @@ -869,7 +911,7 @@ parse_single_rule(char *rule, struct rules *const rules, * allows to minimize memory allocations and enables searching IDs in * O(log(n)) instead of linearly. */ - to_list = strsep(&rule, ","); + to_list = strsep_noblanks(&rule, ","); if (to_list == NULL) { make_parse_error(parse_error, 0, "No target list."); goto einval; @@ -882,7 +924,7 @@ parse_single_rule(char *rule, struct rules *const rules, goto einval; } - to_list = strsep(&rule, ","); + to_list = strsep_noblanks(&rule, ","); } while (to_list != NULL); if (new->uids_nb != 0) { @@ -949,7 +991,10 @@ einval: * is "uid" or "gid", an UID or GID (depending on ) and is * "*", "any" or a comma-separated list of '=' clauses (see the * comment for parse_single_rule() for more details). For convenience, empty - * rules are allowed (and do nothing). + * rules are allowed (and do nothing), and spaces and tabs are allowed (and + * removed) around each token (tokens are natural ones, except that + * '' as a whole is considered a single token, so no blanks are + * allowed between '' and ''). * * Examples: * - "uid=1001:uid=1010,gid=1010;uid=1002:any" @@ -982,7 +1027,7 @@ parse_rules(const char *const string, struct rules **const rulesp, MPASS(copy[len] == '\0'); /* Catch some races. */ p = copy; - while ((rule = strsep(&p, ";")) != NULL) { + while ((rule = strsep_noblanks(&p, ";")) != NULL) { if (rule[0] == '\0') continue; error = parse_single_rule(rule, rules, parse_error); From nobody Mon Dec 16 14:46:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS55gt1z5hWXg; Mon, 16 Dec 2024 14:46:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS54RW3z4fSf; Mon, 16 Dec 2024 14:46:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u8As7EZCZxDArVvF4/l3+ducU1kEfX6TCli6EFBEsF8=; b=ealrzlfDpp67EH+cz6QibgLfGck4k7pJWQtPJ86He8K/IgYeSG1aV9vpj6Hn3mXyrrAiR4 ZfMg7O80qKRxfl1XwZXi4wTDBNttJUHQLhz+rAUZCVPQ3Rl40ptfdFbarXvtSJxIgURMIA t/mgpWc1h+j3yt+4v9cMf2vL4h4lpgF2Ef7C11uFckxkoV0dLVRWBV9MHYQ+k/APohoK6o aahLYjwkZwMeWZpc22o/qgvsHc1FDj1F3c2Uijfco4W8so6sgXkNSRuwWXtE8gfmC85mkU q6kdm2xXPOp3uTjdXEy+nmYkJ7DMUmHuHFqyCBXmKTd5/gM6Dz9xmELz4UmaXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u8As7EZCZxDArVvF4/l3+ducU1kEfX6TCli6EFBEsF8=; b=yINskam2/ZWG6EYPEPYrbsIrCpJ46uBvC2vjJ9D98EpaeEGiI2PgFWUbIu5CkxoJFJNpSw MbUWTJhsCWuzVywFSrmm28o/+4GWIxo4mLtYT97ygbkWJrkIKQXoyN27AREMRPjVvkQC7C eNlWNS8tYJ+Ew4Z0hr9UQXaACosQFtvrZxZID8klrO2FVQp3dV3k35FARtNBm4ZeqqXKXD +WwJIp6sQ19YxOfkvPsIyCHr8I1iHsmwt+LdVkEjFyA4J4BNtL7AurxC8YIpUDFego0QKA +BBqqVMZD2Mr6MUVbc5QFvu3zFhGzGDf0mqMdMQO0AiCKpP7tv/ZbpM3GvaRpw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360373; a=rsa-sha256; cv=none; b=hPsf+cnGxix3nLLPoO00WRu6fJDL6Ap+Em5MN4O2F/vXWy/D1KIjO4aDGX8q8QA3D8J+UL FiUhvnl5hZah8cI0vrd1bMyu6IK4Gt+6QaUT1ylaI+nbSZTESpi9Wkf5U36O7aWy6zKnPw zyg/j4x3LqqRpVo8XtCeaO97J12a0ODr3M1hOIcH+ay+Z47SIzuFI9ILiOtJBHgBXjQrMq iZwZTDp/+SJKVzgEmMEWVyg9b+n0J93Qf0U+Vioj9yRk/SZTjMXIJ8LoEuA62E+MRX+YWE dJ3e0jPji5NOicBz3M164E9NHRoa9r+dzAXqCSj/fn6C7X0TRrui5AldlJNRvQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS54234zxHC; Mon, 16 Dec 2024 14:46:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkDAM054172; Mon, 16 Dec 2024 14:46:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkD2l054169; Mon, 16 Dec 2024 14:46:13 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:13 GMT Message-Id: <202412161446.4BGEkD2l054169@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2110eef4bf60 - main - MAC/do: toast_rules(): Minor simplification List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2110eef4bf608b6c1facc57c68d02960b6d880c9 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2110eef4bf608b6c1facc57c68d02960b6d880c9 commit 2110eef4bf608b6c1facc57c68d02960b6d880c9 Author: Olivier Certner AuthorDate: 2024-08-13 08:53:24 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:40 +0000 MAC/do: toast_rules(): Minor simplification Use the most common pattern to browse and delete elements of a list, as it reads quicker. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47622 --- sys/security/mac_do/mac_do.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 2ce608c754bc..dc5933930a41 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -311,10 +311,9 @@ static void toast_rules(struct rules *const rules) { struct rulehead *const head = &rules->head; - struct rule *rule; + struct rule *rule, *rule_next; - while ((rule = TAILQ_FIRST(head)) != NULL) { - TAILQ_REMOVE(head, rule, r_entries); + TAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) { free(rule->uids, M_DO); free(rule->gids, M_DO); free(rule, M_DO); From nobody Mon Dec 16 14:46:15 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS81P2Cz5hWdN; Mon, 16 Dec 2024 14:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS76TrGz4fQp; Mon, 16 Dec 2024 14:46:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360375; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ABEcKuTFB8qaEUaT58BI0Bh2saPktP6RQAmC80d57J8=; b=HCi4NxqRs942lq5mgtb+/QR3/IdKOgoF82F0tC+QcQsIpxvEC4Dk/jOLi11mjUjpz3hxY9 kdCuAsJidaOdJiLxuFRQhoM2ux9+PgT3M4AqUW2iWTtDgjMxcYciCIJ6aWOvYa/Wk57gFV 6NhILLY8d7Kb5t7nZUQS0r3iuIVJ1JJZn8x+AMxKZAay1CpzS1wsWaW0ZBueiwkrCF/Yup kUW1ATFIuneDaThClDJDXg6MDpGmlR0JRWz73gChKu+i169zu63ml3cyGfUVWILmBAuf5l oQX0v8eZ5TK8G1bgxDDGfCq4L/OusVO45oKWPZ32NQ0ow1yqyikLK4TK+BEesA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360375; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ABEcKuTFB8qaEUaT58BI0Bh2saPktP6RQAmC80d57J8=; b=gvgxxj85Ux6sIGB0C+dGZYDNgqXgt7NbOW8E26FyXS8OVJZMRH4iVd+u9omP2zdRttXPSY TY932hPhO2B+bV58xiER4t5VJKybHrYPqjmABxVZhTuDNxrMTQlClJb/M5RDzgJUyBlFVi YIT4bIPn6yjaBP1U6OgLtT/KG+OQMAtdfXu85qDFjSIIjGBxocaB9C+GvkBpaRiK3i3gDi kbOEpRgfRqb9zrrhpKt+Fk8n4gQEtdoZXQBvxoquaSXcMdmnMzjGc+veeCJdOmbtt5Nmpd /lQDMuYZkpdIog0NKPiRN+YIhVYMzmx6noAhbArTjXfHvUcIZd/vV4wFdYO+bQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360375; a=rsa-sha256; cv=none; b=GxSHs2uktR3HZzdoW/pV6pFtVIJmTtyPYVYpBru935KqI+y5880ohZlhO7UrT/Y2GBmSxj wVzJiUb0eLHK3nKlWMgp013rQsgmqkJ9VSvswhoqmn4xYMai8/0JlJkCwp7MJnvqdcKaKV nRsqbY7StiqVbY4Cn7Ps7EFYciRGLuqmiS6Z+3jQMiFwTPhezpv+DAh7aHN/g2jGe+VlZM w6j5n28cez/baA8CtVH5UZpz81y5lISg2Iahp0XyUb7mHV9M59lLPMIbkorhBNN7n1Fc1l EoMrcf/CVXgAQw5ZcTGAhORfA4DxKSeLAuI+ZHWXttVAsP8DgxxXjFCP4FMJlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS75ptCzxkf; Mon, 16 Dec 2024 14:46:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkFg5054276; Mon, 16 Dec 2024 14:46:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkFJg054272; Mon, 16 Dec 2024 14:46:15 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:15 GMT Message-Id: <202412161446.4BGEkFJg054272@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: c7fc71c6af07 - main - MAC/do: Convert internal TAILQs to STAILQs List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c7fc71c6af0761f81ecafdb281dd43a081b3b22f Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=c7fc71c6af0761f81ecafdb281dd43a081b3b22f commit c7fc71c6af0761f81ecafdb281dd43a081b3b22f Author: Olivier Certner AuthorDate: 2024-11-12 17:31:33 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:40 +0000 MAC/do: Convert internal TAILQs to STAILQs We only browse these forward and never need to remove arbitrary elements from them. No functional change (intended). Reviewed by: bapt, emaste Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47624 --- sys/security/mac_do/mac_do.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 669f0cfefdfb..44c33d7cfa57 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -147,7 +147,7 @@ typedef uint16_t id_nb_t; typedef uint16_t id_type_t; struct rule { - TAILQ_ENTRY(rule) r_entries; + STAILQ_ENTRY(rule) r_entries; id_type_t from_type; u_int from_id; flags_t uid_flags; /* See MDF_* above. */ @@ -158,7 +158,7 @@ struct rule { struct id_spec *gids; }; -TAILQ_HEAD(rulehead, rule); +STAILQ_HEAD(rulehead, rule); struct rules { char string[MAC_RULE_STRING_LEN]; @@ -171,11 +171,11 @@ struct rules { */ struct id_elem { - TAILQ_ENTRY(id_elem) ie_entries; + STAILQ_ENTRY(id_elem) ie_entries; struct id_spec spec; }; -TAILQ_HEAD(id_list, id_elem); +STAILQ_HEAD(id_list, id_elem); #ifdef INVARIANTS static void @@ -313,7 +313,7 @@ toast_rules(struct rules *const rules) struct rulehead *const head = &rules->head; struct rule *rule, *rule_next; - TAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) { + STAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) { free(rule->uids, M_DO); free(rule->gids, M_DO); free(rule, M_DO); @@ -328,7 +328,7 @@ alloc_rules(void) _Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!"); rules->string[0] = 0; - TAILQ_INIT(&rules->head); + STAILQ_INIT(&rules->head); rules->use_count = 0; return (rules); } @@ -730,7 +730,7 @@ parse_target_clause(char *to, struct rule *const rule, } ie = malloc(sizeof(*ie), M_DO, M_WAITOK); ie->spec = is; - TAILQ_INSERT_TAIL(list, ie, ie_entries); + STAILQ_INSERT_TAIL(list, ie, ie_entries); check_type_and_id_spec(type, &is); check_type_and_finish: check_type_and_type_flags(type, *tflags); @@ -776,14 +776,14 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list, size_t idx = 0; /* Fill the array. */ - TAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) { + STAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) { MPASS(idx < *nb); array[idx] = ie->spec; free(ie, M_DO); ++idx; } MPASS(idx == *nb); - TAILQ_INIT(list); + STAILQ_INIT(list); /* Sort it (by ID). */ qsort(array, *nb, sizeof(*array), id_spec_cmp); @@ -865,8 +865,8 @@ parse_single_rule(char *rule, struct rules *const rules, int error; MPASS(*parse_error == NULL); - TAILQ_INIT(&uid_list); - TAILQ_INIT(&gid_list); + STAILQ_INIT(&uid_list); + STAILQ_INIT(&gid_list); /* Freed when the 'struct rules' container is freed. */ new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO); @@ -935,7 +935,7 @@ parse_single_rule(char *rule, struct rules *const rules, if (error != 0) goto einval; } - MPASS(TAILQ_EMPTY(&uid_list)); + MPASS(STAILQ_EMPTY(&uid_list)); if (!has_clauses(new->uids_nb, new->uid_flags)) { /* No UID specified, default is "uid=.". */ MPASS(new->uid_flags == 0); @@ -951,7 +951,7 @@ parse_single_rule(char *rule, struct rules *const rules, if (error != 0) goto einval; } - MPASS(TAILQ_EMPTY(&gid_list)); + MPASS(STAILQ_EMPTY(&gid_list)); if (!has_clauses(new->gids_nb, new->gid_flags)) { /* No GID specified, default is "gid=.,!gid=.". */ MPASS(new->gid_flags == 0); @@ -960,16 +960,16 @@ parse_single_rule(char *rule, struct rules *const rules, check_type_and_type_flags(IT_GID, new->gid_flags); } - TAILQ_INSERT_TAIL(&rules->head, new, r_entries); + STAILQ_INSERT_TAIL(&rules->head, new, r_entries); return (0); einval: free(new->gids, M_DO); free(new->uids, M_DO); free(new, M_DO); - TAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next) + STAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next) free(ie, M_DO); - TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next) + STAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next) free(ie, M_DO); MPASS(*parse_error != NULL); return (EINVAL); @@ -1279,7 +1279,7 @@ mac_do_jail_get(void *obj, void *data) rules = find_rules(pr, &ppr); jsys = pr == ppr ? - (TAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) : + (STAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) : JAIL_SYS_INHERIT; error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error != 0 && error != ENOENT) @@ -1967,7 +1967,7 @@ mac_do_priv_grant(struct ucred *cred, int priv) * privilege granting functions interpreting the "to"/"target" part. */ error = EPERM; - TAILQ_FOREACH(rule, &rules->head, r_entries) + STAILQ_FOREACH(rule, &rules->head, r_entries) if (rule_applies(rule, cred)) { error = rule_grant_setcred(rule, cred, new_cred); if (error != EPERM) From nobody Mon Dec 16 14:46:16 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjS91qgBz5hWZV; Mon, 16 Dec 2024 14:46:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjS86wflz4fR9; Mon, 16 Dec 2024 14:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MWhOWKg/uJo1pxHHa2YAN4kyC0S7wtQ/x5UmsmFqdog=; b=dXnr6MFVJ9WFgZgcCiVjxtpIA3dLINuEbQiwdeppjB7yBAx4N5eCCPtJy2GEKN0iJJyi3v BRmMDdFRVHPjydMtvrL+kzMlg9QrPmSef800p6J7gg8l+u3PRRWXIcE7ZE0kfB/vewc4Mo wZz2ljpQxAppColGUCM47f3BzEQ+Fb7XtOyR0FK+LEkdNCBD5fZ0wsNHGyz5BRbW7a6x/e NBlzKVDCmwh0Ny8BldxwnAGmKQnYUuEJl2OOykAd/+iwLSJrjhH0OaddSVF2HNhz96BBvi 5ywc/vISG27/hwfgGtNopTMWJJ66JcSA6HNj8hKbFH5VlRWC1wH+MU/zWktnkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MWhOWKg/uJo1pxHHa2YAN4kyC0S7wtQ/x5UmsmFqdog=; b=lhf6locHIRL4f33xnejAnQlTXGyTMXFKLIXerHvJYSRt3CHZsGKle6BAUF1EwJ2/iZPGPQ r1ywXdmUyZWnj79OPZ3U1reF8qHrTbmFF+lvAOHZ0SjcDfVLA80IG+lcdL62fAo4L91aKC u40YUpvFl19weFLDePHB4po+yf9Fw72B9Vb//asEYtyL/xiffqJoLVkDFFMGlVlsbay2Db vigW2Hn92adB1DMZtuxNHHN/1nPkSDHHGn9BcXvdGoBAjkP+yAvzBfwIzHwZTfAlzze6y0 TIiNLGhBiWEafd7MUZaNS93MOutpqAKdjFjb58J2auuiBnrIwbkrLeBH6i5kYA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360377; a=rsa-sha256; cv=none; b=g6JKkD7T73RsRL3zZYxlui5CXluubs34RDfpXJl/eIPgkNT/aPJlYsCgSKTPLtwn2X6HXl KYpYsyvRRKjYN3H9lwya8AjC4SN/+aAYHBffqKScXbdLcBeJBcXirkvI1P/DThOnXs0ERS 2LcUgONpQP099iJT40/j4c0+oPj8bV042YFPBAXLwQNI4ixCm448OUet1q44VZlFocb336 yW6BiqRXBwhT7P4i5UjT6J8SCYfHuHxzWUMv63GM9x7yZEHguoSUH2P1wBCARfAjl8Sf8n i1BrvXER+WsvUR5/jLRWouK692V0g0NzLrkBbkV7KmZRLG5ZyyjLfEtuOZvjsg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjS86VTKzxYN; Mon, 16 Dec 2024 14:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEkGOs054348; Mon, 16 Dec 2024 14:46:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEkGX8054345; Mon, 16 Dec 2024 14:46:16 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:46:16 GMT Message-Id: <202412161446.4BGEkGX8054345@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: de701f9bdbe0 - main - MAC/do: Apply a rule on real UID/GID instead of effective ones List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: de701f9bdbe0ede691a0439d1c469082b94fe234 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=de701f9bdbe0ede691a0439d1c469082b94fe234 commit de701f9bdbe0ede691a0439d1c469082b94fe234 Author: Olivier Certner AuthorDate: 2024-11-29 14:39:17 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:40 +0000 MAC/do: Apply a rule on real UID/GID instead of effective ones We intend MAC/do to authorize transitions based on the "real" identity information of the calling process, rather than transiently-acquired effective IDs. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47845 --- sys/security/mac_do/mac_do.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 44c33d7cfa57..7ec34b20c882 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1906,9 +1906,9 @@ rule_grant_setcred(const struct rule *const rule, static bool rule_applies(const struct rule *const rule, const struct ucred *const cred) { - if (rule->from_type == IT_UID && rule->from_id == cred->cr_uid) + if (rule->from_type == IT_UID && rule->from_id == cred->cr_ruid) return (true); - if (rule->from_type == IT_GID && groupmember(rule->from_id, cred)) + if (rule->from_type == IT_GID && realgroupmember(rule->from_id, cred)) return (true); return (false); } From nobody Mon Dec 16 14:50:06 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjXb60Vgz5hWy9; Mon, 16 Dec 2024 14:50:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjXb1J5gz4qZ5; Mon, 16 Dec 2024 14:50:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360607; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7x4fpkWWXD+HH+PPN0l4E++nf0uZufNt9EaE6XoQja0=; b=cXJTgWyii/3H/cbrD1eztqOa0VAEU/CZkaUqHZvlCqMQ8m9nHJsdmgBkG136aWy9LxxNgk S3uiIOs4U+e1GMpSAetOBoQWuOzCR79Bs49ZBKuNOGghbNl/qU/9xEzzU0hFOkbDlSed7t LgVAiVa7XyYg+pb46kK7jEOKPj7QlsnWqj+Kk8mXzvmPfOJSRWNFGPOSoEg1GJvLQtxR/7 LzVvV+wvbx9yU0dbg6R3f92jMWz/9wgytNQlIgsopHi1ZdwQquPfkq/UDBh7TdxlB3gcXO rn3gcDaUHhmnYjAgzjVLVuoEgqXRd/9vUedFRbsu+NvaGo/O1NL1+D4gWta7Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360607; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7x4fpkWWXD+HH+PPN0l4E++nf0uZufNt9EaE6XoQja0=; b=glbifFih1oMUID3giiux3kCdCOTnYC4orGtZmGg9aJ5ga6otF0PMHpSmc1XAkypbXks7Ka fYM+QN5Og2TWRSsplI3nbJ3hyWtFRfTjlGQqaUeKq29feBF6EZUBUtxTrvmS4iniAF4p2z QLzmZ0elEq7/1ThHMGpUKaKXo3Gta8OKDnRiKmmkHGGgot+cjK5SuH4WK7eWe6KyFDmjQ2 NVlgdrdLlojQr/z9kjajDV3CSE2NUjnQkk9yN2xF0zFyQoriOF4Qk+jaOdRwJMhUkUYe8y Zayj7BwYQX7W4BT4SFHghQpkm2Fbsp1hfOIKbdACLJQR8k/lqreVrcVRg2JtBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360607; a=rsa-sha256; cv=none; b=ofK6/iAmdghxXSSnjP0k9U9sGdIjEeO4tpvv7a/kritpToJbnjFOEAYDaQJcJnaB8y0HTl ISsPuE7UtJhQuH1pl3PIN6pgd+hPLhhFkdl4VjXt1BZFLOBw20DbYbLJ1GFIJEfz4vT46y 3aw9L8efiH46/SqnWBl5wh9aN29V6148yVqhSM5eBCl+FP1CfBk1xXQqF+VX0JsuSNTZKL TWJeo2hwAzB04XLza2DoB+LyYuhD4tujbAc4MXCjPzCjk1Uu5d5UZu9wWFjlsjh4ugaghV rWhVVTZXfe25UuEQNE/A42ml//xA/6zVIgdEM87uUp1c/8/jTZfOxfSKONkZNw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjXb0VlGzx0R; Mon, 16 Dec 2024 14:50:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEo6AJ058977; Mon, 16 Dec 2024 14:50:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEo63X058972; Mon, 16 Dec 2024 14:50:06 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:50:06 GMT Message-Id: <202412161450.4BGEo63X058972@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 2ef97d8b7564 - main - xen/netfront: use iflladdr_event to send ARPs List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2ef97d8b7564c5d3e62248b49f9ebbbae5dc02f3 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=2ef97d8b7564c5d3e62248b49f9ebbbae5dc02f3 commit 2ef97d8b7564c5d3e62248b49f9ebbbae5dc02f3 Author: Gleb Smirnoff AuthorDate: 2024-12-16 14:48:50 +0000 Commit: Gleb Smirnoff CommitDate: 2024-12-16 14:49:29 +0000 xen/netfront: use iflladdr_event to send ARPs Avoids usage of arp_ifinit() and if_foreach_addr_type(). The former isn't encouraged to be used in drivers and the latter is about to change to not expose struct ifaddr. Reviewed by: royger, ehem_freebsd_m5p.com Differential Revision: https://reviews.freebsd.org/D48053 --- sys/dev/xen/netfront/netfront.c | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/sys/dev/xen/netfront/netfront.c b/sys/dev/xen/netfront/netfront.c index e13fb8765bae..3bc3679eb0db 100644 --- a/sys/dev/xen/netfront/netfront.c +++ b/sys/dev/xen/netfront/netfront.c @@ -1029,27 +1029,6 @@ out: return (error); } -#ifdef INET -static u_int -netfront_addr_cb(void *arg, struct ifaddr *a, u_int count) -{ - arp_ifinit((if_t)arg, a); - return (1); -} -/** - * If this interface has an ipv4 address, send an arp for it. This - * helps to get the network going again after migrating hosts. - */ -static void -netfront_send_fake_arp(device_t dev, struct netfront_info *info) -{ - if_t ifp; - - ifp = info->xn_ifp; - if_foreach_addr_type(ifp, AF_INET, netfront_addr_cb, ifp); -} -#endif - /** * Callback received when the backend's state changes. */ @@ -1090,7 +1069,12 @@ netfront_backend_changed(device_t dev, XenbusState newstate) break; case XenbusStateConnected: #ifdef INET - netfront_send_fake_arp(dev, sc); + /* + * If this interface has an ipv4 address, send an arp for it. + * This helps to get the network going again after migrating + * hosts. + */ + EVENTHANDLER_INVOKE(iflladdr_event, sc->xn_ifp); #endif break; } From nobody Mon Dec 16 14:53:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjbw5cGGz5hXC3; Mon, 16 Dec 2024 14:53:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjbw3sk1z3y4q; Mon, 16 Dec 2024 14:53:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cglqA4itI9Nf+ZF7ggogG1rw3WOH8vvnHuguHNjPZu8=; b=SBWy2E0ro6vJtknuYWv1sYQSfDv2lAIUr0t30skkgnWJseAaQkph/Go0Kt1g+RXEoad9pq UhVDfbMmrB6UrqTfwE7xIoarFQzF7R08afyTMzLRYAninKvmZPJsH/GnOJ7lhry4o+G8cm jiZx86JdtxtHh3gmSbJ/a/Ycs6/8Ori3ldYDUsJ8S7qG6cS21dB8WnaggOA3l3bU4fBTSi ZqHrCOaWxsq4JI1x+EGRJuTZRnzvPy+wAZFz2rK+DWC6ik6azKuHn95w8tIGhNTfo185M7 er0xk6WkHOCopGEGs9T5j6/VZtMNU3w+0EiI2WNEfq5GKgGkee8pWAtznKYASA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cglqA4itI9Nf+ZF7ggogG1rw3WOH8vvnHuguHNjPZu8=; b=lMnZv7l4loK5k4Yre+mi81KUxs8A7vfeWdvZ8yJeSjrdcOg6aJfsyCKYFl1U7/myPJAai3 tnroXtpYex/5mGtT9lBzSTj332jrllLclV8F6k7NIa309Q8GOcUI7EvboIqytv2FwPDiFd SVPTp5emyUt5g3cqs6CA6pPLWhgNk6ccCFJRpm1WyTwO4cGjPtOY8MrJhO5IV/EikVmayf sR7KsqCk0a0gdYmu/f/yPuie7zWlUW4FPApaNLJK725ycJJEw77YKSPGi8O25EdrOb64nI IUvvgF2BQaCOwK0741ryoR8aA1z8IQxBvQjaEICnsOCjPCgLXpPYnYuIGCqwWA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360780; a=rsa-sha256; cv=none; b=DFPDJoPqoWdSI8fjc47RycvaO9wp1LHbWEz52kJAoooPlBxhxWKBdczG94cgO0Xc+yNepL 5YZyWzD3OA8iuqJfiGwJ5I9FZ3dixFvq7h2oCFe1BFfChwxg/ZY5Z3Wimh+tAAlRaI96Y/ lEm+Iw7YUcbvdfTS0ZfKrS8/awvdChGJ86gLAlD05D0+VjIOREMpYnrSoiOZzhxMVBkLJv dBc1unKgwzXXNGvPK4lCf+i03Oz43Nh+Y5DbTOKF/9yDTyeYRd3yLwW5N0CFWq8jJdOU5o 9HRzcw6rCG7eVmTLXSYIbFRgXu788Of5tfgoROo2HEGvqvabNABlnA5OTM3LBg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjbw3Tpczy8X; Mon, 16 Dec 2024 14:53:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEr0Jt072197; Mon, 16 Dec 2024 14:53:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEr0ds072194; Mon, 16 Dec 2024 14:53:00 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:53:00 GMT Message-Id: <202412161453.4BGEr0ds072194@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 3604a050eedb - main - tcp_hpts: refactor the per tcpcb call to either input/output method List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3604a050eedbf5af3fd0beca8342cb3779342007 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=3604a050eedbf5af3fd0beca8342cb3779342007 commit 3604a050eedbf5af3fd0beca8342cb3779342007 Author: Gleb Smirnoff AuthorDate: 2024-12-16 14:52:06 +0000 Commit: Gleb Smirnoff CommitDate: 2024-12-16 14:52:06 +0000 tcp_hpts: refactor the per tcpcb call to either input/output method Either input or output return unlocked on failure. Should be no functional change. Reviewed by: rrs Differential Revision: https://reviews.freebsd.org/D47925 --- sys/netinet/tcp_hpts.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/sys/netinet/tcp_hpts.c b/sys/netinet/tcp_hpts.c index 0c7338eb222b..5b39c94e0e58 100644 --- a/sys/netinet/tcp_hpts.c +++ b/sys/netinet/tcp_hpts.c @@ -1374,24 +1374,20 @@ again: * cause a call to output if it is needed so we do * not need a second call to tcp_output(). So we do * one or the other but not both. + * + * XXXGL: some KPI abuse here. tfb_do_queued_segments + * returns unlocked with positive error (always 1) and + * tcp_output returns unlocked with negative error. */ tp->t_flags2 |= TF2_HPTS_CALLS; if ((tp->t_flags2 & TF2_SUPPORTS_MBUFQ) && - !STAILQ_EMPTY(&tp->t_inqueue)) { - error = (*tp->t_fb->tfb_do_queued_segments)(tp, 0); - /* - * A non-zero return for input queue processing - * is the lock is released and most likely the - * inp is gone. - */ - if (error) - goto skip_pacing; - } else + !STAILQ_EMPTY(&tp->t_inqueue)) + error = -(*tp->t_fb->tfb_do_queued_segments)(tp, + 0); + else error = tcp_output(tp); - if (error < 0) - goto skip_pacing; - INP_WUNLOCK(inp); - skip_pacing: + if (__predict_true(error >= 0)) + INP_WUNLOCK(inp); CURVNET_RESTORE(); } if (seen_endpoint) { From nobody Mon Dec 16 15:24:15 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBkJ34YRdz5hZ4q; Mon, 16 Dec 2024 15:24:19 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBkJ345wRz4Fl2; Mon, 16 Dec 2024 15:24:19 +0000 (UTC) (envelope-from bapt@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734362659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=klYRsfzCUFZPhLRKfsIDTQ84+/jlZgvLxMMHPnF5dS0=; b=Wn6vFpJLFfOvv6hmu7oIxK5Cyyyb+c8wMk2gez7MHSxSscXOBby09Dr/JEQrc+v7hTbCXa yfJ19L9kAbUErkR/GvrV3wYxOFDlswPQ7it/JGyVr7m6swbunfOW+SI9JAmcvHnhKh2X2w +dpZBNU1/UbjIR/I64jtxO6ZPRW+RMyH8jLzdMyo1fWCZtWbmhchCx9kIKXhjS+tu3mqE5 I60ANE7mIrnxxPCaXUi1Shi/h/Ce7VUU+tylOkY7OgPHXyFAV49m5vIGraCDq3I3XHEnfm zAteEVNfW8YumwgN4j/5BiqsL0+Wetm20l5VYNnMERVC1CdRS2ykzhh8K1LLyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734362659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=klYRsfzCUFZPhLRKfsIDTQ84+/jlZgvLxMMHPnF5dS0=; b=xUfuSAbvLJsqQwMIX/5Kdu7fDWs3OvX8uxLbJAwmWeWrfNr4vqZuPTowTHyiA5b8CwDHAM GrhpTnwa+Q1OC2QuU4htMT6LwwDktV+OPgDeJBJfjdxdydBvHbK1BYzAJlHnITw88GsZV8 SQViXZZ3GKYIGwPgib3R1oMcNL1J+zrBf1UMdhuWEf04R+vej+t4IIhoiJ35jxofl25V3N kCOxccOZ3KkzAZu6L731i2D39XGCqwn8vYRPt/6r1lX/HcpV7Erzhl3mwoNqZidikSC6LC 7JWm0D4iRh1Y4NOEnnRrTKtLzbkMn5Im6f7eYF1RDVo29qqENxYo7gcipqfSwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734362659; a=rsa-sha256; cv=none; b=t6rXsUwFcNlFWfygu/rpjKbkLae8WDCh2MkqYdNoP+5caZv3cfwpf2O2a2NqbH/J5RCzt7 rwi7TC7bYkXRePTKePy7jZA3ZZ9x7Q9jJty3T4RLy74U9oclujl63Qfig2qfIXM6o1Yq5V ZjEFUplvn8G4z9jF0L95fIRhgpvxl7ej5O4bzD0eQmwZExM86ot7WMr+Th7g44aptaS9E8 bCjECMzAUTayRDS5GGIektVGx9oMq7ROsNFI+vjL0lcmQx3tFPhk7wEnEJ585wQhenaVMK yzzpuCNVNjae46lTTDHcvFGq5KWm88VAKx7WpiYxgr+CI0vOROzPM2vY8/WNOw== Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YBkJ32qdNz1B8b; Mon, 16 Dec 2024 15:24:19 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id B9DDC198F93; Mon, 16 Dec 2024 16:24:15 +0100 (CET) Date: Mon, 16 Dec 2024 16:24:15 +0100 From: Baptiste Daroussin To: Olivier Certner Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count Message-ID: References: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> On Mon 16 Dec 14:45, Olivier Certner wrote: > The branch main has been updated by olce: > > URL: https://cgit.FreeBSD.org/src/commit/?id=d2be7ed63affd8af5fe6203002b7cc3cbe7f7891 > > commit d2be7ed63affd8af5fe6203002b7cc3cbe7f7891 > Author: Olivier Certner > AuthorDate: 2024-08-02 15:57:51 +0000 > Commit: Olivier Certner > CommitDate: 2024-12-16 14:42:32 +0000 > > cred: proc_set_cred(), proc_unset_cred(): Update user's process count > [snip] > + > +void > +proc_set_cred(struct proc *p, struct ucred *newcred) > +{ > + bool success = _proc_set_cred(p, newcred, false); This breaks build for GERNERIC-NODEBUG --- kern_prot.o --- /home/pkgbuild/worktrees/main/sys/kern/kern_prot.c:2697:7: error: unused variable 'success' [-Werror,-Wunused-variable] 2697 | bool success = _proc_set_cred(p, newcred, false); | ^~~~~~~ > + > + MPASS(success); > +} > + Best regards, Bapt From nobody Mon Dec 16 15:26:32 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBkLm4Ycyz5hZ5L; Mon, 16 Dec 2024 15:26:40 +0000 (UTC) (envelope-from olce@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBkLm2gsCz4G3C; Mon, 16 Dec 2024 15:26:40 +0000 (UTC) (envelope-from olce@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734362800; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=JLGeFGyC8lv4622qmegBPxlMF9zkhbmwzyrFVBWOdbg=; b=lkA9MqyPF945WjoUFR1CGCd7m/AyJg+g+1HdGFHKzYsspGbj+Moc6HUkKGdlAq3FXjnluM 9XiY03m2bvObwGfkMhRHwVBmKyXJILhfnRxxN6EI7ZnF8Yeskka1vEYoxV3M9HnVsrGXMg URm0kDLXUNUECelxZsYAyrBF5Jm4FrJ+iJAUy2zHBs4ZNHKtbLcRuII34UXNvpGrNMIc+U IJVR0CZwe70JgaIPerdwn5Juk35Jqi0LiHQQ/EBeDyKJwplO65hXFCpG2OqsiW4jBWwguw VkbA1hLpDIMhkzNN3HxqRBZGB06wPc70OLLKji+eQEQe4FEIym/KWPi9JHRNUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734362800; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=JLGeFGyC8lv4622qmegBPxlMF9zkhbmwzyrFVBWOdbg=; b=dUt67xzbpPUfqIXBd15Fv0147pk/0i6rcZ3K+QcwHg7b5W8QJSizrX/a/QWbg4IOS6YQPh VdZlmyyOQ5WOyUZL1ani7SSN3HaBi7SiZmwgLJBlUYj86+zU1gRwkONZw+aQmCFVNeNqcR t2AC6B9vrN5QrNZi9SNogslc8ac64aoieAFpFUjtEJiyHzE5E1W3jUNcR0fXz2tqYtchNv V2oVLXyt9sIPd5u4dhr3RwLHWAKdnO7kquBXI1ACV29UE+DgrxUPYCpzFv3rhN+/uqQKN2 HaiaZEieeO4t4oIpRE8C2tL1tML6O6FYdSmUFdVGGID+u7o7eMigeeqeFT+E0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734362800; a=rsa-sha256; cv=none; b=kKN0vmZilUCQaj3peWp/ZN68T0YTc6NhDcR9tZTGOdEw8Nn2fqb2GF2r/OHT/gwf6GctEl D4HHPMcYJijWt4oy/ARERtOsSA8531TZFqwtPkudhzzIdnXfmUZOhTk+pq/QyJv5bPvQqu VfG71V5tn18BMJwk75wc3iGmeubJdu3o1KSHGVhRP5XYTVdLJeAbbzRRIghM+fl0EVfZu6 ny2xfKECNrzcC8vC50OgrwcKpi6cgNXrmJetJ92JeeCNdPmVyzZZ8AzcV34wDJTtIEFcg/ 3CICso2L4jTuX8bT+cn9hiHoj8tmaQWZCOF9f/ZeSBjoYwV4Gh2cVSQbrKWa2g== Received: from ravel.localnet (aclermont-ferrand-653-1-222-123.w90-14.abo.wanadoo.fr [90.14.66.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: olce/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YBkLl5pNTz1CSP; Mon, 16 Dec 2024 15:26:39 +0000 (UTC) (envelope-from olce@freebsd.org) From: Olivier Certner To: Baptiste Daroussin Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count Date: Mon, 16 Dec 2024 16:26:32 +0100 Message-ID: <8184418.bYQgcRI8ro@ravel> In-Reply-To: References: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2531687.0dHE6SNnxz"; micalg="pgp-sha384"; protocol="application/pgp-signature" --nextPart2531687.0dHE6SNnxz Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Olivier Certner To: Baptiste Daroussin Date: Mon, 16 Dec 2024 16:26:32 +0100 Message-ID: <8184418.bYQgcRI8ro@ravel> MIME-Version: 1.0 > This breaks build for GERNERIC-NODEBUG Ah sorry, going to fix that. Thanks and regards. -- Olivier Certner --nextPart2531687.0dHE6SNnxz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCQAdFiEEmNCxHjkosai0LYIujKEwQJceJicFAmdgRqgACgkQjKEwQJce JidscQ//e7CsIYbGd0zK8A0bLQntAYaMg9e5LyQwlOjPxhfzLzivb12eRtHrJuVU 1yPxP8unYgkEsQIhjSBDd02TxBim0TBxs4CPV8MHr02ROr2Ca6COqE0kEfo85t7/ 3Tj+oQrt8SLw5bxYtQXkbHa3degTVuljGyzUmmrJPkrDBZk89ykav98EOZMj/x9i rDcJcRT80WF1XFRVBS3nRZlmtJ9ea0oTPsCsrZmIXWxCkGSEIjNy0fETOJLDCIIe 29Oj+5hm+bZlujZsDjfJUUoPuoQTtGMIq9r0lp4fKon/msOKhgkRByIzML9+kMmV UYZxWdZnu1xG0xD9XltFv7cKhrb2BTdsGQQo+R0/nHGh8dwraE2u2N7j1WzwTHwJ zCIfvZnrt/wVK1aZ+HxKEYqoYfNCqQEImqRAJh2Q/chpxW3GvGd2J9wExXhtOxt1 H+vw24MeU8bRJ3cKDWyN9c4rc73ZXtriPV1rD1i+u6hxlKkHUZ0lDlz+aEykZZhf tpSjSRLR9tJDx441ym2GWdt9WVwtX5exn1TcYlGa9x82EnXWEL6m8nrrgtgOsasr a3MmQaG80e3GIC794eKRhfzN2QYDmMm1l4QcEECs7dQLTugEBakDRhEuKWtv6zAk ZThmykQP1XjNiDAeIPskNm8rN9qr9R4oMxI4SCzBP6huU+b9jNI= =l8bs -----END PGP SIGNATURE----- --nextPart2531687.0dHE6SNnxz-- From nobody Mon Dec 16 15:29:36 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBkQD0xDfz5hZ44; Mon, 16 Dec 2024 15:29:40 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta004.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBkQC5FcRz4GS5; Mon, 16 Dec 2024 15:29:39 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTPS id NBWBt5w3xyLQGND2RtODgS; Mon, 16 Dec 2024 15:29:39 +0000 Received: from spqr.komquats.com ([70.66.136.217]) by cmsmtp with ESMTPSA id ND2Ptri4dGvSVND2QtSdTk; Mon, 16 Dec 2024 15:29:39 +0000 X-Auth-User: cschuber X-Authority-Analysis: v=2.4 cv=FpSm/Hrq c=1 sm=1 tr=0 ts=67604763 a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17 a=kj9zAlcOel0A:10 a=RZcAm9yDv7YA:10 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=YxBL1-UpAAAA:8 a=Ig6MZvfPfvRloDQ33cYA:9 a=CjuIK1q_8ugA:10 a=LK5xJRSDVpKd5WXXoEvA:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id D236326D2; Mon, 16 Dec 2024 07:29:36 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id AC31A1AF; Mon, 16 Dec 2024 07:29:36 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Olivier Certner cc: Baptiste Daroussin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count In-reply-to: <8184418.bYQgcRI8ro@ravel> References: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> <8184418.bYQgcRI8ro@ravel> Comments: In-reply-to Olivier Certner message dated "Mon, 16 Dec 2024 16:26:32 +0100." List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 16 Dec 2024 07:29:36 -0800 Message-Id: <20241216152936.AC31A1AF@slippy.cwsent.com> X-CMAE-Envelope: MS4xfLkLYIDRzorcXDr1Z9PVasn+Ty/m+tq22tOKyYchaCPIOTgvdwkojmCXEKiuKwN4lsfsxv2O1owGyo68bk04XoOwXxgVTV/uxA9CxSYfXf0G40g8IjF3 IEZzFoVOFKpDW0+0MWvCsili74DlHaFwRSqQdLJV1Sn014juCJZkJrs7TiHiJ3RHnsgA20iECVu02VBSI2prSZFk7nv9OvcVCWdvVOCdX4SWooG8IQ3GLlmM jXRj2l+sy+TXT2L9LK2Hx/0eFJaZ6zvpLxdctdCNoFJ+z9BB5PBDgs4+oa21XX8QtIbB5xR5n8b3l7HhQ8KHElSWR+qzl8u+8wAKkzKeFn4zmkQCy2p/70eA TvDD+RrD X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] X-Rspamd-Queue-Id: 4YBkQC5FcRz4GS5 X-Spamd-Bar: ---- In message <8184418.bYQgcRI8ro@ravel>, Olivier Certner writes: > --nextPart2531687.0dHE6SNnxz > Content-Transfer-Encoding: 7Bit > Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" > From: Olivier Certner > To: Baptiste Daroussin > Date: Mon, 16 Dec 2024 16:26:32 +0100 > Message-ID: <8184418.bYQgcRI8ro@ravel> > MIME-Version: 1.0 > > > This breaks build for GERNERIC-NODEBUG > > Ah sorry, going to fix that. > > Thanks and regards. > I was just about to push this: >From e138ba250999b73166b62887dee80c770da32f25 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Mon, 16 Dec 2024 07:12:18 -0800 Subject: [PATCH] New setcred(): Fix non-INVARIANTS build Fix, --- kern_prot.o --- /opt/src/git-src/sys/kern/kern_prot.c:2697:7: error: unused variable 'success' [-Werror,-Wunused-variable] 2697 | bool success = _proc_set_cred(p, newcred, false); | Fixes: ddb3eb4efe55 --- sys/kern/kern_prot.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 8edbb7f18f1a..b5af6dc547d4 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2694,7 +2694,10 @@ _proc_set_cred(struct proc *p, struct ucred *newcred, bool enforce_proc_lim) void proc_set_cred(struct proc *p, struct ucred *newcred) { - bool success = _proc_set_cred(p, newcred, false); +#ifdef INVARIANTS + bool success = +#endif + _proc_set_cred(p, newcred, false); MPASS(success); } -- 2.47.1 -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 From nobody Mon Dec 16 15:41:29 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBkgs6jp8z5hZdR; Mon, 16 Dec 2024 15:41:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBkgs600qz4JJW; Mon, 16 Dec 2024 15:41:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734363689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b1o7GqksQGdbPUBVcb6XLGGTBB5ltFQNfpOxMYDBlR8=; b=R2ml7YNXw+LOBrrbbM8TVyIp560yUMk9uwH6rWd/ZN+dBj5rca6b00JqbeYAFNWJNtX7ow rdDv/em8NcKIKttNHdBt3CG58pBjNi5P8l95ApmcC7EVCkLRSIBQ3NWpF55ocSXFbcp9Zi er/OGGVRTYtCAgggKCyN5M11r/StNo5+px7fdQK4LDBU6LFSueV+eSNbtYM3vbAVuPUsFo dM/9iTdpi+pY5wBCDNshGQvkNYgFCs71pAK+a7fzTmNvxKc6UWBC4/6+I/Dgr12xQRyhwG AW6aTo6qu5ITCJfHYt9mYNb62JEBPRkJ63SlPKN4cEUXnNwhzt2CMsvXpuylQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734363689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b1o7GqksQGdbPUBVcb6XLGGTBB5ltFQNfpOxMYDBlR8=; b=wVLTxo3t+zmO0jJutc5o+kGLf5go8TSARPDDZNJvN0JH8dpY0NhVGSM71WjpOkNJDdkKJH Ks7GA34w6eE5lMxjTRqICVQzO+GczIQDxxKgFcm+0//XVBdj1cyzxtJIYUPNzdsTvdxRMe yMvjkggOZjfmmCRTH5gv4DiEeIRsJCGwdODUwDd8HCsVo1GZa4At4w6LuBnjt+LwIH0Izb RoTHCKTx8FjDrV7BFemItEec3xR3ShZGugjvidia29cNACzGfqag+IH6cfWFeYVty7zH0k lWxqqfJ8g+asg4bof7TcuJ28QzMXw8fq3X52Kmp4DYGS1jDaA4rEtTxYzuO+Yw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734363689; a=rsa-sha256; cv=none; b=gFQWxCKJhc4iA21XDol4UcaJuNJvB1PZL7bAEU6vagZKLRS5iDM146yV6K1t2bTdYd1cWx kLmm8XHBZpI8SJSkT0ierlXCbq5aEdNd4Ael4MihTeeIep9u12Cb3GmgeiPBJXfAaBRXSn 3LubaCy6ASZOuFuHUThGw73f2EVCuY3iuf40HR8UQZo6q8JWdw4eUAeE44EUEtCyrFR70+ YQsDD4JagdZv/MRoZXQXy/JDxv1fkdzlA/bfx16hbLGXNKlvaKxBHnB6smz2UKXQ9MizA9 g379bXpY38c6sEfLLeBgeMgKFoCIC1sFEYmzwPUFAxK0E/DAl+8CMZ1zf+zkhA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBkgs5bJ0z103B; Mon, 16 Dec 2024 15:41:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGFfT2x062531; Mon, 16 Dec 2024 15:41:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGFfTKB062528; Mon, 16 Dec 2024 15:41:29 GMT (envelope-from git) Date: Mon, 16 Dec 2024 15:41:29 GMT Message-Id: <202412161541.4BGFfTKB062528@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 675708aa402a - main - proc_set_cred(): Fix compilation of GENERIC-NODEBUG List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 675708aa402a06d9ced98c8a12d9ef29625d3c66 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=675708aa402a06d9ced98c8a12d9ef29625d3c66 commit 675708aa402a06d9ced98c8a12d9ef29625d3c66 Author: Olivier Certner AuthorDate: 2024-12-16 15:38:26 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 15:39:54 +0000 proc_set_cred(): Fix compilation of GENERIC-NODEBUG Approved by: mark (mentor) Fixes: d2be7ed63aff ("cred: proc_set_cred(), proc_unset_cred(): Update user's process count") --- sys/kern/kern_prot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 8edbb7f18f1a..2517b2bc2d4d 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2694,7 +2694,7 @@ _proc_set_cred(struct proc *p, struct ucred *newcred, bool enforce_proc_lim) void proc_set_cred(struct proc *p, struct ucred *newcred) { - bool success = _proc_set_cred(p, newcred, false); + bool success __diagused = _proc_set_cred(p, newcred, false); MPASS(success); } From nobody Mon Dec 16 15:44:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBklh5gMPz5hbGX; Mon, 16 Dec 2024 15:44:48 +0000 (UTC) (envelope-from olce@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBklh575Kz4Jhq; Mon, 16 Dec 2024 15:44:48 +0000 (UTC) (envelope-from olce@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734363888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ju4q2fHW0/UzJUuPhQ4EW/lsYVXKYy2AMv/FzAwovtM=; b=NEXRCh6Sd28Qw6ik95GS6DNCPL/+Pu1m2aMmFpfUj6xuIdUubB08RzKYnm2ohqqMiSRlyo vkpknAU5HXXo4XMDkpnBNLqYPvumkA9pfMXAZllGybQbffq/biAN61pDQpu0t8GF4wrlwJ mVF5qW8yomLoU2rHlrCGikBz/n4IVCAaeYsnPZPWhz0dOy1lujFrmCN3DB42Q/4UO8Z4DL 5oIirxM6smVUEJhbZ2iYygXig3a8pb3EL1Hl2UQCJR5vaAZMiwQLkSG7oSSxgRiiA0a+DV dWzI0Y9deyps032j6/3NLcquRw0mMki/pnfdlatM/HPa7ng8Kdt3kdUyro7TLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734363888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ju4q2fHW0/UzJUuPhQ4EW/lsYVXKYy2AMv/FzAwovtM=; b=fs/TTLhNB/+Fmzy9Bz/qmE4D4vQDYPl62K8a4dVtereVQQoxgvuJuUPH0iPMwV6Eq0+4c9 iLvt6x9ZcaKBsOMgC2K7iFPzKhqcd4sDkXYXAcexDMQN3dDon6CmuFDXVK5Pu4+vwBInk9 geu3A44pg16StvQNkDD5ft0FZunBs1CXLfxtNlr0Ys1XGaSZlFhk3e5sgjNTgBansoUgZV qxE+ItGvN9g8akxtfhpu//fu/xnJUTxa+ZlV0aJejGVRdbija3hHeV5V5Am7n9nn4FGRc8 wLKzq3jxQdZ1LiyGgHSA+9mgF+FSXeReb2VPvbQH7TJnFagNfHvyqbtO4KQ9LQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734363888; a=rsa-sha256; cv=none; b=jQR/oVdMCS6VVnHUi55hgR14wubNys2znqSuPv+i24Wvk+F2ZxK/4KuWxs7Xklne+iQBik 47+zmnwOxxHE93fJjGXUIk5Sn/zneqzPnemIY176YYHVjOxDC2GuCyifpfkbICfyAGpAIJ Ds7DTLsrYF3G7R3h5Bvn24OMWySDHZKVEUNuiE6UyQIiI1TYtrTIXE8F1ch+/wuGwWUcR+ ZLBi4R0XCq4HKUfkD3r6NtYGnx4n6ZkEQr0kYYNiHndN0rLzf8uaJlfs3tB39gWD1ls75/ hxmNvtQESmiZl0D9OVTFGrw2T34MKQOgYahzyIMnfYEkaW9Vvj9h1kgsQ6Xegw== Received: from ravel.localnet (aclermont-ferrand-653-1-222-123.w90-14.abo.wanadoo.fr [90.14.66.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: olce/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YBklg62ynz1CSh; Mon, 16 Dec 2024 15:44:47 +0000 (UTC) (envelope-from olce@freebsd.org) From: Olivier Certner To: Cy Schubert , Baptiste Daroussin Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count Date: Mon, 16 Dec 2024 16:44:37 +0100 Message-ID: <2968186.slGk94SIus@ravel> In-Reply-To: <20241216152936.AC31A1AF@slippy.cwsent.com> References: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> <8184418.bYQgcRI8ro@ravel> <20241216152936.AC31A1AF@slippy.cwsent.com> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3019747.hHqAuc6tWs"; micalg="pgp-sha384"; protocol="application/pgp-signature" --nextPart3019747.hHqAuc6tWs Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Olivier Certner Date: Mon, 16 Dec 2024 16:44:37 +0100 Message-ID: <2968186.slGk94SIus@ravel> In-Reply-To: <20241216152936.AC31A1AF@slippy.cwsent.com> MIME-Version: 1.0 > I was just about to push this: Ah, didn't see your mail. Just pushed a fix. > proc_set_cred(struct proc *p, struct ucred *newcred) > { > - bool success = _proc_set_cred(p, newcred, false); > +#ifdef INVARIANTS > + bool success = > +#endif > + _proc_set_cred(p, newcred, false); > > MPASS(success); Apparently, the idiom for such a situation is to tag the variable with `__diagused`, but the change above would have worked the same in the end. Thanks for watching the build! (And I now have one more thing on my before-commit list, since I forgot GENERIC-NODEBUG). -- Olivier Certner --nextPart3019747.hHqAuc6tWs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCQAdFiEEmNCxHjkosai0LYIujKEwQJceJicFAmdgSuUACgkQjKEwQJce Jif96g/+LTFhLnCChMdqh+uIxuQIER1oWL0fSdSLpHx0wMAMvL0zkz2OyBLXB3ta caatuSsUpyzTe5jPCoWtWcgFzfSZZqdu9z+sYnbI5bxVi9GD3A76z6CjeYGuj4f/ +Dr7XT7xrIhye8GZLjGCLc0rZ+qpYAyOvtyL5kFzJrFfV0Lu35VyN/Bho05X7QMv Yn5zZlKD8PSFXZV302uMQhb4OmlFJG8aGHDyiyf8x5SEJhZtvoTdmAHngNiCYF97 31zRK8CuU7Yu30eG0RCxiBrjK6U9OOlRQGP/sBKna89tctsYJ17nYlNnKlz5PF0r q8QgaKd20ruPHmE10ZGn4ElX+sIAqs7IzyOotd19PVbg+JMMmL4ywTabAGNZqCgZ uETCunLMGje8BzjOVoO1rL25EscPwinQ+fxQvq5vbAUBqNbXeGziSCNbf09vStS/ M3NJoIWua37JsKbLP1sz9z8tAVwN4m9W0oKZIxJrThFYObqmHBM8gaboZzk+P8yo LSQ6YsxRO3bDh6m2492CC9QN//Szm5FVtH629wCzwUVtx8m9PFK38+i1NcHfPkB5 FIKRXKnnGVS8ubaJMG+7pasz255474aX+h0DtkyjK4B9GIPmuBS1JUp+UVrR+XIF 24QD9jk22TD2FdTKpXRMZdWp88Vn8xgxujhqq2qWtXZWOScH8xE= =Nk00 -----END PGP SIGNATURE----- --nextPart3019747.hHqAuc6tWs-- From nobody Mon Dec 16 15:49:23 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBks54DWhz5hbVb; Mon, 16 Dec 2024 15:49:29 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta003.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBks51zmLz4KD8; Mon, 16 Dec 2024 15:49:29 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTPS id NBWBti37aIx4rNDLZtGult; Mon, 16 Dec 2024 15:49:25 +0000 Received: from spqr.komquats.com ([70.66.136.217]) by cmsmtp with ESMTPSA id NDLXtrnVcGvSVNDLYtShY1; Mon, 16 Dec 2024 15:49:25 +0000 X-Auth-User: cschuber X-Authority-Analysis: v=2.4 cv=FpSm/Hrq c=1 sm=1 tr=0 ts=67604c05 a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17 a=kj9zAlcOel0A:10 a=RZcAm9yDv7YA:10 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=VxmjJ2MpAAAA:8 a=YxBL1-UpAAAA:8 a=VN7zgYw1dXOwZQa7yrgA:9 a=CjuIK1q_8ugA:10 a=LK5xJRSDVpKd5WXXoEvA:22 a=7gXAzLPJhVmCkEl4_tsf:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 4579426E6; Mon, 16 Dec 2024 07:49:23 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 1D64079; Mon, 16 Dec 2024 07:49:23 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Olivier Certner cc: Cy Schubert , Baptiste Daroussin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d2be7ed63aff - main - cred: proc_set_cred(), proc_unset_cred(): Update user's process count In-reply-to: <2968186.slGk94SIus@ravel> References: <202412161445.4BGEjYvf052320@gitrepo.freebsd.org> <8184418.bYQgcRI8ro@ravel> <20241216152936.AC31A1AF@slippy.cwsent.com> <2968186.slGk94SIus@ravel> Comments: In-reply-to Olivier Certner message dated "Mon, 16 Dec 2024 16:44:37 +0100." List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 16 Dec 2024 07:49:23 -0800 Message-Id: <20241216154923.1D64079@slippy.cwsent.com> X-CMAE-Envelope: MS4xfLJvCMlTy/rBkbToVK008QXtnPlkA+IefiGt5oXfmPrJjd0lxVyk1XWb6X3iMK1k/tbtInyg5PLTZcyY+hck/nL2IqAUyvHaOBNtKgp44qmMDls1U+VR 5wqXNjsb/ucds1O538mq/HRCv1MGrVoCae+dqVt89M1fo6KHNJOFuyra/a4aL3dMj7CaUVIsc2LZHFtm4VwQ8NWhgb2q++ykyh4pcpwKjBK4oum0XJWSONLx djXToQmE/o9BY5J5BNNTDcQEqxvknPVprz1xtx+qO1AJE/v1HPCpMj7tm9RSDqaOJxG1TCJRE4n6PRoCW+Ys/utTUFUz/X7B0YZo9fpv0dHFHksAarm+MGXP BlTRH+ma X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] X-Rspamd-Queue-Id: 4YBks51zmLz4KD8 X-Spamd-Bar: ---- In message <2968186.slGk94SIus@ravel>, Olivier Certner writes: > --nextPart3019747.hHqAuc6tWs > Content-Transfer-Encoding: 7Bit > Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" > From: Olivier Certner > Date: Mon, 16 Dec 2024 16:44:37 +0100 > Message-ID: <2968186.slGk94SIus@ravel> > In-Reply-To: <20241216152936.AC31A1AF@slippy.cwsent.com> > MIME-Version: 1.0 > > > I was just about to push this: > > Ah, didn't see your mail. Just pushed a fix. > > > proc_set_cred(struct proc *p, struct ucred *newcred) > > { > > - bool success = _proc_set_cred(p, newcred, false); > > +#ifdef INVARIANTS > > + bool success = > > +#endif > > + _proc_set_cred(p, newcred, false); > > > > MPASS(success); > > Apparently, the idiom for such a situation is to tag the variable with `__dia > gused`, but the change above would have worked the same in the end. I totally forgot about that. > > Thanks for watching the build! Some of my machines use DEBUG others not. > > (And I now have one more thing on my before-commit list, since I forgot GENER > IC-NODEBUG). I typically make tinderbox (or make universe) in one of the universe jails. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 From nobody Mon Dec 16 17:23:19 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBmxM3ylwz5hh3y; Mon, 16 Dec 2024 17:23:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBmxM3TD9z4WQC; Mon, 16 Dec 2024 17:23:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734369799; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=awWDPH9bZ2USDEg9ju0gwTYXFjpLZ4D+bPB1XHcCmOk=; b=lwvypYr3m8tHD08KfvsYtu2iXCFx1NxeOLK6fOzBR0ZBomGKgim0O8h+uFtfv2AUO4lozK 4pr5twnYwgseYoTvjSwkAYSJHNDBnGwxGdLq6Smd0TksRwKU2MerXy7mn6dJEOgTGelN11 anKForGyFk/nP5O86mepqBBybCgiG76++0LucPesRHyxC+vwt8MA/gxAg/HdVh3a1Bszxp +GoIq7srKwK0ej9KVUbiPB7BEndaQja+xxlaEhP+eNn5Gtz3dEL63JfuoqYSViPVDsTxig FR9qb5LFhgVUsVAnxO9zZyVmh9GwvxupX5RolgSs/y8mngG1ExwkD9EFrECvOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734369799; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=awWDPH9bZ2USDEg9ju0gwTYXFjpLZ4D+bPB1XHcCmOk=; b=MkicJYwCFen29dxjmQgK2zQmvvrw0xBN2AwOSeTkYQVzlMpvXtTVcPffIm3qfARDTfVSKf 1juOFiZ5XIUIA3pOAkWyp9gDtQKCsRm6PfSS85W7NBYbea7nskxEQoC5AbUoieLCNLk/k2 YdtxCEXlbWyLQIV2955Oily4HOmLQlAT71JndnmtzYy04AteiwLGL4WCSjjOdiQRUpqxg/ wSJKC/uqrwyM73mPbQg7jqCH/87SrX66o0V3RJJXXjCi9yhrNtldIbCnP1X+7cjAzhNqLS cBaJNE93Eg1lDJBV68LXjKBkhPcsfPFxbAbGCiqh0X0hsQi2xb08rzQZrO9YLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734369799; a=rsa-sha256; cv=none; b=HXtUim3lQ7hSHWzv6jaUe51hSKr2DFukV/+upQrmYy4ck51/bLkBPjpazGtFRB0dRyF+LB jeir+wrvxv/kXFDNNoEUfw9x8iffZWK0fzj/eIpR+KwYwa0RETM+uRTsFM5ixFejT00eUk 6ZWUlYi4RtQZ4922o0zwYSex4dSjF2bBajszjmqdS86OFiEYxpJv6ABp/z09H15iyzbANL v1CVyvcv62xwi8S2pBwBonYRhiwNbfY+3HD9cakWZ9QCEnKmgFCLo1Pk2wVfvQMQYrIWgd oCJBhI45Blc8JR7IAJ3lQGIogJ52tS6z+fnWwvoxpQ1LWF4kgazpJG12O3OBWQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBmxM1rjjz12wJ; Mon, 16 Dec 2024 17:23:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGHNJcH052635; Mon, 16 Dec 2024 17:23:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGHNJMR052632; Mon, 16 Dec 2024 17:23:19 GMT (envelope-from git) Date: Mon, 16 Dec 2024 17:23:19 GMT Message-Id: <202412161723.4BGHNJMR052632@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: e94684b3e0d9 - main - MAC/do: Update copyright List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e94684b3e0d966f755f785e4908317bd6bdd2ea0 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=e94684b3e0d966f755f785e4908317bd6bdd2ea0 commit e94684b3e0d966f755f785e4908317bd6bdd2ea0 Author: Olivier Certner AuthorDate: 2024-12-16 16:52:14 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 17:22:22 +0000 MAC/do: Update copyright Approved by: emaste (mentor) Sponsored by: The FreeBSD Foundation --- sys/security/mac_do/mac_do.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 7ec34b20c882..c5f986920db1 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1,7 +1,12 @@ /*- + * SPDX-License-Identifier: BSD-2-Clause + * * Copyright(c) 2024 Baptiste Daroussin + * Copyright (c) 2024 The FreeBSD Foundation * - * SPDX-License-Identifier: BSD-2-Clause + * Portions of this software were developed by Olivier Certner + * at Kumacom SARL under sponsorship from the FreeBSD + * Foundation. */ #include From nobody Mon Dec 16 19:12:11 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBqLz3vrdz5frpn; Mon, 16 Dec 2024 19:12:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBqLz3Sj8z4hCc; Mon, 16 Dec 2024 19:12:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734376331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Us0v/1ihGfmgTPFNJi9SiQNHDa3S7uFgH9dHZ0otCPw=; b=N4QaLfZA1G+Z0RLZ8hmhiHQETwNqpJROA5l3jTLZCalK44YdZ0YJo967IK29Bl1LZ2L0bs czN9NKaxg9HEsdECvHTfkMcHqIGOXvc3Yr1O0L2EU+laX8X/u8EFvz0VvYaiImm7WFt9aS SsBDi/OS1CqOeI27UqfdCloNJHlrlFJe11Tr1/hmZjlfJhAOnh1lJSzdlfFMudIuyMpohq LgLwfEHLG89mBVF+RXoB5uO4xhmS91YmaoWZ5mKNrQ/7rAtfwsMWOWg07WPE6VtuiuVxWe 5ZkaAnKNtb+OgYOY4VutKzrF0cEuGNp2bfAQUR9BfMkER+lBbdVQ4AR+xrcOag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734376331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Us0v/1ihGfmgTPFNJi9SiQNHDa3S7uFgH9dHZ0otCPw=; b=FjsInZfWajpFQQx1YTyMur6bcl0wndI8cpvFG0SQCGZdbVPR+5dls4XQ5RvrnOiABF+Xn8 58/ZwRXddbuZOurop9pQqcN92s+qg4F1eIBfFjBi7hcUUpwsvEUbGlCHJW4tb9I5YU43Yv lJGl0l/ZbxBf6/mkrMwmKck14CD9fvT6vABHDryHEfYC6W+mJ6hjqb7VSPEzWy7QqaprtC lS7VRkeK1bq2yAZ8kPcDlPi/KtlMeVI/c5fqiQwVL0q6aBYDO/2GB/A1HMBsqHJ3kwq+td qBvPe7ndA8UaBjjoWrlwIVQ+DCQ1WdJIabGKYoSoMybht1yL2OzOMHXmqRloyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734376331; a=rsa-sha256; cv=none; b=em8DOxOQymFR8XDQBF5cSJnwlKpsBjWJJ9CxxulvWUo5Mslx9s0TEJhV9sOfGYvZS3Qgo9 3TfJ8bkpyy2xp+5NrmV/aTi4e0OdumHbnTKbtnQyQjhyHtEUMUSr+RRYtFxIycFIwN8jFm LbxfpwIQorYpXkbPZpoNkPTouZL43MY7CmGYEaYOljqff4C52dsr+qw0QvrUaD7LIADFW4 guS0q/X62mHsUQOLVEp92dvrvK8pNIucpiLYsXtmcky358Fv7jiDAfuF87NKBbaIJP6Ojp TMTG0dPfgDNxymBwdajdDOraxdkzoa56DLpodpr/Q03zAI/n08boYeBjbgCiLA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBqLz2lpxz14wL; Mon, 16 Dec 2024 19:12:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGJCBtg057307; Mon, 16 Dec 2024 19:12:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGJCBoZ057304; Mon, 16 Dec 2024 19:12:11 GMT (envelope-from git) Date: Mon, 16 Dec 2024 19:12:11 GMT Message-Id: <202412161912.4BGJCBoZ057304@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: 487788a69fa2 - main - intrng: fix INTR_ROOT_* constants List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 487788a69fa2bd57ee04f38c3ad6e995a62d8e00 Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=487788a69fa2bd57ee04f38c3ad6e995a62d8e00 commit 487788a69fa2bd57ee04f38c3ad6e995a62d8e00 Author: Elliott Mitchell AuthorDate: 2024-08-09 15:30:15 +0000 Commit: Mitchell Horne CommitDate: 2024-12-16 19:11:52 +0000 intrng: fix INTR_ROOT_* constants Switch to INTR_ROOT_COUNT as this name better describes its purpose. Remove the default INTR_ROOT_IRQ from the core. Define it (redundantly) in each architecture's header, but now placed alongside its sibling values (if defined by the platform, e.g. arm64 INTR_ROOT_FIQ). Reviewed by: mhorne Pull Request: https://github.com/freebsd/freebsd-src/pull/1280 --- sys/arm/include/intr.h | 3 +++ sys/arm64/include/intr.h | 3 ++- sys/kern/subr_intr.c | 19 +++++-------------- sys/riscv/include/intr.h | 3 +++ sys/sys/intr.h | 2 -- 5 files changed, 13 insertions(+), 17 deletions(-) diff --git a/sys/arm/include/intr.h b/sys/arm/include/intr.h index 5facd5dbccdb..71e853c93ce2 100644 --- a/sys/arm/include/intr.h +++ b/sys/arm/include/intr.h @@ -51,4 +51,7 @@ void arm_irq_memory_barrier(uintptr_t); #define NIRQ 1024 /* XXX - It should be an option. */ #endif +#define INTR_ROOT_IRQ 0 +#define INTR_ROOT_COUNT 1 + #endif /* _MACHINE_INTR_H */ diff --git a/sys/arm64/include/intr.h b/sys/arm64/include/intr.h index 56bce911cd32..ef7fe56e3a13 100644 --- a/sys/arm64/include/intr.h +++ b/sys/arm64/include/intr.h @@ -48,7 +48,8 @@ arm_irq_memory_barrier(uintptr_t irq) #define ACPI_GPIO_XREF 3 #endif +#define INTR_ROOT_IRQ 0 #define INTR_ROOT_FIQ 1 -#define INTR_ROOT_NUM 2 +#define INTR_ROOT_COUNT 2 #endif /* _MACHINE_INTR_H */ diff --git a/sys/kern/subr_intr.c b/sys/kern/subr_intr.c index b8d85bf20f28..b7cb088f58c7 100644 --- a/sys/kern/subr_intr.c +++ b/sys/kern/subr_intr.c @@ -89,15 +89,6 @@ #define INTRNAME_LEN (2*MAXCOMLEN + 1) -/* - * Archs may define multiple roots with INTR_ROOT_NUM to support different kinds - * of interrupts (e.g. arm64 FIQs which use a different exception vector than - * IRQs). - */ -#if !defined(INTR_ROOT_NUM) -#define INTR_ROOT_NUM 1 -#endif - #ifdef DEBUG #define debugf(fmt, args...) do { printf("%s(): ", __func__); \ printf(fmt,##args); } while (0) @@ -115,7 +106,7 @@ struct intr_irq_root { void *arg; }; -static struct intr_irq_root intr_irq_roots[INTR_ROOT_NUM]; +static struct intr_irq_root intr_irq_roots[INTR_ROOT_COUNT]; struct intr_pic_child { SLIST_ENTRY(intr_pic_child) pc_next; @@ -343,7 +334,7 @@ intr_irq_handler(struct trapframe *tf, uint32_t rootnum) struct thread * td; struct intr_irq_root *root; - KASSERT(rootnum < INTR_ROOT_NUM, + KASSERT(rootnum < INTR_ROOT_COUNT, ("%s: invalid interrupt root %d", __func__, rootnum)); root = &intr_irq_roots[rootnum]; @@ -497,7 +488,7 @@ isrc_free_irq(struct intr_irqsrc *isrc) device_t intr_irq_root_device(uint32_t rootnum) { - KASSERT(rootnum < INTR_ROOT_NUM, + KASSERT(rootnum < INTR_ROOT_COUNT, ("%s: invalid interrupt root %d", __func__, rootnum)); return (intr_irq_roots[rootnum].dev); } @@ -925,7 +916,7 @@ intr_pic_claim_root(device_t dev, intptr_t xref, intr_irq_filter_t *filter, * Note that we further suppose that there is not threaded interrupt * routine (handler) on the root. See intr_irq_handler(). */ - KASSERT(rootnum < INTR_ROOT_NUM, + KASSERT(rootnum < INTR_ROOT_COUNT, ("%s: invalid interrupt root %d", __func__, rootnum)); root = &intr_irq_roots[rootnum]; if (root->dev != NULL) { @@ -1586,7 +1577,7 @@ intr_pic_init_secondary(void) * QQQ: Only root PICs are aware of other CPUs ??? */ //mtx_lock(&isrc_table_lock); - for (rootnum = 0; rootnum < INTR_ROOT_NUM; rootnum++) { + for (rootnum = 0; rootnum < INTR_ROOT_COUNT; rootnum++) { dev = intr_irq_roots[rootnum].dev; if (dev != NULL) { PIC_INIT_SECONDARY(dev, rootnum); diff --git a/sys/riscv/include/intr.h b/sys/riscv/include/intr.h index ea98f0632108..da5d420f7e6d 100644 --- a/sys/riscv/include/intr.h +++ b/sys/riscv/include/intr.h @@ -56,4 +56,7 @@ enum { }; #endif /* !LOCORE */ +#define INTR_ROOT_IRQ 0 +#define INTR_ROOT_COUNT 1 + #endif /* !_MACHINE_INTR_MACHDEP_H_ */ diff --git a/sys/sys/intr.h b/sys/sys/intr.h index d60eac937d93..77daf5a35f32 100644 --- a/sys/sys/intr.h +++ b/sys/sys/intr.h @@ -37,8 +37,6 @@ #define INTR_IRQ_INVALID 0xFFFFFFFF -#define INTR_ROOT_IRQ 0 - #ifndef LOCORE enum intr_map_data_type { From nobody Mon Dec 16 19:18:20 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBqV50gQmz5fsPW; Mon, 16 Dec 2024 19:18:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBqV470d8z4jRV; Mon, 16 Dec 2024 19:18:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734376701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TBMhX84K62MeCoaFmgsEr1DYHE+QPK0nlaPTkBA5wAM=; b=LJ8s/cNfRs0KmFcioMaDUQh7N9nzCMKjk3pUcwY2VgOKuTJ+7H+8F+71zVGJ4btnCXAUXf nK+3XWM1cZkXxSfLapqd1V3vuR8UTrp+pLx2LF5YFDi9/cO35ks9cVFtA34BEbXqLF38Pt B+ejvaWq4JtiFb6lMjK4N+U1d3ahoZ6ScV3t8pn3YQv8zoyjCgkfAP1Tc+RvaQaO/q+lLB X6XegU6ek91ZrTzWiXwiEvW/j/ymaTnduCZ0sFTKuqJdwJfnupRRKSZHwDfFBUeIgP5PQF TRo+29NB7UTOI27O7LivVGqWyGTESMa3lXQGIdmbwMIeo4b6wXLUfnLh9F4tLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734376701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TBMhX84K62MeCoaFmgsEr1DYHE+QPK0nlaPTkBA5wAM=; b=IZkKOc3puwgSQOsu1L3iiAX7BeTWnW6228u5fZ927+ieu14Szi9co91jPJ+cwPGABXnCgP bMJQ+aqNVVwQcr+BrlYoSdqO8dgVaYsX/gFu27IWduyFFO2qP2/uZqlMiw2BvU6Qa27OQR TFskKf985HOLvwQiHbxH8BhWUUmXA8FBgxx2hKGQ8w6lTLI7V/e5Tr/tfV+ow3JXv6eAMc GsFxEG8yk6hh88vmdwSFNNQGn7l+CViBIJ3bV+1W7hgNj0PqVuXSN10WXg39p5x8353U4s aeF5ZmTZ8ha/vGEObyCEbhPJPGjyKkIoJiqFIATOb1UoXnufLLBIEEjnwjXqkQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734376701; a=rsa-sha256; cv=none; b=gv+LGB9/BIN9j+XVqiE+HP9vTI34NrPCwyapqfn5YalJ3MdsUTBTucU8g0yt/+UuA64fq0 Kmhh74SoylUsP80v4YTehhnu4ltlIvJ6qUfZ19w54v+P+lPfrp2GiDcVRPHQOmf+YkMP1h LLQmqQe/PX2URAog/P+EwkmTQb9DlP61VzXOAgHYcBmxLpAA6wxguHuZwUUO7mBQt7EPez jpMvA6tcAMRh1QJHDRvBDMP/CgAGvjmYMMVDzM1qkiOScRW3xfRbi1PpjnVFy+9e5MU5t5 IQEPrVs4B6dRtaiDdcP2tunP8fivhzPo+GMhzCrnOqUpRruhvRjyIaHKuO+/rw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBqV46c3Pz15Ps; Mon, 16 Dec 2024 19:18:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGJIKx6059548; Mon, 16 Dec 2024 19:18:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGJIKwF059545; Mon, 16 Dec 2024 19:18:20 GMT (envelope-from git) Date: Mon, 16 Dec 2024 19:18:20 GMT Message-Id: <202412161918.4BGJIKwF059545@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: a9722e5ae851 - main - atomics: Constify loads: Fix powerpc build List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a9722e5ae8519a9a28e950dbd8d489178e9bc27e Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=a9722e5ae8519a9a28e950dbd8d489178e9bc27e commit a9722e5ae8519a9a28e950dbd8d489178e9bc27e Author: Olivier Certner AuthorDate: 2024-12-16 19:12:14 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 19:15:25 +0000 atomics: Constify loads: Fix powerpc build Fixes: 5e9a82e898d5 ("atomics: Constify loads") Sponsored by: The FreeBSD Foundation --- sys/kern/subr_atomic64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/subr_atomic64.c b/sys/kern/subr_atomic64.c index c8b0ed2bb38b..d9c5278334d5 100644 --- a/sys/kern/subr_atomic64.c +++ b/sys/kern/subr_atomic64.c @@ -77,7 +77,7 @@ static struct mtx a64_mtx_pool[A64_POOL_SIZE]; #define ATOMIC64_EMU_UN(op, rt, block, ret) \ rt \ - atomic_##op##_64(volatile uint64_t *p) { \ + atomic_##op##_64(const volatile uint64_t *p) { \ uint64_t tmp __unused; \ LOCK_A64(); \ block; \ From nobody Mon Dec 16 19:27:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBqj84lBZz5fsmQ; Mon, 16 Dec 2024 19:27:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBqj8472lz4k9w; Mon, 16 Dec 2024 19:27:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734377276; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nylgq++NlrB7jajJP2RmokvQQatFK//u80B7MyivKmI=; b=QMQtNgYAtA2RLBkAjHHg15W3B62ZZ7HNvXc0BL9dVo3ja+v0BDCf7jUdHvSAJgW9RF3Llr L1wzwdDTQQQ+oTd0USmP+vFpCli3U25BNE2DQ0ttF7MYNawMqqMuit66nfFMED9GYHvvfA FNO/6rDTVIIrc6tkBbzvOUQcoeVawbgkD328P7r2LN1+0R7RjBY0x5ugwCx4VX0vAOYBnh 5Q6VJu4WKTrY5p9of19bbfyQDFcq418MD9CPyiFJEFWfxwmF2de1xOTUJKy5wXvCI0HwfN k3sZcvOJ6i/LVlKD7WVZVH94o4sWxheGLOUq6UGuvYnIsMiSC77kbI9upEsAYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734377276; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nylgq++NlrB7jajJP2RmokvQQatFK//u80B7MyivKmI=; b=rB6KlXHna4lFyLfl812XpbW/pgvqkEAOh3QbnPoa/d0JwhUbr8IagrtlqQANnMhzmyU1Hg +rJvXZP8ypNJMw6qttjeA/48oxM2/9zQdTnB1KbT74svCzWWJfvIxaOAq8F8kJ9IpWSrqo WCeQI7KiGPZKnHN1q/COV6oSIGmRPmo35J03ZheAgR1fjxfJEntvvxM0x3lUOR7gdl6riJ pwlE37KqmsKxlKqyo0tj9mW12mO1zYBDt9vPgu2FgOiZHXmWiOs4KLMflVKZ96FccbH26g 28OIoavuPU8psKVvROQoEw+LhDTRn9iMBiIRF4aSJ6BaITuAOXZWaoKU3RH0tA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734377276; a=rsa-sha256; cv=none; b=deMWZOKBhVRdWpo028XeVcBtfwp28WRtqblwaFfjczFbh1vLQvDtX4aMiwbDxRe0QJ0918 o1jf+RWF5wfaYfkHRVb1FxhLUM4G8S6UlzeEJ2Lf0cp9So+JeN4lroMJX6qXOhbsf+Gjwm n3UIj9MtRDtNqjGyd3nuYwcwIsZGbNF3rtb3hlL69CmADmybvtgnoyW/LPB7+3QUAlI1Us v2mEVjxWqXXiHh9JJ291gWAM0B1GQG13ya1JsJhOzJLJWjzreomGf4/DcWRyOBN9b41Qrq 76dGqULRnt5+OM9rKy1QBFPj0Zv1ZvrqfxffBqtSps8zT/s+nOuCtmAZC1Zt9A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBqj83HvDz16Cx; Mon, 16 Dec 2024 19:27:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGJRuWD078549; Mon, 16 Dec 2024 19:27:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGJRuqB078546; Mon, 16 Dec 2024 19:27:56 GMT (envelope-from git) Date: Mon, 16 Dec 2024 19:27:56 GMT Message-Id: <202412161927.4BGJRuqB078546@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: ce3fbcdd14a1 - main - jh7110: Add sys clocks for STG & PCIE List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ce3fbcdd14a1a2ef90890fb8da9592fb4c349b35 Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=ce3fbcdd14a1a2ef90890fb8da9592fb4c349b35 commit ce3fbcdd14a1a2ef90890fb8da9592fb4c349b35 Author: Jari Sihvola AuthorDate: 2024-12-16 19:21:50 +0000 Commit: Mitchell Horne CommitDate: 2024-12-16 19:27:23 +0000 jh7110: Add sys clocks for STG & PCIE This patch adds some SYS clocks for StarFive JH7110. They are necessary for getting STG clocks and PCIe driver working. Reviewed by: mhorne MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47981 --- sys/dev/clk/starfive/jh7110_clk_sys.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/dev/clk/starfive/jh7110_clk_sys.c b/sys/dev/clk/starfive/jh7110_clk_sys.c index e7b8aa87c48e..4bc29b20bc91 100644 --- a/sys/dev/clk/starfive/jh7110_clk_sys.c +++ b/sys/dev/clk/starfive/jh7110_clk_sys.c @@ -56,6 +56,8 @@ static const char *u0_sys_iomux_apb_p[] = { "apb_bus" }; static const char *stg_axiahb_p[] = { "axi_cfg0" }; static const char *ahb0_p[] = { "stg_axiahb" }; static const char *axi_cfg0_p[] = { "bus_root" }; +static const char *nocstg_bus_p[] = { "bus_root" }; +static const char *noc_bus_stg_axi_p[] = { "nocstg_bus" }; static const char *u0_dw_uart_clk_apb_p[] = { "apb0" }; static const char *u0_dw_uart_clk_core_p[] = { "osc" }; @@ -65,6 +67,7 @@ static const char *u1_dw_uart_clk_apb_p[] = { "apb0" }; static const char *u1_dw_uart_clk_core_p[] = { "osc" }; static const char *u1_dw_sdio_clk_ahb_p[] = { "ahb0" }; static const char *u1_dw_sdio_clk_sdcard_p[] = { "axi_cfg0" }; +static const char *usb_125m_p[] = { "pll0_out" }; static const char *u2_dw_uart_clk_apb_p[] = { "apb0" }; static const char *u2_dw_uart_clk_core_p[] = { "osc" }; static const char *u3_dw_uart_clk_apb_p[] = { "apb0" }; @@ -116,6 +119,9 @@ static const struct jh7110_clk_def sys_clks[] = { JH7110_DIV(JH7110_SYSCLK_AXI_CFG0, "axi_cfg0", axi_cfg0_p, 3), JH7110_DIV(JH7110_SYSCLK_STG_AXIAHB, "stg_axiahb", stg_axiahb_p, 2), + JH7110_DIV(JH7110_SYSCLK_NOCSTG_BUS, "nocstg_bus", nocstg_bus_p, 3), + JH7110_GATE(JH7110_SYSCLK_NOC_BUS_STG_AXI, "noc_bus_stg_axi", + noc_bus_stg_axi_p), JH7110_GATE(JH7110_SYSCLK_AHB0, "ahb0", ahb0_p), JH7110_DIV(JH7110_SYSCLK_APB_BUS, "apb_bus", apb_bus_p, 8), @@ -127,6 +133,7 @@ static const struct jh7110_clk_def sys_clks[] = { u0_dw_sdio_clk_sdcard_p, 15), JH7110_GATEDIV(JH7110_SYSCLK_SDIO1_SDCARD, "u1_dw_sdio_clk_sdcard", u1_dw_sdio_clk_sdcard_p, 15), + JH7110_DIV(JH7110_SYSCLK_USB_125M, "usb_125m", usb_125m_p, 15), JH7110_DIV(JH7110_SYSCLK_GMAC_SRC, "gmac_src", gmac_src_p, 7), JH7110_GATEDIV(JH7110_SYSCLK_GMAC0_GTXCLK, "gmac0_gtxclk", From nobody Mon Dec 16 19:27:57 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBqj970l9z5fsdm; Mon, 16 Dec 2024 19:27:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBqj94zSVz4kVW; Mon, 16 Dec 2024 19:27:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734377277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5cPqzuUcIM0TBNvEjIyHF/Uq1zIeglOWgJZiHHvDWYk=; b=p3/AYbUJEEJaB4iHpf5bFh4LwNHJhxjESJpZHai9lTJUCR8IFu9NIy+Wfs3c8lc7nbkcDB cxh/OilZEGaYVsEUSxxi9YOpB40SykT7XePdUcMG8ylUzgd9wA9VYl4iJQiyxrxrB3khve ZknGjthu9qYETg4tGj/a1Yrv71P1LkfxGSCBP79PMICf0dNqEy3cLcRqsEzLdtSF1ragFO t/yN4CEwxy3Dzxvvum8+45Xvix/heffoAi1gBVVs/G6azI0erJEVAuFUHqMXpIn9vXhwM6 mpkBFKORpmCQ6CP5eO0l1+fYtf5ndsQ6vyqyhj06cW5WbqPyeQYopr21w/suyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734377277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5cPqzuUcIM0TBNvEjIyHF/Uq1zIeglOWgJZiHHvDWYk=; b=xko/L/S3GSXOEmWE04TdY7GjazhyO+hHkEQYMs8u68PNQD4HuFM9xUNjTO4kISF4FdAln4 YBJQw7ydFUWhLibE9xLFceTnnyVe8bk2lyiYOt7tsXIqTBpqcz6ZF3QHoX1oGQKwzTQynO FK2RLlQOOi8L8XjSum7bn57lT+MXXXadfg9P18jV8d5VQa8wM+7SCH5CNf5I74hkupdRSO NC6rciZXSeeoQVI2Ra97w1EuCDBeEEl9mjWBkCrK+/qBEfihBGyjFvTnrqXjG/uomqb6h2 8OSn4lrmZ+rIoioO5VmL1IGACAzwREgAFwHlNNX3sNdhfkO18xQT6/3VWG6zIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734377277; a=rsa-sha256; cv=none; b=ErGic/qd4J95hlOiRfCL63AQ9ELuEfYxCEBJl/j0NYKDP5kQgeU8hXJEf0DitC/YDYS75Q RKvZ4VIAe48mBh07rPoVUlyKRIEnvNaA/LAnwGOwGgS1/9CEKmqt2fE6pHp2OuLXaCSuHw IaJg9DLXGSL692uP91meYHab6vMWVrTMV5ZJqTquv7CJRhy2+EH76r4IKXXS3SCcXQ2A7z hx3tsB1hDFjBOhA/ZSNCluL4CZxddWDaVEKR4RQ2r9NjDi1giVpzW1t30BH8qkJxdXY+qe xEzBakK3lr5FbyiUihaeDbpJxWZP+rOlqtt8V2xyhSmkVjPetKy2adOjvqJipg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBqj946pxz169Z; Mon, 16 Dec 2024 19:27:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGJRvoI078593; Mon, 16 Dec 2024 19:27:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGJRvVD078590; Mon, 16 Dec 2024 19:27:57 GMT (envelope-from git) Date: Mon, 16 Dec 2024 19:27:57 GMT Message-Id: <202412161927.4BGJRvVD078590@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: 35a2229b6791 - main - Add StarFive JH7110's STG clocks List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 35a2229b67914ff1a4bae6334ad5015aa603967a Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=35a2229b67914ff1a4bae6334ad5015aa603967a commit 35a2229b67914ff1a4bae6334ad5015aa603967a Author: Jari Sihvola AuthorDate: 2024-12-16 19:26:12 +0000 Commit: Mitchell Horne CommitDate: 2024-12-16 19:27:23 +0000 Add StarFive JH7110's STG clocks This is identical to AON clocks. The only difference is BUS_PASS_ORDER_LAST which was needed for some reason. This has clocks needed by PCIe controller driver. Reviewed by: mhorne MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47920 --- sys/dev/clk/starfive/jh7110_clk_stg.c | 204 ++++++++++++++++++++++++++++++++++ sys/riscv/starfive/files.starfive | 1 + 2 files changed, 205 insertions(+) diff --git a/sys/dev/clk/starfive/jh7110_clk_stg.c b/sys/dev/clk/starfive/jh7110_clk_stg.c new file mode 100644 index 000000000000..af30e640ecf6 --- /dev/null +++ b/sys/dev/clk/starfive/jh7110_clk_stg.c @@ -0,0 +1,204 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024 Jari Sihvola + */ + +/* Clocks for STG group. PLL_OUT & SYS clocks must be registered first. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +#include + +#include "clkdev_if.h" +#include "hwreset_if.h" + +static struct ofw_compat_data compat_data[] = { + { "starfive,jh7110-stgcrg", 1 }, + { NULL, 0 } +}; + +static struct resource_spec res_spec[] = { + { SYS_RES_MEMORY, 0, RF_ACTIVE }, + RESOURCE_SPEC_END +}; + +/* parents */ +static const char *e2_rtc_p[] = { "osc" }; +static const char *e2_core_p[] = { "stg_axiahb" }; +static const char *e2_dbg_p[] = { "stg_axiahb" }; + +static const char *pcie_slv_main_p[] = { "stg_axiahb" }; +static const char *pcie0_tl_p[] = { "stg_axiahb" }; +static const char *pcie1_tl_p[] = { "stg_axiahb" }; +static const char *pcie0_axi_mst0_p[] = { "stg_axiahb" }; +static const char *pcie1_axi_mst0_p[] = { "stg_axiahb" }; +static const char *pcie0_apb_p[] = { "apb_bus" }; +static const char *pcie1_apb_p[] = { "apb_bus" }; + +static const char *usb0_lpm_p[] = { "osc" }; +static const char *usb0_stb_p[] = { "osc" }; +static const char *usb0_apb_p[] = { "apb_bus" }; +static const char *usb0_utmi_apb_p[] = { "apb_bus" }; +static const char *usb0_axi_p[] = { "stg_axiahb" }; +static const char *usb0_app_125_p[] = { "usb_125m" }; +static const char *usb0_refclk_p[] = { "osc" }; + +static const char *dma1p_axi_p[] = { "stg_axiahb" }; +static const char *dma1p_ahb_p[] = { "stg_axiahb" }; + +/* STG clocks */ +static const struct jh7110_clk_def stg_clks[] = { + JH7110_GATE(JH7110_STGCLK_USB0_APB, "usb0_apb", usb0_apb_p), + JH7110_GATE(JH7110_STGCLK_USB0_UTMI_APB, "usb0_utmi_apb", + usb0_utmi_apb_p), + JH7110_GATE(JH7110_STGCLK_USB0_AXI, "usb0_axi", usb0_axi_p), + JH7110_GATEDIV(JH7110_STGCLK_USB0_LPM, "usb0_lpm", usb0_lpm_p, 2), + JH7110_GATEDIV(JH7110_STGCLK_USB0_STB, "usb0_stb", usb0_stb_p, 4), + JH7110_GATE(JH7110_STGCLK_USB0_APP_125, "usb0_app_125", usb0_app_125_p), + JH7110_DIV(JH7110_STGCLK_USB0_REFCLK, "usb0_refclk", usb0_refclk_p, 2), + + JH7110_GATE(JH7110_STGCLK_PCIE0_AXI_MST0, "pcie0_axi_mst0", + pcie0_axi_mst0_p), + JH7110_GATE(JH7110_STGCLK_PCIE0_APB, "pcie0_apb", pcie0_apb_p), + JH7110_GATE(JH7110_STGCLK_PCIE0_TL, "pcie0_tl", pcie0_tl_p), + JH7110_GATE(JH7110_STGCLK_PCIE1_AXI_MST0, "pcie1_axi_mst0", + pcie1_axi_mst0_p), + + JH7110_GATE(JH7110_STGCLK_PCIE1_APB, "pcie1_apb", pcie1_apb_p), + JH7110_GATE(JH7110_STGCLK_PCIE1_TL, "pcie1_tl", pcie1_tl_p), + JH7110_GATE(JH7110_STGCLK_PCIE_SLV_MAIN, "pcie_slv_main", + pcie_slv_main_p), + + JH7110_GATEDIV(JH7110_STGCLK_E2_RTC, "e2_rtc", e2_rtc_p, 24), + JH7110_GATE(JH7110_STGCLK_E2_CORE, "e2_core", e2_core_p), + JH7110_GATE(JH7110_STGCLK_E2_DBG, "e2_dbg", e2_dbg_p), + + JH7110_GATE(JH7110_STGCLK_DMA1P_AXI, "dma1p_axi", dma1p_axi_p), + JH7110_GATE(JH7110_STGCLK_DMA1P_AHB, "dma1p_ahb", dma1p_ahb_p), +}; + +static int +jh7110_clk_stg_probe(device_t dev) +{ + if (!ofw_bus_status_okay(dev)) + return (ENXIO); + + if (ofw_bus_search_compatible(dev, compat_data)->ocd_data == 0) + return (ENXIO); + + device_set_desc(dev, "StarFive JH7110 STG clock generator"); + + return (BUS_PROBE_DEFAULT); +} + +static int +jh7110_clk_stg_attach(device_t dev) +{ + struct jh7110_clkgen_softc *sc; + int err; + + sc = device_get_softc(dev); + + sc->reset_status_offset = STGCRG_RESET_STATUS; + sc->reset_selector_offset = STGCRG_RESET_SELECTOR; + + mtx_init(&sc->mtx, device_get_nameunit(dev), NULL, MTX_DEF); + + err = bus_alloc_resources(dev, res_spec, &sc->mem_res); + if (err != 0) { + device_printf(dev, "Couldn't allocate resources, error %d\n", + err); + return (ENXIO); + } + + sc->clkdom = clkdom_create(dev); + if (sc->clkdom == NULL) { + device_printf(dev, "Couldn't create clkdom, error %d\n", err); + return (ENXIO); + } + + for (int i = 0; i < nitems(stg_clks); i++) { + err = jh7110_clk_register(sc->clkdom, &stg_clks[i]); + if (err != 0) { + device_printf(dev, + "Couldn't register clk %s, error %d\n", + stg_clks[i].clkdef.name, err); + return (ENXIO); + } + } + + if (clkdom_finit(sc->clkdom) != 0) + panic("Cannot finalize clkdom initialization\n"); + + if (bootverbose) + clkdom_dump(sc->clkdom); + + hwreset_register_ofw_provider(dev); + + return (0); +} + +static void +jh7110_clk_stg_device_lock(device_t dev) +{ + struct jh7110_clkgen_softc *sc; + + sc = device_get_softc(dev); + mtx_lock(&sc->mtx); +} + +static void +jh7110_clk_stg_device_unlock(device_t dev) +{ + struct jh7110_clkgen_softc *sc; + + sc = device_get_softc(dev); + mtx_unlock(&sc->mtx); +} + +static int +jh7110_clk_stg_detach(device_t dev) +{ + /* Detach not supported */ + return (EBUSY); +} + +static device_method_t jh7110_clk_stg_methods[] = { + /* Device interface */ + DEVMETHOD(device_probe, jh7110_clk_stg_probe), + DEVMETHOD(device_attach, jh7110_clk_stg_attach), + DEVMETHOD(device_detach, jh7110_clk_stg_detach), + + /* clkdev interface */ + DEVMETHOD(clkdev_device_lock, jh7110_clk_stg_device_lock), + DEVMETHOD(clkdev_device_unlock, jh7110_clk_stg_device_unlock), + + /* Reset interface */ + DEVMETHOD(hwreset_assert, jh7110_reset_assert), + DEVMETHOD(hwreset_is_asserted, jh7110_reset_is_asserted), + + DEVMETHOD_END +}; + +DEFINE_CLASS_0(jh7110_stg, jh7110_stg_driver, jh7110_clk_stg_methods, + sizeof(struct jh7110_clkgen_softc)); +EARLY_DRIVER_MODULE(jh7110_stg, simplebus, jh7110_stg_driver, 0, 0, + BUS_PASS_BUS + BUS_PASS_ORDER_LATE + 1); +MODULE_VERSION(jh7110_stg, 1); diff --git a/sys/riscv/starfive/files.starfive b/sys/riscv/starfive/files.starfive index d867dee1099b..10c56448970d 100644 --- a/sys/riscv/starfive/files.starfive +++ b/sys/riscv/starfive/files.starfive @@ -2,6 +2,7 @@ dev/clk/starfive/jh7110_clk.c standard dev/clk/starfive/jh7110_clk_aon.c standard dev/clk/starfive/jh7110_clk_pll.c standard dev/clk/starfive/jh7110_clk_sys.c standard +dev/clk/starfive/jh7110_clk_stg.c standard dev/mmc/host/dwmmc_starfive.c optional dwmmc_starfive fdt riscv/starfive/starfive_syscon.c standard From nobody Mon Dec 16 21:46:18 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBtmp51Wbz5gYpG; Mon, 16 Dec 2024 21:46:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBtmp33FSz41Pr; Mon, 16 Dec 2024 21:46:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734385578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=czBjL8xwJanT0O4fzMvgpJey1xHG4uALY6j08e/JFlI=; b=G/R4NvTED4dEg8b2Yl+Hvwmf4CJuPybJeon57EDK7k6mRKN3BV9O3FN+d8zqi4yNQZjPAN zXwqzZ6HmmeO3eigzVaJuyqroFgHZ5REy06TEWuz9cCfw2XtksdV3t9WpCroHrfSz+4ZDy WOLwhGEm5i3Nted74CAao120dAOUBi2ptNGb0yQWV1zBgxz9NhntzHubtQ/3P13JRGpiGT cj7+WBNu7eILKJriKkuUw7waW/m5MFL72vgnz7KpfllMKnTpgX7WEdhzd8kcgN2saWyvsr KZki3aVD8KlHsyNGBrFcyXvQ7OPL00PhLmXB62i/vDw5dB2jgtBZXX4s18MrfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734385578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=czBjL8xwJanT0O4fzMvgpJey1xHG4uALY6j08e/JFlI=; b=EwEp5reetApDi0jn99H0Hkt3SOIf4kixVP5ocWhVeTH/UVOBznUP9UA1Q2yaQhVBGWRbS4 wPEUwsgEIVmtGRsajKyY6KUJOsl8UgK5OP7f0mF3QUlPos3BE4OGxGeMUu/E9Sokz/WPIO WYZ+8dsd/S+M9seCvVdQKJyD/xupWqkh3mgNNiWlVO7VfxgaNxmBtxWunnUZdvlmPtig2+ 2RxpvXxm5+1m9+LAZOMuo2V++cF0CuUdlsawQOcogEOLAqxv7kNP7eyIO0SFPkAMMo+Syh KrF2C26d/GKF4IK9NBZymojb2N73QW5lnLG+eRGpMlb508Ji6MzZyC7kt9DgYQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734385578; a=rsa-sha256; cv=none; b=GIIQjDz8MhMQZ0Frf9vT3t2vgsGP+h9T0TTOcU+pB8+VYsl+e1QsOJ4GxilAg0ysqDtftk cJ7XuO40U2z1qxCZvHS3CYtXJyqJZSSlAJZ7IhNaPCKwifT+ZiKeMuQKZEJUh6vGNOXN+e ZtpRqEsaUGtiB408Z76z9dzCpWrG6nTZ8TWF3BYZgJ8nU19jGFv5/ZhWOfaMRIv3gpaSv+ yMqFDdt4cwbOiLmPlxIXLaJmdj713Id2Bqzkj0VSEjzw+kRWn8jBjN2w9ARwb7TP2whi3J gPpnUQHYJzA+tFcyc2fx5DH5dJPVDTUvO0uKuTG5jLdgoBkz6x1fAQaooCCzKA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBtmp2XCQz19k2; Mon, 16 Dec 2024 21:46:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGLkIZl037953; Mon, 16 Dec 2024 21:46:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGLkIId037950; Mon, 16 Dec 2024 21:46:18 GMT (envelope-from git) Date: Mon, 16 Dec 2024 21:46:18 GMT Message-Id: <202412162146.4BGLkIId037950@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 266f640b3896 - main - Makefile.inc1: Remove non-NO_ROOT cases from distributeworld List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 266f640b38960653fcdbd1881e9dde0ce92a6c9d Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=266f640b38960653fcdbd1881e9dde0ce92a6c9d commit 266f640b38960653fcdbd1881e9dde0ce92a6c9d Author: Ed Maste AuthorDate: 2024-12-11 16:25:34 +0000 Commit: Ed Maste CommitDate: 2024-12-16 21:29:59 +0000 Makefile.inc1: Remove non-NO_ROOT cases from distributeworld As of commit 41adc5f29ba6 ("release: Always use NO_ROOT for distribute* and package*") we pass -NO_ROOT for the release image artifact build targets. For distributeworld, add a check that NO_ROOT and METALOG are set, and then remove tests for them being set. This is an incremental step towards the goal of having all targets in release/Makefile run without requiring root. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48095 --- Makefile.inc1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index bd0ed3ebfba8..8d47d8098ab8 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1004,6 +1004,9 @@ IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}" .if ${DISTDIR:U/} == / .error DISTDIR must be set for make distributeworld and may not be the root directory. .endif +if !defined(NO_ROOT) || !defined(METALOG) +.error NO_ROOT and METALOG must be set for make distributeworld. +.endif CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR} CERTCTLFLAGS+= -d /base .else @@ -1501,7 +1504,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY -p ${DESTDIR}/${DISTDIR}/${dist}/usr/lib/debug/${TESTSBASE} >/dev/null .endif .endif -.if defined(NO_ROOT) ${IMAKEENV} ${DISTR_MTREE} -C -f ${.CURDIR}/etc/mtree/BSD.root.dist | \ sed -e 's#^\./#./${dist}/#' >> ${METALOG} ${IMAKEENV} ${DISTR_MTREE} -C -f ${.CURDIR}/etc/mtree/BSD.usr.dist | \ @@ -1515,7 +1517,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY ${IMAKEENV} ${DISTR_MTREE} -C -f ${.CURDIR}/etc/mtree/BSD.lib${libcompat}.dist | \ sed -e 's#^\./#./${dist}/usr/#' >> ${METALOG} .endfor -.endif .endfor -mkdir ${DESTDIR}/${DISTDIR}/base ${_+_}cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH:Q} ${MAKE} \ @@ -1539,7 +1540,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY .for dist in ${EXTRA_DISTRIBUTIONS} find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -type d -empty -delete .endfor -.if defined(NO_ROOT) .for dist in base ${EXTRA_DISTRIBUTIONS} .for path suffix in "" .meta /usr/lib/debug .debug.meta @# For each file that exists in this dist, print the corresponding @@ -1552,7 +1552,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY ${DESTDIR}/${DISTDIR}/${dist}${suffix} .endfor .endfor -.endif .endif # make(distributeworld) packageworld: .PHONY From nobody Mon Dec 16 22:16:02 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBvR65xX9z5gbHD; Mon, 16 Dec 2024 22:16:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBvR65MGKz441F; Mon, 16 Dec 2024 22:16:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734387362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=usYCdhxJrgEWSpY2gY5nOsmoW4Twjv8wcrde8TjS+wc=; b=JmdYoJXjxT4luqOyGHkiAxQb17r9F5cPphugT402LfXaTJaNda5RSu20Hy6uQqd9ashyM4 BKpu1/96s9xTxG3AbvFKt4kYbHiz5M/9pMEFIo8iQv2Jzl1emjXGAg7InOuyA9P7gFAadf OeYN/waFdwPS6bqs8/yjL9siSXK8HZcdUDt9wgiOjX3dmTqd1JH/gtCcy3xSv1GoHQFh2M Bv92RsCj2D4PgL/SYVuUSzqfRzKZOPTM2dhD0GznSyqxF/yrr+tE2s1lY7n+KjQ7nHeAid RyXD1ADSYiU6JPTwiH6spY2Hfp8aX/Rsmur60Dx/5BnMGJTaCELRSg6awHWNbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734387362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=usYCdhxJrgEWSpY2gY5nOsmoW4Twjv8wcrde8TjS+wc=; b=K0XBAA9SKrEhKBsvtKr16uJgHmLDjpnf8clHfJRWH/qOjvP94aMn7xShsaSbNfJuAYVajk Gw2Nt3MQ4FeBHa3uccPECp1z4SmkMZKKSkEdkqlgA5HFLqGqtaDMFu6USIxKovXbeyJvLh MtZzgJ8JOZDYuOas36aEFsExLOvgxEK9c3ulymyNwIcb1BCL4YLij+DQ4J3gnVg39q89u1 uoeUbQjRCSfNfDfEjcSUHd1U18K6TQRUXlukLPfVECIAVD8u8giHRDeTT1PT5joug+aydu IjQhJ5/vKCDaq7Wv9WFyL7EvkGo/yt7sB5LrSJxCq8K8kirRqZ8AtC8Qt4zxug== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734387362; a=rsa-sha256; cv=none; b=yy/teyh4v1nqZhH4d0matVz5vy9z0hlH2IXbOeYyk6XscmMw1/v3pFj4DMv0DnF2oFWM6B wYD0i68HVE2gvYZNG5Uj/9SVL/u3A+7ORyE4fsTbLUb+15F2J63SqhCJXm0dnH/Gvlcwof u1w+0Pt8Cifreo9rXzVS33k4mp20g4lAYIEid6aq1cJ4fsE+NOTkOvClQSacLW3VyBZp45 JF/f3SpzreDUdKJRe/Z/G8q6RA9eEyIbyXNfq94Gz4pcki1sDBnKVlKIk4qrPMYFbpUeqP bZ3O8UHeS8kfbbkvQh3yazrVdTRq8hXT66mcdcucHc50pl5DOr17uVR466q7/Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBvR64z5dz1BT2; Mon, 16 Dec 2024 22:16:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGMG2GR094516; Mon, 16 Dec 2024 22:16:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGMG2Fx094513; Mon, 16 Dec 2024 22:16:02 GMT (envelope-from git) Date: Mon, 16 Dec 2024 22:16:02 GMT Message-Id: <202412162216.4BGMG2Fx094513@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: b64c5a0ace59 - main - ipfw.d: Add required dependency declarations List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b64c5a0ace59af62eff52bfe110a521dc73c937b Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b64c5a0ace59af62eff52bfe110a521dc73c937b commit b64c5a0ace59af62eff52bfe110a521dc73c937b Author: Mark Johnston AuthorDate: 2024-12-16 22:09:39 +0000 Commit: Mark Johnston CommitDate: 2024-12-16 22:09:39 +0000 ipfw.d: Add required dependency declarations ipfw.d requires definitions of, at least, in_addr_t and struct ip6_addr, which it must obtain from CTF info. This is found by looking at $(sysctl -n kern.bootfile)/kernel, which might not be available in a jail. These depends_on declarations ensure that dtrace(1) invocations will simply abort processing of ipfw.d if the required binaries can't be found, rather than raising an error. PR: 283359 MFC after: 1 week --- share/dtrace/ipfw.d | 2 ++ 1 file changed, 2 insertions(+) diff --git a/share/dtrace/ipfw.d b/share/dtrace/ipfw.d index c2933dbe96ad..66cd6abea74a 100644 --- a/share/dtrace/ipfw.d +++ b/share/dtrace/ipfw.d @@ -27,6 +27,8 @@ */ #pragma D depends_on provider ipfw +#pragma D depends_on module kernel +#pragma D depends_on module ipfw.ko /* ipfw_chk() return values */ #pragma D binding "1.0" IP_FW_PASS From nobody Mon Dec 16 22:33:08 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBvpr3ysXz5gd7y; Mon, 16 Dec 2024 22:33:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBvpr3SMTz46xs; Mon, 16 Dec 2024 22:33:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388388; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6VUsQqIt62d20CiPg9jhqVfo2gciAc9ZgICF9uZ5VKs=; b=lVgYI1MOJH70RIwNYqE5LAzMB90vqoV5AoOhscVbTAgDY0dfhahjXnHpS9YOv7z0YzCCLM hIq6j10SjPyJ00Egw3BI4scV5AKtiXLotqTuayl0OghzkpRu9U1q6XyUTm9/tUsXVg5NZ3 kgzycyFhE3lb5fBFMrPaB2dI86+mvMz6yO78t1cIzGkXYbObdUYMSTGH4S/ls1bgHvSP7P 5T1EPpHnJklz6lCCSp8nfksv3UUyWkbtIgEwalwkFLCKOvBhL3P+9wRSqNJenOm0JbOI50 X8TXK4H1Niz0qk1nc9Ubhd2ulOLC+acVARHkMCJzPA3zULaD3T/FBd6ECt8xkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388388; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6VUsQqIt62d20CiPg9jhqVfo2gciAc9ZgICF9uZ5VKs=; b=Ulvttmj17F/RVvHY66fyqDAO/PypduCn9padwWzBg8aKaI7komwG0+SBl70QlHQXzouMBz vwXslcCtJmWJjSdZH+g2YNuk2ugVkSlz/ZixmtkDtUvE8p36+8FD6iMc4tUjkZjhYAAmCt 75cHZZNuJJCQevOqDjFqx7Mo4QNmZgWlf674SSYjgt1LRGYXpRx315/2VFVWN0rK6fAUqR 9ra+IcxDMVgHutH9zHyHRrXdfvvPKJKSHDB09358Vh1SXpWok8YLX4m3a1qFJMcCCngNIV BCdn595WdQxNdgRprVxJolLaiwk5LA1sXQHHBmeY19msQNWrrE1v3CjNqUuFjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734388388; a=rsa-sha256; cv=none; b=GdCa6PPqQcIntKqJxThJUlKlsHT/MOm/Sbhs42+WaldoiaVSojSFJmn4/oXM6qakqjLSoj 5hTY/ExhcxqvkzWJPFgSzCpa6Usbdo8U9FahhbpTYEX5wLskuwHBadjgwAp+pRozH0odCD YcAOXXd3u/PRkoVRJ70OkFYkJ0kfT/SuxSnZ2KEVQWCCwFoxwMWZAvFrt+Za7q/ogSZOu0 497AUqlAVBsvMWvxC1oa78ODOFj5yllmyWDZuqmKyLKbrgSvONbMjhKFPelL1bEM4FlajC 9xMr/jN0I1vkdT+JvfrFlhlwM5rMhfOIsNmtgfMOZwujGkaD39J7VPF9fb7aBg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBvpr33SSz1Bxw; Mon, 16 Dec 2024 22:33:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGMX88c031126; Mon, 16 Dec 2024 22:33:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGMX8bj031123; Mon, 16 Dec 2024 22:33:08 GMT (envelope-from git) Date: Mon, 16 Dec 2024 22:33:08 GMT Message-Id: <202412162233.4BGMX8bj031123@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: cfbbe5d7fa9f - main - Makefile.inc1: Fix a typo List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cfbbe5d7fa9feb1fa5205b960e86684f67690cef Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=cfbbe5d7fa9feb1fa5205b960e86684f67690cef commit cfbbe5d7fa9feb1fa5205b960e86684f67690cef Author: Mark Johnston AuthorDate: 2024-12-16 22:32:21 +0000 Commit: Mark Johnston CommitDate: 2024-12-16 22:32:21 +0000 Makefile.inc1: Fix a typo Fixes: 266f640b3896 ("Makefile.inc1: Remove non-NO_ROOT cases from distributeworld") --- Makefile.inc1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index 8d47d8098ab8..5c3d190e4c3e 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1004,7 +1004,7 @@ IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}" .if ${DISTDIR:U/} == / .error DISTDIR must be set for make distributeworld and may not be the root directory. .endif -if !defined(NO_ROOT) || !defined(METALOG) +.if !defined(NO_ROOT) || !defined(METALOG) .error NO_ROOT and METALOG must be set for make distributeworld. .endif CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR} From nobody Mon Dec 16 22:34:12 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBvr43zCHz5gcgt; Mon, 16 Dec 2024 22:34:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBvr43C7jz47DF; Mon, 16 Dec 2024 22:34:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mSjGo42f8IpMLyXlLGcBU2t/7zAlc4Vya+/m1RF7o5Q=; b=e84twkhZnATHQR1I1n3A+Nx5fYLOUI6d8qMszknVifuCyMe5TIEj+KEX7GvnNvYU2pDxMK ekYovWB0RV48ez3NzjfoqhvP7NAApyO8u29RZOnGkP/ebExtjkx1shbYBLcBfbm0FmbnHP U/OOqhpSmAowFoTFeHG0ZmyPL9buHqQ/4Pzw4GPQ50b8J7hW+OAVjX7y3vAJOK0TCYNwpb rk8bGZIoFR8rpQqvWBjZcYypeqiBzdnl6MzJg8r0196YM0bcocCaiPcw5S7Rs6KddMrIYM 0GIyVPChOuH4nEbDSBE92SC5I8Z6Aqq0tJ4J4q1DqoSSC7jHnVMQ/c7F00xTcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mSjGo42f8IpMLyXlLGcBU2t/7zAlc4Vya+/m1RF7o5Q=; b=kyZauBTdoxwT1NRuxTAUeCEiC0r+4PUolFaTCfAYysPNgrzKtOM0eQ4S/n2u952hMVqjaW yHArlsLGD0KJhLmckWNp+NkXHdG0jPTm7Igj2YZ8aZ/7X/nQVGd/2vtVrtqRmwGy/CUUsR rg8GRWTcwD0eD9N5lKoHk306kkIO+Z56Vs8L7bjL76sc1CuXholQ0cRxTT2hrT4vhppWKu 3z3TyNOzrnxD8dcH8/Lvvkfd1NfQrOQ2/cm2n6hkN8WXws6q3jkE01yvRBRmEinnQJh4O+ 5vmUMIgEu8kQbleJX/hAgx1Z+XE+pic8HypeFf9/sjSc6XE+BySAkCaKySfC0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734388452; a=rsa-sha256; cv=none; b=NPr8uQ9+Pw5I+ywPwWHiOWbmeBo1uUOuEnrvaTVR69ctwFmol2x2O61JV33M1jx4xJg9JQ QnZ0opnrGC02DIz50LxqUWD/nB1RcyBG9qQsI2F9m3mZbGllAs9luSCwt8+wvVV2kEtBdx 8a6UkGqzrfZXNa31uMxMLZA7PhnEiaM+55bVI+rIxD8VEyqULFyhSyJKqK43qNb04lm5U9 XzP12F0IKZm1gin5FkS2fdL04aO9bVFxytPMk52S6c3zY6pCrXN4H0bmCK/eRunttE1mXl 5Iul12Y6LKK4e/zliD98pYkhAWFk5MakQ7GCIvEEhrhsNHq065WNSrwjYbq/Gw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBvr42pSqz1C36; Mon, 16 Dec 2024 22:34:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGMYCQv031617; Mon, 16 Dec 2024 22:34:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGMYCGF031614; Mon, 16 Dec 2024 22:34:12 GMT (envelope-from git) Date: Mon, 16 Dec 2024 22:34:12 GMT Message-Id: <202412162234.4BGMYCGF031614@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 358c5f5c0899 - main - pf: fix cleanup deadlock List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 358c5f5c0899339a005ef2c68ef166601bb9dca9 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=358c5f5c0899339a005ef2c68ef166601bb9dca9 commit 358c5f5c0899339a005ef2c68ef166601bb9dca9 Author: Kristof Provost AuthorDate: 2024-12-10 14:02:47 +0000 Commit: Kristof Provost CommitDate: 2024-12-16 22:33:55 +0000 pf: fix cleanup deadlock We can get to pfi_kkif_remove_if_unref() via at least two distinct paths: - when the struct ifnet is removed, via pfi_detach_ifnet_event() - when a rule referencing us is removed, via pfi_kkif_unref(). These two events can race against each other, leading us to free this kif twice. That leads to loop in V_pfi_unlinked_kifs, and an eventual deadlock. Avoid this by making sure we only ever insert the kif into V_pfi_unlinked_kifs once. If we don't find it in V_pfi_ifs it's already been removed. Check that it exists in V_pfi_unlinked_kifs (for INVARIANTS). Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D48082 --- sys/netpfil/pf/pf_if.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c index 650a7e4db799..d2b1b6a781f4 100644 --- a/sys/netpfil/pf/pf_if.c +++ b/sys/netpfil/pf/pf_if.c @@ -274,6 +274,13 @@ pf_kkif_free(struct pfi_kkif *kif) if (! kif) return; +#ifdef INVARIANTS + if (kif->pfik_ifp) { + struct ifnet *ifp = kif->pfik_ifp; + MPASS(ifp->if_pf_kif == NULL || ifp->if_pf_kif == kif); + } +#endif + #ifdef PF_WANT_32_TO_64_COUNTER wowned = PF_RULES_WOWNED(); if (!wowned) @@ -378,6 +385,35 @@ pfi_kkif_remove_if_unref(struct pfi_kkif *kif) kif == V_pfi_all || kif->pfik_flags != 0) return; + /* + * We can get here in at least two distinct paths: + * - when the struct ifnet is removed, via pfi_detach_ifnet_event() + * - when a rule referencing us is removed, via pfi_kkif_unref(). + * These two events can race against each other, leading us to free this kif + * twice. That leads to a loop in V_pfi_unlinked_kifs, and an eventual + * deadlock. + * + * Avoid this by making sure we only ever insert the kif into + * V_pfi_unlinked_kifs once. + * If we don't find it in V_pfi_ifs it's already been removed. Check that it + * exists in V_pfi_unlinked_kifs. + */ + if (! RB_FIND(pfi_ifhead, &V_pfi_ifs, kif)) { +#ifdef INVARIANTS + struct pfi_kkif *tmp; + bool found = false; + mtx_lock(&pfi_unlnkdkifs_mtx); + LIST_FOREACH(tmp, &V_pfi_unlinked_kifs, pfik_list) { + if (tmp == kif) { + found = true; + break; + } + } + mtx_unlock(&pfi_unlnkdkifs_mtx); + MPASS(found); +#endif + return; + } RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif); kif->pfik_flags |= PFI_IFLAG_REFS; From nobody Mon Dec 16 22:34:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBvr56GCZz5gd82; Mon, 16 Dec 2024 22:34:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBvr53v31z47Rm; Mon, 16 Dec 2024 22:34:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OLrjb7ELmz2C1Y7WJM05l5uW6YKXKw+/ZCHxBc0Xz6g=; b=aBg1uLTDN7NLhyqeMpmxsBCvlNMWC+sEZnZqTICOXVAPnX9coaBadrWP09U0zJB2/qZPGg hGt6ljwfjEamOHcPTvxw/5bmpV/rF/z6/GWB9kB4K/8pivd9j/7LyDuNs5eyGjMjVE+WP/ J98VS770pFTjm71uizhppXR+I4QNbs23cKNTHnYqc9Q2zaEsxinBnTUdvxqfV4gkO1jlkB Lk21SqM7HZgJUaSttriohH1qeaW0D8slhyAitXG5lXNJ7uY/eRS2uC7uq02rIpc2jqQDbN vyI/RAAfrNEfvRODwxiXSHttEdAQdjBZPkds1/1Zs3GY4KIabC4Wv8uhuQbmWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OLrjb7ELmz2C1Y7WJM05l5uW6YKXKw+/ZCHxBc0Xz6g=; b=FVzXf8fwKPlD86fIqLqAXBmvbB39zz+CTs+NiGheyh8JrceYZEjPsK+tMJ+Y69XtB3vhn7 tOu+Iz2BwFislSU1DrWYk87Jn7NsvhsvV/Ok675nO20JkU2fRPXpLR1H82rKAwSKmEmecG Hko26Spbnvex8f9TLhtX2KkzQm2u+PwWDchJrjpNMK9KiOrqLmd/wAuWyMtliwbZN57CZ4 M4aAFSJ/JJEZkqWDq51LGNy5hgar+MVLoTK8s70joebosRf1mjxzNslBcc520FvOtHCoEI G4r86ejGjXH+Fd0tPyeGnosR1+K0UpcYy7o3YkPnON9DGKhcgZg+/hBP9qsQrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734388453; a=rsa-sha256; cv=none; b=lyS6TLK1mwK5J+FMDL3Ak1Atcio5h4bslrUtrI283qAZ4OUq47+3FEiOKt9Q9xMMpAQ65F S3LZpDQRuln4NtJQxJWtoVG2J2MQLGAMwnxYNK6Cx+0QlgyawNN/oWJwp9POngfeB8MJvm SmBfj+qEdnCsDGtn8kDa7eLd985r2zPbw6Txlz9UUHfuCuAqW/PekxsrvzRgfF70rTKytN TQJgVhWIfizwtHQ2Rm8GmYrk1/QzARlDB2Rg3Z41W3uy3g4dq4+ceQjp3IosRvbAQG7Z0C 5frbL8xh0dMorxDu9oFc7zhAkLikbVYxm3MEjHzDnpzDVHjac9wW4K7R39X08Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBvr53WLtz1Bjj; Mon, 16 Dec 2024 22:34:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGMYDlq031665; Mon, 16 Dec 2024 22:34:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGMYDJ5031662; Mon, 16 Dec 2024 22:34:13 GMT (envelope-from git) Date: Mon, 16 Dec 2024 22:34:13 GMT Message-Id: <202412162234.4BGMYDJ5031662@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 67b655980885 - main - pf: fix address range handling in pfr_pool_get() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 67b65598088566997bbc88f5ae1f7f7da26c17cd Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=67b65598088566997bbc88f5ae1f7f7da26c17cd commit 67b65598088566997bbc88f5ae1f7f7da26c17cd Author: Kristof Provost AuthorDate: 2024-12-11 14:01:46 +0000 Commit: Kristof Provost CommitDate: 2024-12-16 22:33:56 +0000 pf: fix address range handling in pfr_pool_get() We did not fill out the address in uaddr before running the rn_match() lookup. Change addr to a pointer into uaddr so that we do. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D48083 --- sys/netpfil/pf/pf_table.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index ce3a6b39ce91..35c9bd4ab655 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -2242,7 +2242,7 @@ int pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, sa_family_t af, pf_addr_filter_func_t filter) { - struct pf_addr addr, cur, mask, umask_addr; + struct pf_addr *addr, cur, mask, umask_addr; union sockaddr_union uaddr, umask; struct pfr_kentry *ke, *ke2 = NULL; int startidx, idx = -1, loop = 0, use_counter = 0; @@ -2254,13 +2254,14 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, case AF_INET: uaddr.sin.sin_len = sizeof(struct sockaddr_in); uaddr.sin.sin_family = AF_INET; + addr = (struct pf_addr *)&uaddr.sin.sin_addr; break; case AF_INET6: uaddr.sin6.sin6_len = sizeof(struct sockaddr_in6); uaddr.sin6.sin6_family = AF_INET6; + addr = (struct pf_addr *)&uaddr.sin6.sin6_addr; break; } - pfr_sockaddr_to_pf_addr(&uaddr, &addr); if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL) kt = kt->pfrkt_root; @@ -2302,19 +2303,19 @@ _next_block: use_counter = 0; goto _next_block; } - PF_ACPY(&addr, counter, af); + PF_ACPY(addr, counter, af); } else { /* use first address of block */ - PF_ACPY(&addr, &cur, af); + PF_ACPY(addr, &cur, af); } if (!KENTRY_NETWORK(ke)) { /* this is a single IP address - no possible nested block */ - if (filter && filter(af, &addr)) { + if (filter && filter(af, addr)) { idx++; goto _next_block; } - PF_ACPY(counter, &addr, af); + PF_ACPY(counter, addr, af); *pidx = idx; pfr_kstate_counter_add(&kt->pfrkt_match, 1); return (0); @@ -2334,9 +2335,9 @@ _next_block: /* no need to check KENTRY_RNF_ROOT() here */ if (ke2 == ke) { /* lookup return the same block - perfect */ - if (filter && filter(af, &addr)) + if (filter && filter(af, addr)) goto _next_entry; - PF_ACPY(counter, &addr, af); + PF_ACPY(counter, addr, af); *pidx = idx; pfr_kstate_counter_add(&kt->pfrkt_match, 1); return (0); @@ -2346,9 +2347,9 @@ _next_entry: /* we need to increase the counter past the nested block */ pfr_prepare_network(&umask, AF_INET, ke2->pfrke_net); pfr_sockaddr_to_pf_addr(&umask, &umask_addr); - PF_POOLMASK(&addr, &addr, &umask_addr, &pfr_ffaddr, af); - PF_AINC(&addr, af); - if (!PF_MATCHA(0, &cur, &mask, &addr, af)) { + PF_POOLMASK(addr, addr, &umask_addr, &pfr_ffaddr, af); + PF_AINC(addr, af); + if (!PF_MATCHA(0, &cur, &mask, addr, af)) { /* ok, we reached the end of our main block */ /* go to next block in table */ idx++; From nobody Mon Dec 16 22:34:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBvr7289qz5gc76; Mon, 16 Dec 2024 22:34:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBvr65DFQz47KC; Mon, 16 Dec 2024 22:34:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388454; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EB78ElJ4aREnX+oty7NvSVoNHXeVp8LXBUF2HVxsfqI=; b=GLFo4hsS90Q/l470Dbb/oaXcCZrIU4uRuLE2xpK4AYB7dpmL3MDSAKlnQKAQDaD7TQwkZ4 LJQLceLtmfGofDlIqoRK2nxqOAIj4951ijSvz9LahkSeA374rSvRydBSEqr+a2v1gDQfJY PQ0hQcqzi8nm3zcHiiwCo+LudE4qL6pef0EsOPUBefBsfMKv0MLRYAqxEwYlnNWPwmh66m igjDftM/KLqvKPKKJ6f5fAhix2hqEQqApJ5Nw3kKq7MzE9XMcB0Yp47lSBvUxS4L7DwhZn cvRJEbFOzPN3lBGVT1aS9pE9nsF2VmGtkGvH7Me5qJNZcNuulgJE5VbqkVkV7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734388454; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EB78ElJ4aREnX+oty7NvSVoNHXeVp8LXBUF2HVxsfqI=; b=NsnFtWk6z1XKpzDJTNpJ/Q3bBteBuVLe7HxuP4O2GmOyWEcTu4vbEaPvTB/Fett3RDx80Y og41we2BRymK+pby4PC1UAcHINwwO59G6Dx7j/s/+5kOfCF6iheAmq2I5ZuqxbgzdJuABL dkZrs0xHqN883eMHi1PITx+mUQA+9QPcq+C+kWQFlKq/InT81X8YDs1a0XknTD9m7Lt8DG NT/ewe4WlVzbM+Aa1FDnkpbxkbl1dqdW9kj3hMncH6cHXqOSr6q4TdGx3xkx1yO9imqim+ O2w43IId9AU34h7zLdswaGH+BySmIB5WKHj1MGkDlSONT5xaSO2uhPKMymGh5Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734388454; a=rsa-sha256; cv=none; b=GBNSTP2P4xJ2XAz988cSGslFxGj+3NzgD+nBwtl5eDa0k+ROWFMz94a9vhDoHb9Vxp6Z9M cshKxYl/hywYOz5aKHD0m0NxWb9wBkKsUkem1uqZL/GOZFpArICsz/EFJZR3XnY7uuA4l+ d2sOoQN0dR66Rvgzw4m7HOABABskYbr8f6MwSLR03k1RSrLs3qEFIR6YaPuOQEEHzYAhgW Hi/wgxuSoEubwofeUhe2JFK6R3+KTqHoZ1GaDnS1Tr5yI3wGkFlwJ1zvnCrBTSJA0vjgHG t19vKS9nuTIHFe5DjYXEOVmv5lYc71xpdlNUhkPUmKvFLi1+4cArgBkRwtVF1w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBvr64rQBz1BfZ; Mon, 16 Dec 2024 22:34:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGMYEZt031713; Mon, 16 Dec 2024 22:34:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGMYEak031710; Mon, 16 Dec 2024 22:34:14 GMT (envelope-from git) Date: Mon, 16 Dec 2024 22:34:14 GMT Message-Id: <202412162234.4BGMYEak031710@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 85570785b9ce - main - pf: remove unused variable from pf_pdesc List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 85570785b9ced0adbc5761502defc88065fbb0cc Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=85570785b9ced0adbc5761502defc88065fbb0cc commit 85570785b9ced0adbc5761502defc88065fbb0cc Author: Kristof Provost AuthorDate: 2024-12-16 19:20:39 +0000 Commit: Kristof Provost CommitDate: 2024-12-16 22:33:56 +0000 pf: remove unused variable from pf_pdesc We only every assigned proto_sum, never used it. Remove it entirely. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/pfvar.h | 1 - sys/netpfil/pf/pf.c | 8 -------- 2 files changed, 9 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 30229cca2e74..100775347143 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1615,7 +1615,6 @@ struct pf_pdesc { u_int32_t badopts; /* v4 options or v6 routing headers */ u_int16_t *ip_sum; - u_int16_t *proto_sum; u_int16_t flags; /* Let SCRUB trigger behavior in * state code. Easier than tags */ #define PFDESC_TCP_NORM 0x0001 /* TCP shall be statefully scrubbed */ diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index a0c9a92c6b84..d0ddff9f38a2 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3697,8 +3697,6 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd, *pd->sport = sk->port[pd->sidx]; if (pd->dport) *pd->dport = sk->port[pd->didx]; - if (pd->proto_sum) - *pd->proto_sum = bproto_sum; if (pd->ip_sum) *pd->ip_sum = bip_sum; m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any); @@ -5010,7 +5008,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, switch (pd->proto) { case IPPROTO_TCP: bproto_sum = th->th_sum; - pd->proto_sum = &th->th_sum; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) || nk->port[pd->sidx] != sport) { @@ -5033,7 +5030,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, break; case IPPROTO_UDP: bproto_sum = pd->hdr.udp.uh_sum; - pd->proto_sum = &pd->hdr.udp.uh_sum; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) || nk->port[pd->sidx] != sport) { @@ -5584,8 +5580,6 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, *pd->sport = skt->port[pd->sidx]; if (pd->dport) *pd->dport = skt->port[pd->didx]; - if (pd->proto_sum) - *pd->proto_sum = bproto_sum; if (pd->ip_sum) *pd->ip_sum = bip_sum; m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any); @@ -8659,7 +8653,6 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, pd->src = (struct pf_addr *)&h->ip_src; pd->dst = (struct pf_addr *)&h->ip_dst; pd->ip_sum = &h->ip_sum; - pd->proto_sum = NULL; pd->virtual_proto = pd->proto = h->ip_p; pd->tos = h->ip_tos; pd->ttl = h->ip_ttl; @@ -8704,7 +8697,6 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, pd->src = (struct pf_addr *)&h->ip6_src; pd->dst = (struct pf_addr *)&h->ip6_dst; pd->ip_sum = NULL; - pd->proto_sum = NULL; pd->tos = IPV6_DSCP(h); pd->ttl = h->ip6_hlim; pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr); From nobody Mon Dec 16 22:43:06 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBw2Z67FDz5gdPr; Mon, 16 Dec 2024 22:43:18 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBw2Z48fYz49ks; Mon, 16 Dec 2024 22:43:18 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-844dac0a8f4so344199839f.2; Mon, 16 Dec 2024 14:43:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734388997; x=1734993797; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=paZ6urc6HJGVu+W3UC3ZraSrO4f7gPyiWldijlrdJCY=; b=ZsjV6GjB3rzrNp6tnQjBE48qgZbV6h7/J/ySJqmjEDBvXZkX71qwRPVCLojcogoy4h opEhlNvSgFokqXWmqWsDQYJ5BoXdFeZWkQ7hjMhEDUMjcB3wZ4aTwspuJhYk1F18KHXa Ninn0hpw47Zh8I8RWX+RLPOKU7zAyVoEZjNch94umWqRwpzt9QSJ8+ARLlJAAi9qSqCJ 4+w5FnHvMU37omx2FBtaJVBGTZaDhgBVMHTP+6yGwTtKLLWuORdzF9lvmEjF+SlF++UY Y2dvCoptxAsmlablsEfjQNNEwszvvkW/SSbJiF27rnsEAjEq6mRVfkPWVt3+ht77pmt6 WO1Q== X-Forwarded-Encrypted: i=1; AJvYcCVXzlivTk8uVFAQJYLyvjfQJQy3qMOaDjiJygz9UQ1J046VlxjmWrihbNe5bvAGkXsHom1K1xUSqjiSAt5oaFH8evJEuZI=@freebsd.org, AJvYcCWkZCv+vVzl4WElXShgH3FZ/1gE21Qt2gEkuXqH1oBx/XeAtxeCyzU0RvmixKNRvi/9UuaSgPlxb7Hvf1w5rB5wEiYc@freebsd.org X-Gm-Message-State: AOJu0Yyrow3LjkOUzsyS8B1neGQBhULvyB6jg9nU7H19u/C1tvuLY6Vc +EXY68WU7+S3uP+VCJNqN5cf7PM1Ry3LFX3vS/9BeO6gsi1OZlQO2EojAdzavrnKtsZHz6zAjSL nuLS7bYyqR2muqzIoTJMCc6P9P9eiuw== X-Gm-Gg: ASbGnctaiJebY7u1HvLQvAP93aEtF9HlncIs4t3g55RhmFNkGb5fVvW6PJWXipIrElA H826BiB5tH4foDwEdLDMQMu7Ug9H8ZnuUerQh+9Ea1k7H0Ug+Hyp8dZ2wQvHrvNDhfeR4wKSs X-Google-Smtp-Source: AGHT+IG6eKVC9tkcj4zoz7NvA0q7CRnatIXFq4+YtvgAidJsYBFCD9/RLHrjIfGxmroG1gK8t0m85j4GrtQLlcUf4Ag= X-Received: by 2002:a05:6602:60cb:b0:844:c76a:354d with SMTP id ca18e2360f4ac-844e87b05a9mr1735291739f.2.1734388997195; Mon, 16 Dec 2024 14:43:17 -0800 (PST) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202412162233.4BGMX8bj031123@gitrepo.freebsd.org> In-Reply-To: <202412162233.4BGMX8bj031123@gitrepo.freebsd.org> From: Ed Maste Date: Mon, 16 Dec 2024 17:43:06 -0500 Message-ID: Subject: Re: git: cfbbe5d7fa9f - main - Makefile.inc1: Fix a typo To: Mark Johnston Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4YBw2Z48fYz49ks X-Spamd-Bar: ---- On Mon, 16 Dec 2024 at 17:33, Mark Johnston wrote: > > The branch main has been updated by markj: > > URL: https://cgit.FreeBSD.org/src/commit/?id=cfbbe5d7fa9feb1fa5205b960e86684f67690cef > > commit cfbbe5d7fa9feb1fa5205b960e86684f67690cef > Author: Mark Johnston > AuthorDate: 2024-12-16 22:32:21 +0000 > Commit: Mark Johnston > CommitDate: 2024-12-16 22:32:21 +0000 > > Makefile.inc1: Fix a typo > > Fixes: 266f640b3896 ("Makefile.inc1: Remove non-NO_ROOT cases from distributeworld") Thanks Mark, sorry about that. From nobody Mon Dec 16 23:16:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBwn75VJSz5ggTt; Mon, 16 Dec 2024 23:16:43 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBwn71R04z4FT6; Mon, 16 Dec 2024 23:16:43 +0000 (UTC) (envelope-from jhb@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734391003; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xB1JK3Sh2GT8nHLfmY9K/PcDsS4leT09xcA2rSWvN/c=; b=lZG2Xzo3RqKEYeV29Gz1vvMkL61KSOVari/XVv/GOT8VFpgnpF5hrLC+ludZsnMGa6Iqqr iiE6sLVLWftakLWZnUc0KnbnA7JS6d/jeW/mAbF7/DgLUi68VHJX0ho9okZqbvL7ISekkY CACL/rJtOv1JpJp//f+buTnd6RNJwCG/3Na3er50unQVhhQ0wT/3UYj9TcV5fqGnuuapsA mM0JcX3U5h/KWDU1ysGy+FMbBg8NO8vqfWZcvEHL/aTg07d83jd1A+ibvLe0nbM6EMvZaf kall5+W8v1Jcjgbsb00XtCwr4XgdC+FYL0mQXd8/2xRY0bPHFnRvpANeaJGlEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734391003; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xB1JK3Sh2GT8nHLfmY9K/PcDsS4leT09xcA2rSWvN/c=; b=StSgHieSpxg1X9NAOiljKtRtDuaXmiWZczIaDY4T/oLQFzidHC83pg5Sae8saZ4HeWHa6C DLk9H0cwDKCeoEtwl7v8DW/8CaSX3M30U2Gh+mfxsdl/ODPwfkVSt+YZNsl3odowgA9xjF ZibaQivcdArvIZ3QSuSDhjWPD/gX1HTnSySnxLrxAI23qQBNv77F+cinOF8Khc9jKMADV+ U6JjhohDD8FaKXd1HlxoNR6xaOSX2Rs34ohGnfoxmtCLdRy2yYCsTEEDDxNkKmCNL5diAc /eMJVYulxM4YcRwFfoGDJaD44u4Ntxp2iw980da+D0tWHMhI/OSdKlbZkX0fRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734391003; a=rsa-sha256; cv=none; b=oACgX2VeN2Ff4n2yQsCoaL2QpV496U9GTkgpbcYJYd+M8GCIWSJ6VUqsjrmRHf97hA483P RCb3zFnporItrmIU1LPutJa6x6JwawDWl3SaQqwvo2TNbtUROFRdJHqm3yZxi4fmbvIkcc 0yk8hxM14OdHPOYNiFABYngy6RfDvgyPP+TaVAk4ty2hozk37ZF9Rya3clYCH8qXkLbGlP L7nf+/nr6miBGHmJyir6O8zq2ARvSC80GLV0bp0UodyLziHJ3nRijWVoZrz4Ltxn8xT2gj vGNQW/WN5AKS5XlMrV64wv+lKG/gU69mIJRCf5dnqRV+gsuCN2fBIX9ZtrNUdw== Received: from [10.0.58.125] (unknown [144.121.72.234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YBwn70StPz1LHx; Mon, 16 Dec 2024 23:16:43 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Message-ID: Date: Mon, 16 Dec 2024 18:16:37 -0500 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length Content-Language: en-US To: Ed Maste Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> From: John Baldwin In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/13/24 19:14, Ed Maste wrote: > On Fri, 13 Dec 2024 at 09:53, John Baldwin wrote: >> >> On 12/13/24 08:06, Ed Maste wrote: >>> The branch main has been updated by emaste: >>> >>> URL: https://cgit.FreeBSD.org/src/commit/?id=a1097094c4c5d810287aca092f4ab5f9f86a426a >>> >>> commit a1097094c4c5d810287aca092f4ab5f9f86a426a >>> Author: Pat Maddox >>> AuthorDate: 2024-12-13 05:28:18 +0000 >>> Commit: Ed Maste >>> CommitDate: 2024-12-13 13:06:10 +0000 >>> >>> newvers: Set explicit git revision length >>> >>> The --short flag is configurable. Setting an explicit length supports >>> reproducible builds. >>> >>> Signed-off-by: Pat Maddox >>> Reviewed by: emaste, imp >>> Differential revision: https://github.com/freebsd/freebsd-src/pull/1547 >> >> Hmm, this seems to defeat the purpose of the --short flag. I think if you want >> this to be reproducible you just need to use the full hash. If we get enough commits >> that git thinks we need a longer short hash, then truncating the hash to a shorter >> length here is a bug. > > --short with no explicit length is most likely to result in > nonreproducibility due to a user setting a different default short > length in their git config. Note that --short won't truncate and > result in a conflict, it will just exceed the specified length if > necessary. For example, > > $ git rev-parse --short=4 freebsd/main > 926905 > > It's possible for this to result in occasional trouble when attempting > to reproduce an older build (if --short=12 is sufficient today, but a > future commit introduces a conflict), but I don't think it's a large > concern. We could increase it to 13 or 14 now Well, the default --short length is not based on when Git detects a conflict, it's a function of the total number of objects in a repository. This means it may be different if you just fetch some other remote with many revisions in the same clone for example. The thing I don't know is what formula git uses and how close we are/aren't to rolling over to 13 just with src.git alone. It seems to me that the most fool-proof thing though if we really want reproduciblility is to drop --short entirely. Short of that, if you can tell git to run in a mode where it ignores user configuration (though I don't see a way to do that). -- John Baldwin From nobody Mon Dec 16 23:45:52 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBxQm2fZdz5gjvl; Mon, 16 Dec 2024 23:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBxQm28bpz4HXh; Mon, 16 Dec 2024 23:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734392752; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EezSBIZaMAvUxwmU4HLjKpchV7jhTCRzfVZvAVgQntc=; b=vcFGtH3Ks0NorXx2MIT+1cCbxiSf0nJ8wT6LNkF1NI1vKsoCpXct64GlAgtOy7XSosGldw FbV7mgXiHQFg04p8suqs1i38C1+OvaVDWv8//VE7/H4E57bOwNYhqsYzzILecUGC83WF2I SiYZajT6dDOFtCao6vxPF32YttxSKAQClWRNAqXO4EDAr28wHRTXcK+BvVrOH1lcUVsUk7 xiF/Z2G+OjUk0iX2N6R23RyZO82yRZe79stMzyALyeYFLFEozYTXXNE9+QlEIlRRcGbLlQ 02+Gj/Q6pfIIrTzkT6853FKYw7NzbZ/S69QTpRVnr/+BDMoQ3VqBAiBF4LCEsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734392752; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EezSBIZaMAvUxwmU4HLjKpchV7jhTCRzfVZvAVgQntc=; b=OEatAJmQV4RzTduyqWJVDh43gC+uJJw6kGf5Ho8oisV8mHN+Ktm3qxGtm2orYTcho99u8D 4nqgmgDD6WDcLTybLhjBcbqrDcW+AGjmeUqCYMc0jkrDWNcnny4Ty9cKz2DnzXKFjig1mQ maiVsGDQBP6+8qA6YpD/tdCJJpz0+WjY3QbUVHPy6TR02aRAHnHkOZOc+nQ0dXhzg9E9LL kIDbCD1TMNfcwsy1SfAoDcrAhYxabQvOKLaTJhZh5zPBNaE3BYKZ0ddLMfO+24DHioZnRD L7SjT3i41eNv/tbPJodcSdt3ngJeUYjbHLJolY9Kqyem2SObxmeCNnG6nOhg+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734392752; a=rsa-sha256; cv=none; b=O0AC5GV7e+0UHPi6uK59lluw25ovy3rZY6mQUYImuyHKRL736FeY7go+dIGjRb5VW705NO OrC8V27ASV5BivnhU8S/dWkSL8inwcwKTRF0TotyFkmaE5CjunR8K8N5MFApHOY13WKDU/ p3sW2dGuROJhAiDM6W5lVa/f2DnfX6JoT147CBfSSLw7dqjzFlirjkb5jxRopH8+zNuWPH H58AVrJva/6T+Txnkf2bftoBxVpyfbL0CYVrYbFzhNpccQhIZSWNOavQi/FCd6e1oqF1sx m/lumhonPd9XaM4EWQ1uqt5hMJ+ciS7SbwJMVi7GflP6KsGBej5BEQqvK7zuNw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBxQm1dzWz1Dmx; Mon, 16 Dec 2024 23:45:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGNjqHQ062588; Mon, 16 Dec 2024 23:45:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGNjq08062585; Mon, 16 Dec 2024 23:45:52 GMT (envelope-from git) Date: Mon, 16 Dec 2024 23:45:52 GMT Message-Id: <202412162345.4BGNjq08062585@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 950401d21e33 - main - release: Sort etcupdate entries for base metalog List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 950401d21e33df7ac63ef1d2316a18f09ffbaabe Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=950401d21e33df7ac63ef1d2316a18f09ffbaabe commit 950401d21e33df7ac63ef1d2316a18f09ffbaabe Author: Pat Maddox AuthorDate: 2024-12-13 21:15:45 +0000 Commit: Ed Maste CommitDate: 2024-12-16 22:58:42 +0000 release: Sort etcupdate entries for base metalog Supports reproducible builds. PR: 283214 Reviewed-by: emaste Signed-off-by: Pat Maddox --- release/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/release/Makefile b/release/Makefile index 6b05b986318d..a874aece8cdf 100644 --- a/release/Makefile +++ b/release/Makefile @@ -139,8 +139,9 @@ base.txz: -s ${WORLDDIR} -d "${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate" \ -L /dev/null -N echo "./var/db/etcupdate type=dir uname=root gname=wheel mode=0755" >> ${.OBJDIR}/${DISTDIR}/base.meta - sed -n 's,^\.,./var/db/etcupdate/current,p' ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG \ - >> ${.OBJDIR}/${DISTDIR}/base.meta + sed -n 's,^\.,./var/db/etcupdate/current,p' \ + ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG | \ + env -i LC_COLLATE=C sort >> ${.OBJDIR}/${DISTDIR}/base.meta rm ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG # Package all components ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT packageworld DISTDIR=${.OBJDIR}/${DISTDIR} ) From nobody Tue Dec 17 00:14:29 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBy3n4f1Rz5glM6; Tue, 17 Dec 2024 00:14:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBy3n46KDz4L03; Tue, 17 Dec 2024 00:14:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734394469; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YQBU0a6Mv4lyvEptdK3qMqD5s2s2bkgnvhoC+WWjso=; b=eymOzYrHF+otJU7c37p55SOuYhBqkKNe5Ie9/AOfKkts4enJz8AZ+c7xe5RXmjOh9wprtX 1PCqtGluQWVuxQm4vZGnRdfF00nfSUBPEqoo6rFnA+7GktHABI/9VIzsjYYW0vfwlf9Zb3 iPw7A3TbPlHqsSfFW63CWSnKkJ+Ghf6mXglcPPf8liHuWPpZA4QfXD9tOU6IMmQIQ6bhMo 3Ow7s69E3v295Dxwl3htaLTHBksT7k7Hpu6cZh5vde0ShqWiPJ4sS6a4ETYbMJ0K2rTcBM b+mL+vsXD0LIboZQ01DPSOIFpcKLGJ9+OMj+20a6JLhCIx0BqaxlNFIRPDIpSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734394469; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YQBU0a6Mv4lyvEptdK3qMqD5s2s2bkgnvhoC+WWjso=; b=UfJ0uGI8vzu5ee1xsa/K9Ok53F/C24e0yYNOwncJKFr4CllLKxwPTR29WRmHDpOKbVQd+8 gNclRj/+sf1gORw3Gzwq/Y2H71PCo3JgkE6ZDnztOfxk3YDxRBEoGAqUet4kHVzx0ISeJu i/I+m3Zk4eM0VvgtXWdjWTLAJ8XzM3NKBMFvKrzpKuFoBBjYJziJ5GGVYnb5ylz8UZjDBg Df3wi/3TXE1JcIJmiHUC83e5K5p6Wa55md3C7SosMpiA50JFGSbBzX7mIafOHDVSiJeuTU xOHp3ZLZ6UczG0PJHbTE8ORmIIcA20lZqpQnpVibO7BAeyI1w/fZv/dIPPsfzg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734394469; a=rsa-sha256; cv=none; b=H2StV9DSyRUZnE1f3M/x0Zk+Z+ZdTBuwtOUWw9mgNKdap4Ai8jCNMAPqyoPHug/940sfv+ fRh1oTHsZEZkJZJ6+/QQWNHRbZQfdNiyR3aF1oM7+AAindtJnGahcpmC1TgjcoTyFTdjAQ H7aPcFLWKf9fcUPvu3Fb/OawbU8lpLueYwpcaLLbXhnurExLU5Jqhuxe5OvU1IAiw3P1Sb IxICvWmbV3t5hmFMLuCMNZYpn/c0jukNPFNfzGg/hYbNc+8BHK9dXOLHCcrW30Dx1p889g v3Usihhqq/6Xf53ZgRrdyMqcXGA7xbSI3eTyXf0NRWPLWOLKy+txYOkvsO8vGg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBy3n3jW3z1FKw; Tue, 17 Dec 2024 00:14:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BH0ETNE018615; Tue, 17 Dec 2024 00:14:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BH0ETgU018612; Tue, 17 Dec 2024 00:14:29 GMT (envelope-from git) Date: Tue, 17 Dec 2024 00:14:29 GMT Message-Id: <202412170014.4BH0ETgU018612@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: da2c88dfcf4f - main - queue: Fix STAILQ_SWAP List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: da2c88dfcf4f425e6e0a58d6df3a7c8e88d8df92 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=da2c88dfcf4f425e6e0a58d6df3a7c8e88d8df92 commit da2c88dfcf4f425e6e0a58d6df3a7c8e88d8df92 Author: Mark Johnston AuthorDate: 2024-12-17 00:12:11 +0000 Commit: Mark Johnston CommitDate: 2024-12-17 00:14:16 +0000 queue: Fix STAILQ_SWAP The debug assertions added in commit 34740937f7a4 do not hold for a window in STAILQ_SWAP, so check whether the queues are empty directly. Reported by: ler Fixes: 34740937f7a4 ("queue: New debug macros for STAILQ") --- sys/sys/queue.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/sys/queue.h b/sys/sys/queue.h index 8a1c6cd7afbb..c1fa8cd812cf 100644 --- a/sys/sys/queue.h +++ b/sys/sys/queue.h @@ -473,9 +473,9 @@ struct { \ (head1)->stqh_last = (head2)->stqh_last; \ STAILQ_FIRST(head2) = swap_first; \ (head2)->stqh_last = swap_last; \ - if (STAILQ_EMPTY(head1)) \ + if (STAILQ_FIRST(head1) == NULL) \ (head1)->stqh_last = &STAILQ_FIRST(head1); \ - if (STAILQ_EMPTY(head2)) \ + if (STAILQ_FIRST(head2) == NULL) \ (head2)->stqh_last = &STAILQ_FIRST(head2); \ } while (0) From nobody Tue Dec 17 09:00:27 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YC9kh3rNtz5gv2p; Tue, 17 Dec 2024 09:00:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YC9kh1k7tz3xch; Tue, 17 Dec 2024 09:00:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734426028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5URY5iCYIDm5RL+6Q1x4c08YUqhs1EMJ0CvS+QtfrBE=; b=ancTAGXFHev9a/eEnqO/LJ32cYECTtTMTQ4NDgrp93MohximNoQOoiBpy7bM83gMeIfu6t gk4sDdBJowVhVCGDckONF0rjJLdeXWy/27n/H3C/RURr5HSiUeKeodpfrQ2UGNwq73emVG bVCwPVhsxfevGjP637mZVvw9SbCgjQlYY06yDo/U2HOFKzSmpFwiwZJz5zlI3s3Ype20K/ OYKQjmX5Z32B8JzvDmxDw29PniwDMfy4Nn0k1oUPFIq7Gsci5orrzFKOizuOk9Z2ih9hVG MvsjU21yR9+M52n2yMqh5KezmPxRUvQlrK+2VtuRGRMuAkFUujSFBcoW2b5kMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734426028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5URY5iCYIDm5RL+6Q1x4c08YUqhs1EMJ0CvS+QtfrBE=; b=U7ZEa9Ucd/0/bX6MO7oxWmc+yh4oWnsNWl7BTEaBzvf6yUxQHLHPKBV65N/KSM1sxUEtae Qcy6CoPV/wnwFdG3OhKMaKQgzfvJ5O9bw88P+9Ivy1DGYeTWu3fjzcfF0RLS1GnbvECpqH KJYJLigTFgdoRfeUpZlwV+FPAul7JxyHRktU45rd2J+qDlC6giJlrzsK0ZuNpZMxLC5wrY 2f2xihiD5wiXNiuvQ3Vmvxdm3Y6m16m0Uf6LhioODBvABEcOI0r0JzDjdOFmMUclauW3Cp Txqvw+W23yHU0XNKh/YvLT/4sPIFwLRcEOhovP68/PfAAxNXlBjPUXcabcI9zw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734426028; a=rsa-sha256; cv=none; b=DdGnEUN11XZvaGx0sDaguFDbzUSPopioY7bEaDga6EY5yfU0LaWLwF5oJZ/GwllK81wCyC pBtbZUBCvwjmW0PuzMwtYptR6NdvQIOx3lN1/lsuiB8A35v7fCjjvb6c1L4oTbdSp7lDht A2p06p+JHASRpwZpcz46V8I6rNSiKGndph6vzhgoTc6F5h39nUpcHDwDbPTjM/OmIWdu6g uqA5Q/iQY/Sskm5jJj75mCsFxpgsjkGb8MSwZlxgizKBAJe0yowjNi7hbW57MHql2Bol5K XmjgLhYd7iUSIaqscU5FGMhsbfLQr3Aui/fPiPIyRy5s0U3WKmpZUd8FAQpdKw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YC9kh0MCBzGlZ; Tue, 17 Dec 2024 09:00:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BH90RPN000992; Tue, 17 Dec 2024 09:00:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BH90RYI000989; Tue, 17 Dec 2024 09:00:27 GMT (envelope-from git) Date: Tue, 17 Dec 2024 09:00:27 GMT Message-Id: <202412170900.4BH90RYI000989@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Osipov Subject: git: 58c7db14cd71 - main - linprocfs: Properly reset error variable for mtab generation List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: michaelo X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 58c7db14cd71c41f59d80d26d921782c0c27d523 Auto-Submitted: auto-generated The branch main has been updated by michaelo: URL: https://cgit.FreeBSD.org/src/commit/?id=58c7db14cd71c41f59d80d26d921782c0c27d523 commit 58c7db14cd71c41f59d80d26d921782c0c27d523 Author: Michael Osipov AuthorDate: 2024-12-02 13:25:45 +0000 Commit: Michael Osipov CommitDate: 2024-12-17 08:59:38 +0000 linprocfs: Properly reset error variable for mtab generation Both functions linprocfs_domtab() and linprocfs_doprocmountinfo() are logically identical, but the former fails with ECANCELED because error is not reset after the for loop. Reviewed by: jrm, fluffy MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47865 --- sys/compat/linprocfs/linprocfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index c5b6ec9b32c1..587c7412d80a 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -537,9 +537,7 @@ linprocfs_domtab(PFS_FILL_ARGS) error = kern_getfsstat(td, &buf, SIZE_T_MAX, &count, UIO_SYSSPACE, MNT_WAIT); if (error != 0) { - free(buf, M_TEMP); - free(flep, M_TEMP); - return (error); + goto out; } for (sp = buf; count > 0; sp++, count--) { @@ -559,6 +557,8 @@ linprocfs_domtab(PFS_FILL_ARGS) sbuf_printf(sb, " 0 0\n"); } + error = 0; +out: free(buf, M_TEMP); free(flep, M_TEMP); return (error); From nobody Tue Dec 17 10:07:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDC6KVMz5h0F1; Tue, 17 Dec 2024 10:07:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDC5y1Rz49N8; Tue, 17 Dec 2024 10:07:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Daq0NDQMva/RgioUTcCJVjGFYzbuH4q6zwVbsFWRnLA=; b=WnMAnd1q3yjeu0k/lTAr2qiHq3O2Q4h7DvjDc7PIQC51RFS2CskpZ8mL1RdK35EfK7kHv9 xFLZoEObbEFg30oI2jwJ2mYb/5NxyA62eiBq6qs0Oc8rdKy+iRq/jRvLmqjSbjLp4Pn92A ZXciXkmx6Ot+ifMU63PHXFaPhjVTfWu7nWPZO7YTj1Z4cjLxnZWJB0oyy3xe8+/+iSgkvO xLe1zWCzkPnYpvJvuE0TrvTEEhaMy7MryrmIx2/UxKhbt30qrzoWRnKEzDGQyDT1D+Pjoc P+PPDxX7K0U90mtUZq0BD/fL/JGRQ2zQ8syD3PlW1JA2vWKiOdkXeBsRdy1Ivw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Daq0NDQMva/RgioUTcCJVjGFYzbuH4q6zwVbsFWRnLA=; b=xThljCtXl0He++4+RU8pbZdWMjqVPfJap1Wqjy7yk7dTdgRuH4CAqEQgYVjyUSuUWy+2sZ OfdMcaHrEq/BMIse94rqmz4Rk/e87R2olzevnSLNxNJDWporuZdQlIF23hHoJgIAGERYMN UBvaTCvks42FjoNI9k993N7YaFUdZ0laQMwTI+fR3q99Vz7mFj86+K2LCnmNL2yJP8KTam /eH+pv8tQP5zc+IFepa59xfUPsqYXUFDgJxGIStNrigB++qR/iDq2Rt2iV9Yh19xSsV907 Zc+TrjBL7GRYlMElZQp9+oML3L7Wy5LPhcVlHGDMMewGa3RrGcvGVQr8L4/YBw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430059; a=rsa-sha256; cv=none; b=OwVwKmAkwZoTwtYfzoJJkHUe+xnTKttvmxZkZzcnx6Ex8dxXEzIOGBMRy/IcaiH0r5cOMa FUfwxITYYJmrLGDPd+Aq1gXno1cwC/dkcBW/zMSZlH/aBV7YorlXOshIc2i2l847JXtvTZ dIw0ZrS4JesG06AzMYEU2sYio5NeNWO2vKGj0IIv+g6xOv4jSNrvOmZer+2P9Xs+zNgxra 5jA1mIMyP5cnqW5zzW9oHrRKTCxmuSuNMXn23k5dbqVcci0PHCvnwdI0ejp2B++I1bw2nB dp7YcEyWnTrV1+QLsAzf1T0poARwlGv6t4hmLzcATHnE8Mn/Nr83i54cm3pnxQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDC5VrXzJ1q; Tue, 17 Dec 2024 10:07:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7dut023254; Tue, 17 Dec 2024 10:07:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7dPM023251; Tue, 17 Dec 2024 10:07:39 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:39 GMT Message-Id: <202412171007.4BHA7dPM023251@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: e11dacbf8484 - main - pf: partially import OpenBSD's NAT rewrite List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e11dacbf8484adc7bbb61b20fee3ab8385745925 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e11dacbf8484adc7bbb61b20fee3ab8385745925 commit e11dacbf8484adc7bbb61b20fee3ab8385745925 Author: Kristof Provost AuthorDate: 2024-10-11 12:15:48 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:12 +0000 pf: partially import OpenBSD's NAT rewrite We won't follow this fully, because it involves breaking syntax changes (removing nat/rdr rules and moving this functionality into regular rules) as well as behaviour changes because NAT is now done after the rules evaluation, rather than before it. We import some related changes anyway, because it paves the way for nat64 support. This change introduces a new pf_kpool in struct pf_krule, for nat. It is not yet used (but will be for nat64) and renames the existing 'rpool' to 'rdr'. Obtained from: OpenBSD, henning , 0ef3d4febe Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47783 --- lib/libpfctl/libpfctl.c | 10 ++-- lib/libpfctl/libpfctl.h | 9 +++- sbin/pfctl/pfctl.c | 6 +-- sbin/pfctl/pfctl_parser.h | 2 +- sys/net/pfvar.h | 31 ++++++++--- sys/netpfil/pf/if_pfsync.c | 2 +- sys/netpfil/pf/pf.c | 28 +++++----- sys/netpfil/pf/pf_ioctl.c | 125 +++++++++++++++++++++++++++++---------------- sys/netpfil/pf/pf_lb.c | 76 +++++++++++++-------------- sys/netpfil/pf/pf_nl.c | 24 ++++++--- sys/netpfil/pf/pf_nl.h | 4 +- sys/netpfil/pf/pf_nv.c | 4 +- 12 files changed, 201 insertions(+), 120 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 4634fa99cb19..21d0b24601a4 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -731,7 +731,7 @@ pf_nvrule_to_rule(const nvlist_t *nvl, struct pfctl_rule *rule) strlcpy(rule->overload_tblname, nvlist_get_string(nvl, "overload_tblname"), PF_TABLE_NAME_SIZE); - pf_nvpool_to_pool(nvlist_get_nvlist(nvl, "rpool"), &rule->rpool); + pf_nvpool_to_pool(nvlist_get_nvlist(nvl, "rpool"), &rule->rdr); rule->evaluations = nvlist_get_number(nvl, "evaluations"); pf_nvuint_64_array(nvl, "packets", 2, rule->packets, NULL); @@ -1226,7 +1226,8 @@ snl_add_msg_attr_pf_rule(struct snl_writer *nw, uint32_t type, const struct pfct snl_add_msg_attr_string(nw, PF_RT_TAGNAME, r->tagname); snl_add_msg_attr_string(nw, PF_RT_MATCH_TAGNAME, r->match_tagname); snl_add_msg_attr_string(nw, PF_RT_OVERLOAD_TBLNAME, r->overload_tblname); - snl_add_msg_attr_rpool(nw, PF_RT_RPOOL, &r->rpool); + snl_add_msg_attr_rpool(nw, PF_RT_RPOOL_RDR, &r->rdr); + snl_add_msg_attr_rpool(nw, PF_RT_RPOOL_NAT, &r->nat); snl_add_msg_attr_u32(nw, PF_RT_OS_FINGERPRINT, r->os_fingerprint); snl_add_msg_attr_u32(nw, PF_RT_RTABLEID, r->rtableid); snl_add_msg_attr_timeouts(nw, PF_RT_TIMEOUT, r->timeout); @@ -1596,7 +1597,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_TAGNAME, .off = _OUT(r.tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = snl_attr_copy_string }, { .type = PF_RT_MATCH_TAGNAME, .off = _OUT(r.match_tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = snl_attr_copy_string }, { .type = PF_RT_OVERLOAD_TBLNAME, .off = _OUT(r.overload_tblname), .arg = (void *)PF_TABLE_NAME_SIZE, .cb = snl_attr_copy_string }, - { .type = PF_RT_RPOOL, .off = _OUT(r.rpool), .arg = &pool_parser, .cb = snl_attr_get_nested }, + { .type = PF_RT_RPOOL_RDR, .off = _OUT(r.rdr), .arg = &pool_parser, .cb = snl_attr_get_nested }, { .type = PF_RT_OS_FINGERPRINT, .off = _OUT(r.os_fingerprint), .cb = snl_attr_get_uint32 }, { .type = PF_RT_RTABLEID, .off = _OUT(r.rtableid), .cb = snl_attr_get_uint32 }, { .type = PF_RT_TIMEOUT, .off = _OUT(r.timeout), .arg = &timeout_parser, .cb = snl_attr_get_nested_timeouts }, @@ -1660,6 +1661,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_ANCHOR_CALL, .off = _OUT(anchor_call), .arg = (void*)MAXPATHLEN, .cb = snl_attr_copy_string }, { .type = PF_RT_RCV_IFNAME, .off = _OUT(r.rcv_ifname), .arg = (void*)IFNAMSIZ, .cb = snl_attr_copy_string }, { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(r.max_src_conn), .cb = snl_attr_get_uint32 }, + { .type = PF_RT_RPOOL_NAT, .off = _OUT(r.nat), .arg = &pool_parser, .cb = snl_attr_get_nested }, }; static struct snl_field_parser fp_getrule[] = {}; #undef _OUT @@ -2771,7 +2773,7 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket) } int -pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa) +pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int which __unused) { struct snl_writer nw; struct snl_errmsg_data e = {}; diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 5c3f1376960c..7b4aa0555758 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -174,7 +174,12 @@ struct pfctl_rule { char overload_tblname[PF_TABLE_NAME_SIZE]; TAILQ_ENTRY(pfctl_rule) entries; - struct pfctl_pool rpool; + struct pfctl_pool nat; + union { + /* Alias old and new names. */ + struct pfctl_pool rpool; + struct pfctl_pool rdr; + }; uint64_t evaluations; uint64_t packets[2]; @@ -521,7 +526,7 @@ int pfctl_get_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t *second int pfctl_set_limit(struct pfctl_handle *h, const int index, const uint limit); int pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit); int pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket); -int pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa); +int pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int which); int pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, uint8_t r_action, const char *anchor, uint32_t *nr); int pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index aa3db4619972..4d77c7937a74 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1687,7 +1687,7 @@ pfctl_show_creators(int opts) /* callbacks for rule/nat/rdr/addr */ int -pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af) +pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af, int which) { struct pf_pooladdr *pa; int ret; @@ -1701,7 +1701,7 @@ pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af) TAILQ_FOREACH(pa, &p->list, entries) { memcpy(&pf->paddr.addr, pa, sizeof(struct pf_pooladdr)); if ((pf->opts & PF_OPT_NOACTION) == 0) { - if ((ret = pfctl_add_addr(pf->h, &pf->paddr)) != 0) + if ((ret = pfctl_add_addr(pf->h, &pf->paddr, which)) != 0) errc(1, ret, "DIOCADDADDR"); } } @@ -2045,7 +2045,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) was_present = false; if ((pf->opts & PF_OPT_NOACTION) == 0) { - if (pfctl_add_pool(pf, &r->rpool, r->af)) + if (pfctl_add_pool(pf, &r->rpool, r->af, PF_RDR)) return (1); error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket, pf->paddr.ticket); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 498027f5968c..551f2ff7537c 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -281,7 +281,7 @@ int pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *); int pfctl_append_eth_rule(struct pfctl *, struct pfctl_eth_rule *, const char *); int pfctl_add_altq(struct pfctl *, struct pf_altq *); -int pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t); +int pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t, int); void pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *); void pfctl_clear_pool(struct pfctl_pool *); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 100775347143..8cee1de14cb5 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -785,7 +785,8 @@ struct pf_krule { char overload_tblname[PF_TABLE_NAME_SIZE]; TAILQ_ENTRY(pf_krule) entries; - struct pf_kpool rpool; + struct pf_kpool nat; + struct pf_kpool rdr; struct pf_counter_u64 evaluations; struct pf_counter_u64 packets[2]; @@ -1604,8 +1605,10 @@ struct pf_pdesc { struct pf_addr *src; /* src address */ struct pf_addr *dst; /* dst address */ - u_int16_t *sport; - u_int16_t *dport; + u_int16_t *sport; + u_int16_t *dport; + u_int16_t osport; + u_int16_t odport; struct pf_mtag *pf_mtag; struct pf_rule_actions act; @@ -2192,7 +2195,7 @@ VNET_DECLARE(struct unrhdr64, pf_stateid); TAILQ_HEAD(pf_altqqueue, pf_altq); VNET_DECLARE(struct pf_altqqueue, pf_altqs[4]); #define V_pf_altqs VNET(pf_altqs) -VNET_DECLARE(struct pf_kpalist, pf_pabuf); +VNET_DECLARE(struct pf_kpalist, pf_pabuf[2]); #define V_pf_pabuf VNET(pf_pabuf) VNET_DECLARE(u_int32_t, ticket_altqs_active); @@ -2527,6 +2530,20 @@ VNET_DECLARE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); #endif /* _KERNEL */ #ifdef _KERNEL +struct pf_nl_pooladdr { + u_int32_t action; + u_int32_t ticket; + u_int32_t nr; + u_int32_t r_num; + u_int8_t r_action; + u_int8_t r_last; + u_int8_t af; + char anchor[MAXPATHLEN]; + struct pf_pooladdr addr; + /* Above this is identical to pfioc_pooladdr */ + int which; +}; + VNET_DECLARE(struct pf_kanchor_global, pf_anchors); #define V_pf_anchors VNET(pf_anchors) VNET_DECLARE(struct pf_kanchor, pf_main_anchor); @@ -2579,9 +2596,9 @@ int pf_ioctl_set_timeout(int, int, int *); int pf_ioctl_get_limit(int, unsigned int *); int pf_ioctl_set_limit(int, unsigned int, unsigned int *); int pf_ioctl_begin_addrs(uint32_t *); -int pf_ioctl_add_addr(struct pfioc_pooladdr *); -int pf_ioctl_get_addrs(struct pfioc_pooladdr *); -int pf_ioctl_get_addr(struct pfioc_pooladdr *); +int pf_ioctl_add_addr(struct pf_nl_pooladdr *); +int pf_ioctl_get_addrs(struct pf_nl_pooladdr *); +int pf_ioctl_get_addr(struct pf_nl_pooladdr *); int pf_ioctl_get_rulesets(struct pfioc_ruleset *); int pf_ioctl_get_ruleset(struct pfioc_ruleset *); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 5923675ff144..60bfb05d1570 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -582,7 +582,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) * give up, as we can't be sure that we will pick the * same one as the pfsync peer did. */ - rpool_first = TAILQ_FIRST(&(r->rpool.list)); + rpool_first = TAILQ_FIRST(&(r->rdr.list)); if ((rpool_first == NULL) || (TAILQ_NEXT(rpool_first, entries) != NULL)) { DPFPRINTF(PF_DEBUG_MISC, diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index d0ddff9f38a2..806800174f03 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -157,7 +157,7 @@ SDT_PROBE_DEFINE2(pf, purge, state, rowcount, "int", "size_t"); /* state tables */ VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); -VNET_DEFINE(struct pf_kpalist, pf_pabuf); +VNET_DEFINE(struct pf_kpalist, pf_pabuf[2]); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); VNET_DEFINE(struct pf_altqqueue *, pf_altq_ifs_active); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_inactive); @@ -332,8 +332,7 @@ static int pf_test_rule(struct pf_krule **, struct pf_kstate **, struct pf_kruleset **, struct inpcb *); static int pf_create_state(struct pf_krule *, struct pf_krule *, struct pf_krule *, struct pf_pdesc *, - struct pf_state_key *, struct pf_state_key *, - u_int16_t, u_int16_t, int *, + struct pf_state_key *, struct pf_state_key *, int *, struct pf_kstate **, int, u_int16_t, u_int16_t, struct pf_krule_slist *, struct pf_udp_mapping *); static int pf_state_key_addr_setup(struct pf_pdesc *, @@ -1027,7 +1026,7 @@ pf_insert_src_node(struct pf_ksrc_node **sn, struct pf_srchash **sh, u_short reason = 0; KASSERT((rule->rule_flag & PFRULE_SRCTRACK || - rule->rpool.opts & PF_POOL_STICKYADDR), + rule->rdr.opts & PF_POOL_STICKYADDR), ("%s for non-tracking rule %p", __func__, rule)); /* @@ -1242,7 +1241,8 @@ pf_initialize(void) TAILQ_INIT(&V_pf_altqs[1]); TAILQ_INIT(&V_pf_altqs[2]); TAILQ_INIT(&V_pf_altqs[3]); - TAILQ_INIT(&V_pf_pabuf); + TAILQ_INIT(&V_pf_pabuf[0]); + TAILQ_INIT(&V_pf_pabuf[1]); V_pf_altqs_active = &V_pf_altqs[0]; V_pf_altq_ifs_active = &V_pf_altqs[1]; V_pf_altqs_inactive = &V_pf_altqs[2]; @@ -4979,6 +4979,8 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, sport = dport = 0; break; } + pd->osport = sport; + pd->odport = dport; r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); @@ -5327,7 +5329,7 @@ nextrule: (pd->flags & PFDESC_TCP_NORM)))) { int action; action = pf_create_state(r, nr, a, pd, nk, sk, - sport, dport, &rewrite, sm, tag, bproto_sum, bip_sum, + &rewrite, sm, tag, bproto_sum, bip_sum, &match_rules, udp_mapping); if (action != PF_PASS) { pf_udp_mapping_release(udp_mapping); @@ -5382,9 +5384,9 @@ cleanup: static int pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, struct pf_pdesc *pd, struct pf_state_key *nk, struct pf_state_key *sk, - u_int16_t sport, u_int16_t dport, int *rewrite, struct pf_kstate **sm, - int tag, u_int16_t bproto_sum, u_int16_t bip_sum, - struct pf_krule_slist *match_rules, struct pf_udp_mapping *udp_mapping) + int *rewrite, struct pf_kstate **sm, int tag, u_int16_t bproto_sum, + u_int16_t bip_sum, struct pf_krule_slist *match_rules, + struct pf_udp_mapping *udp_mapping) { struct pf_kstate *s = NULL; struct pf_ksrc_node *sn = NULL; @@ -5405,14 +5407,14 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, } /* src node for filter rule */ if ((r->rule_flag & PFRULE_SRCTRACK || - r->rpool.opts & PF_POOL_STICKYADDR) && + r->rdr.opts & PF_POOL_STICKYADDR) && (sn_reason = pf_insert_src_node(&sn, &snh, r, pd->src, pd->af, &pd->act.rt_addr, pd->act.rt_kif)) != 0) { REASON_SET(&reason, sn_reason); goto csfailed; } /* src node for translation rule */ - if (nr != NULL && (nr->rpool.opts & PF_POOL_STICKYADDR) && + if (nr != NULL && (nr->rdr.opts & PF_POOL_STICKYADDR) && (sn_reason = pf_insert_src_node(&nsn, &nsnh, nr, &sk->addr[pd->sidx], pd->af, &nk->addr[1], NULL)) != 0 ) { REASON_SET(&reason, sn_reason); @@ -5535,7 +5537,9 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, if (nr == NULL) { KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p", __func__, nr, sk, nk)); - sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport); + MPASS(pd->sport == NULL || (pd->osport == *pd->sport)); + MPASS(pd->dport == NULL || (pd->odport == *pd->dport)); + sk = pf_state_key_setup(pd, pd->src, pd->dst, pd->osport, pd->odport); if (sk == NULL) goto csfailed; nk = sk; diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 0fdf41a9811f..35af04eda837 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -100,7 +100,7 @@ SDT_PROBE_DEFINE2(pf, ioctl, addrule, error, "int", "int"); SDT_PROBE_DEFINE2(pf, ioctl, nvchk, error, "int", "int"); static struct pf_kpool *pf_get_kpool(const char *, u_int32_t, u_int8_t, - u_int32_t, u_int8_t, u_int8_t, u_int8_t); + u_int32_t, u_int8_t, u_int8_t, u_int8_t, int); static void pf_mv_kpool(struct pf_kpalist *, struct pf_kpalist *); static void pf_empty_kpool(struct pf_kpalist *); @@ -430,12 +430,14 @@ pfattach_vnet(void) static struct pf_kpool * pf_get_kpool(const char *anchor, u_int32_t ticket, u_int8_t rule_action, u_int32_t rule_number, u_int8_t r_last, u_int8_t active, - u_int8_t check_ticket) + u_int8_t check_ticket, int which) { struct pf_kruleset *ruleset; struct pf_krule *rule; int rs_num; + MPASS(which == PF_RDR || which == PF_NAT); + ruleset = pf_find_kruleset(anchor); if (ruleset == NULL) return (NULL); @@ -468,7 +470,10 @@ pf_get_kpool(const char *anchor, u_int32_t ticket, u_int8_t rule_action, if (rule == NULL) return (NULL); - return (&rule->rpool); + if (which == PF_NAT) + return (&rule->nat); + else + return (&rule->rdr); } static void @@ -605,7 +610,7 @@ pf_free_rule(struct pf_krule *rule) if (rule->rcv_kif) pfi_kkif_unref(rule->rcv_kif); pf_kanchor_remove(rule); - pf_empty_kpool(&rule->rpool.list); + pf_empty_kpool(&rule->rdr.list); pf_krule_free(rule); } @@ -1824,7 +1829,8 @@ pf_krule_alloc(void) struct pf_krule *rule; rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO); - mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF); + mtx_init(&rule->nat.mtx, "pf_krule_nat_pool", NULL, MTX_DEF); + mtx_init(&rule->rdr.mtx, "pf_krule_rdr_pool", NULL, MTX_DEF); rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, M_WAITOK | M_ZERO); return (rule); @@ -1862,7 +1868,8 @@ pf_krule_free(struct pf_krule *rule) counter_u64_free(rule->src_nodes); uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp); - mtx_destroy(&rule->rpool.mtx); + mtx_destroy(&rule->nat.mtx); + mtx_destroy(&rule->rdr.mtx); free(rule, M_PFRULE); } @@ -1966,7 +1973,7 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) if (ret != 0) return (ret); - pf_pool_to_kpool(&rule->rpool, &krule->rpool); + pf_pool_to_kpool(&rule->rpool, &krule->rdr); /* Don't allow userspace to set evaluations, packets or bytes. */ /* kif, anchor, overload_tbl are not copied over. */ @@ -2096,7 +2103,8 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, rule->src_nodes = counter_u64_alloc(M_WAITOK); rule->cuid = uid; rule->cpid = pid; - TAILQ_INIT(&rule->rpool.list); + TAILQ_INIT(&rule->rdr.list); + TAILQ_INIT(&rule->nat.list); PF_CONFIG_LOCK(); PF_RULES_WLOCK(); @@ -2194,13 +2202,15 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, (rule->set_prio[0] > PF_PRIO_MAX || rule->set_prio[1] > PF_PRIO_MAX)) error = EINVAL; - TAILQ_FOREACH(pa, &V_pf_pabuf, entries) - if (pa->addr.type == PF_ADDR_TABLE) { - pa->addr.p.tbl = pfr_attach_table(ruleset, - pa->addr.v.tblname); - if (pa->addr.p.tbl == NULL) - error = ENOMEM; - } + for (int i = 0; i < 2; i++) { + TAILQ_FOREACH(pa, &V_pf_pabuf[i], entries) + if (pa->addr.type == PF_ADDR_TABLE) { + pa->addr.p.tbl = pfr_attach_table(ruleset, + pa->addr.v.tblname); + if (pa->addr.p.tbl == NULL) + error = ENOMEM; + } + } rule->overload_tbl = NULL; if (rule->overload_tblname[0]) { @@ -2212,14 +2222,15 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, PFR_TFLAG_ACTIVE; } - pf_mv_kpool(&V_pf_pabuf, &rule->rpool.list); + pf_mv_kpool(&V_pf_pabuf[0], &rule->nat.list); + pf_mv_kpool(&V_pf_pabuf[1], &rule->rdr.list); if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) || (rule->action == PF_BINAT)) && rule->anchor == NULL) || (rule->rt > PF_NOPFROUTE)) && - (TAILQ_FIRST(&rule->rpool.list) == NULL)) + (TAILQ_FIRST(&rule->rdr.list) == NULL)) error = EINVAL; - if (rule->action == PF_PASS && rule->rpool.opts & PF_POOL_STICKYADDR && + if (rule->action == PF_PASS && rule->rdr.opts & PF_POOL_STICKYADDR && !rule->keep_state) { error = EINVAL; } @@ -2230,7 +2241,8 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, ERROUT(error); } - rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list); + rule->nat.cur = TAILQ_FIRST(&rule->nat.list); + rule->rdr.cur = TAILQ_FIRST(&rule->rdr.list); TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr, rule, entries); ruleset->rules[rs_num].inactive.rcount++; @@ -2538,7 +2550,8 @@ int pf_ioctl_begin_addrs(uint32_t *ticket) { PF_RULES_WLOCK(); - pf_empty_kpool(&V_pf_pabuf); + pf_empty_kpool(&V_pf_pabuf[0]); + pf_empty_kpool(&V_pf_pabuf[1]); *ticket = ++V_ticket_pabuf; PF_RULES_WUNLOCK(); @@ -2546,12 +2559,14 @@ pf_ioctl_begin_addrs(uint32_t *ticket) } int -pf_ioctl_add_addr(struct pfioc_pooladdr *pp) +pf_ioctl_add_addr(struct pf_nl_pooladdr *pp) { struct pf_kpooladdr *pa = NULL; struct pfi_kkif *kif = NULL; int error; + MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + #ifndef INET if (pp->af == AF_INET) return (EAFNOSUPPORT); @@ -2596,7 +2611,8 @@ pf_ioctl_add_addr(struct pfioc_pooladdr *pp) PF_RULES_WUNLOCK(); goto out; } - TAILQ_INSERT_TAIL(&V_pf_pabuf, pa, entries); + TAILQ_INSERT_TAIL(&V_pf_pabuf[pp->which == PF_RDR ? 1 : 0], + pa, entries); PF_RULES_WUNLOCK(); return (0); @@ -2607,19 +2623,21 @@ out: } int -pf_ioctl_get_addrs(struct pfioc_pooladdr *pp) +pf_ioctl_get_addrs(struct pf_nl_pooladdr *pp) { struct pf_kpool *pool; struct pf_kpooladdr *pa; PF_RULES_RLOCK_TRACKER; + MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + pp->anchor[sizeof(pp->anchor) - 1] = 0; pp->nr = 0; PF_RULES_RLOCK(); pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action, - pp->r_num, 0, 1, 0); + pp->r_num, 0, 1, 0, pp->which); if (pool == NULL) { PF_RULES_RUNLOCK(); return (EBUSY); @@ -2632,19 +2650,21 @@ pf_ioctl_get_addrs(struct pfioc_pooladdr *pp) } int -pf_ioctl_get_addr(struct pfioc_pooladdr *pp) +pf_ioctl_get_addr(struct pf_nl_pooladdr *pp) { struct pf_kpool *pool; struct pf_kpooladdr *pa; u_int32_t nr = 0; + MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + PF_RULES_RLOCK_TRACKER; pp->anchor[sizeof(pp->anchor) - 1] = 0; PF_RULES_RLOCK(); pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action, - pp->r_num, 0, 1, 1); + pp->r_num, 0, 1, 1, pp->which); if (pool == NULL) { PF_RULES_RUNLOCK(); return (EBUSY); @@ -3626,7 +3646,8 @@ DIOCGETRULENV_error: newrule->src_nodes = counter_u64_alloc(M_WAITOK); newrule->cuid = td->td_ucred->cr_ruid; newrule->cpid = td->td_proc ? td->td_proc->p_pid : 0; - TAILQ_INIT(&newrule->rpool.list); + TAILQ_INIT(&newrule->nat.list); + TAILQ_INIT(&newrule->rdr.list); } #define ERROUT(x) ERROUT_IOCTL(DIOCCHANGERULE_error, x) @@ -3723,14 +3744,16 @@ DIOCGETRULENV_error: error = ENOMEM; if (pf_kanchor_setup(newrule, ruleset, pcr->anchor_call)) error = EINVAL; - TAILQ_FOREACH(pa, &V_pf_pabuf, entries) - if (pa->addr.type == PF_ADDR_TABLE) { - pa->addr.p.tbl = - pfr_attach_table(ruleset, - pa->addr.v.tblname); - if (pa->addr.p.tbl == NULL) - error = ENOMEM; - } + for (int i = 0; i < 2; i++) { + TAILQ_FOREACH(pa, &V_pf_pabuf[i], entries) + if (pa->addr.type == PF_ADDR_TABLE) { + pa->addr.p.tbl = + pfr_attach_table(ruleset, + pa->addr.v.tblname); + if (pa->addr.p.tbl == NULL) + error = ENOMEM; + } + } newrule->overload_tbl = NULL; if (newrule->overload_tblname[0]) { @@ -3743,13 +3766,14 @@ DIOCGETRULENV_error: PFR_TFLAG_ACTIVE; } - pf_mv_kpool(&V_pf_pabuf, &newrule->rpool.list); + pf_mv_kpool(&V_pf_pabuf[0], &newrule->nat.list); + pf_mv_kpool(&V_pf_pabuf[1], &newrule->rdr.list); if (((((newrule->action == PF_NAT) || (newrule->action == PF_RDR) || (newrule->action == PF_BINAT) || (newrule->rt > PF_NOPFROUTE)) && !newrule->anchor)) && - (TAILQ_FIRST(&newrule->rpool.list) == NULL)) + (TAILQ_FIRST(&newrule->rdr.list) == NULL)) error = EINVAL; if (error) { @@ -3759,9 +3783,11 @@ DIOCGETRULENV_error: break; } - newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list); + newrule->nat.cur = TAILQ_FIRST(&newrule->nat.list); + newrule->rdr.cur = TAILQ_FIRST(&newrule->rdr.list); } - pf_empty_kpool(&V_pf_pabuf); + pf_empty_kpool(&V_pf_pabuf[0]); + pf_empty_kpool(&V_pf_pabuf[1]); if (pcr->action == PF_CHANGE_ADD_HEAD) oldrule = TAILQ_FIRST( @@ -4390,22 +4416,35 @@ DIOCGETSTATESV2_full: case DIOCADDADDR: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; + struct pf_nl_pooladdr npp = {}; - error = pf_ioctl_add_addr(pp); + npp.which = PF_RDR; + memcpy(&npp, pp, sizeof(*pp)); + error = pf_ioctl_add_addr(&npp); break; } case DIOCGETADDRS: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; + struct pf_nl_pooladdr npp = {}; + + npp.which = PF_RDR; + memcpy(&npp, pp, sizeof(*pp)); + error = pf_ioctl_get_addrs(&npp); + memcpy(pp, &npp, sizeof(*pp)); - error = pf_ioctl_get_addrs(pp); break; } case DIOCGETADDR: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; + struct pf_nl_pooladdr npp = {}; + + npp.which = PF_RDR; + memcpy(&npp, pp, sizeof(*pp)); + error = pf_ioctl_get_addr(&npp); + memcpy(pp, &npp, sizeof(*pp)); - error = pf_ioctl_get_addr(pp); break; } @@ -4460,7 +4499,7 @@ DIOCGETSTATESV2_full: ERROUT(EBUSY); pool = pf_get_kpool(pca->anchor, pca->ticket, pca->r_action, - pca->r_num, pca->r_last, 1, 1); + pca->r_num, pca->r_last, 1, 1, PF_RDR); if (pool == NULL) ERROUT(EBUSY); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 8087546683af..10129a5fab46 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -149,8 +149,8 @@ pf_match_translation(struct pf_pdesc *pd, if (r->action == PF_BINAT && pd->dir == PF_IN) { src = &r->dst; - if (r->rpool.cur != NULL) - xdst = &r->rpool.cur->addr; + if (r->rdr.cur != NULL) + xdst = &r->rdr.cur->addr; } else { src = &r->src; dst = &r->dst; @@ -240,7 +240,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, * from the mapping. In this case we have to look up the src_node as * pf_map_addr would. */ - if (proto == IPPROTO_UDP && (r->rpool.opts & PF_POOL_ENDPI)) { + if (proto == IPPROTO_UDP && (r->rdr.opts & PF_POOL_ENDPI)) { struct pf_udp_endpoint_cmp udp_source; bzero(&udp_source, sizeof(udp_source)); @@ -252,8 +252,8 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, af); *nport = (*udp_mapping)->endpoints[1].port; /* Try to find a src_node as per pf_map_addr(). */ - if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR && - (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) + if (*sn == NULL && r->rdr.opts & PF_POOL_STICKYADDR && + (r->rdr.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) *sn = pf_find_src_node(saddr, r, af, sh, false); if (*sn != NULL) PF_SRC_NODE_UNLOCK(*sn); @@ -363,7 +363,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, tmp = cut; for (tmp -= 1; tmp >= low && tmp <= 0xffff; --tmp) { if (proto == IPPROTO_UDP && - (r->rpool.opts & PF_POOL_ENDPI)) { + (r->rdr.opts & PF_POOL_ENDPI)) { (*udp_mapping)->endpoints[1].port = htons(tmp); if (pf_udp_mapping_insert(*udp_mapping) == 0) { *nport = htons(tmp); @@ -379,7 +379,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, } } - switch (r->rpool.opts & PF_POOL_TYPEMASK) { + switch (r->rdr.opts & PF_POOL_TYPEMASK) { case PF_POOL_RANDOM: case PF_POOL_ROUNDROBIN: /* @@ -423,13 +423,13 @@ pf_get_mape_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, uint16_t i, ahigh, cut; int ashift, psidshift; - ashift = 16 - r->rpool.mape.offset; - psidshift = ashift - r->rpool.mape.psidlen; - psmask = r->rpool.mape.psid & ((1U << r->rpool.mape.psidlen) - 1); + ashift = 16 - r->rdr.mape.offset; + psidshift = ashift - r->rdr.mape.psidlen; + psmask = r->rdr.mape.psid & ((1U << r->rdr.mape.psidlen) - 1); psmask = psmask << psidshift; highmask = (1U << psidshift) - 1; - ahigh = (1U << r->rpool.mape.offset) - 1; + ahigh = (1U << r->rdr.mape.offset) - 1; cut = arc4random() & ahigh; if (cut == 0) cut = 1; @@ -454,7 +454,7 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, struct pf_addr *naddr, struct pfi_kkif **nkif, struct pf_addr *init_addr) { u_short reason = PFRES_MATCH; - struct pf_kpool *rpool = &r->rpool; + struct pf_kpool *rpool = &r->rdr; struct pf_addr *raddr = NULL, *rmask = NULL; mtx_lock(&rpool->mtx); @@ -629,7 +629,7 @@ pf_map_addr_sn(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, struct pf_ksrc_node **sn, struct pf_srchash **sh) { u_short reason = 0; - struct pf_kpool *rpool = &r->rpool; + struct pf_kpool *rpool = &r->rdr; KASSERT(*sn == NULL, ("*sn not NULL")); @@ -638,8 +638,8 @@ pf_map_addr_sn(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, * Request the sh to be unlocked if sn was not found, as we never * insert a new sn when parsing the ruleset. */ - if (r->rpool.opts & PF_POOL_STICKYADDR && - (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) + if (r->rdr.opts & PF_POOL_STICKYADDR && + (r->rdr.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) *sn = pf_find_src_node(saddr, r, af, sh, false); if (*sn != NULL) { @@ -763,19 +763,19 @@ pf_get_translation(struct pf_pdesc *pd, int off, low = 1; high = 65535; } else { - low = r->rpool.proxy_port[0]; - high = r->rpool.proxy_port[1]; + low = r->rdr.proxy_port[0]; + high = r->rdr.proxy_port[1]; } - if (r->rpool.mape.offset > 0) { + if (r->rdr.mape.offset > 0) { if (pf_get_mape_sport(pd->af, pd->proto, r, saddr, sport, daddr, dport, naddr, nportp, &sn, &sh, udp_mapping)) { DPFPRINTF(PF_DEBUG_MISC, ("pf: MAP-E port allocation (%u/%u/%u)" " failed\n", - r->rpool.mape.offset, - r->rpool.mape.psidlen, - r->rpool.mape.psid)); + r->rdr.mape.offset, + r->rdr.mape.psidlen, + r->rdr.mape.psid)); reason = PFRES_MAPFAILED; goto notrans; } @@ -784,7 +784,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, udp_mapping)) { DPFPRINTF(PF_DEBUG_MISC, ("pf: NAT proxy port allocation (%u-%u) failed\n", - r->rpool.proxy_port[0], r->rpool.proxy_port[1])); + r->rdr.proxy_port[0], r->rdr.proxy_port[1])); reason = PFRES_MAPFAILED; goto notrans; } @@ -792,41 +792,41 @@ pf_get_translation(struct pf_pdesc *pd, int off, case PF_BINAT: switch (pd->dir) { case PF_OUT: - if (r->rpool.cur->addr.type == PF_ADDR_DYNIFTL){ + if (r->rdr.cur->addr.type == PF_ADDR_DYNIFTL){ switch (pd->af) { #ifdef INET case AF_INET: - if (r->rpool.cur->addr.p.dyn-> + if (r->rdr.cur->addr.p.dyn-> pfid_acnt4 < 1) { reason = PFRES_MAPFAILED; goto notrans; } PF_POOLMASK(naddr, - &r->rpool.cur->addr.p.dyn-> + &r->rdr.cur->addr.p.dyn-> pfid_addr4, - &r->rpool.cur->addr.p.dyn-> + &r->rdr.cur->addr.p.dyn-> pfid_mask4, saddr, AF_INET); break; #endif /* INET */ #ifdef INET6 case AF_INET6: - if (r->rpool.cur->addr.p.dyn-> + if (r->rdr.cur->addr.p.dyn-> pfid_acnt6 < 1) { reason = PFRES_MAPFAILED; goto notrans; } PF_POOLMASK(naddr, - &r->rpool.cur->addr.p.dyn-> + &r->rdr.cur->addr.p.dyn-> pfid_addr6, - &r->rpool.cur->addr.p.dyn-> + &r->rdr.cur->addr.p.dyn-> pfid_mask6, saddr, AF_INET6); break; #endif /* INET6 */ } } else PF_POOLMASK(naddr, - &r->rpool.cur->addr.v.a.addr, - &r->rpool.cur->addr.v.a.mask, saddr, + &r->rdr.cur->addr.v.a.addr, + &r->rdr.cur->addr.v.a.mask, saddr, pd->af); break; case PF_IN: @@ -871,27 +871,27 @@ pf_get_translation(struct pf_pdesc *pd, int off, reason = pf_map_addr_sn(pd->af, r, saddr, naddr, NULL, NULL, &sn, &sh); if (reason != 0) goto notrans; - if ((r->rpool.opts & PF_POOL_TYPEMASK) == PF_POOL_BITMASK) - PF_POOLMASK(naddr, naddr, &r->rpool.cur->addr.v.a.mask, + if ((r->rdr.opts & PF_POOL_TYPEMASK) == PF_POOL_BITMASK) + PF_POOLMASK(naddr, naddr, &r->rdr.cur->addr.v.a.mask, daddr, pd->af); /* Do not change SCTP ports. */ if (pd->proto == IPPROTO_SCTP) break; - if (r->rpool.proxy_port[1]) { + if (r->rdr.proxy_port[1]) { uint32_t tmp_nport; tmp_nport = ((ntohs(dport) - ntohs(r->dst.port[0])) % - (r->rpool.proxy_port[1] - r->rpool.proxy_port[0] + - 1)) + r->rpool.proxy_port[0]; + (r->rdr.proxy_port[1] - r->rdr.proxy_port[0] + + 1)) + r->rdr.proxy_port[0]; /* Wrap around if necessary. */ if (tmp_nport > 65535) tmp_nport -= 65535; nport = htons((uint16_t)tmp_nport); - } else if (r->rpool.proxy_port[0]) - nport = htons(r->rpool.proxy_port[0]); + } else if (r->rdr.proxy_port[0]) + nport = htons(r->rdr.proxy_port[0]); else nport = dport; diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index ad7dc97cbc1a..52d77034c4b7 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -678,7 +678,7 @@ static const struct nlattr_parser nla_p_rule[] = { { .type = PF_RT_TAGNAME, .off = _OUT(tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = nlattr_get_chara }, { .type = PF_RT_MATCH_TAGNAME, .off = _OUT(match_tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = nlattr_get_chara }, { .type = PF_RT_OVERLOAD_TBLNAME, .off = _OUT(overload_tblname), .arg = (void *)PF_TABLE_NAME_SIZE, .cb = nlattr_get_chara }, - { .type = PF_RT_RPOOL, .off = _OUT(rpool), .arg = &pool_parser, .cb = nlattr_get_nested }, + { .type = PF_RT_RPOOL_RDR, .off = _OUT(rdr), .arg = &pool_parser, .cb = nlattr_get_nested }, { .type = PF_RT_OS_FINGERPRINT, .off = _OUT(os_fingerprint), .cb = nlattr_get_uint32 }, { .type = PF_RT_RTABLEID, .off = _OUT(rtableid), .cb = nlattr_get_uint32 }, { .type = PF_RT_TIMEOUT, .off = _OUT(timeout), .arg = &timeout_parser, .cb = nlattr_get_nested_timeouts }, @@ -732,6 +732,7 @@ static const struct nlattr_parser nla_p_rule[] = { { .type = PF_RT_DIVERT_PORT, .off = _OUT(divert.port), .cb = nlattr_get_uint16 }, { .type = PF_RT_RCV_IFNAME, .off = _OUT(rcv_ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara }, { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(max_src_conn), .cb = nlattr_get_uint32 }, + { .type = PF_RT_RPOOL_NAT, .off = _OUT(nat), .arg = &pool_parser, .cb = nlattr_get_nested }, }; NL_DECLARE_ATTR_PARSER(rule_parser, nla_p_rule); #undef _OUT @@ -915,7 +916,8 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt) nlattr_add_string(nw, PF_RT_TAGNAME, rule->tagname); nlattr_add_string(nw, PF_RT_MATCH_TAGNAME, rule->match_tagname); nlattr_add_string(nw, PF_RT_OVERLOAD_TBLNAME, rule->overload_tblname); - nlattr_add_pool(nw, PF_RT_RPOOL, &rule->rpool); + nlattr_add_pool(nw, PF_RT_RPOOL_RDR, &rule->rdr); + nlattr_add_pool(nw, PF_RT_RPOOL_NAT, &rule->nat); nlattr_add_u32(nw, PF_RT_OS_FINGERPRINT, rule->os_fingerprint); nlattr_add_u32(nw, PF_RT_RTABLEID, rule->rtableid); nlattr_add_timeout(nw, PF_RT_TIMEOUT, rule->timeout); @@ -1528,7 +1530,7 @@ static const struct nlattr_parser nla_p_pool_addr[] = { NL_DECLARE_ATTR_PARSER(pool_addr_parser, nla_p_pool_addr); #undef _OUT -#define _OUT(_field) offsetof(struct pfioc_pooladdr, _field) +#define _OUT(_field) offsetof(struct pf_nl_pooladdr, _field) static const struct nlattr_parser nla_p_add_addr[] = { { .type = PF_AA_ACTION, .off = _OUT(action), .cb = nlattr_get_uint32 }, { .type = PF_AA_TICKET, .off = _OUT(ticket), .cb = nlattr_get_uint32 }, @@ -1539,6 +1541,7 @@ static const struct nlattr_parser nla_p_add_addr[] = { { .type = PF_AA_AF, .off = _OUT(af), .cb = nlattr_get_uint8 }, { .type = PF_AA_ANCHOR, .off = _OUT(anchor), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara }, { .type = PF_AA_ADDR, .off = _OUT(addr), .arg = &pool_addr_parser, .cb = nlattr_get_nested }, + { .type = PF_AA_WHICH, .off = _OUT(which), .cb = nlattr_get_uint32 }, }; static const struct nlfield_parser nlf_p_add_addr[] = {}; #undef _OUT @@ -1547,13 +1550,16 @@ NL_DECLARE_PARSER(add_addr_parser, struct genlmsghdr, nlf_p_add_addr, nla_p_add_ static int pf_handle_add_addr(struct nlmsghdr *hdr, struct nl_pstate *npt) { - struct pfioc_pooladdr attrs = { 0 }; + struct pf_nl_pooladdr attrs = { 0 }; int error; error = nl_parse_nlmsg(hdr, &add_addr_parser, npt, &attrs); if (error != 0) return (error); + if (attrs.which == 0) + attrs.which = PF_RDR; + error = pf_ioctl_add_addr(&attrs); return (error); @@ -1562,7 +1568,7 @@ pf_handle_add_addr(struct nlmsghdr *hdr, struct nl_pstate *npt) static int pf_handle_get_addrs(struct nlmsghdr *hdr, struct nl_pstate *npt) { - struct pfioc_pooladdr attrs = { 0 }; + struct pf_nl_pooladdr attrs = { 0 }; struct nl_writer *nw = npt->nw; struct genlmsghdr *ghdr_new; int error; @@ -1571,6 +1577,9 @@ pf_handle_get_addrs(struct nlmsghdr *hdr, struct nl_pstate *npt) if (error != 0) return (error); + if (attrs.which == 0) + attrs.which = PF_RDR; + *** 73 LINES SKIPPED *** From nobody Tue Dec 17 10:07:40 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDF0Pd5z5h0hL; Tue, 17 Dec 2024 10:07:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDF0189z494K; Tue, 17 Dec 2024 10:07:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=q2ivfLxHleRzdZEiBPHfl2ix7SLl43rOlQZaRPoIm1Q=; b=pPfLAVd6tQ1bJQL1fa27ki4RvKYae+4xTYaXgdZeTTgqRKxihIxhx1pPwIuqi3trL1Xknl 36WXOoAEmalJ8/T1C73tMcWfSdJwJigPtLasdA5VedXtEWzJEAMYjW6yTaDecc4AWUF4Ue 2/iJQJN6lB2eQCr+X0lG+OBxMWVGFdSgTnRiqX/ikxx6NIBqnnMnxlmO/aDwQ2SAdaD3il mIjZGKVR4icdTtSjINKwT/nbKxelFjymYRcae7U1RH1Ju3R3lP7D7scqTomZ8AAun8iRzu EHiPO/9KJLJhwUwMjYCvREHCe1Wc6oalIkWRs7xDEf4EMWBf40+5yXv6hi9QtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=q2ivfLxHleRzdZEiBPHfl2ix7SLl43rOlQZaRPoIm1Q=; b=LV1thq2J7oWgPK/3I372TP3Ohe9lPzIu0KcmGbbtSCyQan4L7l9y/dci0VzhWqiEr/XZJ/ HdDLQft4J8hUnZghJvjRDTIM5UD49B1RTsskGLyMirBYdLwjDQwUH4C8C7nJ4Kpxvx/vZB Sza5XMZ0OejZyc2z/Uqy2XkbXsDeEvw73HXnQb7IDERwMo+CDX14WCGQuHzZ9qpjMizfu1 JelxBEDEohj+yhdIa9V/4PvOFcJAenMDJPe26V6Dz5W3QsKMKHggq1/eLjluWgTJqqHKX2 RsblMA0Da/KaMOJkFEP95a2QnwqULE2C0rkd4BnBTktyW2eU0PBN+Nw3YvB0lA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430061; a=rsa-sha256; cv=none; b=BIq/aqNw4w2SOkYU/tN0n9XTDO0zUATElB3d3qIB1LWZ/ec3yImiwwWInqpV5JIBlCZ9z7 jqNDw/2uHtYpfiXP06ksunDCB0cvMljjyO7E9ZE5laPw57wwcIO0uVzvBfgHsO4vMSCXPu 53PSLB8nLQtr+DkBCZ3F27AmcMw6R3Lvh4KJwrCID5oW0o5B65GnajaCAB3Uz7fUtmaAEJ JvqrK78bUWBiH4s1LELtag+cwtVC5DPeZhoExlLvIGNa23YTOtyfnXBPi4c2wNQ4ylruOh 9JoNLUDuuNhKNYZzLJfEp0ymOVlW1W8VJFjaLZbp9GTBwQjQjqtmBLNIYEeJNQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDD6b8FzHsc; Tue, 17 Dec 2024 10:07:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7etB023302; Tue, 17 Dec 2024 10:07:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7e7i023299; Tue, 17 Dec 2024 10:07:40 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:40 GMT Message-Id: <202412171007.4BHA7e7i023299@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 2d7e68d5cd76 - main - pf: add post-NAT src/dst address/port to pf_pdesc List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2d7e68d5cd76e82dd81a9d70e30eea5681c05c5e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2d7e68d5cd76e82dd81a9d70e30eea5681c05c5e commit 2d7e68d5cd76e82dd81a9d70e30eea5681c05c5e Author: Kristof Provost AuthorDate: 2024-10-23 09:36:23 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:12 +0000 pf: add post-NAT src/dst address/port to pf_pdesc stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot while walking the ruleset and up until state is fully set up) into pf_pdesc instead of passing around those 4 seperately all the time, also shrinks the argument count for a few functions that have/partialy had an insane count of arguments. kinda preparational since we'll need them elsewhere too, soon ok ryan jsing Obtained from: OpenBSD, henning , ccf63ac6cb Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47784 --- sys/net/pfvar.h | 11 +-- sys/netpfil/pf/pf.c | 177 ++++++++++++++++++++++++++++--------------------- sys/netpfil/pf/pf_lb.c | 151 +++++++++++++++++++---------------------- 3 files changed, 176 insertions(+), 163 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 8cee1de14cb5..232fa404e1d9 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1600,6 +1600,9 @@ struct pf_pdesc { char any[0]; } hdr; + struct pf_addr nsaddr; /* src address after NAT */ + struct pf_addr ndaddr; /* dst address after NAT */ + struct pfi_kkif *kif; /* incomming interface */ struct mbuf *m; @@ -1609,6 +1612,8 @@ struct pf_pdesc { u_int16_t *dport; u_int16_t osport; u_int16_t odport; + u_int16_t nsport; /* src port after NAT */ + u_int16_t ndport; /* dst port after NAT */ struct pf_mtag *pf_mtag; struct pf_rule_actions act; @@ -2644,13 +2649,11 @@ u_short pf_map_addr_sn(u_int8_t, struct pf_krule *, struct pf_ksrc_node **, struct pf_srchash **); u_short pf_get_translation(struct pf_pdesc *, int, struct pf_state_key **, struct pf_state_key **, - struct pf_addr *, struct pf_addr *, - uint16_t, uint16_t, struct pf_kanchor_stackframe *, - struct pf_krule **, + struct pf_kanchor_stackframe *, struct pf_krule **, struct pf_udp_mapping **udp_mapping); struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, - struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t); + u_int16_t, u_int16_t); struct pf_state_key *pf_state_key_clone(const struct pf_state_key *); void pf_rule_to_actions(struct pf_krule *, struct pf_rule_actions *); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 806800174f03..95000bf0fd48 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1653,9 +1653,7 @@ copy: } struct pf_state_key * -pf_state_key_setup(struct pf_pdesc *pd, - struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport, - u_int16_t dport) +pf_state_key_setup(struct pf_pdesc *pd, u_int16_t sport, u_int16_t dport) { struct pf_state_key *sk; @@ -4898,8 +4896,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pf_kruleset **rsm, struct inpcb *inp) { struct pf_krule *nr = NULL; - struct pf_addr * const saddr = pd->src; - struct pf_addr * const daddr = pd->dst; struct pf_krule *r, *a = NULL; struct pf_kruleset *ruleset = NULL; struct pf_krule_slist match_rules; @@ -4912,7 +4908,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int asd = 0; int match = 0; int state_icmp = 0, icmp_dir, multi; - u_int16_t sport = 0, dport = 0, virtual_type, virtual_id; + u_int16_t virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE]; @@ -4920,6 +4916,9 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, PF_RULES_RASSERT(); + PF_ACPY(&pd->nsaddr, pd->src, pd->af); + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); + SLIST_INIT(&match_rules); if (inp != NULL) { @@ -4931,16 +4930,16 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, switch (pd->virtual_proto) { case IPPROTO_TCP: - sport = th->th_sport; - dport = th->th_dport; + pd->nsport = th->th_sport; + pd->ndport = th->th_dport; break; case IPPROTO_UDP: - sport = pd->hdr.udp.uh_sport; - dport = pd->hdr.udp.uh_dport; + pd->nsport = pd->hdr.udp.uh_sport; + pd->ndport = pd->hdr.udp.uh_dport; break; case IPPROTO_SCTP: - sport = pd->hdr.sctp.src_port; - dport = pd->hdr.sctp.dest_port; + pd->nsport = pd->hdr.sctp.src_port; + pd->ndport = pd->hdr.sctp.dest_port; break; #ifdef INET case IPPROTO_ICMP: @@ -4950,11 +4949,11 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, state_icmp = pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { - sport = virtual_id; - dport = virtual_type; + pd->nsport = virtual_id; + pd->ndport = virtual_type; } else { - sport = virtual_type; - dport = virtual_id; + pd->nsport = virtual_type; + pd->ndport = virtual_id; } break; #endif /* INET */ @@ -4966,27 +4965,27 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, state_icmp = pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { - sport = virtual_id; - dport = virtual_type; + pd->nsport = virtual_id; + pd->ndport = virtual_type; } else { - sport = virtual_type; - dport = virtual_id; + pd->nsport = virtual_type; + pd->ndport = virtual_id; } break; #endif /* INET6 */ default: - sport = dport = 0; + pd->nsport = pd->ndport = 0; break; } - pd->osport = sport; - pd->odport = dport; + pd->osport = pd->nsport; + pd->odport = pd->ndport; r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); /* check packet for BINAT/NAT/RDR */ - transerror = pf_get_translation(pd, pd->off, &sk, &nk, saddr, daddr, - sport, dport, anchor_stack, &nr, &udp_mapping); + transerror = pf_get_translation(pd, pd->off, &sk, &nk, anchor_stack, + &nr, &udp_mapping); switch (transerror) { default: /* A translation error occurred. */ @@ -5011,82 +5010,94 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, case IPPROTO_TCP: bproto_sum = th->th_sum; - if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) || - nk->port[pd->sidx] != sport) { - pf_change_ap(pd->m, saddr, &th->th_sport, pd->ip_sum, - &th->th_sum, &nk->addr[pd->sidx], + if (PF_ANEQ(&pd->nsaddr, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != pd->nsport) { + pf_change_ap(pd->m, pd->src, &th->th_sport, + pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx], nk->port[pd->sidx], 0, pd->af); pd->sport = &th->th_sport; - sport = th->th_sport; + pd->nsport = th->th_sport; + PF_ACPY(&pd->nsaddr, pd->src, pd->af); } - if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) || - nk->port[pd->didx] != dport) { - pf_change_ap(pd->m, daddr, &th->th_dport, pd->ip_sum, - &th->th_sum, &nk->addr[pd->didx], + if (PF_ANEQ(&pd->ndaddr, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != pd->ndport) { + pf_change_ap(pd->m, pd->dst, &th->th_dport, + pd->ip_sum, &th->th_sum, &nk->addr[pd->didx], nk->port[pd->didx], 0, pd->af); - dport = th->th_dport; + pd->ndport = th->th_dport; pd->dport = &th->th_dport; + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); } rewrite++; break; case IPPROTO_UDP: bproto_sum = pd->hdr.udp.uh_sum; - if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) || - nk->port[pd->sidx] != sport) { - pf_change_ap(pd->m, saddr, &pd->hdr.udp.uh_sport, + if (PF_ANEQ(&pd->nsaddr, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != pd->nsport) { + pf_change_ap(pd->m, pd->src, + &pd->hdr.udp.uh_sport, pd->ip_sum, &pd->hdr.udp.uh_sum, &nk->addr[pd->sidx], nk->port[pd->sidx], 1, pd->af); - sport = pd->hdr.udp.uh_sport; + pd->nsport = pd->hdr.udp.uh_sport; pd->sport = &pd->hdr.udp.uh_sport; + PF_ACPY(&pd->nsaddr, pd->src, pd->af); } - if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) || - nk->port[pd->didx] != dport) { - pf_change_ap(pd->m, daddr, &pd->hdr.udp.uh_dport, + if (PF_ANEQ(&pd->ndaddr, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != pd->ndport) { + pf_change_ap(pd->m, pd->dst, + &pd->hdr.udp.uh_dport, pd->ip_sum, &pd->hdr.udp.uh_sum, &nk->addr[pd->didx], nk->port[pd->didx], 1, pd->af); - dport = pd->hdr.udp.uh_dport; + pd->ndport = pd->hdr.udp.uh_dport; pd->dport = &pd->hdr.udp.uh_dport; + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); } rewrite++; break; case IPPROTO_SCTP: { uint16_t checksum = 0; - if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) || - nk->port[pd->sidx] != sport) { - pf_change_ap(pd->m, saddr, &pd->hdr.sctp.src_port, - pd->ip_sum, &checksum, + if (PF_ANEQ(&pd->nsaddr, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != pd->nsport) { + pf_change_ap(pd->m, pd->src, + &pd->hdr.sctp.src_port, pd->ip_sum, &checksum, &nk->addr[pd->sidx], nk->port[pd->sidx], 1, pd->af); + PF_ACPY(&pd->nsaddr, pd->src, pd->af); } - if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) || - nk->port[pd->didx] != dport) { - pf_change_ap(pd->m, daddr, &pd->hdr.sctp.dest_port, - pd->ip_sum, &checksum, + if (PF_ANEQ(&pd->ndaddr, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != pd->ndport) { + pf_change_ap(pd->m, pd->dst, + &pd->hdr.sctp.dest_port, pd->ip_sum, &checksum, &nk->addr[pd->didx], nk->port[pd->didx], 1, pd->af); + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); } break; } #ifdef INET case IPPROTO_ICMP: - if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET)) - pf_change_a(&saddr->v4.s_addr, pd->ip_sum, + if (PF_ANEQ(&pd->nsaddr, &nk->addr[pd->sidx], AF_INET)) { + pf_change_a(&pd->src->v4.s_addr, pd->ip_sum, nk->addr[pd->sidx].v4.s_addr, 0); + PF_ACPY(&pd->nsaddr, pd->src, pd->af); + } - if (PF_ANEQ(daddr, &nk->addr[pd->didx], AF_INET)) - pf_change_a(&daddr->v4.s_addr, pd->ip_sum, + if (PF_ANEQ(&pd->ndaddr, &nk->addr[pd->didx], AF_INET)) { + pf_change_a(&pd->dst->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); + } if (virtual_type == htons(ICMP_ECHO) && nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( - pd->hdr.icmp.icmp_cksum, sport, + pd->hdr.icmp.icmp_cksum, pd->nsport, nk->port[pd->sidx], 0); pd->hdr.icmp.icmp_id = nk->port[pd->sidx]; pd->sport = &pd->hdr.icmp.icmp_id; @@ -5096,13 +5107,17 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: - if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6)) - pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum, + if (PF_ANEQ(&pd->nsaddr, &nk->addr[pd->sidx], AF_INET6)) { + pf_change_a6(pd->src, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[pd->sidx], 0); + PF_ACPY(&pd->nsaddr, pd->src, pd->af); + } - if (PF_ANEQ(daddr, &nk->addr[pd->didx], AF_INET6)) - pf_change_a6(daddr, &pd->hdr.icmp6.icmp6_cksum, + if (PF_ANEQ(&pd->ndaddr, &nk->addr[pd->didx], AF_INET6)) { + pf_change_a6(pd->dst, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[pd->didx], 0); + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); + } rewrite++; break; #endif /* INET */ @@ -5110,28 +5125,36 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, switch (pd->af) { #ifdef INET case AF_INET: - if (PF_ANEQ(saddr, - &nk->addr[pd->sidx], AF_INET)) - pf_change_a(&saddr->v4.s_addr, + if (PF_ANEQ(&pd->nsaddr, + &nk->addr[pd->sidx], AF_INET)) { + pf_change_a(&pd->src->v4.s_addr, pd->ip_sum, nk->addr[pd->sidx].v4.s_addr, 0); + PF_ACPY(&pd->nsaddr, pd->src, pd->af); + } - if (PF_ANEQ(daddr, - &nk->addr[pd->didx], AF_INET)) - pf_change_a(&daddr->v4.s_addr, + if (PF_ANEQ(&pd->ndaddr, + &nk->addr[pd->didx], AF_INET)) { + pf_change_a(&pd->dst->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); + PF_ACPY(&pd->ndaddr, pd->dst, pd->af); + } break; #endif /* INET */ #ifdef INET6 case AF_INET6: - if (PF_ANEQ(saddr, - &nk->addr[pd->sidx], AF_INET6)) - PF_ACPY(saddr, &nk->addr[pd->sidx], pd->af); + if (PF_ANEQ(&pd->nsaddr, + &nk->addr[pd->sidx], AF_INET6)) { + PF_ACPY(&pd->nsaddr, &nk->addr[pd->sidx], pd->af); + PF_ACPY(pd->src, &nk->addr[pd->sidx], pd->af); + } - if (PF_ANEQ(daddr, - &nk->addr[pd->didx], AF_INET6)) - PF_ACPY(daddr, &nk->addr[pd->didx], pd->af); + if (PF_ANEQ(&pd->ndaddr, + &nk->addr[pd->didx], AF_INET6)) { + PF_ACPY(&pd->ndaddr, &nk->addr[pd->didx], pd->af); + PF_ACPY(pd->dst, &nk->addr[pd->didx], pd->af); + } break; #endif /* INET */ } @@ -5151,10 +5174,10 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, r->skip[PF_SKIP_AF]); PF_TEST_ATTRIB(r->proto && r->proto != pd->proto, r->skip[PF_SKIP_PROTO]); - PF_TEST_ATTRIB(PF_MISMATCHAW(&r->src.addr, saddr, pd->af, + PF_TEST_ATTRIB(PF_MISMATCHAW(&r->src.addr, &pd->nsaddr, pd->af, r->src.neg, pd->kif, M_GETFIB(pd->m)), r->skip[PF_SKIP_SRC_ADDR]); - PF_TEST_ATTRIB(PF_MISMATCHAW(&r->dst.addr, daddr, pd->af, + PF_TEST_ATTRIB(PF_MISMATCHAW(&r->dst.addr, &pd->ndaddr, pd->af, r->dst.neg, NULL, M_GETFIB(pd->m)), r->skip[PF_SKIP_DST_ADDR]); switch (pd->virtual_proto) { @@ -5180,11 +5203,11 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, case IPPROTO_UDP: /* tcp/udp only. port_op always 0 in other cases */ PF_TEST_ATTRIB(r->src.port_op && !pf_match_port(r->src.port_op, - r->src.port[0], r->src.port[1], sport), + r->src.port[0], r->src.port[1], pd->nsport), r->skip[PF_SKIP_SRC_PORT]); /* tcp/udp only. port_op always 0 in other cases */ PF_TEST_ATTRIB(r->dst.port_op && !pf_match_port(r->dst.port_op, - r->dst.port[0], r->dst.port[1], dport), + r->dst.port[0], r->dst.port[1], pd->ndport), r->skip[PF_SKIP_DST_PORT]); /* tcp/udp only. uid.op always 0 in other cases */ PF_TEST_ATTRIB(r->uid.op && (pd->lookup.done || (pd->lookup.done = @@ -5539,7 +5562,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, __func__, nr, sk, nk)); MPASS(pd->sport == NULL || (pd->osport == *pd->sport)); MPASS(pd->dport == NULL || (pd->odport == *pd->dport)); - sk = pf_state_key_setup(pd, pd->src, pd->dst, pd->osport, pd->odport); + sk = pf_state_key_setup(pd, pd->osport, pd->odport); if (sk == NULL) goto csfailed; nk = sk; diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 10129a5fab46..c216ea9f7214 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -64,13 +64,10 @@ VNET_DEFINE_STATIC(int, pf_rdr_srcport_rewrite_tries) = 16; static void pf_hash(struct pf_addr *, struct pf_addr *, struct pf_poolhashkey *, sa_family_t); static struct pf_krule *pf_match_translation(struct pf_pdesc *, - struct pf_addr *, u_int16_t, - struct pf_addr *, uint16_t, int, - struct pf_kanchor_stackframe *); -static int pf_get_sport(sa_family_t, uint8_t, struct pf_krule *, - struct pf_addr *, uint16_t, struct pf_addr *, uint16_t, struct pf_addr *, - uint16_t *, uint16_t, uint16_t, struct pf_ksrc_node **, struct pf_srchash**, - struct pf_udp_mapping **); + int, struct pf_kanchor_stackframe *); +static int pf_get_sport(struct pf_pdesc *, struct pf_krule *, + struct pf_addr *, uint16_t *, uint16_t, uint16_t, struct pf_ksrc_node **, + struct pf_srchash **, struct pf_udp_mapping **); static bool pf_islinklocal(const sa_family_t, const struct pf_addr *); #define mix(a,b,c) \ @@ -132,9 +129,7 @@ pf_hash(struct pf_addr *inaddr, struct pf_addr *hash, static struct pf_krule * pf_match_translation(struct pf_pdesc *pd, - struct pf_addr *saddr, u_int16_t sport, - struct pf_addr *daddr, uint16_t dport, int rs_num, - struct pf_kanchor_stackframe *anchor_stack) + int rs_num, struct pf_kanchor_stackframe *anchor_stack) { struct pf_krule *r, *rm = NULL; struct pf_kruleset *ruleset = NULL; @@ -165,24 +160,24 @@ pf_match_translation(struct pf_pdesc *pd, r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != pd->proto) r = r->skip[PF_SKIP_PROTO]; - else if (PF_MISMATCHAW(&src->addr, saddr, pd->af, + else if (PF_MISMATCHAW(&src->addr, &pd->nsaddr, pd->af, src->neg, pd->kif, M_GETFIB(pd->m))) r = r->skip[src == &r->src ? PF_SKIP_SRC_ADDR : PF_SKIP_DST_ADDR]; else if (src->port_op && !pf_match_port(src->port_op, - src->port[0], src->port[1], sport)) + src->port[0], src->port[1], pd->nsport)) r = r->skip[src == &r->src ? PF_SKIP_SRC_PORT : PF_SKIP_DST_PORT]; else if (dst != NULL && - PF_MISMATCHAW(&dst->addr, daddr, pd->af, dst->neg, NULL, + PF_MISMATCHAW(&dst->addr, &pd->ndaddr, pd->af, dst->neg, NULL, M_GETFIB(pd->m))) r = r->skip[PF_SKIP_DST_ADDR]; - else if (xdst != NULL && PF_MISMATCHAW(xdst, daddr, pd->af, + else if (xdst != NULL && PF_MISMATCHAW(xdst, &pd->ndaddr, pd->af, 0, NULL, M_GETFIB(pd->m))) r = TAILQ_NEXT(r, entries); else if (dst != NULL && dst->port_op && !pf_match_port(dst->port_op, dst->port[0], - dst->port[1], dport)) + dst->port[1], pd->ndport)) r = r->skip[PF_SKIP_DST_PORT]; else if (r->match_tag && !pf_match_tag(pd->m, r, &tag, pd->pf_mtag ? pd->pf_mtag->tag : 0)) @@ -222,11 +217,10 @@ pf_match_translation(struct pf_pdesc *pd, } static int -pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, - struct pf_addr *saddr, uint16_t sport, struct pf_addr *daddr, - uint16_t dport, struct pf_addr *naddr, uint16_t *nport, uint16_t low, - uint16_t high, struct pf_ksrc_node **sn, struct pf_srchash **sh, - struct pf_udp_mapping **udp_mapping) +pf_get_sport(struct pf_pdesc *pd, struct pf_krule *r, + struct pf_addr *naddr, uint16_t *nport, uint16_t low, + uint16_t high, struct pf_ksrc_node **sn, + struct pf_srchash **sh, struct pf_udp_mapping **udp_mapping) { struct pf_state_key_cmp key; struct pf_addr init_addr; @@ -240,35 +234,36 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, * from the mapping. In this case we have to look up the src_node as * pf_map_addr would. */ - if (proto == IPPROTO_UDP && (r->rdr.opts & PF_POOL_ENDPI)) { + if (pd->proto == IPPROTO_UDP && (r->rdr.opts & PF_POOL_ENDPI)) { struct pf_udp_endpoint_cmp udp_source; bzero(&udp_source, sizeof(udp_source)); - udp_source.af = af; - PF_ACPY(&udp_source.addr, saddr, af); - udp_source.port = sport; + udp_source.af = pd->af; + PF_ACPY(&udp_source.addr, &pd->nsaddr, pd->af); + udp_source.port = pd->nsport; *udp_mapping = pf_udp_mapping_find(&udp_source); if (*udp_mapping) { - PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, af); + PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, pd->af); *nport = (*udp_mapping)->endpoints[1].port; /* Try to find a src_node as per pf_map_addr(). */ if (*sn == NULL && r->rdr.opts & PF_POOL_STICKYADDR && (r->rdr.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) - *sn = pf_find_src_node(saddr, r, af, sh, false); + *sn = pf_find_src_node(&pd->nsaddr, r, pd->af, sh, false); if (*sn != NULL) PF_SRC_NODE_UNLOCK(*sn); return (0); } else { - *udp_mapping = pf_udp_mapping_create(af, saddr, sport, &init_addr, 0); + *udp_mapping = pf_udp_mapping_create(pd->af, &pd->nsaddr, + pd->nsport, &init_addr, 0); if (*udp_mapping == NULL) return (1); } } - if (pf_map_addr_sn(af, r, saddr, naddr, NULL, &init_addr, sn, sh)) + if (pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, NULL, &init_addr, sn, sh)) goto failed; - if (proto == IPPROTO_ICMP) { + if (pd->proto == IPPROTO_ICMP) { if (*nport == htons(ICMP_ECHO)) { low = 1; high = 65535; @@ -276,7 +271,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, return (0); /* Don't try to modify non-echo ICMP */ } #ifdef INET6 - if (proto == IPPROTO_ICMPV6) { + if (pd->proto == IPPROTO_ICMPV6) { if (*nport == htons(ICMP6_ECHO_REQUEST)) { low = 1; high = 65535; @@ -286,37 +281,37 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, #endif /* INET6 */ bzero(&key, sizeof(key)); - key.af = af; - key.proto = proto; - key.port[0] = dport; - PF_ACPY(&key.addr[0], daddr, key.af); + key.af = pd->af; + key.proto = pd->proto; + key.port[0] = pd->ndport; + PF_ACPY(&key.addr[0], &pd->ndaddr, key.af); do { PF_ACPY(&key.addr[1], naddr, key.af); if (*udp_mapping) - PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, af); + PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, pd->af); /* * port search; start random, step; * similar 2 portloop in in_pcbbind */ - if (proto == IPPROTO_SCTP) { - key.port[1] = sport; + if (pd->proto == IPPROTO_SCTP) { + key.port[1] = pd->nsport; if (!pf_find_state_all_exists(&key, PF_IN)) { - *nport = sport; + *nport = pd->nsport; return (0); } else { return (1); /* Fail mapping. */ } - } else if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP || - proto == IPPROTO_ICMP) || (low == 0 && high == 0)) { + } else if (!(pd->proto == IPPROTO_TCP || pd->proto == IPPROTO_UDP || + pd->proto == IPPROTO_ICMP) || (low == 0 && high == 0)) { /* * XXX bug: icmp states don't use the id on both sides. * (traceroute -I through nat) */ - key.port[1] = sport; + key.port[1] = pd->nsport; if (!pf_find_state_all_exists(&key, PF_IN)) { - *nport = sport; + *nport = pd->nsport; return (0); } } else if (low == high) { @@ -362,7 +357,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, } tmp = cut; for (tmp -= 1; tmp >= low && tmp <= 0xffff; --tmp) { - if (proto == IPPROTO_UDP && + if (pd->proto == IPPROTO_UDP && (r->rdr.opts & PF_POOL_ENDPI)) { (*udp_mapping)->endpoints[1].port = htons(tmp); if (pf_udp_mapping_insert(*udp_mapping) == 0) { @@ -387,7 +382,8 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, * of free port choices for the current one. */ (*sn) = NULL; - if (pf_map_addr_sn(af, r, saddr, naddr, NULL, &init_addr, sn, sh)) + if (pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, NULL, + &init_addr, sn, sh)) return (1); break; case PF_POOL_NONE: @@ -396,7 +392,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, default: return (1); } - } while (! PF_AEQ(&init_addr, naddr, af) ); + } while (! PF_AEQ(&init_addr, naddr, pd->af) ); failed: uma_zfree(V_pf_udp_mapping_z, *udp_mapping); @@ -413,9 +409,8 @@ pf_islinklocal(const sa_family_t af, const struct pf_addr *addr) } static int -pf_get_mape_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, - struct pf_addr *saddr, uint16_t sport, struct pf_addr *daddr, - uint16_t dport, struct pf_addr *naddr, uint16_t *nport, +pf_get_mape_sport(struct pf_pdesc *pd, struct pf_krule *r, + struct pf_addr *naddr, uint16_t *nport, struct pf_ksrc_node **sn, struct pf_srchash **sh, struct pf_udp_mapping **udp_mapping) { @@ -436,13 +431,13 @@ pf_get_mape_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, for (i = cut; i <= ahigh; i++) { low = (i << ashift) | psmask; - if (!pf_get_sport(af, proto, r, saddr, sport, daddr, dport, + if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, sn, sh, udp_mapping)) return (0); } for (i = cut - 1; i > 0; i--) { low = (i << ashift) | psmask; - if (!pf_get_sport(af, proto, r, saddr, sport, daddr, dport, + if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, sn, sh, udp_mapping)) return (0); } @@ -699,8 +694,7 @@ done: u_short pf_get_translation(struct pf_pdesc *pd, int off, - struct pf_state_key **skp, struct pf_state_key **nkp, struct pf_addr *saddr, - struct pf_addr *daddr, uint16_t sport, uint16_t dport, + struct pf_state_key **skp, struct pf_state_key **nkp, struct pf_kanchor_stackframe *anchor_stack, struct pf_krule **rp, struct pf_udp_mapping **udp_mapping) { @@ -719,19 +713,13 @@ pf_get_translation(struct pf_pdesc *pd, int off, *rp = NULL; if (pd->dir == PF_OUT) { - r = pf_match_translation(pd, saddr, - sport, daddr, dport, PF_RULESET_BINAT, anchor_stack); + r = pf_match_translation(pd, PF_RULESET_BINAT, anchor_stack); if (r == NULL) - r = pf_match_translation(pd, - saddr, sport, daddr, dport, PF_RULESET_NAT, - anchor_stack); + r = pf_match_translation(pd, PF_RULESET_NAT, anchor_stack); } else { - r = pf_match_translation(pd, saddr, - sport, daddr, dport, PF_RULESET_RDR, anchor_stack); + r = pf_match_translation(pd, PF_RULESET_RDR, anchor_stack); if (r == NULL) - r = pf_match_translation(pd, - saddr, sport, daddr, dport, PF_RULESET_BINAT, - anchor_stack); + r = pf_match_translation(pd, PF_RULESET_BINAT, anchor_stack); } if (r == NULL) @@ -744,7 +732,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, return (PFRES_MAX); } - *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport); + *skp = pf_state_key_setup(pd, pd->nsport, pd->ndport); if (*skp == NULL) return (PFRES_MEMORY); *nkp = pf_state_key_clone(*skp); @@ -767,9 +755,8 @@ pf_get_translation(struct pf_pdesc *pd, int off, high = r->rdr.proxy_port[1]; } if (r->rdr.mape.offset > 0) { - if (pf_get_mape_sport(pd->af, pd->proto, r, saddr, - sport, daddr, dport, naddr, nportp, &sn, &sh, - udp_mapping)) { + if (pf_get_mape_sport(pd, r, naddr, nportp, &sn, + &sh, udp_mapping)) { DPFPRINTF(PF_DEBUG_MISC, ("pf: MAP-E port allocation (%u/%u/%u)" " failed\n", @@ -779,9 +766,8 @@ pf_get_translation(struct pf_pdesc *pd, int off, reason = PFRES_MAPFAILED; goto notrans; } - } else if (pf_get_sport(pd->af, pd->proto, r, saddr, sport, - daddr, dport, naddr, nportp, low, high, &sn, &sh, - udp_mapping)) { + } else if (pf_get_sport(pd, r, naddr, nportp, low, high, &sn, + &sh, udp_mapping)) { DPFPRINTF(PF_DEBUG_MISC, ("pf: NAT proxy port allocation (%u-%u) failed\n", r->rdr.proxy_port[0], r->rdr.proxy_port[1])); @@ -805,7 +791,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, &r->rdr.cur->addr.p.dyn-> pfid_addr4, &r->rdr.cur->addr.p.dyn-> - pfid_mask4, saddr, AF_INET); + pfid_mask4, &pd->nsaddr, AF_INET); break; #endif /* INET */ #ifdef INET6 @@ -819,14 +805,14 @@ pf_get_translation(struct pf_pdesc *pd, int off, &r->rdr.cur->addr.p.dyn-> pfid_addr6, &r->rdr.cur->addr.p.dyn-> - pfid_mask6, saddr, AF_INET6); + pfid_mask6, &pd->nsaddr, AF_INET6); break; #endif /* INET6 */ } } else PF_POOLMASK(naddr, &r->rdr.cur->addr.v.a.addr, - &r->rdr.cur->addr.v.a.mask, saddr, + &r->rdr.cur->addr.v.a.mask, &pd->nsaddr, pd->af); break; case PF_IN: @@ -841,7 +827,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, PF_POOLMASK(naddr, &r->src.addr.p.dyn->pfid_addr4, &r->src.addr.p.dyn->pfid_mask4, - daddr, AF_INET); + &pd->ndaddr, AF_INET); break; #endif /* INET */ #ifdef INET6 @@ -853,13 +839,13 @@ pf_get_translation(struct pf_pdesc *pd, int off, PF_POOLMASK(naddr, &r->src.addr.p.dyn->pfid_addr6, &r->src.addr.p.dyn->pfid_mask6, - daddr, AF_INET6); + &pd->ndaddr, AF_INET6); break; #endif /* INET6 */ } } else PF_POOLMASK(naddr, &r->src.addr.v.a.addr, - &r->src.addr.v.a.mask, daddr, pd->af); + &r->src.addr.v.a.mask, &pd->ndaddr, pd->af); break; } break; @@ -868,12 +854,13 @@ pf_get_translation(struct pf_pdesc *pd, int off, int tries; uint16_t cut, low, high, nport; - reason = pf_map_addr_sn(pd->af, r, saddr, naddr, NULL, NULL, &sn, &sh); + reason = pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, NULL, + NULL, &sn, &sh); if (reason != 0) goto notrans; if ((r->rdr.opts & PF_POOL_TYPEMASK) == PF_POOL_BITMASK) PF_POOLMASK(naddr, naddr, &r->rdr.cur->addr.v.a.mask, - daddr, pd->af); + &pd->ndaddr, pd->af); /* Do not change SCTP ports. */ if (pd->proto == IPPROTO_SCTP) @@ -882,7 +869,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, if (r->rdr.proxy_port[1]) { uint32_t tmp_nport; - tmp_nport = ((ntohs(dport) - ntohs(r->dst.port[0])) % + tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) % (r->rdr.proxy_port[1] - r->rdr.proxy_port[0] + 1)) + r->rdr.proxy_port[0]; @@ -893,7 +880,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, } else if (r->rdr.proxy_port[0]) nport = htons(r->rdr.proxy_port[0]); else - nport = dport; + nport = pd->ndport; /* * Update the destination port. @@ -909,8 +896,8 @@ pf_get_translation(struct pf_pdesc *pd, int off, bzero(&key, sizeof(key)); key.af = pd->af; key.proto = pd->proto; - key.port[0] = sport; - PF_ACPY(&key.addr[0], saddr, key.af); + key.port[0] = pd->nsport; + PF_ACPY(&key.addr[0], &pd->nsaddr, key.af); key.port[1] = nport; PF_ACPY(&key.addr[1], naddr, key.af); @@ -957,7 +944,7 @@ pf_get_translation(struct pf_pdesc *pd, int off, out: DPFPRINTF(PF_DEBUG_MISC, ("pf: RDR source port allocation %u->%u\n", - ntohs(sport), ntohs((*nkp)->port[0]))); + ntohs(pd->nsport), ntohs((*nkp)->port[0]))); break; } default: From nobody Tue Dec 17 10:07:41 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDG3n48z5h0kc; Tue, 17 Dec 2024 10:07:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDG0Xd4z494Q; Tue, 17 Dec 2024 10:07:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430062; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nxecwl/n4gOxn4C9+Rw9Yn9ZGQWaDjK4y41vlAHFYW8=; b=Q86K29glqa7NZrMIuI00bB0fHeLfLr78690HauA/2dDn9AAVBSr0rfFYGOQMHtYQIIHLul YW9wIoyMIb6C7vnK4J0yWhadP9BTS0ag0s5OCs3HCtYjAnjkQXZNGdfihf4e+NBx0MtWKJ GkbyTsuoESrDB3vRGRmzrN3Y5L25hAmRwL7WA0FYwS4IuasVm79ywmIqgbt3x5ZCCIFgN8 IY2oTorvAKvLhss3wIYhWB9QTfaOWYy8MJKKNiXSiORqhfrZczJ49emqzT0RWzi/QNrDc2 5hy2XGtcBnSXs5ZUTQt0Bi3rIRgydpR9yr0g0f9QsfYoCUUh6efG+RgAFBKEWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430062; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nxecwl/n4gOxn4C9+Rw9Yn9ZGQWaDjK4y41vlAHFYW8=; b=psrO2M71VJ8sugej7A+ww5nqmlm+VUxyanzKp1B0hZPov7TR6toDNaPnutQsiHffoI/uJY KoMx2jtbal2gCgKNQDGwyDPJSo4lqho8aPilVg3YeEBJqVnD+D68LPeqOQF1HagfIR+wvF NWPu2VRCduRNJfmxJuLNc4IstaZVpjxF2PDwJmW3uJB6SNofnrO+8eXptU+XijoaJ7B10K diNnZIYZSZANdSr5PAsSX5ooDZLwV9RBi3vdM3+6XqJmnZSzEhMmxm78bNNRxp6/+qHJm8 edZrhm/l8B7R5qRr3vTzckhvqMkKUSx/p5ShSYxp/m/Ka9MvYY7Utl4eY1kaqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430062; a=rsa-sha256; cv=none; b=MWhUoAd4KlOJp1uzi0sOCTD2bO1QUueyT6CMmqGMIkA9jXFC4R0ZC67CA0MnBjLvKwVp3R QS5YXAa/qovf38gnumILf9xnCMaeIpw1qYy8LYwD1VWAan+4uZq8+whkzdPuaAg1o/2QhW L3u3alPFpMFvCtQMI4nUIwdMyF8PZFApYVtLq/rvNCteCvU+CbDMUPAKwBrsS/How+dIRk 4XoQCT7rt7kc3yjB1115K/OxUS5qlzXphKSnVonjQb+g+vtZaWQV/i0HHvuVd+KM4Jq4s8 YNsLvfHUiIpPId82KAayHqrGt8Gb0Ktxcq22mwHeRfNiqGFj2JHt5QMLS4U4QQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDG06ZWzJtt; Tue, 17 Dec 2024 10:07:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7fw2023338; Tue, 17 Dec 2024 10:07:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7fkH023335; Tue, 17 Dec 2024 10:07:41 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:41 GMT Message-Id: <202412171007.4BHA7fkH023335@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: e4e0f497429c - main - in: add in_mask2len() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e4e0f497429c635a02897d86c4eb5ec649cc2df8 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e4e0f497429c635a02897d86c4eb5ec649cc2df8 commit e4e0f497429c635a02897d86c4eb5ec649cc2df8 Author: Kristof Provost AuthorDate: 2024-10-22 08:45:06 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:12 +0000 in: add in_mask2len() Similar to the existing in6_mask2len() function, but for IPv4. This will be used by pf's nat64 code. Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47785 --- sys/netinet/in.c | 21 +++++++++++++++++++++ sys/netinet/in_var.h | 1 + 2 files changed, 22 insertions(+) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index c78f0f5758f7..a6f212e9d3ef 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -441,6 +441,27 @@ in_control_ioctl(u_long cmd, void *data, struct ifnet *ifp, return (error); } +int +in_mask2len(struct in_addr *mask) +{ + int x, y; + u_char *p; + + p = (u_char *)mask; + for (x = 0; x < sizeof(*mask); x++) { + if (p[x] != 0xff) + break; + } + y = 0; + if (x < sizeof(*mask)) { + for (y = 0; y < 8; y++) { + if ((p[x] & (0x80 >> y)) == 0) + break; + } + } + return (x * 8 + y); +} + int in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, struct thread *td) diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index b4bdb2a65fc8..1f6f6edb9219 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -459,6 +459,7 @@ int in_joingroup_locked(struct ifnet *, const struct in_addr *, int in_leavegroup(struct in_multi *, /*const*/ struct in_mfilter *); int in_leavegroup_locked(struct in_multi *, /*const*/ struct in_mfilter *); +int in_mask2len(struct in_addr *); int in_control(struct socket *, u_long, void *, struct ifnet *, struct thread *); int in_control_ioctl(u_long, void *, struct ifnet *, From nobody Tue Dec 17 10:07:43 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDH2f6Rz5h0hQ; Tue, 17 Dec 2024 10:07:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDH1WD1z49Qr; Tue, 17 Dec 2024 10:07:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H1yC6RJxwgcOzaMz2q/6Fi3Y+pYj+f2Ju44xzRn+9UM=; b=jr7TwsHqe7wEHRflZQz53sOL9Z9Zhw+A8KRU8v7cNJvgYiuLSUsgAcIxw6aQxeqG9bmuWH CjdrlpilfkA/McPvyk+2w7Yzhapy5iQOG9plhCt0whirTGLXbBBZYMkvvxcni59KTsB8n/ 6H4RJbxColoSM+1ckmWC4bBPHK5Au56FPwg+Hr8R4ZyCSNrEAtKUHEL6i8MK39hOc9rnRd Bf4zWm4cB6re4pVtuw1BM3wmJc3WCaQkXC/NmzLRz5D5R/9ey2M/lYRmoZ7hRBjihvpxbq IV79ry0mJqXkW9muJonDQ50J2Jd7ETKWY5tcflbdM6R3U1WRZn3ht/xbtLs8Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H1yC6RJxwgcOzaMz2q/6Fi3Y+pYj+f2Ju44xzRn+9UM=; b=oKImpBJrUP/y6V5UcicFSTpSHexlSL47I6APBUTBHtcbhq+kN4a4k1LyWamLK5kAM2mHdt BRxTtGFD2ydVBTFzwtI0ACUZCyKK5qbeVDqyaABrRetB16OY47kCta0nGbHKqQ/Ox6c9/s 5VCoTu/a2ltDwwIJJBik/zYorFkQOwvOahF/l8VduThFil5DGiZdegf8A3Yf4ybXd1qGsA v2N9KkfXnrn8V/TLu5VTgJ90NA63zDS/34+CXtCPks8r0R2oCTSVUUVXjkBHmLWU3ghyuw Iwv5ua2d+24WY9HEThunuRfJwrABmg3xZSqAdPzB012qn6qMnumCSP+tmU4wTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430063; a=rsa-sha256; cv=none; b=fwiuYdRL2+zuyoCP7J/tlY1Uk6nfBEawn/Ru1B2+/zEm3g0IkHxTvZSvvpuzW7jKj1Mt0j Bru9dwNbSqf218iCvXhW2pQafHvaqnzLipDmfCqfGtDelVYlifAhAZ6JGgjHOyTkaVq+rP xU2pDJrQbhqSA+Qrarybwu1RTtclt8F9Q8sSlUeTvZomg8BOIU6PmDm13BGEd/0ilbVcKK tU7Ds6LoRjAEGQAuCheidPIWd9+iEFNd9DHLIhZHV2o1eqPR7CksCjdpBrWM5CLkkgbLPH h9C9M6SzZksdToHcvcdFttyLsoMTLzDRfCOtDHnIp9oQ4urahVosCgP8Ulxa3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDH16FtzJvW; Tue, 17 Dec 2024 10:07:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7hWL023373; Tue, 17 Dec 2024 10:07:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7huu023370; Tue, 17 Dec 2024 10:07:43 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:43 GMT Message-Id: <202412171007.4BHA7huu023370@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: fcdb520c1b4e - main - pf: nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fcdb520c1b4e1a5d5a2e54cb916dccbc848d32ba Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=fcdb520c1b4e1a5d5a2e54cb916dccbc848d32ba commit fcdb520c1b4e1a5d5a2e54cb916dccbc848d32ba Author: Kristof Provost AuthorDate: 2024-10-07 08:52:01 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:12 +0000 pf: nat64 Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@ Obtained from: OpenBSD, claudio , 97326e01c9 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47786 --- sys/conf/files | 1 + sys/modules/pf/Makefile | 2 +- sys/net/if_pflog.h | 4 +- sys/net/pfvar.h | 33 +- sys/netpfil/pf/inet_nat64.c | 204 ++++++++ sys/netpfil/pf/pf.c | 1211 ++++++++++++++++++++++++++++++++++++++----- sys/netpfil/pf/pf.h | 5 +- sys/netpfil/pf/pf_ioctl.c | 1 + sys/netpfil/pf/pf_lb.c | 240 +++++++-- sys/netpfil/pf/pf_nl.c | 2 + sys/netpfil/pf/pf_nl.h | 1 + 11 files changed, 1523 insertions(+), 181 deletions(-) diff --git a/sys/conf/files b/sys/conf/files index c1b7aac99c4c..428a2805768c 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -4559,6 +4559,7 @@ netpfil/pf/pf_table.c optional pf inet netpfil/pf/pflow.c optional pflow pf inet netpfil/pf/pfsync_nv.c optional pfsync pf inet netpfil/pf/in4_cksum.c optional pf inet +netpfil/pf/inet_nat64.c optional pf inet netsmb/smb_conn.c optional netsmb netsmb/smb_crypt.c optional netsmb netsmb/smb_dev.c optional netsmb diff --git a/sys/modules/pf/Makefile b/sys/modules/pf/Makefile index 4a12730f3610..ad9790704cf1 100644 --- a/sys/modules/pf/Makefile +++ b/sys/modules/pf/Makefile @@ -2,7 +2,7 @@ KMOD= pf SRCS= pf.c pf_if.c pf_lb.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \ - pf_ruleset.c pf_nl.c pf_nv.c pf_syncookies.c in4_cksum.c \ + pf_ruleset.c pf_nl.c pf_nv.c pf_syncookies.c in4_cksum.c inet_nat64.c \ bus_if.h device_if.h \ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_sctp.h opt_global.h \ opt_kern_tls.h diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index b2052d5bd5f3..9734ca245eda 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -51,7 +51,9 @@ struct pfloghdr { uid_t rule_uid; pid_t rule_pid; u_int8_t dir; - u_int8_t pad[3]; + u_int8_t pad1; /* rewritten, on OpenBSD */ + sa_family_t naf; + u_int8_t pad[1]; u_int32_t ridentifier; u_int8_t reserve; /* Appease broken software like Wireshark. */ u_int8_t pad2[3]; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 232fa404e1d9..094bc38c4a1b 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -864,6 +864,7 @@ struct pf_krule { u_int8_t flush; u_int8_t prio; u_int8_t set_prio[2]; + sa_family_t naf; struct { struct pf_addr addr; @@ -986,6 +987,10 @@ struct pf_state_key { TAILQ_HEAD(, pf_kstate) states[2]; }; +#define PF_REVERSED_KEY(key, family) \ + ((key[PF_SK_WIRE]->af != key[PF_SK_STACK]->af) && \ + (key[PF_SK_WIRE]->af != (family))) + /* Keep synced with struct pf_kstate. */ struct pf_state_cmp { u_int64_t id; @@ -1630,6 +1635,7 @@ struct pf_pdesc { #define PF_VPROTO_FRAGMENT 256 int extoff; sa_family_t af; + sa_family_t naf; u_int8_t proto; u_int8_t tos; u_int8_t ttl; @@ -2429,6 +2435,9 @@ int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *, int); int pf_socket_lookup(struct pf_pdesc *); struct pf_state_key *pf_alloc_state_key(int); +int pf_translate(struct pf_pdesc *, struct pf_addr *, u_int16_t, + struct pf_addr *, u_int16_t, u_int16_t, int); +int pf_translate_af(struct pf_pdesc *); void pfr_initialize(void); void pfr_cleanup(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); @@ -2642,18 +2651,23 @@ int pf_step_out_of_keth_anchor(struct pf_keth_anchor_stackframe *, u_short pf_map_addr(u_int8_t, struct pf_krule *, struct pf_addr *, struct pf_addr *, - struct pfi_kkif **nkif, struct pf_addr *); + struct pfi_kkif **nkif, struct pf_addr *, + struct pf_kpool *); u_short pf_map_addr_sn(u_int8_t, struct pf_krule *, struct pf_addr *, struct pf_addr *, struct pfi_kkif **nkif, struct pf_addr *, - struct pf_ksrc_node **, struct pf_srchash **); + struct pf_ksrc_node **, struct pf_srchash **, + struct pf_kpool *); +int pf_get_transaddr_af(struct pf_krule *, + struct pf_pdesc *); u_short pf_get_translation(struct pf_pdesc *, int, struct pf_state_key **, struct pf_state_key **, struct pf_kanchor_stackframe *, struct pf_krule **, struct pf_udp_mapping **udp_mapping); -struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, - u_int16_t, u_int16_t); +int pf_state_key_setup(struct pf_pdesc *, + u_int16_t, u_int16_t, + struct pf_state_key **sk, struct pf_state_key **nk); struct pf_state_key *pf_state_key_clone(const struct pf_state_key *); void pf_rule_to_actions(struct pf_krule *, struct pf_rule_actions *); @@ -2665,6 +2679,17 @@ void pf_scrub(struct pf_pdesc *); struct pfi_kkif *pf_kkif_create(int); void pf_kkif_free(struct pfi_kkif *); void pf_kkif_zero(struct pfi_kkif *); + + +/* NAT64 functions. */ +int inet_nat64(int, const void *, void *, const void *, u_int8_t); +int inet_nat64_inet(const void *, void *, const void *, u_int8_t); +int inet_nat64_inet6(const void *, void *, const void *, u_int8_t); + +int inet_nat46(int, const void *, void *, const void *, u_int8_t); +int inet_nat46_inet(const void *, void *, const void *, u_int8_t); +int inet_nat46_inet6(const void *, void *, const void *, u_int8_t); + #endif /* _KERNEL */ #endif /* _NET_PFVAR_H_ */ diff --git a/sys/netpfil/pf/inet_nat64.c b/sys/netpfil/pf/inet_nat64.c new file mode 100644 index 000000000000..7f62814c2383 --- /dev/null +++ b/sys/netpfil/pf/inet_nat64.c @@ -0,0 +1,204 @@ +/* $OpenBSD: inet_nat64.c,v 1.1 2011/10/13 18:23:40 claudio Exp $ */ +/* $vantronix: inet_nat64.c,v 1.2 2011/02/28 14:57:58 mike Exp $ */ + +/* + * Copyright (c) 2011 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +union inet_nat64_addr { + u_int32_t u32[4]; + u_int8_t u8[16]; +}; + +static u_int32_t +inet_nat64_mask(u_int32_t src, u_int32_t pfx, u_int8_t pfxlen) +{ + u_int32_t u32; + if (pfxlen == 0) + return (src); + else if (pfxlen > 32) + pfxlen = 32; + u32 = + (src & ~htonl(0xffffffff << (32 - pfxlen))) | + (pfx & htonl(0xffffffff << (32 - pfxlen))); + return (u32); + +} + +int +inet_nat64(int af, const void *src, void *dst, + const void *pfx, u_int8_t pfxlen) +{ + switch (af) { + case AF_INET: + return (inet_nat64_inet(src, dst, pfx, pfxlen)); + case AF_INET6: + return (inet_nat64_inet6(src, dst, pfx, pfxlen)); + default: +#ifndef _KERNEL + errno = EAFNOSUPPORT; +#endif + return (-1); + } + /* NOTREACHED */ +} + +int +inet_nat64_inet(const void *src, void *dst, const void *pfx, u_int8_t pfxlen) +{ + const union inet_nat64_addr *s = src; + const union inet_nat64_addr *p = pfx; + union inet_nat64_addr *d = dst; + int i, j; + + switch (pfxlen) { + case 32: + case 40: + case 48: + case 56: + case 64: + case 96: + i = pfxlen / 8; + break; + default: + if (pfxlen < 96 || pfxlen > 128) { +#ifndef _KERNEL + errno = EINVAL; +#endif + return (-1); + } + + /* as an extension, mask out any other bits */ + d->u32[0] = inet_nat64_mask(s->u32[3], p->u32[3], + (u_int8_t)(32 - (128 - pfxlen))); + return (0); + } + + /* fill the octets with the source and skip reserved octet 8 */ + for (j = 0; j < 4; j++) { + if (i == 8) + i++; + d->u8[j] = s->u8[i++]; + } + + return (0); +} + +int +inet_nat64_inet6(const void *src, void *dst, const void *pfx, u_int8_t pfxlen) +{ + const union inet_nat64_addr *s = src; + const union inet_nat64_addr *p = pfx; + union inet_nat64_addr *d = dst; + int i, j; + + /* first copy the prefix octets to the destination */ + *d = *p; + + switch (pfxlen) { + case 32: + case 40: + case 48: + case 56: + case 64: + case 96: + i = pfxlen / 8; + break; + default: + if (pfxlen < 96 || pfxlen > 128) { +#ifndef _KERNEL + errno = EINVAL; +#endif + return (-1); + } + + /* as an extension, mask out any other bits */ + d->u32[3] = inet_nat64_mask(s->u32[0], p->u32[3], + (u_int8_t)(32 - (128 - pfxlen))); + return (0); + } + + /* octet 8 is reserved and must be set to zero */ + d->u8[8] = 0; + + /* fill the other octets with the source and skip octet 8 */ + for (j = 0; j < 4; j++) { + if (i == 8) + i++; + d->u8[i++] = s->u8[j]; + } + + return (0); +} + +int +inet_nat46(int af, const void *src, void *dst, + const void *pfx, u_int8_t pfxlen) +{ + if (pfxlen > 32) { +#ifndef _KERNEL + errno = EINVAL; +#endif + return (-1); + } + + switch (af) { + case AF_INET: + return (inet_nat46_inet(src, dst, pfx, pfxlen)); + case AF_INET6: + return (inet_nat46_inet6(src, dst, pfx, pfxlen)); + default: +#ifndef _KERNEL + errno = EAFNOSUPPORT; +#endif + return (-1); + } + /* NOTREACHED */ +} + +int +inet_nat46_inet(const void *src, void *dst, const void *pfx, u_int8_t pfxlen) +{ + const union inet_nat64_addr *s = src; + const union inet_nat64_addr *p = pfx; + union inet_nat64_addr *d = dst; + + /* set the remaining bits to the source */ + d->u32[0] = inet_nat64_mask(s->u32[3], p->u32[0], pfxlen); + + return (0); +} + +int +inet_nat46_inet6(const void *src, void *dst, const void *pfx, u_int8_t pfxlen) +{ + const union inet_nat64_addr *s = src; + const union inet_nat64_addr *p = pfx; + union inet_nat64_addr *d = dst; + + /* set the initial octets to zero */ + d->u32[0] = d->u32[1] = d->u32[2] = 0; + + /* now set the remaining bits to the source */ + d->u32[3] = inet_nat64_mask(s->u32[0], p->u32[0], pfxlen); + + return (0); +} diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 95000bf0fd48..860f9a8fce64 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -301,7 +301,7 @@ static int pf_check_threshold(struct pf_threshold *); static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, u_int16_t *, u_int16_t *, struct pf_addr *, - u_int16_t, u_int8_t, sa_family_t); + u_int16_t, u_int8_t, sa_family_t, sa_family_t); static int pf_modulate_sack(struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, @@ -310,6 +310,11 @@ static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, u_int16_t *, u_int8_t, sa_family_t); +int pf_change_icmp_af(struct mbuf *, int, + struct pf_pdesc *, struct pf_pdesc *, + struct pf_addr *, struct pf_addr *, sa_family_t, + sa_family_t); +int pf_translate_icmp_af(int, void *); static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t, sa_family_t, struct pf_krule *, int); static void pf_detach_state(struct pf_kstate *); @@ -607,11 +612,11 @@ pf_packet_rework_nat(struct mbuf *m, struct pf_pdesc *pd, int off, if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) pf_change_ap(m, pd->src, &th->th_sport, pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx], - nk->port[pd->sidx], 0, pd->af); + nk->port[pd->sidx], 0, pd->af, pd->naf); if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) pf_change_ap(m, pd->dst, &th->th_dport, pd->ip_sum, &th->th_sum, &nk->addr[pd->didx], - nk->port[pd->didx], 0, pd->af); + nk->port[pd->didx], 0, pd->af, pd->naf); m_copyback(m, off, sizeof(*th), (caddr_t)th); break; } @@ -621,11 +626,11 @@ pf_packet_rework_nat(struct mbuf *m, struct pf_pdesc *pd, int off, if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum, &uh->uh_sum, &nk->addr[pd->sidx], - nk->port[pd->sidx], 1, pd->af); + nk->port[pd->sidx], 1, pd->af, pd->naf); if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum, &uh->uh_sum, &nk->addr[pd->didx], - nk->port[pd->didx], 1, pd->af); + nk->port[pd->didx], 1, pd->af, pd->naf); m_copyback(m, off, sizeof(*uh), (caddr_t)uh); break; } @@ -636,12 +641,12 @@ pf_packet_rework_nat(struct mbuf *m, struct pf_pdesc *pd, int off, if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) { pf_change_ap(m, pd->src, &sh->src_port, pd->ip_sum, &checksum, &nk->addr[pd->sidx], - nk->port[pd->sidx], 1, pd->af); + nk->port[pd->sidx], 1, pd->af, pd->naf); } if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) { pf_change_ap(m, pd->dst, &sh->dest_port, pd->ip_sum, &checksum, &nk->addr[pd->didx], - nk->port[pd->didx], 1, pd->af); + nk->port[pd->didx], 1, pd->af, pd->naf); } break; @@ -1423,7 +1428,12 @@ keyattach: PF_HASHROW_LOCK(ih); if (si->kif == s->kif && - si->direction == s->direction) { + ((si->key[PF_SK_WIRE]->af == sk->af && + si->direction == s->direction) || + (si->key[PF_SK_WIRE]->af != + si->key[PF_SK_STACK]->af && + sk->af == si->key[PF_SK_STACK]->af && + si->direction != s->direction))) { if (sk->proto == IPPROTO_TCP && si->src.state >= TCPS_FIN_WAIT_2 && si->dst.state >= TCPS_FIN_WAIT_2) { @@ -1652,27 +1662,65 @@ copy: return (0); } -struct pf_state_key * -pf_state_key_setup(struct pf_pdesc *pd, u_int16_t sport, u_int16_t dport) +int +pf_state_key_setup(struct pf_pdesc *pd, u_int16_t sport, u_int16_t dport, + struct pf_state_key **sk, struct pf_state_key **nk) { - struct pf_state_key *sk; - - sk = uma_zalloc(V_pf_state_key_z, M_NOWAIT); - if (sk == NULL) - return (NULL); + *sk = uma_zalloc(V_pf_state_key_z, M_NOWAIT); + if (*sk == NULL) + return (ENOMEM); - if (pf_state_key_addr_setup(pd, (struct pf_state_key_cmp *)sk, + if (pf_state_key_addr_setup(pd, (struct pf_state_key_cmp *)*sk, 0)) { - uma_zfree(V_pf_state_key_z, sk); - return (NULL); + uma_zfree(V_pf_state_key_z, *sk); + *sk = NULL; + return (ENOMEM); } - sk->port[pd->sidx] = sport; - sk->port[pd->didx] = dport; - sk->proto = pd->proto; - sk->af = pd->af; + (*sk)->port[pd->sidx] = sport; + (*sk)->port[pd->didx] = dport; + (*sk)->proto = pd->proto; + (*sk)->af = pd->af; - return (sk); + *nk = pf_state_key_clone(*sk); + if (*nk == NULL) { + uma_zfree(V_pf_state_key_z, *sk); + *sk = NULL; + return (ENOMEM); + } + + if (pd->af != pd->naf) { + (*sk)->port[pd->sidx] = pd->osport; + (*sk)->port[pd->didx] = pd->odport; + + (*nk)->af = pd->naf; + + /* + * We're overwriting an address here, so potentially there's bits of an IPv6 + * address left in here. Clear that out first. + */ + bzero(&(*nk)->addr[0], sizeof((*nk)->addr[0])); + bzero(&(*nk)->addr[1], sizeof((*nk)->addr[1])); + + PF_ACPY(&(*nk)->addr[pd->af == pd->naf ? pd->sidx : pd->didx], + &pd->nsaddr, pd->naf); + PF_ACPY(&(*nk)->addr[pd->af == pd->naf ? pd->didx : pd->sidx], + &pd->ndaddr, pd->naf); + (*nk)->port[pd->af == pd->naf ? pd->sidx : pd->didx] = pd->nsport; + (*nk)->port[pd->af == pd->naf ? pd->didx : pd->sidx] = pd->ndport; + switch (pd->proto) { + case IPPROTO_ICMP: + (*nk)->proto = IPPROTO_ICMPV6; + break; + case IPPROTO_ICMPV6: + (*nk)->proto = IPPROTO_ICMP; + break; + default: + (*nk)->proto = pd->proto; + } + } + + return (0); } struct pf_state_key * @@ -1816,6 +1864,28 @@ pf_find_state(struct pfi_kkif *kif, const struct pf_state_key_cmp *key, } return (s); } + + /* Look through the other list, in case of AF-TO */ + idx = idx == PF_SK_WIRE ? PF_SK_STACK : PF_SK_WIRE; + TAILQ_FOREACH(s, &sk->states[idx], key_list[idx]) { + if (s->key[PF_SK_WIRE]->af == s->key[PF_SK_STACK]->af) + continue; + if (s->kif == V_pfi_all || s->kif == kif || s->orig_kif == kif) { + PF_STATE_LOCK(s); + PF_HASHROW_UNLOCK(kh); + if (__predict_false(s->timeout >= PFTM_MAX)) { + /* + * State is either being processed by + * pf_unlink_state() in an other thread, or + * is scheduled for immediate expiry. + */ + PF_STATE_UNLOCK(s); + return (NULL); + } + return (s); + } + } + PF_HASHROW_UNLOCK(kh); return (NULL); @@ -3024,6 +3094,7 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw1, struct pf_addr_wrap *aw2) return (0); case PF_ADDR_DYNIFTL: return (aw1->p.dyn->pfid_kt != aw2->p.dyn->pfid_kt); + case PF_ADDR_NONE: case PF_ADDR_NOROUTE: case PF_ADDR_URPFFAILED: return (0); @@ -3123,13 +3194,14 @@ pf_proto_cksum_fixup(struct mbuf *m, u_int16_t cksum, u_int16_t old, static void pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc, struct pf_addr *an, u_int16_t pn, u_int8_t u, - sa_family_t af) + sa_family_t af, sa_family_t naf) { struct pf_addr ao; u_int16_t po = *p; PF_ACPY(&ao, a, af); - PF_ACPY(a, an, af); + if (af == naf) + PF_ACPY(a, an, af); if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) *pc = ~*pc; @@ -3139,33 +3211,77 @@ pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic, switch (af) { #ifdef INET case AF_INET: - *ic = pf_cksum_fixup(pf_cksum_fixup(*ic, - ao.addr16[0], an->addr16[0], 0), - ao.addr16[1], an->addr16[1], 0); - *p = pn; + switch (naf) { + case AF_INET: + *ic = pf_cksum_fixup(pf_cksum_fixup(*ic, + ao.addr16[0], an->addr16[0], 0), + ao.addr16[1], an->addr16[1], 0); + *p = pn; - *pc = pf_cksum_fixup(pf_cksum_fixup(*pc, - ao.addr16[0], an->addr16[0], u), - ao.addr16[1], an->addr16[1], u); + *pc = pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u); - *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; +#ifdef INET6 + case AF_INET6: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + 0, an->addr16[2], u), + 0, an->addr16[3], u), + 0, an->addr16[4], u), + 0, an->addr16[5], u), + 0, an->addr16[6], u), + 0, an->addr16[7], u), + po, pn, u); + + /* XXXKP TODO *ic checksum? */ + break; +#endif /* INET6 */ + } break; #endif /* INET */ #ifdef INET6 case AF_INET6: - *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( - pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( - pf_cksum_fixup(pf_cksum_fixup(*pc, - ao.addr16[0], an->addr16[0], u), - ao.addr16[1], an->addr16[1], u), - ao.addr16[2], an->addr16[2], u), - ao.addr16[3], an->addr16[3], u), - ao.addr16[4], an->addr16[4], u), - ao.addr16[5], an->addr16[5], u), - ao.addr16[6], an->addr16[6], u), - ao.addr16[7], an->addr16[7], u); - - *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + switch (naf) { +#ifdef INET + case AF_INET: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + ao.addr16[2], 0, u), + ao.addr16[3], 0, u), + ao.addr16[4], 0, u), + ao.addr16[5], 0, u), + ao.addr16[6], 0, u), + ao.addr16[7], 0, u), + po, pn, u); + + /* XXXKP TODO *ic checksum? */ + break; +#endif /* INET */ + case AF_INET6: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + ao.addr16[2], an->addr16[2], u), + ao.addr16[3], an->addr16[3], u), + ao.addr16[4], an->addr16[4], u), + ao.addr16[5], an->addr16[5], u), + ao.addr16[6], an->addr16[6], u), + ao.addr16[7], an->addr16[7], u); + + *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + } break; #endif /* INET6 */ } @@ -3314,6 +3430,394 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa, } } +int +pf_translate_af(struct pf_pdesc *pd) +{ +#if defined(INET) && defined(INET6) + struct mbuf *mp; + struct ip *ip4; + struct ip6_hdr *ip6; + struct icmp6_hdr *icmp; + int hlen; + + hlen = pd->naf == AF_INET ? sizeof(*ip4) : sizeof(*ip6); + + /* trim the old header */ + m_adj(pd->m, pd->off); + + /* prepend a new one */ + M_PREPEND(pd->m, hlen, M_NOWAIT); + if (pd->m == NULL) + return (-1); + + switch (pd->naf) { + case AF_INET: + ip4 = mtod(pd->m, struct ip *); + bzero(ip4, hlen); + ip4->ip_v = IPVERSION; + ip4->ip_hl = hlen >> 2; + ip4->ip_len = htons(hlen + (pd->tot_len - pd->off)); + ip_fillid(ip4); + ip4->ip_off = htons(IP_DF); + ip4->ip_ttl = pd->ttl; + ip4->ip_p = pd->proto; + ip4->ip_src = pd->nsaddr.v4; + ip4->ip_dst = pd->ndaddr.v4; + pd->src = (struct pf_addr *)&ip4->ip_src; + pd->dst = (struct pf_addr *)&ip4->ip_dst; + break; + case AF_INET6: + ip6 = mtod(pd->m, struct ip6_hdr *); + bzero(ip6, hlen); + ip6->ip6_vfc = IPV6_VERSION; + ip6->ip6_plen = htons(pd->tot_len - pd->off); + ip6->ip6_nxt = pd->proto; + if (!pd->ttl || pd->ttl > IPV6_DEFHLIM) + ip6->ip6_hlim = IPV6_DEFHLIM; + else + ip6->ip6_hlim = pd->ttl; + ip6->ip6_src = pd->nsaddr.v6; + ip6->ip6_dst = pd->ndaddr.v6; + pd->src = (struct pf_addr *)&ip6->ip6_src; + pd->dst = (struct pf_addr *)&ip6->ip6_dst; + break; + default: + return (-1); + } + + /* recalculate icmp/icmp6 checksums */ + if (pd->proto == IPPROTO_ICMP || pd->proto == IPPROTO_ICMPV6) { + int off; + if ((mp = m_pulldown(pd->m, hlen, sizeof(*icmp), &off)) == + NULL) { + pd->m = NULL; + return (-1); + } + icmp = (struct icmp6_hdr *)(mp->m_data + off); + icmp->icmp6_cksum = 0; + icmp->icmp6_cksum = pd->naf == AF_INET ? + in4_cksum(pd->m, 0, hlen, ntohs(ip4->ip_len) - hlen) : + in6_cksum(pd->m, IPPROTO_ICMPV6, hlen, + ntohs(ip6->ip6_plen)); + } +#endif /* INET && INET6 */ + + return (0); +} + +int +pf_change_icmp_af(struct mbuf *m, int off, struct pf_pdesc *pd, + struct pf_pdesc *pd2, struct pf_addr *src, struct pf_addr *dst, + sa_family_t af, sa_family_t naf) +{ +#if defined(INET) && defined(INET6) + struct mbuf *n = NULL; + struct ip *ip4; + struct ip6_hdr *ip6; + int hlen, olen, mlen; + + if (af == naf || (af != AF_INET && af != AF_INET6) || + (naf != AF_INET && naf != AF_INET6)) + return (-1); + + /* split the mbuf chain on the inner ip/ip6 header boundary */ + if ((n = m_split(m, off, M_NOWAIT)) == NULL) + return (-1); + + /* old header */ + olen = pd2->off - off; + /* new header */ + hlen = naf == AF_INET ? sizeof(*ip4) : sizeof(*ip6); + /* data lenght */ + mlen = m->m_pkthdr.len - pd2->off; + + /* trim old header */ + m_adj(n, olen); + + /* prepend a new one */ + M_PREPEND(n, hlen, M_NOWAIT); + if (n == NULL) + return (-1); + + /* translate inner ip/ip6 header */ + switch (naf) { + case AF_INET: + ip4 = mtod(n, struct ip *); + bzero(ip4, sizeof(*ip4)); + ip4->ip_v = IPVERSION; + ip4->ip_hl = sizeof(*ip4) >> 2; + ip4->ip_len = htons(sizeof(*ip4) + mlen); + ip_fillid(ip4); + ip4->ip_off = htons(IP_DF); + ip4->ip_ttl = pd2->ttl; + if (pd2->proto == IPPROTO_ICMPV6) + ip4->ip_p = IPPROTO_ICMP; + else + ip4->ip_p = pd2->proto; + ip4->ip_src = src->v4; + ip4->ip_dst = dst->v4; + ip4->ip_sum = in_cksum(n, ip4->ip_hl << 2); + break; + case AF_INET6: + ip6 = mtod(n, struct ip6_hdr *); + bzero(ip6, sizeof(*ip6)); + ip6->ip6_vfc = IPV6_VERSION; + ip6->ip6_plen = htons(mlen); + if (pd2->proto == IPPROTO_ICMP) + ip6->ip6_nxt = IPPROTO_ICMPV6; + else + ip6->ip6_nxt = pd2->proto; + if (!pd2->ttl || pd2->ttl > IPV6_DEFHLIM) + ip6->ip6_hlim = IPV6_DEFHLIM; + else + ip6->ip6_hlim = pd2->ttl; + ip6->ip6_src = src->v6; + ip6->ip6_dst = dst->v6; + break; + } + + /* adjust payload offset and total packet length */ + pd2->off += hlen - olen; + pd->tot_len += hlen - olen; + + /* merge modified inner packet with the original header */ + mlen = n->m_pkthdr.len; + m_cat(m, n); + m->m_pkthdr.len += mlen; +#endif /* INET && INET6 */ + + return (0); +} + +#define PTR_IP(field) (offsetof(struct ip, field)) +#define PTR_IP6(field) (offsetof(struct ip6_hdr, field)) + +int +pf_translate_icmp_af(int af, void *arg) +{ +#if defined(INET) && defined(INET6) + struct icmp *icmp4; + struct icmp6_hdr *icmp6; + u_int32_t mtu; + int32_t ptr = -1; + u_int8_t type; + u_int8_t code; + + switch (af) { + case AF_INET: + icmp6 = arg; + type = icmp6->icmp6_type; + code = icmp6->icmp6_code; + mtu = ntohl(icmp6->icmp6_mtu); + + switch (type) { + case ICMP6_ECHO_REQUEST: + type = ICMP_ECHO; + break; + case ICMP6_ECHO_REPLY: + type = ICMP_ECHOREPLY; + break; + case ICMP6_DST_UNREACH: + type = ICMP_UNREACH; + switch (code) { + case ICMP6_DST_UNREACH_NOROUTE: + case ICMP6_DST_UNREACH_BEYONDSCOPE: + case ICMP6_DST_UNREACH_ADDR: + code = ICMP_UNREACH_HOST; + break; + case ICMP6_DST_UNREACH_ADMIN: + code = ICMP_UNREACH_HOST_PROHIB; + break; + case ICMP6_DST_UNREACH_NOPORT: + code = ICMP_UNREACH_PORT; + break; + default: + return (-1); + } + break; + case ICMP6_PACKET_TOO_BIG: + type = ICMP_UNREACH; + code = ICMP_UNREACH_NEEDFRAG; + mtu -= 20; + break; + case ICMP6_TIME_EXCEEDED: + type = ICMP_TIMXCEED; + break; + case ICMP6_PARAM_PROB: + switch (code) { + case ICMP6_PARAMPROB_HEADER: + type = ICMP_PARAMPROB; + code = ICMP_PARAMPROB_ERRATPTR; + ptr = ntohl(icmp6->icmp6_pptr); + + if (ptr == PTR_IP6(ip6_vfc)) + ; /* preserve */ + else if (ptr == PTR_IP6(ip6_vfc) + 1) + ptr = PTR_IP(ip_tos); + else if (ptr == PTR_IP6(ip6_plen) || + ptr == PTR_IP6(ip6_plen) + 1) + ptr = PTR_IP(ip_len); + else if (ptr == PTR_IP6(ip6_nxt)) + ptr = PTR_IP(ip_p); + else if (ptr == PTR_IP6(ip6_hlim)) + ptr = PTR_IP(ip_ttl); + else if (ptr >= PTR_IP6(ip6_src) && + ptr < PTR_IP6(ip6_dst)) + ptr = PTR_IP(ip_src); + else if (ptr >= PTR_IP6(ip6_dst) && + ptr < sizeof(struct ip6_hdr)) + ptr = PTR_IP(ip_dst); + else { + return (-1); + } + break; + case ICMP6_PARAMPROB_NEXTHEADER: + type = ICMP_UNREACH; + code = ICMP_UNREACH_PROTOCOL; + break; + default: + return (-1); + } + break; + default: + return (-1); + } + if (icmp6->icmp6_type != type) { + icmp6->icmp6_cksum = pf_cksum_fixup(icmp6->icmp6_cksum, + icmp6->icmp6_type, type, 0); + icmp6->icmp6_type = type; + } + if (icmp6->icmp6_code != code) { + icmp6->icmp6_cksum = pf_cksum_fixup(icmp6->icmp6_cksum, + icmp6->icmp6_code, code, 0); + icmp6->icmp6_code = code; + } + if (icmp6->icmp6_mtu != htonl(mtu)) { + icmp6->icmp6_cksum = pf_cksum_fixup(icmp6->icmp6_cksum, + htons(ntohl(icmp6->icmp6_mtu)), htons(mtu), 0); + /* aligns well with a icmpv4 nextmtu */ + icmp6->icmp6_mtu = htonl(mtu); + } + if (ptr >= 0 && icmp6->icmp6_pptr != htonl(ptr)) { + icmp6->icmp6_cksum = pf_cksum_fixup(icmp6->icmp6_cksum, + htons(ntohl(icmp6->icmp6_pptr)), htons(ptr), 0); + /* icmpv4 pptr is a one most significant byte */ + icmp6->icmp6_pptr = htonl(ptr << 24); + } + break; + case AF_INET6: + icmp4 = arg; + type = icmp4->icmp_type; + code = icmp4->icmp_code; + mtu = ntohs(icmp4->icmp_nextmtu); + + switch (type) { + case ICMP_ECHO: + type = ICMP6_ECHO_REQUEST; + break; + case ICMP_ECHOREPLY: + type = ICMP6_ECHO_REPLY; + break; + case ICMP_UNREACH: + type = ICMP6_DST_UNREACH; + switch (code) { + case ICMP_UNREACH_NET: + case ICMP_UNREACH_HOST: + case ICMP_UNREACH_NET_UNKNOWN: *** 1551 LINES SKIPPED *** From nobody Tue Dec 17 10:07:44 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDJ43w1z5h0cH; Tue, 17 Dec 2024 10:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDJ2TVCz49R5; Tue, 17 Dec 2024 10:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430064; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q8MPpZZdXFzQmE3NIksyEq7z8OEWDQs+ItnZT7c+nM4=; b=UEileN1monQgohlTZdSqYHk1qTd6fXHrcJEpbmKv1pGDBLm23ZCUSj3CTY8FzTGJP1oGux 7rfyi9F4qjbVOAlK2UgGnYDy2IzqsZAkNDX5DMEubn30hBALi3XbI0cnk4CMfqFxMztipj B0zu1pZYsinfdnIXKQ7X3vFMpOSjwXeopQuD3U/wyuNzIrYQ3tVebPWXN+qlLLbUr5BjGA mAK0KKOXQS9BubEAozP0W2J91h4n+88kl0vNjhdR/1H7zdfI3XaZ3bBVBL6dIJ/LQjlg0e 0NPODXVyoviThBviuT3Bd1kgnINzwuImYBAww5fpcFYQSzlu0Lh3cWOCwKWkTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430064; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q8MPpZZdXFzQmE3NIksyEq7z8OEWDQs+ItnZT7c+nM4=; b=lhSWGHTP0MmXs2+QfN/C9HGzYvgMDa4L3Fh4ZK37l68pG1243QQ//GhIWWt4y6uUsqUnBj KUDB5D5NpDOFkYKfv/BiVZFCY4/dmAjDEtxh454GnNWKRWFfLnCfnSNiO87BKU8mOpnzQV WSfemqmBjCJaWSqcV8luh0php7BI7+d1K3yYPUfJSBtbI5gwsTQ2LzSrYuKyDKGqqeO/RH /wvPJuk68hqvOZnnFYbc4iS030cTeDyL5DIZxkOxZCx/ScUA6KH62T5w9uIcTDK23YW2+b qNVnsFeFuAe3tMTeBVVX1KrP2fv6ns0fYC2Wh9d26x8kPlYa/BzHFf5DMwzXiQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430064; a=rsa-sha256; cv=none; b=um8DTGi2US2AVvif8sQzRQ1Nnw8q6BDInenz7kGYZDQ34p18qSbolzi5VMxCKLf8I+QHlV RlCtDSUrnfZIn8xXlSdRaAdjeqzRHqFTem/ErerWmMJA0Rp5WEbkdqvSpktXXEFAZryOW8 IHGvyk7KR4PxtiojIooTeR1tzXTls7ryep8AlHeggRtg69vJHW8cMyGMBjBfiViFmcTmST DkLiXoxTAOqZV0Rr0SF8B7Q3//Q7PwvufN+9rrWAayUwpaCCI44jg1odCFeVNkjqqOhCOy ixCKGuOaKkFVG/zFV3aXN7hIRG9hOoJKRpdesbHc0Y/QJbF9jUcHuFDTlHD5Ig== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDJ25kXzJvX; Tue, 17 Dec 2024 10:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7ixu023429; Tue, 17 Dec 2024 10:07:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7iN8023426; Tue, 17 Dec 2024 10:07:44 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:44 GMT Message-Id: <202412171007.4BHA7iN8023426@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: ebe11b46988e - main - pf: fix state export in the face of NAT64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ebe11b46988eb27d287272b8c827eb80ebd900ba Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ebe11b46988eb27d287272b8c827eb80ebd900ba commit ebe11b46988eb27d287272b8c827eb80ebd900ba Author: Kristof Provost AuthorDate: 2024-10-25 15:01:13 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:13 +0000 pf: fix state export in the face of NAT64 Now that we can NAT64 we can have states where the wire and stack address families (and protocol) are different. Update the state export code to account for this. We keep exporting address family and protocol outside of the key, for backwards compatibility. This'll return misleading information to userspace in the NAT64 case, but it's assumed that userspace will either understand NAT64 (and thus look for them in the correct place), or not configure it. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47787 --- lib/libpfctl/libpfctl.c | 9 +++------ sys/netpfil/pf/pf_nl.c | 2 ++ sys/netpfil/pf/pf_nl.h | 2 ++ 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 21d0b24601a4..9fec8e77de26 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1866,12 +1866,14 @@ static const struct snl_attr_parser nla_p_speer[] = { SNL_DECLARE_ATTR_PARSER(speer_parser, nla_p_speer); #undef _OUT -#define _OUT(_field) offsetof(struct pf_state_key_export, _field) +#define _OUT(_field) offsetof(struct pfctl_state_key, _field) static const struct snl_attr_parser nla_p_skey[] = { { .type = PF_STK_ADDR0, .off = _OUT(addr[0]), .cb = snl_attr_get_pfaddr }, { .type = PF_STK_ADDR1, .off = _OUT(addr[1]), .cb = snl_attr_get_pfaddr }, { .type = PF_STK_PORT0, .off = _OUT(port[0]), .cb = snl_attr_get_uint16 }, { .type = PF_STK_PORT1, .off = _OUT(port[1]), .cb = snl_attr_get_uint16 }, + { .type = PF_STK_AF, .off = _OUT(af), .cb = snl_attr_get_uint8 }, + { .type = PF_STK_PROTO, .off = _OUT(proto), .cb = snl_attr_get_uint16 }, }; SNL_DECLARE_ATTR_PARSER(skey_parser, nla_p_skey); #undef _OUT @@ -1897,8 +1899,6 @@ static struct snl_attr_parser ap_state[] = { { .type = PF_ST_PACKETS1, .off = _OUT(packets[1]), .cb = snl_attr_get_uint64 }, { .type = PF_ST_BYTES0, .off = _OUT(bytes[0]), .cb = snl_attr_get_uint64 }, { .type = PF_ST_BYTES1, .off = _OUT(bytes[1]), .cb = snl_attr_get_uint64 }, - { .type = PF_ST_AF, .off = _OUT(key[0].af), .cb = snl_attr_get_uint8 }, - { .type = PF_ST_PROTO, .off = _OUT(key[0].proto), .cb = snl_attr_get_uint8 }, { .type = PF_ST_DIRECTION, .off = _OUT(direction), .cb = snl_attr_get_uint8 }, { .type = PF_ST_LOG, .off = _OUT(log), .cb = snl_attr_get_uint8 }, { .type = PF_ST_STATE_FLAGS, .off = _OUT(state_flags), .cb = snl_attr_get_uint16 }, @@ -1959,9 +1959,6 @@ pfctl_get_states_nl(struct pfctl_state_filter *filter, struct snl_state *ss, pfc if (!snl_parse_nlmsg(ss, hdr, &state_parser, &s)) continue; - s.key[1].af = s.key[0].af; - s.key[1].proto = s.key[0].proto; - ret = f(&s, arg); if (ret != 0) return (ret); diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index d2a050140dbc..3af27e11d27f 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -133,6 +133,8 @@ dump_state_key(struct nl_writer *nw, int attr, const struct pf_state_key *key) dump_addr(nw, PF_STK_ADDR1, &key->addr[1], key->af); nlattr_add_u16(nw, PF_STK_PORT0, key->port[0]); nlattr_add_u16(nw, PF_STK_PORT1, key->port[1]); + nlattr_add_u8(nw, PF_STK_AF, key->af); + nlattr_add_u16(nw, PF_STK_PROTO, key->proto); nlattr_set_len(nw, off); diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index 096b9913d4a6..3af931978860 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -71,6 +71,8 @@ enum pfstate_key_type_t { PF_STK_ADDR1 = 2, /* ip */ PF_STK_PORT0 = 3, /* u16 */ PF_STK_PORT1 = 4, /* u16 */ + PF_STK_AF = 5, /* u8 */ + PF_STK_PROTO = 6, /* u16 */ }; enum pfstate_peer_type_t { From nobody Tue Dec 17 10:07:45 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDK4dNhz5h0hX; Tue, 17 Dec 2024 10:07:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDK3YxTz49MN; Tue, 17 Dec 2024 10:07:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430065; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BwFKE9cmXt+s7xesuNXPGJkAjV1uuIyJd0aNsUTRKz0=; b=Aqg+SGXiy45pocRGK6mWqfvqurjzpvs0BZB/kMVv+5ua/xRqsXf2cxlX4NgNPFYyT91/+N V2LguN68CsBrCHUWDmz35nl6mL/BaoBWFVcE+BVCSIDs0VaWD/2EEmhFr19imzHfgXYyRL 7ynVj5atRQ1A+aVFbPIU7TZ5cv8ra4ihQTFZveDM2A1X0DAkmnG+vT9w135M4Oh44KQIyn sR/shFe6+dW4MSqNEZyXVpl694TdMGomVleDDAraWUmuBrjllCCZjqSS6tOqHBnVvcOld1 PWoTIUi7/xKhQkxILuBBeTumv6NU7cw4pcwl81y/OTOyzu8noPT93JcJt+00zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430065; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BwFKE9cmXt+s7xesuNXPGJkAjV1uuIyJd0aNsUTRKz0=; b=Y33Dk4pvvX9QCxeSPS/QAByY40rVeKKTS4R687budNGhvRTM6J1rbpsgVX8EVKUHaVhgS7 OSYu6vJyxjlWlvc/H3rIVGylCbTM89hMSAeEjjLRRBQ9Oo20JQP5m1QI+b3QptywwxbXe8 yBEFyRiQ5yVy09KZ9nbhPQ7eicH81BvKwhw5WSm771kz7KhvT7bSzmfEQzokYf3UZYxyRd 2mGD38EQ5lbyt0m30H734KJ9RMkvOO80yuvzO2fFxdHWPHr8Ba+DUXEF6qggRjb6JMod75 +UoGwp07OH7t2b4bVBiJQf0BEIsn3rUcoQIIzgj2FYbxY0dZI1uEJOnt4xTOMg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430065; a=rsa-sha256; cv=none; b=LTl6D/xe/Jt33Ucj5RpOcnxAJF5Gsi71cm41iU9QbLoXne2b0c9YsjqE2Q4/aMqCm/iVq3 aHJEWzSkho+Y0i9DKGvGAFlmCmRHAO2VWb9kWBfIP01OyruKBQJjfh27KXMQnRyFuv8OAm oAzsLNOhCNyN4LmP/xrVX6a0QKqSa1YEMa9J5lB21VJ6YcXiE+Zxw4qPNXMIb7kEKr2KGx H/NdM8tBkcvmz7ZWtTFSDVxw/rFlKTgXFIKtIWoMsIVsVD8A3eMddokBPgFhFG6ZvD1lRG D+UmS5xc+gEi8p+wLUS3Q8pgGB951aVFGAQkAzb05FpcKPGA6dk7wwjv/T+6wA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDK3723zJtv; Tue, 17 Dec 2024 10:07:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7jVG023479; Tue, 17 Dec 2024 10:07:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7j9f023476; Tue, 17 Dec 2024 10:07:45 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:45 GMT Message-Id: <202412171007.4BHA7j9f023476@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: ea9113be3f19 - main - pf: extra route lookup in pf_route(6)() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ea9113be3f19db02d7108ebb207c2d5ca87e6a76 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ea9113be3f19db02d7108ebb207c2d5ca87e6a76 commit ea9113be3f19db02d7108ebb207c2d5ca87e6a76 Author: Kristof Provost AuthorDate: 2024-10-28 13:18:30 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:13 +0000 pf: extra route lookup in pf_route(6)() In the NAT64 case we use pf_route(6)() to emit the translated packet. This requires a new route lookup, so perform this, but only in the NAT64/NAT46 case. Update the destination sockaddr to send packets to the gateway if appropriate. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47788 --- sys/netpfil/pf/pf.c | 69 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 860f9a8fce64..36bb0e1975fa 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8648,14 +8648,13 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, struct mbuf *m0, *m1, *md; struct sockaddr_in dst; struct ip *ip; - struct ifnet *ifp; + struct ifnet *ifp = NULL; int error = 0; uint16_t ip_len, ip_off; uint16_t tmp; int r_dir; - KASSERT(m && *m && r && oifp && pd->act.rt_kif, - ("%s: invalid parameters", __func__)); + KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__)); SDT_PROBE4(pf, ip, route_to, entry, *m, pd, s, oifp); @@ -8678,12 +8677,8 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, goto bad_locked; } - if ((ifp = pd->act.rt_kif->pfik_ifp) == NULL) { - m0 = *m; - *m = NULL; - SDT_PROBE1(pf, ip, route_to, drop, __LINE__); - goto bad_locked; - } + if (pd->act.rt_kif != NULL) + ifp = pd->act.rt_kif->pfik_ifp; if (pd->act.rt == PF_DUPTO) { if ((pd->pf_mtag->flags & PF_MTAG_FLAG_DUPLICATED)) { @@ -8733,9 +8728,31 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, s->orig_kif = oifp->if_pf_kif; } + if (ifp == NULL && (pd->af != pd->naf)) { + /* We're in the AFTO case. Do a route lookup. */ + struct nhop_object *nh; + nh = fib4_lookup(M_GETFIB(*m), ip->ip_dst, 0, NHR_NONE, 0); + if (nh) { + ifp = nh->nh_ifp; + + /* Use the gateway if needed. */ + if (nh->nh_flags & NHF_GATEWAY) + dst.sin_addr = nh->gw4_sa.sin_addr; + else + dst.sin_addr = ip->ip_dst; + } + } + PF_STATE_UNLOCK(s); } + if (ifp == NULL) { + m0 = *m; + *m = NULL; + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); + goto bad; + } + if (pd->dir == PF_IN) { if (pf_test(AF_INET, PF_OUT, PFIL_FWD, ifp, &m0, inp, &pd->act) != PF_PASS) { @@ -8887,8 +8904,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, struct ifnet *ifp = NULL; int r_dir; - KASSERT(m && *m && r && oifp && pd->act.rt_kif, - ("%s: invalid parameters", __func__)); + KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__)); SDT_PROBE4(pf, ip6, route_to, entry, *m, pd, s, oifp); @@ -8911,12 +8927,8 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, goto bad_locked; } - if ((ifp = pd->act.rt_kif->pfik_ifp) == NULL) { - m0 = *m; - *m = NULL; - SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); - goto bad_locked; - } + if (pd->act.rt_kif != NULL) + ifp = pd->act.rt_kif->pfik_ifp; if (pd->act.rt == PF_DUPTO) { if ((pd->pf_mtag->flags & PF_MTAG_FLAG_DUPLICATED)) { @@ -8965,9 +8977,32 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, s->kif = pd->act.rt_kif; s->orig_kif = oifp->if_pf_kif; } + + if (ifp == NULL && (pd->af != pd->naf)) { + struct nhop_object *nh; + nh = fib6_lookup(M_GETFIB(*m), &ip6->ip6_dst, 0, NHR_NONE, 0); + if (nh) { + ifp = nh->nh_ifp; + + /* Use the gateway if needed. */ + if (nh->nh_flags & NHF_GATEWAY) + bcopy(&dst.sin6_addr, &nh->gw6_sa.sin6_addr, + sizeof(dst.sin6_addr)); + else + dst.sin6_addr = ip6->ip6_dst; + } + } + PF_STATE_UNLOCK(s); } + if (ifp == NULL) { + m0 = *m; + *m = NULL; + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); + goto bad; + } + if (pd->dir == PF_IN) { if (pf_test(AF_INET6, PF_OUT, PFIL_FWD | PF_PFIL_NOREFRAGMENT, ifp, &m0, inp, &pd->act) != PF_PASS) { From nobody Tue Dec 17 10:07:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDL6PTwz5h0cN; Tue, 17 Dec 2024 10:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDL533Lz49j8; Tue, 17 Dec 2024 10:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XfciJfgeNg/9GtQ+XR5CPPewP3LcdN7gMq6L+rQyZuY=; b=b+Ek196cpFOw+4N/o0KL7oV91CUS6yaKCGVl139KjFzVTVLnSwOF9iyI4wkvVcu1D6fJFH k1ujTNr4MC/xTkFA+2dh/P6Tg7WjUx7+7zqqBskQ3FKJ4rbZgJh9ZRrO2hfcK+IKZqjcV1 r13wZXeDe2E+TDUHEu36WUrZ6UG0djwPQUY5/qMnxd2M3GNfKGYaat5KRSqm9Bab2nzPiR 642AMkf/36eXNuzy3yPIR8OgSk1D+ugIC67FXbuUocJQ5DtQVarEu6l1HCdJPXvavZUSz9 UKAe5C+HA33fhKwhwphvbUUF1fYhnJeCP5pdPgBTTcKkAynORMXVsdRavqvUIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XfciJfgeNg/9GtQ+XR5CPPewP3LcdN7gMq6L+rQyZuY=; b=WlamiNMGETdhONo8hvkvtlm04pYQsjRa4Yb9tpHrdMegyCepgr6yFf6wH6ss3o5pt6Paz8 iaZXN6bL6wEMCieEvGbJY3e8u5J8iErflFrtjyLNBTeZeQm0yhGc5OCioFUdXuD+kdBJOf olewQwptc7h5glVZ6+UUhOZY3QwIXuOk0zXbo/+sx/paxoWYmymrBXOFc/zPAGXzUGhTKj ApO4nn3lkiQnoEr3RMNA4E3pVuzuJB71ogLiZDP9jJFTN5UGzUSCX+fWlmON5t+v3vy2z/ Q1aX894vaCuFXy2lscOAKG/7E5esY+NyDtJsQuZv1DT7P6XHJjDXNGRbu7uB0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430066; a=rsa-sha256; cv=none; b=QpvjlcpHl9EU0iL04vY+M1zjqgm3R8R4uIsYQyZUCuO10UaljbY6ImTulF9PK8f6v1Nf4i wJSRFWdfwgVWnQhFu2/ySBd3syoIPntiqHiXLh1c0XPKCthwTcB3OKjs/Yb9jakISLC5xf bey502bJ/yHR14hM8LOxeDm7If0Dwzp0xjWAVmzG8EyJK41kQ7OXHje6Mg/sUoGA8BXjLr BwHhHAh/zMLmSi8wjoKsNiBNIcuiwHQgJK2/emxAvArIzpErMLcPZaFaiNgn+gJxCd/070 4ynaN76uHLIPNAbWWBkKvCUE1zo362h4s1uwq15oSztNBeVPQw9GvHmL3Rb45w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDL47sjzJvY; Tue, 17 Dec 2024 10:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7kLg023524; Tue, 17 Dec 2024 10:07:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7kpe023521; Tue, 17 Dec 2024 10:07:46 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:46 GMT Message-Id: <202412171007.4BHA7kpe023521@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: d89a5d853e2b - main - pf: support nat64 for SCTP List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d89a5d853e2bd86490268b55ecdc7e77fefc4ba9 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d89a5d853e2bd86490268b55ecdc7e77fefc4ba9 commit d89a5d853e2bd86490268b55ecdc7e77fefc4ba9 Author: Kristof Provost AuthorDate: 2024-11-07 14:05:49 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:13 +0000 pf: support nat64 for SCTP Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47789 --- sys/netpfil/pf/pf.c | 88 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 19 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 36bb0e1975fa..234cbc0854be 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6265,6 +6265,21 @@ pf_translate(struct pf_pdesc *pd, struct pf_addr *saddr, u_int16_t sport, } break; + case IPPROTO_SCTP: { + uint16_t checksum = 0; + if (afto || *pd->sport != sport) { + pf_change_ap(pd->m, pd->src, pd->sport, pd->ip_sum, &checksum, + saddr, sport, 1, pd->af, pd->naf); + rewrite = 1; + } + if (afto || *pd->dport != dport) { + pf_change_ap(pd->m, pd->dst, pd->dport, pd->ip_sum, &checksum, + daddr, dport, 1, pd->af, pd->naf); + rewrite = 1; + } + break; + } + #ifdef INET case IPPROTO_ICMP: /* pf_translate() is also used when logging invalid packets */ @@ -7047,6 +7062,33 @@ pf_test_state_udp(struct pf_kstate **state, struct pf_pdesc *pd) return (action); } +static int +pf_sctp_track(struct pf_kstate *state, struct pf_pdesc *pd, + u_short *reason) +{ + struct pf_state_peer *src; + if (pd->dir == state->direction) { + if (PF_REVERSED_KEY(state->key, pd->af)) + src = &state->dst; + else + src = &state->src; + } else { + if (PF_REVERSED_KEY(state->key, pd->af)) + src = &state->src; + else + src = &state->dst; + } + + if (src->scrub != NULL) { + if (src->scrub->pfss_v_tag == 0) + src->scrub->pfss_v_tag = pd->hdr.sctp.v_tag; + else if (src->scrub->pfss_v_tag != pd->hdr.sctp.v_tag) + return (PF_DROP); + } + + return (PF_PASS); +} + static int pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd, u_short *reason) @@ -7123,37 +7165,45 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd, (*state)->timeout = PFTM_SCTP_CLOSED; } - if (src->scrub != NULL) { - if (src->scrub->pfss_v_tag == 0) { - src->scrub->pfss_v_tag = pd->hdr.sctp.v_tag; - } else if (src->scrub->pfss_v_tag != pd->hdr.sctp.v_tag) - return (PF_DROP); - } + if (pf_sctp_track(*state, pd, reason) != PF_PASS) + return (PF_DROP); (*state)->expire = pf_get_uptime(); /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != (*state)->key[PF_SK_STACK]) { uint16_t checksum = 0; - struct pf_state_key *nk = (*state)->key[pd->didx]; + struct pf_state_key *nk; + int afto, sidx, didx; - if (pd->af != nk->af) { - /* XXX No nat64 for SCTP for now. */ - return (PF_DROP); - } + if (PF_REVERSED_KEY((*state)->key, pd->af)) + nk = (*state)->key[pd->sidx]; + else + nk = (*state)->key[pd->didx]; - if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || - nk->port[pd->sidx] != pd->hdr.sctp.src_port) { + afto = pd->af != nk->af; + sidx = afto ? pd->didx : pd->sidx; + didx = afto ? pd->sidx : pd->didx; + + if (afto || PF_ANEQ(pd->src, &nk->addr[sidx], pd->af) || + nk->port[sidx] != pd->hdr.sctp.src_port) { pf_change_ap(pd->m, pd->src, &pd->hdr.sctp.src_port, - pd->ip_sum, &checksum, &nk->addr[pd->sidx], - nk->port[pd->sidx], 1, pd->af, pd->naf); + pd->ip_sum, &checksum, &nk->addr[sidx], + nk->port[sidx], 1, pd->af, pd->naf); } - if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || - nk->port[pd->didx] != pd->hdr.sctp.dest_port) { + if (afto || PF_ANEQ(pd->dst, &nk->addr[didx], pd->af) || + nk->port[didx] != pd->hdr.sctp.dest_port) { pf_change_ap(pd->m, pd->dst, &pd->hdr.sctp.dest_port, - pd->ip_sum, &checksum, &nk->addr[pd->didx], - nk->port[pd->didx], 1, pd->af, pd->naf); + pd->ip_sum, &checksum, &nk->addr[didx], + nk->port[didx], 1, pd->af, pd->naf); + } + + if (afto) { + PF_ACPY(&pd->nsaddr, &nk->addr[sidx], nk->af); + PF_ACPY(&pd->ndaddr, &nk->addr[didx], nk->af); + pd->naf = nk->af; + return (PF_AFRT); } } From nobody Tue Dec 17 10:07:47 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDN299yz5h0L8; Tue, 17 Dec 2024 10:07:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDM5pWkz49X5; Tue, 17 Dec 2024 10:07:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430067; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=abqE+6Noz+JUJZwqvC3JgnO0xM0BWRt0nrERdGxm7Zw=; b=UU6DTHJNOL0YQepozNMp5x8VaNu/hT8IxCv9tS7qrfBAZ8OiZMw6UgauxC9NR7KTlFp/jZ ZdcOlEVsZUZoQUTeqnxbBhxT+6B2Iuad272q5fS1FJDAplWTFSUoiPZcH1cERTf+dyOMWz ebu982SYODMBeUItDS8T2VxO5aB+2xDeacu4y1JDAAteRxdy9NeesOmuBcxZFD+QsD3aJC qCK9Xub8R7c8trrkLDkefA2aQae5We5DaRtwhzueStxSRkRGGBUPLaNcrTvDZFG+You6nS WAyo/GDAMnFzt5+LrRr5vjepBt1npn1gXHRc6DQO6AwpCvO5nLK/qvHIxQKQQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430067; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=abqE+6Noz+JUJZwqvC3JgnO0xM0BWRt0nrERdGxm7Zw=; b=MkWp7iWUQER+fqjS86btIDiEEFUvhUnQcMnshOX/RF0PggnTB9xltylRamVaxaxrrLreZs 3aX/nSQRn1y7B0J+v4hnQtSLimKjbX+6up9VOhvOW4nafHGqylkvC+lJRNtMqWxn6kGzAD SC3BsaHhVPgBaVw85giLcUk9n7acIV5I0cfMFncFukDnMv8m3MM+TYHZmu5P20K7pj2n6G XC0OTWUfT5FE2kbyR/TxLUgp/58Oq2VtEyeyr1YpJb4a8p3hJwLfiYkDJsRGV/tKVxTfMJ oTfO95r47luNbFQB35imRU+PR29IalemuEerGGNP8gNDmZ7gm1WXKNz1pXRRWw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430067; a=rsa-sha256; cv=none; b=EXCT+MMgzpJXReS2zBL6hQqHh7rJkemdgXwauo54yKPANsoGPnkSHGuD3YjS5gdyHtBRFj by79Rs1O4vMBYdzNGH95vq53xWaK8rYiKdJqe3ARddpXMYlLFhGyutLhgg5X957clTXeMw ed5wzLnvcaEOyxAK0JshSbge3Uy4uSqeUntr3ui1XCtjNGZ7EmnD0RIxVEB1GStdGwcqGy cDd0/Qj+uBvrMh6HlX+0MP09sn6HnEQ7WNTaCLyK6DVORLQm2b3AaR76IaNLbe4baEJXJv Nd40VQWJsO312FW1LbO86GgTokqvKTkKuRCEm0Gw+G6WAUBnlYyWr2Pui0dfNA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDM59wnzJvZ; Tue, 17 Dec 2024 10:07:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7l3K023597; Tue, 17 Dec 2024 10:07:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7lI3023594; Tue, 17 Dec 2024 10:07:47 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:47 GMT Message-Id: <202412171007.4BHA7lI3023594@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: b8e538443882 - main - pf: drop packets if they fail nat64 translation List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b8e53844388269d87f26b106d538dcf07148bd31 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b8e53844388269d87f26b106d538dcf07148bd31 commit b8e53844388269d87f26b106d538dcf07148bd31 Author: Kristof Provost AuthorDate: 2024-12-06 14:29:11 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:13 +0000 pf: drop packets if they fail nat64 translation If we can't map ICMPv4 onto ICMPv6 or vice versa drop the packet rather than continuing with an untranslated packet. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 234cbc0854be..4c1111c6106a 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5893,6 +5893,7 @@ nextrule: nat64 = pd->af != pd->naf; if (nat64) { struct pf_state_key *_sk; + int ret; if (sk == NULL) sk = (*sm)->key[pd->dir == PF_IN ? PF_SK_STACK : PF_SK_WIRE]; @@ -5902,12 +5903,17 @@ nextrule: _sk = sk; else _sk = nk; - rewrite += pf_translate(pd, + + ret = pf_translate(pd, &_sk->addr[pd->didx], _sk->port[pd->didx], &_sk->addr[pd->sidx], _sk->port[pd->sidx], virtual_type, icmp_dir); + if (ret < 0) + goto cleanup; + + rewrite += ret; } } else { while ((ri = SLIST_FIRST(&match_rules))) { @@ -6288,7 +6294,7 @@ pf_translate(struct pf_pdesc *pd, struct pf_addr *saddr, u_int16_t sport, if (afto) { if (pf_translate_icmp_af(AF_INET6, &pd->hdr.icmp)) - return (0); + return (-1); pd->proto = IPPROTO_ICMPV6; rewrite = 1; } From nobody Tue Dec 17 10:07:48 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDP4H32z5h0dw; Tue, 17 Dec 2024 10:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDN710pz49Tv; Tue, 17 Dec 2024 10:07:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430069; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1VogO9jXqU6DKpnYe7X9QNe6B3XWvpZnDCQ3K5RD3w0=; b=Z0/1z/kekwTBb9oFXiaG8LjB08CBJELd4dCsneIwOxdqXSIv8LmrAyZ2Ydwy/iSU5lUAMU UMphder60XkeMYb2O3Mudixej384WcD/eCACiyOQqY5Zzs26JoUQ1LGN/lYDE1bSLmnb/P +ozNzFskgLMHIgK4fa0yWoL5F/4m+va3EpcRhfS/yYprUw6p/kmv/Ar3YGWclgYLX+bnZv UxFfWyLJ89tPSUr03y77OYyl1jXpRpZy3PuYP5zu8JxY5BWGRTnCBRZsmfZUEx9+KGvQ4m UjammHNMA80q/SbTD38+OgGV+X5MkxcAZqb2SsxYC3KhBYscEjETSjrOAmoSaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430069; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1VogO9jXqU6DKpnYe7X9QNe6B3XWvpZnDCQ3K5RD3w0=; b=gmCh1iQBZz/4Y5r7cBkeH5V+chGKrdhgtpEYvBG36SUh0skqPynHP/qz8vEJInZ+7LBbDw x5gk70rc466Ne+e+vWAFTDvCGtS0XaA0LSS0yruycWPl40u65jKl3r5nD/zALABHyRQf83 ExSgg/7+oThUlIyDRD59CWPAhltcmh720tjXexn6YHnOHFpmaioRAtG5Crh4LhTjX2xrZl tIOTaOvFeie9KULGwJA0BWZ47bqul32wFK/vuIk+pu8ZCGrYeiFx7J7wyWRmbojvCq3n0O 2/kMPyQtZmkI99sndsuWTnehDeS8iwkhUtss6rkHjwEX0uQdugKZUeFdwBke6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430069; a=rsa-sha256; cv=none; b=oXjFcA75UF3H2RY62wq0AiEgdS64h2LUNjrl+M2SVoMNzPM/eFcuxmNwqeszMTdYVxgoEh SMh7Lfxq//1rBwCHcHoA4uCASNoIVLpmhPPMs7B6m41bjUXcubyeCDRQI3yJS7IXNmcFeZ XAesohKwdcTdZBFrXEO3UuWYYYDLcDu8OZqBZ8VtrCqSei51slRZ95Xv925pD/2cewSJOC wqnxO208m58HP4GjC5FTZ06IlynBr1ew1enCMrQ7V6AKRuDVKiGHyzwzp9sWSgVO4IJUPx QJ9dbVTSdnPQf6LBGCRwj/T77AVX+ZzcNDZhCyFgE0KwtbmV90V0sOFrzJkY8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDN61SHzJtw; Tue, 17 Dec 2024 10:07:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7msZ023651; Tue, 17 Dec 2024 10:07:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7m2l023648; Tue, 17 Dec 2024 10:07:48 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:48 GMT Message-Id: <202412171007.4BHA7m2l023648@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: aa69fdf1542d - main - pfctl: change for af-to / NAT64 support. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: aa69fdf1542db0247e9b991002603fc2046bcfbc Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=aa69fdf1542db0247e9b991002603fc2046bcfbc commit aa69fdf1542db0247e9b991002603fc2046bcfbc Author: Kristof Provost AuthorDate: 2024-10-10 08:09:34 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:13 +0000 pfctl: change for af-to / NAT64 support. The general syntax is: pass in inet from any to 192.168.1.1 af-to inet6 from 2001::1 to 2001::2 In the NAT64 case the "to" is not needed in af-to and the IP is extraced from the IPv6 dst (assuming a /64 prefix). Again most work by sperreault@, mikeb@ and reyk@ OK mcbride@, put it in deraadt@ Obtained from: OpenBSD, claudio , 0cde32ce3f Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47790 --- lib/libpfctl/libpfctl.c | 13 ++- lib/libpfctl/libpfctl.h | 7 +- sbin/pfctl/parse.y | 190 +++++++++++++++++++++++++++++++++++--------- sbin/pfctl/pf_print_state.c | 20 +++-- sbin/pfctl/pfctl.c | 38 ++++++--- sbin/pfctl/pfctl_parser.c | 19 ++++- sys/net/pfvar.h | 1 + sys/netpfil/pf/pf_nl.c | 1 + sys/netpfil/pf/pf_nl.h | 1 + 9 files changed, 225 insertions(+), 65 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 9fec8e77de26..2e4cdb91bad9 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1285,6 +1285,7 @@ snl_add_msg_attr_pf_rule(struct snl_writer *nw, uint32_t type, const struct pfct snl_add_msg_attr_u8(nw, PF_RT_PRIO, r->prio); snl_add_msg_attr_u8(nw, PF_RT_SET_PRIO, r->set_prio[0]); snl_add_msg_attr_u8(nw, PF_RT_SET_PRIO_REPLY, r->set_prio[1]); + snl_add_msg_attr_u8(nw, PF_RT_NAF, r->naf); snl_add_msg_attr_ip6(nw, PF_RT_DIVERT_ADDRESS, &r->divert.addr.v6); snl_add_msg_attr_u16(nw, PF_RT_DIVERT_PORT, r->divert.port); @@ -1662,6 +1663,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_RCV_IFNAME, .off = _OUT(r.rcv_ifname), .arg = (void*)IFNAMSIZ, .cb = snl_attr_copy_string }, { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(r.max_src_conn), .cb = snl_attr_get_uint32 }, { .type = PF_RT_RPOOL_NAT, .off = _OUT(r.nat), .arg = &pool_parser, .cb = snl_attr_get_nested }, + { .type = PF_RT_NAF, .off = _OUT(r.naf), .cb = snl_attr_get_uint8 }, }; static struct snl_field_parser fp_getrule[] = {}; #undef _OUT @@ -2770,7 +2772,7 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket) } int -pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int which __unused) +pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int which) { struct snl_writer nw; struct snl_errmsg_data e = {}; @@ -2794,6 +2796,7 @@ pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int whic snl_add_msg_attr_u8(&nw, PF_AA_AF, pa->af); snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, pa->anchor); snl_add_msg_attr_pool_addr(&nw, PF_AA_ADDR, &pa->addr); + snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); if ((hdr = snl_finalize_msg(&nw)) == NULL) return (ENXIO); @@ -2817,7 +2820,7 @@ SNL_DECLARE_PARSER(get_addrs_parser, struct genlmsghdr, fp_get_addrs, ap_get_add int pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, - uint8_t r_action, const char *anchor, uint32_t *nr) + uint8_t r_action, const char *anchor, uint32_t *nr, int which) { struct snl_writer nw; struct snl_errmsg_data e = {}; @@ -2836,6 +2839,7 @@ pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, snl_add_msg_attr_u32(&nw, PF_AA_R_NUM, r_num); snl_add_msg_attr_u8(&nw, PF_AA_R_ACTION, r_action); snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, anchor); + snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); if ((hdr = snl_finalize_msg(&nw)) == NULL) return (ENXIO); @@ -2879,7 +2883,8 @@ SNL_DECLARE_PARSER(get_addr_parser, struct genlmsghdr, fp_get_addr, ap_get_addr) int pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, - uint8_t r_action, const char *anchor, uint32_t nr, struct pfioc_pooladdr *pa) + uint8_t r_action, const char *anchor, uint32_t nr, struct pfioc_pooladdr *pa, + int which) { struct snl_writer nw; struct snl_errmsg_data e = {}; @@ -2899,6 +2904,7 @@ pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, snl_add_msg_attr_u8(&nw, PF_AA_R_ACTION, r_action); snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, anchor); snl_add_msg_attr_u32(&nw, PF_AA_NR, nr); + snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); if ((hdr = snl_finalize_msg(&nw)) == NULL) return (ENXIO); @@ -3023,6 +3029,7 @@ static struct snl_attr_parser ap_srcnode[] = { { .type = PF_SN_CREATION, .off = _OUT(creation), .cb = snl_attr_get_uint64 }, { .type = PF_SN_EXPIRE, .off = _OUT(expire), .cb = snl_attr_get_uint64 }, { .type = PF_SN_CONNECTION_RATE, .off = _OUT(conn_rate), .arg = &pfctl_threshold_parser, .cb = snl_attr_get_nested }, + { .type = PF_SN_NAF, .off = _OUT(naf), .cb = snl_attr_get_uint8 }, }; static struct snl_field_parser fp_srcnode[] = {}; #undef _OUT diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 7b4aa0555758..79756286563b 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -256,6 +256,7 @@ struct pfctl_rule { uint8_t flush; uint8_t prio; uint8_t set_prio[2]; + sa_family_t naf; struct { struct pf_addr addr; @@ -407,6 +408,7 @@ struct pfctl_src_node { uint32_t states; uint32_t conn; sa_family_t af; + sa_family_t naf; uint8_t ruletype; uint64_t creation; uint64_t expire; @@ -528,9 +530,10 @@ int pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit); int pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket); int pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int which); int pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, - uint8_t r_action, const char *anchor, uint32_t *nr); + uint8_t r_action, const char *anchor, uint32_t *nr, int which); int pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, - uint8_t r_action, const char *anchor, uint32_t nr, struct pfioc_pooladdr *pa); + uint8_t r_action, const char *anchor, uint32_t nr, struct pfioc_pooladdr *pa, + int which); int pfctl_get_rulesets(struct pfctl_handle *h, const char *path, uint32_t *nr); int pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct pfioc_ruleset *rs); typedef int (*pfctl_get_srcnode_fn)(struct pfctl_src_node*, void *); diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index f198dcb0b054..fc24cbc238ba 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -222,6 +222,34 @@ struct node_qassign { char *pqname; }; +struct range { + int a; + int b; + int t; +}; +struct redirection { + struct node_host *host; + struct range rport; +}; + +static struct pool_opts { + int marker; +#define POM_TYPE 0x01 +#define POM_STICKYADDRESS 0x02 +#define POM_ENDPI 0x04 + u_int8_t opts; + int type; + int staticport; + struct pf_poolhashkey *key; + struct pf_mape_portset mape; +} pool_opts; + +struct redirspec { + struct redirection *rdr; + struct pool_opts pool_opts; + int af; +}; + static struct filter_opts { int marker; #define FOM_FLAGS 0x0001 @@ -231,7 +259,7 @@ static struct filter_opts { #define FOM_SRCTRACK 0x0010 #define FOM_MINTTL 0x0020 #define FOM_MAXMSS 0x0040 -#define FOM_AFTO 0x0080 /* not yet implemmented */ +#define FOM_AFTO 0x0080 #define FOM_SETTOS 0x0100 #define FOM_SCRUB_TCP 0x0200 #define FOM_SETPRIO 0x0400 @@ -274,6 +302,8 @@ static struct filter_opts { struct node_host *addr; u_int16_t port; } divert; + struct redirspec nat; + struct redirspec rdr; /* new-style scrub opts */ int nodf; int minttl; @@ -323,19 +353,6 @@ static struct table_opts { struct node_tinithead init_nodes; } table_opts; -static struct pool_opts { - int marker; -#define POM_TYPE 0x01 -#define POM_STICKYADDRESS 0x02 -#define POM_ENDPI 0x04 - u_int8_t opts; - int type; - int staticport; - struct pf_poolhashkey *key; - struct pf_mape_portset mape; - -} pool_opts; - static struct codel_opts codel_opts; static struct node_hfsc_opts hfsc_opts; static struct node_fairq_opts fairq_opts; @@ -365,6 +382,7 @@ void expand_eth_rule(struct pfctl_eth_rule *, struct node_host *, struct node_host *, const char *, const char *); void expand_rule(struct pfctl_rule *, struct node_if *, + struct node_host *, struct node_host *, struct node_proto *, struct node_os *, struct node_host *, struct node_port *, struct node_host *, struct node_port *, struct node_uid *, struct node_gid *, @@ -417,11 +435,7 @@ typedef struct { u_int16_t w; u_int16_t w2; } b; - struct range { - int a; - int b; - int t; - } range; + struct range range; struct node_if *interface; struct node_proto *proto; struct node_etherproto *etherproto; @@ -453,10 +467,7 @@ typedef struct { sa_family_t af; struct pf_poolhashkey *key; } route; - struct redirection { - struct node_host *host; - struct range rport; - } *redirection; + struct redirection *redirection; struct { int action; struct node_state_opt *options; @@ -517,7 +528,7 @@ int parseport(char *, struct range *r, int); %token STICKYADDRESS ENDPI MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW %token TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS -%token DIVERTTO DIVERTREPLY BRIDGE_TO RECEIVEDON NE LE GE +%token DIVERTTO DIVERTREPLY BRIDGE_TO RECEIVEDON NE LE GE AFTO %token STRING %token NUMBER %token PORTBINARY @@ -1071,8 +1082,9 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto decide_address_family($8.src.host, &r.af); decide_address_family($8.dst.host, &r.af); + r.naf = r.af; - expand_rule(&r, $5, NULL, $7, $8.src_os, + expand_rule(&r, $5, NULL, NULL, $7, $8.src_os, $8.src.host, $8.src.port, $8.dst.host, $8.dst.port, $9.uid, $9.gid, $9.rcv, $9.icmpspec, pf->astack[pf->asd + 1] ? pf->alast->name : $2); @@ -1095,7 +1107,7 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto decide_address_family($6.src.host, &r.af); decide_address_family($6.dst.host, &r.af); - expand_rule(&r, $3, NULL, $5, $6.src_os, + expand_rule(&r, $3, NULL, NULL, $5, $6.src_os, $6.src.host, $6.src.port, $6.dst.host, $6.dst.port, 0, 0, 0, 0, $2); free($2); @@ -1137,7 +1149,7 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto r.dst.port_op = $6.dst.port->op; } - expand_rule(&r, $3, NULL, $5, $6.src_os, + expand_rule(&r, $3, NULL, NULL, $5, $6.src_os, $6.src.host, $6.src.port, $6.dst.host, $6.dst.port, 0, 0, 0, 0, $2); free($2); @@ -1460,7 +1472,7 @@ scrubrule : scrubaction dir logquick interface af proto fromto scrub_opts r.match_tag_not = $8.match_tag_not; r.rtableid = $8.rtableid; - expand_rule(&r, $4, NULL, $6, $7.src_os, + expand_rule(&r, $4, NULL, NULL, $6, $7.src_os, $7.src.host, $7.src.port, $7.dst.host, $7.dst.port, NULL, NULL, NULL, NULL, ""); } @@ -1625,7 +1637,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { } if (h != NULL) - expand_rule(&r, j, NULL, NULL, NULL, h, + expand_rule(&r, j, NULL, NULL, NULL, NULL, h, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ""); @@ -1647,7 +1659,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { else h = ifa_lookup(i->ifname, 0); if (h != NULL) - expand_rule(&r, NULL, NULL, + expand_rule(&r, NULL, NULL, NULL, NULL, NULL, h, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ""); } else @@ -2414,6 +2426,19 @@ pfrule : action dir logquick interface route af proto fromto r.scrub_flags |= PFSTATE_SETPRIO; } + if ($9.marker & FOM_AFTO) { + if (!$6) { + yyerror("must indicate source address " + "family with af-to"); + YYERROR; + } + if ($6 == $9.nat.af) { + yyerror("incorrect address family " + "translation"); + YYERROR; + } + } + r.af = $6; if ($9.tag) if (strlcpy(r.tagname, $9.tag, @@ -2699,6 +2724,7 @@ pfrule : action dir logquick interface route af proto fromto decide_address_family($8.src.host, &r.af); decide_address_family($8.dst.host, &r.af); + r.naf = r.af; if ($5.rt) { if (!r.direction) { @@ -2801,9 +2827,14 @@ pfrule : action dir logquick interface route af proto fromto r.free_flags |= PFRULE_DN_IS_QUEUE; } - expand_rule(&r, $4, $5.host, $7, $8.src_os, - $8.src.host, $8.src.port, $8.dst.host, $8.dst.port, - $9.uid, $9.gid, $9.rcv, $9.icmpspec, ""); + if ($9.marker & FOM_AFTO) + r.naf = $9.nat.af; + + r.nat.opts = $9.nat.pool_opts.type; + r.nat.opts |= $9.nat.pool_opts.opts; + expand_rule(&r, $4, $5.host, $9.nat.rdr ? $9.nat.rdr->host : NULL, + $7, $8.src_os, $8.src.host, $8.src.port, $8.dst.host, + $8.dst.port, $9.uid, $9.gid, $9.rcv, $9.icmpspec, ""); } ; @@ -3017,6 +3048,64 @@ filter_opt : USER uids { filter_opts.marker |= FOM_SCRUB_TCP; filter_opts.marker |= $3.marker; } + | AFTO af FROM redirspec pool_opts { + if (filter_opts.nat.rdr) { + yyerror("cannot respecify af-to"); + YYERROR; + } + if ($2 == 0) { + yyerror("no address family specified"); + YYERROR; + } + if ($4->af && $4->af != $2) { + yyerror("af-to addresses must be in the " + "target address family"); + YYERROR; + } + filter_opts.nat.af = $2; + filter_opts.nat.rdr = calloc(1, sizeof(struct redirection)); + if (filter_opts.nat.rdr == NULL) + err(1, "af-to: calloc"); + filter_opts.nat.rdr->host = $4; + memcpy(&filter_opts.nat.pool_opts, &$5, + sizeof(filter_opts.nat.pool_opts)); + filter_opts.rdr.rdr = + calloc(1, sizeof(struct redirection)); + bzero(&filter_opts.rdr.pool_opts, + sizeof(filter_opts.rdr.pool_opts)); + filter_opts.marker |= FOM_AFTO; + } + | AFTO af FROM redirspec pool_opts TO redirspec pool_opts { + if (filter_opts.nat.rdr) { + yyerror("cannot respecify af-to"); + YYERROR; + } + if ($2 == 0) { + yyerror("no address family specified"); + YYERROR; + } + if (($4->af && $4->af != $2) || + ($7->af && $7->af != $2)) { + yyerror("af-to addresses must be in the " + "target address family"); + YYERROR; + } + filter_opts.nat.af = $2; + filter_opts.nat.rdr = calloc(1, sizeof(struct redirection)); + if (filter_opts.nat.rdr == NULL) + err(1, "af-to: calloc"); + filter_opts.nat.rdr->host = $4; + memcpy(&filter_opts.nat.pool_opts, &$5, + sizeof(filter_opts.nat.pool_opts)); + filter_opts.rdr.af = $2; + filter_opts.rdr.rdr = calloc(1, sizeof(struct redirection)); + if (filter_opts.rdr.rdr == NULL) + err(1, "af-to: calloc"); + filter_opts.rdr.rdr->host = $7; + memcpy(&filter_opts.nat.pool_opts, &$8, + sizeof(filter_opts.nat.pool_opts)); + filter_opts.marker |= FOM_AFTO; + } | filter_sets ; @@ -4891,7 +4980,7 @@ natrule : nataction interface af proto fromto tag tagged rtable o = o->next; } - expand_rule(&r, $2, $9 == NULL ? NULL : $9->host, $4, + expand_rule(&r, $2, $9 == NULL ? NULL : $9->host, NULL, $4, $5.src_os, $5.src.host, $5.src.port, $5.dst.host, $5.dst.port, 0, 0, 0, 0, ""); free($9); @@ -5407,6 +5496,10 @@ filter_consistent(struct pfctl_rule *r, int anchor_call) "must not be used on match rules"); problems++; } + if (r->naf != r->af) { + yyerror("af-to is not supported on match rules"); + problems++; + } } if (r->rpool.opts & PF_POOL_STICKYADDR && !r->keep_state) { yyerror("'sticky-address' requires 'keep state'"); @@ -6041,7 +6134,8 @@ expand_eth_rule(struct pfctl_eth_rule *r, void expand_rule(struct pfctl_rule *r, - struct node_if *interfaces, struct node_host *rpool_hosts, + struct node_if *interfaces, struct node_host *rdr_hosts, + struct node_host *nat_hosts, struct node_proto *protos, struct node_os *src_oses, struct node_host *src_hosts, struct node_port *src_ports, struct node_host *dst_hosts, struct node_port *dst_ports, @@ -6186,8 +6280,8 @@ expand_rule(struct pfctl_rule *r, r->os_fingerprint = PF_OSFP_ANY; } - TAILQ_INIT(&r->rpool.list); - for (h = rpool_hosts; h != NULL; h = h->next) { + TAILQ_INIT(&r->rdr.list); + for (h = rdr_hosts; h != NULL; h = h->next) { pa = calloc(1, sizeof(struct pf_pooladdr)); if (pa == NULL) err(1, "expand_rule: calloc"); @@ -6201,6 +6295,24 @@ expand_rule(struct pfctl_rule *r, pa->ifname[0] = 0; TAILQ_INSERT_TAIL(&r->rpool.list, pa, entries); } + TAILQ_INIT(&r->nat.list); + for (h = nat_hosts; h != NULL; h = h->next) { + pa = calloc(1, sizeof(struct pf_pooladdr)); + if (pa == NULL) + err(1, "expand_rule: calloc"); + pa->addr = h->addr; + if (h->ifname != NULL) { + if (strlcpy(pa->ifname, h->ifname, + sizeof(pa->ifname)) >= + sizeof(pa->ifname)) + errx(1, "expand_rule: strlcpy"); + } else + pa->ifname[0] = 0; + TAILQ_INSERT_TAIL(&r->nat.list, pa, entries); + } + + r->nat.proxy_port[0] = PF_NAT_PROXY_PORT_LOW; + r->nat.proxy_port[1] = PF_NAT_PROXY_PORT_HIGH; if (rule_consistent(r, anchor_call[0]) < 0 || error) yyerror("skipping rule due to errors"); @@ -6231,7 +6343,8 @@ expand_rule(struct pfctl_rule *r, FREE_LIST(struct node_uid, uids); FREE_LIST(struct node_gid, gids); FREE_LIST(struct node_icmp, icmp_types); - FREE_LIST(struct node_host, rpool_hosts); + FREE_LIST(struct node_host, rdr_hosts); + FREE_LIST(struct node_host, nat_hosts); if (!added) yyerror("rule expands to no valid combination"); @@ -6305,6 +6418,7 @@ lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { + { "af-to", AFTO}, { "all", ALL}, { "allow-opts", ALLOWOPTS}, { "altq", ALTQ}, diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c index 96da1e109fa8..e6495dfa4ca6 100644 --- a/sbin/pfctl/pf_print_state.c +++ b/sbin/pfctl/pf_print_state.c @@ -243,6 +243,8 @@ print_state(struct pfctl_state *s, int opts) int min, sec; sa_family_t af; uint8_t proto; + int afto = (s->key[PF_SK_STACK].af != s->key[PF_SK_WIRE].af); + int idx; #ifndef __NO_STRICT_ALIGNMENT struct pfctl_state_key aligned_key[2]; @@ -276,22 +278,26 @@ print_state(struct pfctl_state *s, int opts) else printf("%u ", proto); - print_host(&nk->addr[1], nk->port[1], af, opts); - if (PF_ANEQ(&nk->addr[1], &sk->addr[1], af) || + print_host(&nk->addr[1], nk->port[1], nk->af, opts); + if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) || nk->port[1] != sk->port[1]) { + idx = afto ? 0 : 1; printf(" ("); - print_host(&sk->addr[1], sk->port[1], af, opts); + print_host(&sk->addr[idx], sk->port[idx], sk->af, + opts); printf(")"); } - if (s->direction == PF_OUT) + if (s->direction == PF_OUT || (afto && s->direction == PF_IN)) printf(" -> "); else printf(" <- "); - print_host(&nk->addr[0], nk->port[0], af, opts); - if (PF_ANEQ(&nk->addr[0], &sk->addr[0], af) || + print_host(&nk->addr[0], nk->port[0], nk->af, opts); + if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) || nk->port[0] != sk->port[0]) { + idx = afto ? 1 : 0; printf(" ("); - print_host(&sk->addr[0], sk->port[0], af, opts); + print_host(&sk->addr[idx], sk->port[idx], sk->af, + opts); printf(")"); } diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 4d77c7937a74..09d6774b324f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -93,7 +93,7 @@ int pfctl_load_hostid(struct pfctl *, u_int32_t); int pfctl_load_reassembly(struct pfctl *, u_int32_t); int pfctl_load_syncookies(struct pfctl *, u_int8_t); int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, - char *); + char *, int); void pfctl_print_eth_rule_counters(struct pfctl_eth_rule *, int); void pfctl_print_rule_counters(struct pfctl_rule *, int); int pfctl_show_eth_rules(int, char *, int, enum pfctl_show, char *, int, int); @@ -956,7 +956,7 @@ pfctl_id_kill_states(int dev, const char *iface, int opts) int pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr, - u_int32_t ticket, int r_action, char *anchorname) + u_int32_t ticket, int r_action, char *anchorname, int which) { struct pfioc_pooladdr pp; struct pf_pooladdr *pa; @@ -964,14 +964,14 @@ pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr, int ret; memset(&pp, 0, sizeof(pp)); - if ((ret = pfctl_get_addrs(pfh, ticket, nr, r_action, anchorname, &mpnr)) != 0) { + if ((ret = pfctl_get_addrs(pfh, ticket, nr, r_action, anchorname, &mpnr, which)) != 0) { warnc(ret, "DIOCGETADDRS"); return (-1); } TAILQ_INIT(&pool->list); for (pnr = 0; pnr < mpnr; ++pnr) { - if ((ret = pfctl_get_addr(pfh, ticket, nr, r_action, anchorname, pnr, &pp)) != 0) { + if ((ret = pfctl_get_addr(pfh, ticket, nr, r_action, anchorname, pnr, &pp, which)) != 0) { warnc(ret, "DIOCGETADDR"); return (-1); } @@ -1303,7 +1303,11 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, } if (pfctl_get_pool(dev, &rule.rpool, - nr, ri.ticket, PF_SCRUB, path) != 0) + nr, ri.ticket, PF_SCRUB, path, PF_RDR) != 0) + goto error; + + if (pfctl_get_pool(dev, &rule.nat, + nr, ri.ticket, PF_SCRUB, path, PF_NAT) != 0) goto error; switch (format) { @@ -1334,7 +1338,11 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, } if (pfctl_get_pool(dev, &rule.rpool, - nr, ri.ticket, PF_PASS, path) != 0) + nr, ri.ticket, PF_PASS, path, PF_RDR) != 0) + goto error; + + if (pfctl_get_pool(dev, &rule.nat, + nr, ri.ticket, PF_PASS, path, PF_NAT) != 0) goto error; switch (format) { @@ -1491,7 +1499,10 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth, return (-1); } if (pfctl_get_pool(dev, &rule.rpool, nr, - ri.ticket, nattype[i], path) != 0) + ri.ticket, nattype[i], path, PF_RDR) != 0) + return (-1); + if (pfctl_get_pool(dev, &rule.nat, nr, + ri.ticket, nattype[i], path, PF_NAT) != 0) return (-1); if (dotitle) { @@ -1692,11 +1703,6 @@ pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af, int which struct pf_pooladdr *pa; int ret; - if ((pf->opts & PF_OPT_NOACTION) == 0) { - if ((ret = pfctl_begin_addrs(pf->h, &pf->paddr.ticket)) != 0) - errc(1, ret, "DIOCBEGINADDRS"); - } - pf->paddr.af = af; TAILQ_FOREACH(pa, &p->list, entries) { memcpy(&pf->paddr.addr, pa, sizeof(struct pf_pooladdr)); @@ -2045,8 +2051,16 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) was_present = false; if ((pf->opts & PF_OPT_NOACTION) == 0) { + if ((pf->opts & PF_OPT_NOACTION) == 0) { + if ((error = pfctl_begin_addrs(pf->h, + &pf->paddr.ticket)) != 0) + errc(1, error, "DIOCBEGINADDRS"); + } + if (pfctl_add_pool(pf, &r->rpool, r->af, PF_RDR)) return (1); + if (pfctl_add_pool(pf, &r->nat, r->naf ? r->naf : r->af, PF_NAT)) + return (1); error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket, pf->paddr.ticket); switch (error) { diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index d6d04ba2a7de..7cbca9a75af2 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -665,7 +665,7 @@ print_src_node(struct pfctl_src_node *sn, int opts) print_addr(&aw, sn->af, opts & PF_OPT_VERBOSE2); printf(" -> "); aw.v.a.addr = sn->raddr; - print_addr(&aw, sn->af, opts & PF_OPT_VERBOSE2); + print_addr(&aw, sn->naf ? sn->naf : sn->af, opts & PF_OPT_VERBOSE2); printf(" ( states %u, connections %u, rate %u.%u/%us )\n", sn->states, sn->conn, sn->conn_rate.count / 1000, (sn->conn_rate.count % 1000) / 100, sn->conn_rate.seconds); @@ -1237,8 +1237,21 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer } #endif } - if (!anchor_call[0] && (r->action == PF_NAT || - r->action == PF_BINAT || r->action == PF_RDR)) { + if (!anchor_call[0] && ! TAILQ_EMPTY(&r->nat.list) && + r->naf != r->af) { + printf(" af-to %s from ", r->naf == AF_INET ? "inet" : "inet6"); + print_pool(&r->nat, r->nat.proxy_port[0], r->nat.proxy_port[1], + r->naf ? r->naf : r->af, PF_NAT); + if (r->rdr.cur != NULL && !TAILQ_EMPTY(&r->rdr.list)) { + printf(" to "); + print_pool(&r->rdr, r->rdr.proxy_port[0], + r->rdr.proxy_port[1], r->naf ? r->naf : r->af, + PF_RDR); + } + } + if (!anchor_call[0] && + (r->action == PF_NAT || r->action == PF_BINAT || + r->action == PF_RDR)) { printf(" -> "); print_pool(&r->rpool, r->rpool.proxy_port[0], r->rpool.proxy_port[1], r->af, r->action); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 094bc38c4a1b..e0ac9561f463 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -901,6 +901,7 @@ struct pf_ksrc_node { u_int32_t creation; u_int32_t expire; sa_family_t af; + sa_family_t naf; u_int8_t ruletype; struct mtx *lock; }; diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 3af27e11d27f..79d6c380e31e 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -1796,6 +1796,7 @@ pf_handle_get_srcnodes(struct nlmsghdr *hdr, struct nl_pstate *npt) nlattr_add_u32(nw, PF_SN_STATES, n->states); nlattr_add_u32(nw, PF_SN_CONNECTIONS, n->conn); nlattr_add_u8(nw, PF_SN_AF, n->af); + nlattr_add_u8(nw, PF_SN_NAF, n->naf); nlattr_add_u8(nw, PF_SN_RULE_TYPE, n->ruletype); nlattr_add_u64(nw, PF_SN_CREATION, secs - n->creation); diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index 3af931978860..0f534bd623c4 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -419,6 +419,7 @@ enum pf_srcnodes_types_t { PF_SN_CREATION = 12, /* u64 */ PF_SN_EXPIRE = 13, /* u64 */ PF_SN_CONNECTION_RATE = 14, /* nested, pf_threshold */ + PF_SN_NAF = 15, /* u8 */ }; #ifdef _KERNEL From nobody Tue Dec 17 10:07:49 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDQ2SGMz5h0cr; Tue, 17 Dec 2024 10:07:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDP732Zz49jd; Tue, 17 Dec 2024 10:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430070; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t8pvp2MdNO99610ORCtYXzZcW17QEXJRNMtEEQah3kA=; b=CBFe931x2Dkdv+bKvGdU8EETOCkT4om8x8CYYKWHErudycvzIH8v473ojqcGzraTyREMjT xiz/XuxqPq1vrY1a/XJ9tafTIT3YGYMggMn80aIm2H33v8AGQqzt9xLXt2elYKXfAiMAH7 P0d9pd9V6IWk5fkAobzKn3Q2rymreyRzAo8oLQgsiJSsfJfJqVlDKRDuhay0z9fgEayLTi Qc6dKvsSG4V3dZaQkX58GSzKsDPR/oflpOevjgC95HvhZAsBPmisgam/h+PNz11V3uUhiK JppBGc5AwS/vMDri7nXGBIPYGk/fE94+CiNBliGtazw5S78IH9PJJBY+iMUeEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430070; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t8pvp2MdNO99610ORCtYXzZcW17QEXJRNMtEEQah3kA=; b=mwca1+SnLNRTLM6jEzJTX5RBRyLYRTWbTiZEHuW4emgY45NU/kenrLbD/3roiiMrvQz7IG 2BI+bTlSbEAZ6JLAMxCmfufSGd7vEbRaohrkJtjW5KiBrp/2jLanCbbhGs/KKSCn5K8yY6 SmAvit0oCPi6rcWGQUXMfCsPqRfKmkl9dRjirnlN+MlJkBa/vZACj05gV31nnUQ1ruGqHq vluPssaCBImyI4MlwOyXyytUNtXksfJSTWWEDKSe2AcKG3naSlxQCq22wbCIiIB6XmP+sT xvOcbOirVCLurUG/V0RuusbfCp2OLhlsd21STdxmvLphzXHbA7OoPDsqGazngg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430070; a=rsa-sha256; cv=none; b=EGg8SaMDgq7kawspEAeHOJ8Gvh4sQdg3Z7KjlDvjqIcYLaBUnL1aBLHZ3ImY8+ma5I4aDt Xa81t/W0gcHnwrOIen2cIWEnMmYvQiFb5IbI2AlOdek4Sqidl6Uz4GbmP35S6kM0ji347f sYouZw1m0BX+9HM1RvB4XFqIH1Ng22mRWgFzPe/c8u3LD4H0HQeYFInxNVIQo6/WMFXwRn ovI57BcTRM+wFa08QA0USVFqbxCYjbVmWOSjs+iVoiQDtkYLBm+6hG4Hs8ZECUjCKhoTN4 0A2kWPbrdmaq10fyhNo0v8LP9UHQvPsV5xzwVmkOn/USuqJVGS0eyQCUGkvJIg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDP6fMFzJ1r; Tue, 17 Dec 2024 10:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7njA023707; Tue, 17 Dec 2024 10:07:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7ntO023704; Tue, 17 Dec 2024 10:07:49 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:49 GMT Message-Id: <202412171007.4BHA7ntO023704@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: eaf484fdb70d - main - pf.conf.5: document af-to (aka nat64) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: eaf484fdb70dda8312cf91ad3bf800868dd0e018 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=eaf484fdb70dda8312cf91ad3bf800868dd0e018 commit eaf484fdb70dda8312cf91ad3bf800868dd0e018 Author: Kristof Provost AuthorDate: 2024-12-06 13:51:59 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pf.conf.5: document af-to (aka nat64) the patch was started by todd about a year ago and have been finally finished by phessler and myself today; discussed with and tweaks from jmc, ok sthen, henning Obtained from: OpenBSD, mikeb , 4d5e14dff3 Sponsored by: Rubicon Communications, LLC ("Netgate") --- share/man/man5/pf.conf.5 | 73 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 2 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index e461d9ac63b6..2bedceed6fe7 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 2, 2024 +.Dd December 6, 2024 .Dt PF.CONF 5 .Os .Sh NAME @@ -1361,6 +1361,56 @@ and correctly direct return traffic for that connection. .Pp Various types of translation are possible with pf: .Bl -tag -width xxxx +.It Ar af-to +Translation between different address families (NAT64) is handled +using +.Ar af-to +rules. +Because address family translation overrides the routing table, it's +only possible to use +.Ar af-to +on inbound rules, and a source address of the resulting translation +must always be specified. +.Pp +The optional second argument is the host or subnet the original +addresses are translated into for the destination. +The lowest bits of the original destination address form the host +part of the new destination address according to the specified subnet. +It is possible to embed a complete IPv4 address into an IPv6 address +using a network prefix of /96 or smaller. +.Pp +When a destination address is not specified it is assumed that the host +part is 32-bit long. +For IPv6 to IPv4 translation this would mean using only the lower 32 +bits of the original IPv6 destination address. +For IPv4 to IPv6 translation the destination subnet defaults to the +subnet of the new IPv6 source address with a prefix length of /96. +See RFC 6052 Section 2.2 for details on how the prefix determines the +destination address encoding. +.Pp +For example, the following rules are identical: +.Bd -literal -offset indent +pass in inet af-to inet6 from 2001:db8::1 to 2001:db8::/96 +pass in inet af-to inet6 from 2001:db8::1 +.Ed +.Pp +In the above example the matching IPv4 packets will be modified to +have a source address of 2001:db8::1 and a destination address will +get prefixed with 2001:db8::/96, e.g. 198.51.100.100 will be +translated to 2001:db8::c633:6464. +.Pp +In the reverse case the following rules are identical: +.Bd -literal -offset indent +pass in inet6 af-to inet from 198.51.100.1 to 0.0.0.0/0 +pass in inet6 af-to inet from 198.51.100.1 +.Ed +.Pp +The destination IPv4 address is assumed to be embedded inside the +original IPv6 destination address, e.g. 64:ff9b::c633:6464 will be +translated to 198.51.100.100. +.Pp +The current implementation will only extract IPv4 addresses from the +IPv6 addresses with a prefix length of /96 and greater. .It Ar binat A .Ar binat @@ -1968,7 +2018,10 @@ if one flushes the state table. However, states created from such intermediate packets may be missing connection details such as the TCP window scaling factor. States which modify the packet flow, such as those affected by -.Ar nat , binat No or Ar rdr +.Ar af-to, +.Ar nat, +.Ar binat or +.Ar rdr rules, .Ar modulate No or Ar synproxy state options, or scrubbed with @@ -3184,6 +3237,20 @@ rdr on $ext_if inet proto tcp from \*(Ltspammers\*(Gt to port smtp \e block in on $ext_if pass in on $ext_if inet proto tcp tagged SPAMD .Ed +.Pp +In the example below, a router handling both address families +translates an internal IPv4 subnet to IPv6 using the well-known +64:ff9b::/96 prefix: +.Bd -literal -offset 4n +pass in on $v4_if inet af-to inet6 from ($v6_if) to 64:ff9b::/96 +.Ed +.Pp +Paired with the example above, the example below can be used on +another router handling both address families to translate back +to IPv4: +.Bd -literal -offset 4n +pass in on $v6_if inet6 to 64:ff9b::/96 af-to inet from ($v4_if) +.Ed .Sh GRAMMAR Syntax for .Nm @@ -3229,6 +3296,8 @@ etherfilteropt = "tag" string | "tagged" string | "queue" ( string ) | filteropt-list = filteropt-list filteropt | filteropt filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | + "af-to" af "from" ( redirhost | "{" redirhost-list "}" ) + [ "to" ( redirhost | "{" redirhost-list "}" ) ] | ( "no" | "keep" | "modulate" | "synproxy" ) "state" [ "(" state-opts ")" ] | "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | From nobody Tue Dec 17 10:07:50 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDR4yS9z5h0kr; Tue, 17 Dec 2024 10:07:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDR1g0jz49gc; Tue, 17 Dec 2024 10:07:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430071; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ibi8yS/WyXEMZRacRPHBDMj0HNQqtnV5NKOYVduKy/s=; b=Pb3kHhJO06XqSTm/5SfLdd41vS6nrmhVa9s80ObyEhH0RMiXRKQQevfqsRxay9HfFz+8ks mEU3sqTlAxhYKMzOn2+/JbtQP8pfpND6SAwWxdPiUXL5eVcG2gluaK1HjxPULbGyYYvxYj gRorSvKyV/6Cgik+Y62Wzh18e9r4QaOFSAnk76BKYPk008qy1KLJGlfUHwqMHkQU3c27Md AVj+vP7SRVKEXZMIkXZMTBLyumP1YTTBEbI+E8SgRZihYuSyD2069rRXkIrj0TgqzYciZt fojS/dZJC2GCS3g0LxOe+TQU4in238aAr2L2G8+3Xm3qGjd7kRVNQcYsVe1bsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430071; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ibi8yS/WyXEMZRacRPHBDMj0HNQqtnV5NKOYVduKy/s=; b=KZUwQu25ag3CflgikQdW5MsXb+QzxZqViMekQKJ46eQxyv2TDvRckmiw7BfaeV16ZNK//W wRmwI8VMYbkQVgJNi1lElHgOVuxWIuzpJ0U9UquuITzk268xSkOc896JLOruIZwN3QN8kz dNkMQKMszPcBC+u/K2S0wgAB+R0w+55TK+ySZoj5kcklwuIx2VnOq96HtK4zkORFXtNJhE EgObODKKdjuprotOWhJGyiewHndlzPKItpSRX/wMeIc3sKRQgt4901peMsAv2KfO6Vcxgf dcrezYr1cDAnND6xTchHdWcpqXyP5K2twi3xJo+S6TiUBbYhhIOgYLFY0eQgGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430071; a=rsa-sha256; cv=none; b=RJpjmppmu21g5AxYzqyJD77vJg7H95uaO0gYyT7kdPqzhKGfMbd0ctypB/Mn8vgBByr+3S WwOXwPPzDD4liJ+S6JcEFmTMqsp/eQgASCNIMaepSGL9haHHKOaDCY+b/qx4HaXGFUXSbm /3w+HzO9b7ouvJAcSkvxf6ExB0EF/2i5qPePWs4pjL4cFuW6LJFL0M5XiNY8NF4a6OoCH9 C2rMWXdqTkvaC3II0339DLMEkf0/9pt/MUPcrxW2TKhMe0J+62cfj8ZX2esUk0IFxeA225 tqq4uC4YQPDmoESKbpwEiS/c6afP8s/POXim8tAhSmXUshj7Ft7CIVCpGEqqqQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDQ6w22zJXC; Tue, 17 Dec 2024 10:07:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7o7o023758; Tue, 17 Dec 2024 10:07:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7o7q023755; Tue, 17 Dec 2024 10:07:50 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:50 GMT Message-Id: <202412171007.4BHA7o7q023755@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 0656a680567a - main - pf tests: basic nat64 test case List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0656a680567a3c3058d6af1e842f6e8aae301c7e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0656a680567a3c3058d6af1e842f6e8aae301c7e commit 0656a680567a3c3058d6af1e842f6e8aae301c7e Author: Kristof Provost AuthorDate: 2024-10-21 12:09:57 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pf tests: basic nat64 test case Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47791 --- tests/sys/netpfil/pf/Makefile | 1 + tests/sys/netpfil/pf/nat64.sh | 82 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 7e701cb09c50..ec36e93dc634 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -28,6 +28,7 @@ ATF_TESTS_SH+= altq \ modulate \ names \ nat \ + nat64 \ pass_block \ pflog \ pflow \ diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh new file mode 100644 index 000000000000..cdbc3a6edc01 --- /dev/null +++ b/tests/sys/netpfil/pf/nat64.sh @@ -0,0 +1,82 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2024 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "icmp_echo" "cleanup" +icmp_echo_head() +{ + atf_set descr 'ICMP echo NAT64 test' + atf_set require.user root +} + +icmp_echo_body() +{ + pft_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + jexec rtr ifconfig ${epair_link}a 192.0.2.1/24 up + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up + jexec dst route add default 192.0.2.1 + + # Sanity checks + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.1 + + jexec rtr pfctl -e + pft_set_rules rtr \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" + + # One ping + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + + # Make sure packets make it even when state is established + atf_check -s exit:0 \ + -o match:'5 packets transmitted, 5 packets received, 0.0% packet loss' \ + ping6 -c 5 64:ff9b::192.0.2.2 +} + +icmp_echo_cleanup() +{ + pft_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "icmp_echo" +} From nobody Tue Dec 17 10:07:52 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDS3rdrz5h0kt; Tue, 17 Dec 2024 10:07:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDS1Vljz49VR; Tue, 17 Dec 2024 10:07:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430072; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7H0r29FLYMyQA6YGB66zaOr3XH3KkfoK7aapQrB7ZKY=; b=ozp4nXHzFKJTFT0IVNCuORCB3xTtGqYoO4JCVH8ymacBpV0gJS8j+7VpwG1DlWqmnAQAmS 9+fnKgzM/M0gAAqZUFWfo4HLciIfqjKBe0jzUE+phBhkx2jcOZ19VEwpJhgvcCbx0zu6wn ZlIyqjSVtwATp/tv57RbJqT2jbioFTs8qBkRpHtzwpyJKioVnVZuhXDbu/88Z3sIdoaw0H jcpMlOyoceX7JlQz6WTi9z24/sXS8BrL7UH2/9K59Vb4cclOy6vCgNcwNclXIu4U9TLuE4 m5gp6vgq9jRWSYMcAL68ZbYCoWUneBHMZhQv++QXeKjj9BPmnD2C6m2JN3eVSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430072; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7H0r29FLYMyQA6YGB66zaOr3XH3KkfoK7aapQrB7ZKY=; b=AONvw6KTJnjKKAcmWB0ER4xi2DDsk06Chy3IjJSCZgZ4wYFwaLrMrWA9PArtbOXyDvzR7Z 5pMZ6cd3jk35MoHEfnzeGkhC3pR4vCkitrWoMGk4vKTwnydO6Zj9sVACaNT16s2ob7bkXf Y676ZpJfcLkZ6QzRKIBy9EK9Cvs7J4s1GBevAL79tu6fZPzSNt6lDMRuH8B16JVR+bpzc9 bOgu4A2b2KShtTXXb/Y7M5jIQhHxhQYoiVxqOCxGp5Ldqb3Vmxn8rgXhzsukjvw+SnlmO4 L60scwdEJdfnd95JSn9gjahwJxR1xsLBlxkRYoFcwY6q3yiU4ehsRJRmWh054Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430072; a=rsa-sha256; cv=none; b=cQZ7FytQz5lPUVrFx9/HqkdzGzBnt9887p9wtEzQgFmZOkCvrzpFMxR9n93B2hRbaWgVq/ n9gS6lx8GKNNkHesTxahif0HF2BCPN+3GOiN4v88jtXY2fpEW9Wz0Gqoj91kJQHjj6FeRZ Sn71DtVVmUmL4fpuYpL8Q6XRSLllksRy00TKQZr/JWgSksoQIVNimdv8TrT2TcAaCW5Xh3 6HuF3UkQRii49pxHry43dVQNnWZwVRiicPvQfaCT+3iaZ0swIwUecbzz6f+2uE9WZb3keI RCMYbLRqVFjUmyE4Gv7k3NC2OwUF8VUP3QtP/fmD7OTuzqXrevOLZhXirsX20g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDS17J1zJVF; Tue, 17 Dec 2024 10:07:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7qFu023824; Tue, 17 Dec 2024 10:07:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7qYb023821; Tue, 17 Dec 2024 10:07:52 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:52 GMT Message-Id: <202412171007.4BHA7qYb023821@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 22c634905bd4 - main - pf tests: add a TCP test case for nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 22c634905bd4e26e76ad5fc36b1785003523aeb1 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=22c634905bd4e26e76ad5fc36b1785003523aeb1 commit 22c634905bd4e26e76ad5fc36b1785003523aeb1 Author: Kristof Provost AuthorDate: 2024-10-28 16:51:50 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pf tests: add a TCP test case for nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47792 --- tests/sys/netpfil/pf/nat64.sh | 52 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index cdbc3a6edc01..4c365be0d309 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -26,14 +26,7 @@ . $(atf_get_srcdir)/utils.subr -atf_test_case "icmp_echo" "cleanup" -icmp_echo_head() -{ - atf_set descr 'ICMP echo NAT64 test' - atf_set require.user root -} - -icmp_echo_body() +nat64_setup() { pft_init @@ -60,6 +53,18 @@ icmp_echo_body() jexec rtr pfctl -e pft_set_rules rtr \ "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" +} + +atf_test_case "icmp_echo" "cleanup" +icmp_echo_head() +{ + atf_set descr 'Basic NAT64 ICMP echo test' + atf_set require.user root +} + +icmp_echo_body() +{ + nat64_setup # One ping atf_check -s exit:0 -o ignore \ @@ -76,7 +81,38 @@ icmp_echo_cleanup() pft_cleanup } +atf_test_case "tcp" "cleanup" +tcp_head() +{ + atf_set descr 'TCP NAT64 test' + atf_set require.user root +} + +tcp_body() +{ + nat64_setup + + echo "foo" | jexec dst nc -l 1234 & + + # Sanity check & delay for nc startup + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + + rcv=$(nc -w 3 -6 64:ff9b::c000:202 1234) + if [ "${rcv}" != "foo" ]; + then + echo "rcv=${rcv}" + atf_fail "Failed to connect to TCP server" + fi +} + +tcp_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" + atf_add_test_case "tcp" } From nobody Tue Dec 17 10:07:53 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDT2v9Fz5h0Yh; Tue, 17 Dec 2024 10:07:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDT1y9zz49kZ; Tue, 17 Dec 2024 10:07:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jlJoQ+elTRS+ZbCVVSGZ7077IcN0OW2rqSfSC8YsuVs=; b=qzk3Dl2gnvHpu6r/4HLLX9Dcjt78hZSU0zU3h0Z9SWJdEW1CYZN5WR96Vi8+25RBXIfB1Y 3tOB4xm7XZNSDn1dgtPhL+FOgOEW1VUyePacU/6E34vmOk39ZBrNAnZfXgixZ2f1lhRhwf l9waD2qLNvjj+LnqNaakEhYpz79Rvznx551n38mMh7VHtRNBL1+SkjStAvGmShbR6feC08 2MaaYgTMPZpqptZWSWVy4/DQHBBiyaQFNHQtIC38O5nDw9nQ1yX9mGe3aeWX097aSSFhPm doDRqw2WsWFBWe8FUYEMxbpD7plZ3JylbufS88xWkj84c15nIby0cW7KVoYJ1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jlJoQ+elTRS+ZbCVVSGZ7077IcN0OW2rqSfSC8YsuVs=; b=ZfsQg5vkrj+k2+JMymUwsYjo+zRcf85s9Z/NZJt2EMUR4gZslmhOu0G4xWMTsoIfF+UP/4 1HMjZ7tClbaSbNzyBip3+12DbXsJEBDzGPISpbCnUs4KZk84d7RHM8EXfMgfq/Jy6yrIv4 GsEPDoYXlN35vTLrBTV7HaQzVgB1RO980Mrst1vTQ7LeZ5dgqAIYyTGIhzuI64O4V7efld HoWJ6aMqoquysktr6X3PGmSroRNGOK6SJfNJZ6k1xroRT1oKKbaWkFq+Ylq6dZWxcuX9Fq DdiHbfwa8u1W7s6y4wv2wBfCQBZTPD7P88dl+a7ORhVvSDcg8oCMfErFC4Rppw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430073; a=rsa-sha256; cv=none; b=JG33Y0c3kYZvzcBAlvBTY9X5fIy1fySGLBnICe4yIJK5QtGX/siFWa12GBemCnI8K+0FDU S43/+S+ZBWdnwdJS5Y3FGmA0eGRuDXaGKyuHckhpNcXd5maP8WrxvrikiHacSkYlY/pgZ/ GD/Nr0CXB5Eng4GJh40ayhLrUE0wY+WG8AUHGBEG2zbDaGszGAO/AFnb08pJq07b872CDV 25/gOjK4V3I8JHwSDxCL0fbwxCS1Lza+eWUKzCdZ88GhK5WHejrsnWChmUxA7m0SVsOGCu 6yjINpIaE1KpctTaf4XEOndzi7nkVX3LadaVAWWcg+gEbH5NRjGpvTJqPE8cvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDT1YfnzJjk; Tue, 17 Dec 2024 10:07:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7rTG023884; Tue, 17 Dec 2024 10:07:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7rFQ023880; Tue, 17 Dec 2024 10:07:53 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:53 GMT Message-Id: <202412171007.4BHA7rFQ023880@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 7e309356b009 - main - pf tests: add a UDP test case for nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7e309356b009e9b7136614150aaa3790334146ba Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7e309356b009e9b7136614150aaa3790334146ba commit 7e309356b009e9b7136614150aaa3790334146ba Author: Kristof Provost AuthorDate: 2024-10-30 13:19:49 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pf tests: add a UDP test case for nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47793 --- tests/sys/netpfil/pf/nat64.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 4c365be0d309..1f87e7a1853b 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -111,8 +111,39 @@ tcp_cleanup() pft_cleanup } +atf_test_case "udp" "cleanup" +udp_head() +{ + atf_set descr 'UDP NAT64 test' + atf_set require.user root +} + +udp_body() +{ + nat64_setup + + echo "foo" | jexec dst nc -u -l 1234 & + + # Sanity check & delay for nc startup + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + + rcv=$(echo bar | nc -w 3 -6 -u 64:ff9b::c000:202 1234) + if [ "${rcv}" != "foo" ]; + then + echo "rcv=${rcv}" + atf_fail "Failed to connect to UDP server" + fi +} + +udp_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" atf_add_test_case "tcp" + atf_add_test_case "udp" } From nobody Tue Dec 17 10:07:54 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDV57jgz5h0nP; Tue, 17 Dec 2024 10:07:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDV3Fvmz49Y9; Tue, 17 Dec 2024 10:07:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OdzSmr7b2cavrCOwJbCfVE4KU/E7A1zQQXfpV9xPQic=; b=v3Q/vzn3jocUFOsS9gVfLSX9wZdwXbjQyTkPhNraOr/gLu+8Xu7q/tt44WHRECkc/skM21 AJTmi/zu7Bk7ySq3Y8RKqS4toC9hJCLKdzYKxZmNTfOapmaFquDPhcMWDb4cSRn941EkVM Zxd/IvG9VGRRgrOGlPX5HR30TX+BiA6wpytgdyiVWeDep/76VsEssfsWLOYeFFwaL5vBZo rVlqpCwVPCZSlUtMW0le75Nr/zEVNDMz/hYaL1AwsVtn0NXM0ZhsTHLwA6CFsaGxUszaZC N5IikkM7fVoTlcE4gvHZMl7gZBs8zMUAJjqLbYaL5d9hxCTpfifrH57XQnmvMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OdzSmr7b2cavrCOwJbCfVE4KU/E7A1zQQXfpV9xPQic=; b=cZ8XFTnpYKwHpa46ncVukOJDmvHsTVVN2w7iuQx7IlrIGJq9p8q8A0MMlgHcWqaUID1XW7 gzJaAez72jE4LZj6uAD8CO0z7SK/I6jByxkji6COhLjQICKHu6sVTyj7tT9TwOX/XqNdSi AZhi3Ty/zLi+/SfXF1x9r0aAWJD200/U2ZWaytsfqUBjN0gfkSPcudTUChjxibo80ILxdu F1jtrSX69MWSBhetPfQcq7Rgpkjawd/DUfhfBLvm/M59B4RkDPmKx4Mdng4Uyz40hxkghT 0Vh0JjM3RuTmvHd9K1egFRVSoLzc2KSBnvnPdrCSmDmuiV45wdc4PpZb5Xlx6g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430074; a=rsa-sha256; cv=none; b=RqFkfbkgwn9TR+sUf8hHbw05iAqfQVgzv6auXeEeCFVOpBnHPh4MBO9FlKhg9wh5RDrDGv ld9jT/szR314wspKPU90RJZLMEMSlR3Yb64wiwesusCsSCiXbyHUg1aThC2EILE4juBodz a98WtFI42qvyfvdq9JrjR3NfR+osh4cz2mtZfQ6XMpkpcNOXmegvC4cWw8Hkhz4ML8spt7 rOieEZgDxgxKxrkNoMsHCJrWy7dcvbLRSnXoCJripzlNmP4Rbzms9SQZI5WjnSPY+4tTUE vQsBIDRGJTdZS0fcEsexx0xv4hgckR4nGjucVzDZYjsQBvPWPglIarmzkDL3jw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDV2t7mzJXD; Tue, 17 Dec 2024 10:07:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7sgn023938; Tue, 17 Dec 2024 10:07:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7sLc023935; Tue, 17 Dec 2024 10:07:54 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:54 GMT Message-Id: <202412171007.4BHA7sLc023935@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: a43589dcbf8b - main - pf tests: add an SCTP test case for nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a43589dcbf8b973f46d251e5841b122f0a3c6244 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a43589dcbf8b973f46d251e5841b122f0a3c6244 commit a43589dcbf8b973f46d251e5841b122f0a3c6244 Author: Kristof Provost AuthorDate: 2024-11-07 08:48:37 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pf tests: add an SCTP test case for nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47794 --- tests/sys/netpfil/pf/nat64.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 1f87e7a1853b..3e04dc6e7bc0 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -141,9 +141,43 @@ udp_cleanup() pft_cleanup } +atf_test_case "sctp" "cleanup" +sctp_head() +{ + atf_set descr 'SCTP NAT64 test' + atf_set require.user root +} + +sctp_body() +{ + nat64_setup + if ! kldstat -q -m sctp; then + atf_skip "This test requires SCTP" + fi + + echo "foo" | jexec dst nc --sctp -N -l 1234 & + + # Sanity check & delay for nc startup + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + + rcv=$(echo bar | nc --sctp -w 3 -6 64:ff9b::c000:202 1234) + if [ "${rcv}" != "foo" ]; + then + echo "rcv=${rcv}" + atf_fail "Failed to connect to SCTP server" + fi +} + +sctp_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" atf_add_test_case "tcp" atf_add_test_case "udp" + atf_add_test_case "sctp" } From nobody Tue Dec 17 10:07:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDW6SS6z5h0d3; Tue, 17 Dec 2024 10:07:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDW4FWSz49hn; Tue, 17 Dec 2024 10:07:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jzyTaO3lJe5Sey9TLN3HrpfvPMANBpSXYjJAA/rqYKs=; b=HhaD4gucjuG6JhOVD5qh9UDb7YfK9+sAXYCfFZ91xi2vvSlTerlrp23rsWIj0zxHWtzrW/ 1sn2nNvEeRO5vCZH7/8ANON5+57SLpCst88utRt3Nton/e/x1m1Ufixs/XVyc86jOWbae1 vZW1TWy7MTvaw4jxWpUOHHFRKEkkNvPC6l046Q+Pu4zYPxJ5ghb3WmRVWM30wV3xfl1moC NdPGAW+3gRAkpCmeDZHKcu8JMmtTHO6W4R4zyzfmHWweHHFkUWtZVhPLIGXzlaJIX0798J +mPz53FsAWLLnR+5ohWNhDLsbC7JddOQTeE1YgL2zSbFZEvQa/pLomJfWVKAuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jzyTaO3lJe5Sey9TLN3HrpfvPMANBpSXYjJAA/rqYKs=; b=npgmLVyIqOSNEEUjzSeKfDpUa8+JtXaD5SRf2AUQSJKilv0UX9pHa21f92ljQq0YXtNkXp JFVw84jYvWcOewMDm0FE8Wf/9O5dCzjML77Rxm2o75pTkmH2Oqz07GWxDzddXPuPqLw37f Q5YzQzu0tfqtUXEhXwFfTix1FoHGUPmr1p0spKfweFmvuiR7oEReF7BaTqhL/zi0cLOSit KGV+PfFXCnJ0ZTVLxzxdhk60m94YSl7q2hkia8mTjX0MJhZ/urmf2lAMieELassBedXp2+ pKwoFJS+hE63R/mNMLjo/0N/ta+ezOVzTKAIBsknzH3WdXf3i+lI0nh9xtPpZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430075; a=rsa-sha256; cv=none; b=kw6cuHKL1D6NXtLfyyL6crGDorer6UfA2zJjGLhBwt0MZAhu6XYi71ct4VFu4WCU9DnZab KkPpL2hQj2wgsa0Ox903LUX2D6MvE8OiNyuvIuzko3anAH0W0c9H7qFaAD38DR2I1MugDM /4Ji9oScbzcXZEHccFCLfoUPcNRbnn6/heWuihUuANL1SRqY3DUdRCPVJH5PYW/qSsov0Y 9WRNY4dz/N+ObzGuWBWFwr+2HvJ6B63xwQFaSeOHxlziEC6diI5tpDrCZ5dJE495BjKVMz vVV9DtHpOy94i9QqRto+2TfXctJGYfZ0KCwzTDs5whpYjJcNnEeLjxdD9acM6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDW3sNFzJS0; Tue, 17 Dec 2024 10:07:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7t7S023980; Tue, 17 Dec 2024 10:07:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7tt9023977; Tue, 17 Dec 2024 10:07:55 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:55 GMT Message-Id: <202412171007.4BHA7tt9023977@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 86bcaedd35f4 - main - pfctl: basic nat64 parser test List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 86bcaedd35f4cd4272b09ef05db19b01f0000d1f Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=86bcaedd35f4cd4272b09ef05db19b01f0000d1f commit 86bcaedd35f4cd4272b09ef05db19b01f0000d1f Author: Kristof Provost AuthorDate: 2024-11-07 17:54:45 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:14 +0000 pfctl: basic nat64 parser test Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47795 --- sbin/pfctl/tests/files/pf1024.in | 1 + sbin/pfctl/tests/files/pf1024.ok | 1 + sbin/pfctl/tests/pfctl_test_list.inc | 1 + 3 files changed, 3 insertions(+) diff --git a/sbin/pfctl/tests/files/pf1024.in b/sbin/pfctl/tests/files/pf1024.in new file mode 100644 index 000000000000..be518bb3bd53 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1024.in @@ -0,0 +1 @@ +pass in inet af-to inet6 from 2001:db8::1 diff --git a/sbin/pfctl/tests/files/pf1024.ok b/sbin/pfctl/tests/files/pf1024.ok new file mode 100644 index 000000000000..2d4ddb9d0ce7 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1024.ok @@ -0,0 +1 @@ +pass in inet all flags S/SA keep state af-to inet6 from 2001:db8::1 diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc index 413599252f64..62bb87e680d8 100644 --- a/sbin/pfctl/tests/pfctl_test_list.inc +++ b/sbin/pfctl/tests/pfctl_test_list.inc @@ -132,3 +132,4 @@ PFCTL_TEST(1020, "Test hashmark and semicolon comment") PFCTL_TEST(1021, "Endpoint-independent") PFCTL_TEST(1022, "Test received-on") PFCTL_TEST(1023, "Test match log(matches)") +PFCTL_TEST(1024, "nat64") From nobody Tue Dec 17 10:07:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDX6mqNz5h0t4; Tue, 17 Dec 2024 10:07:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDX4b26z49l5; Tue, 17 Dec 2024 10:07:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KnqWwDlPnmePGMgHM6HfUZBzaS5ZG0yxnxDF31iGZZ4=; b=UeXLTeOunZcKEhjWqpSiiCGwJ8aDDnqNrYPcp4BHMWwmdPVrt1pdRIPLGnrA17D3EcBCoV SUCiJEIjhcXEPS/BKpmqJyp7lVQ1mN84uJFzJ8bBEGNxkkz5e0uEdRhqlQj20pmaDJMFKX hxZItgmIM8TdnyutITIT+0VRbc9oCJ4jUIFSZL1mRNL/dexjrBWenX/OCiBN1RDwSBkLl7 uInmyo3bO0/0GKy012+rC22YaSG0bGxNQxP+UlCKd4fgFtk1jjV0Dw+9olues2oGGijuA2 LfwpDNGC4M+PpU/oUsKhdJefcP1bfIcBSMqr/46gu0FnJ2RCxGBQWSV0xGJ1Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KnqWwDlPnmePGMgHM6HfUZBzaS5ZG0yxnxDF31iGZZ4=; b=WnM055famU2VnZrnBoGz3EUOl7+ctmBmu/zBfGqg8AeM8yabsBavidRHelFF3vKAvVsvSu HYGSIlXSZuc/DSwPnApTIQ6+8g6DBKWQ8C91P/yRppPgOen6qRNkNowO+RXRl2eotP+aH2 8OFY023yy342/Nm0LCb3dtqWiFwj7bAGDgJ4tB1oyaljdgNUuho1iyf1kYzyOrDvJQEFy7 TTvI2IAuG8zv+EzDhVjz392fSN5CUX7GGlAi/z1GMMV+NGbnpRZ1mjybsvm0tNRKrt2HKV +YBq8VNo3LYEhRsQWzrHHLY60293znlNzH2E2dh5otom0jpw8snGv52HB61EEQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430076; a=rsa-sha256; cv=none; b=HDgrg2Zqaz2skEA5E0n08CBSnqxGFpSIoxhefN2ITF3RiaBTW2zJq/xsuxamxdbc8ooBVN F7vJkASI64BWbbiUSqWpCSZO2vN3YhZ4OtGRd0w8za9HBiyd0s88ZQU92TO7H195WbbC5t k/J+b4CxLQgdDb+/XTvdR+BOBuWgWUXFFEbo/sNo6dLRA/LYNgz9kcLoWN/4oiigfpCcOp Z8q0F25NgixoRJo8/dft4FoeCxYT0McNQbQIzBBtIJ3FaXAVlEyjePK18rQMytsNnKHorB MI6bqcviHh1mlOtyVNp+QH0L4CyEEpD7W+tpJhrGtXanM9gIW047zZkFuxEnLw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDX496lzJS1; Tue, 17 Dec 2024 10:07:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7u5l024045; Tue, 17 Dec 2024 10:07:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7u4d024042; Tue, 17 Dec 2024 10:07:56 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:56 GMT Message-Id: <202412171007.4BHA7u4d024042@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: a4e040329525 - main - pf tests: verify that TCP RST makes it through NAT64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a4e0403295254fd72e8e867aceb03805fa7957af Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a4e0403295254fd72e8e867aceb03805fa7957af commit a4e0403295254fd72e8e867aceb03805fa7957af Author: Kristof Provost AuthorDate: 2024-11-08 14:45:57 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:15 +0000 pf tests: verify that TCP RST makes it through NAT64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47796 --- tests/sys/netpfil/pf/Makefile | 1 + tests/sys/netpfil/pf/nat64.py | 84 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index ec36e93dc634..2edd8e7d2026 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -55,6 +55,7 @@ ATF_TESTS_SH+= altq \ ATF_TESTS_PYTEST+= frag6.py ATF_TESTS_PYTEST+= icmp.py +ATF_TESTS_PYTEST+= nat64.py ATF_TESTS_PYTEST+= nat66.py ATF_TESTS_PYTEST+= sctp.py diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py new file mode 100644 index 000000000000..0053a2401872 --- /dev/null +++ b/tests/sys/netpfil/pf/nat64.py @@ -0,0 +1,84 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2024 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import pytest +from atf_python.sys.net.tools import ToolsHelper +from atf_python.sys.net.vnet import VnetTestTemplate + +class TestNAT64(VnetTestTemplate): + REQUIRED_MODULES = [ "pf" ] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1", "if2"]}, + "vnet3": {"ifaces": ["if2"]}, + "if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]}, + "if2": {"prefixes4": [("192.0.2.1/24", "192.0.2.2/24")]}, + } + + def vnet3_handler(self, vnet): + ToolsHelper.print_output("echo foo | nc -l 1234") + + def vnet2_handler(self, vnet): + ifname = vnet.iface_alias_map["if1"].name + + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.pf_rules([ + "pass inet6 proto icmp6", + "pass in on %s inet6 af-to inet from 192.0.2.1" % ifname]) + + @pytest.mark.require_user("root") + def test_tcp_rst(self): + ToolsHelper.print_output("/sbin/route -6 add default 2001:db8::1") + + import scapy.all as sp + + # Send a SYN + packet = sp.IPv6(dst="64:ff9b::192.0.2.2") \ + / sp.TCP(dport=1222, flags="S") + + # Get a reply + reply = sp.sr1(packet) + + # We expect to get a RST here. + tcp = reply.getlayer(sp.TCP) + assert tcp + assert "R" in tcp.flags + + # Now try to SYN to an open port + packet = sp.IPv6(dst="64:ff9b::192.0.2.2") \ + / sp.TCP(dport=1234, flags="S") + reply = sp.sr1(packet) + + tcp = reply.getlayer(sp.TCP) + assert tcp + + # We don't get RST + assert "R" not in tcp.flags + + # We do get SYN|ACK + assert "S" in tcp.flags + assert "A" in tcp.flags + From nobody Tue Dec 17 10:07:57 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDZ2cvkz5h0dB; Tue, 17 Dec 2024 10:07:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDY6qsMz49vG; Tue, 17 Dec 2024 10:07:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T9jwEiL2lxhVlhF7/U78PCtIEL+6X9emXr+gBky6y70=; b=jtEleUkmsbw80gMv4C+o/0X9V9w/2qbsUP5t75XnqzwYISYVNjRT6cc400C+F8pfgCMipd QyHPuO9KKfmHVmes7m/d3BdDPcoViO5vEllShxipp4tUth/ROfVFOr8KcSTkQb2EAJ+F99 DOZCVRVNfHpYEEQOetTR5RDFLlKrinfhh5YBr1xQ0wAgpXUnPdbn8FZntHOwP0tG9DnGnB zNZWhjxjQxzAce49uXhDI9Fy1G9Xl/D7b7DzpAoZYfwaQ9iFG7kOJH/wjspkEk7TSIdTNK QwHaurQ8rUJwVbxynP0i3NMxQGAOHbiVRX7eytAfNMkk4wmAKn1huRPr5qD20w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T9jwEiL2lxhVlhF7/U78PCtIEL+6X9emXr+gBky6y70=; b=Owvtl6x7CYJyU7O80x+Jo3QLcEgLS6IJBwxQGQTg3B7JyzRCCLO8FdIjmoON2P4jN9ldbY yQCXtw0YRFatL3ElNULYaR50VtiU2rUxOqfZNS2Q/OULdLu1bn7evK73iKEXmzTAYPDoBo RRhuQGP8Iqx9EG/D/xoc8CeOTEUAKbYKMzWLsnTD9lpOWTvfBfF5uP7zIAXJ3LhvSNg9gQ ecGVzuiCaGeKpCq96KnQIZftoyXpWkZyX1Yq04N2lwbBOQgBVP85JB1uXpKkuod2tKYEVb EKvHD1O0sH/uk1lZZkW2g0895jNnHZlS9onC7G71W+h3dXAhYY46jBYOR3u+GA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430078; a=rsa-sha256; cv=none; b=Dy7cwqgLiFNy8i+Q7LY2fp6rJsTQXJ0D7acK7EMY03MHlcZbVeUrQll48Hq9t0jOc4edLX dM7Eu2mqvueOaF3A4Ua/FbfZkcKetEiQMtF7A3i4ozj7LKYsRO3+5h0Lrh3Kz3cuXK2HPO 5ADKaiqzYG8rYC7jq8okU7RbXT5HYqpAZ+5+k0pDp8VS7x4XOttZTq+OEkKik74TU+P00n HNQiR+J+T9Ds39Y/tAVTSEdla/jg9Ak9Z0msuv2vSSB0BzYeVz662PAXsJjKqpIuO+c2Ln tfxMf7A0s+vgNFLTbiRXHYNyItE9sG+WFYZsxsqFWNkCbt1qacVK8fx+p9MJVg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDY5WrDzJv1; Tue, 17 Dec 2024 10:07:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7vq3024107; Tue, 17 Dec 2024 10:07:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7vAJ024104; Tue, 17 Dec 2024 10:07:57 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:57 GMT Message-Id: <202412171007.4BHA7vAJ024104@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: bc66cb3bfa9b - main - pf tests: verify that ICMP port unreachable makes it through NAT64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bc66cb3bfa9be8a99805a3109c72420c22e72f3b Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=bc66cb3bfa9be8a99805a3109c72420c22e72f3b commit bc66cb3bfa9be8a99805a3109c72420c22e72f3b Author: Kristof Provost AuthorDate: 2024-11-08 16:34:56 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:15 +0000 pf tests: verify that ICMP port unreachable makes it through NAT64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47797 --- tests/sys/netpfil/pf/nat64.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py index 0053a2401872..a3bd6048028e 100644 --- a/tests/sys/netpfil/pf/nat64.py +++ b/tests/sys/netpfil/pf/nat64.py @@ -39,7 +39,7 @@ class TestNAT64(VnetTestTemplate): } def vnet3_handler(self, vnet): - ToolsHelper.print_output("echo foo | nc -l 1234") + ToolsHelper.print_output("echo foo | nc -l 1234 &") def vnet2_handler(self, vnet): ifname = vnet.iface_alias_map["if1"].name @@ -82,3 +82,23 @@ class TestNAT64(VnetTestTemplate): assert "S" in tcp.flags assert "A" in tcp.flags + @pytest.mark.require_user("root") + def test_udp_port_closed(self): + ToolsHelper.print_output("/sbin/route -6 add default 2001:db8::1") + + import scapy.all as sp + + packet = sp.IPv6(dst="64:ff9b::192.0.2.2") \ + / sp.UDP(dport=1222) / sp.Raw("bar") + reply = sp.sr1(packet, timeout=3) + print(reply.show()) + + # We expect an ICMPv6 error, not a UDP reply + assert not reply.getlayer(sp.UDP) + icmp = reply.getlayer(sp.ICMPv6DestUnreach) + assert icmp + assert icmp.type == 1 + assert icmp.code == 4 + udp = reply.getlayer(sp.UDPerror) + assert udp + assert udp.dport == 1222 From nobody Tue Dec 17 10:07:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDb3BxNz5h0j4; Tue, 17 Dec 2024 10:07:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDb0GxGz49s4; Tue, 17 Dec 2024 10:07:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430079; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZCBz02m7iEgxjR9dWT/Dot7vRLOZiYaNUJoEYweVQ4Q=; b=EDQOR1Jz1TglR72IWPdGpd4efLlusZHOjWbZHzrlH/hLTABS8oM2h6tJ0ta5jLDMkT+mGG Af/1v7EvJDNRcy7sk1hScmWcJB6yHBYPJmefHo3IvqcO0euMITCmloGe+e+vHTRaVgBC+q nVFg2tWAODgxKw6r1h+BmBsGwLuTanuT2/90bj/ltC7mbJs8pH9W18F+X5880xN43yPzlD oAOEtSXkAqMq6+x41YiOK+rDrBoDMCQXNgXaz5PgsHqHdnyCPR5iLwMLYEz17W05OWe34l 9HNkP+EvmAQgji4UN2Fh/SEJQaNz4AFG7mKzzldcc0xwa1Mb1FU14qGGy0U36A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430079; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZCBz02m7iEgxjR9dWT/Dot7vRLOZiYaNUJoEYweVQ4Q=; b=k+AgHKlyZMoyEHrsqTGXB7wkhatucogD6bYH9ViAm7EpBI080FnW4NMzwuP/uU/p1pgNMz hgC2bmrDWE6yHLFC+1dt9sPGw4TiqmnO4cjJzi7TjTfKdaW3W4vUf1PYbLLEnNomwN8WyF 8DU/0MmQ0jk46fPQ0DhFGFs1P1k+SebXXl5pVE6GPKHRb0+B7TUzXmpUdSyAY/an6pvT9M Ih59hB143sMp46oDdJaNAxzLBM4Q8nM8/xzBvOEc8z1a1eeMhGgc20XlG9dZgfBnHIupCW TIJRE07yKIxt0KyXZX0udBNygb2nayiXT2VVlOjLaliTIFJlQSxQCXyw25Caxg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430079; a=rsa-sha256; cv=none; b=WPR8glQQRyJu2V8Y3ZAQYP/Fn6LnBJBijq4xwMWr1lUhQAZHqNaK3GUFyKnpHaGnBxaBWd ZVjmFjECHvVNg0cD7QbNRueG/6CwMA7PM/aVmdEpBFxRtt2BH7J2TR/KYzwOyHsTjx84ss XUbzkt9yTy0K8okoVT09eBTbzM1FbQrRLQeoLHz8RUE3J/we6LOBc3O89ZHISwkzsAv6GY G+ZwrmpaW8NG8TIK5iXfNUg9tnqFA1fd8yMMVNOWw2LgqrZBcINnxKbAvXldo7EVc9Djgu 0DdmyiUS+1HwvalOZ/6XvGjS+HVmaMoeal4JqF8zue4EA6an5RfIlkdx7c3tWQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDZ6kGWzJ1w; Tue, 17 Dec 2024 10:07:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA7wQs024168; Tue, 17 Dec 2024 10:07:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7wIR024165; Tue, 17 Dec 2024 10:07:58 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:58 GMT Message-Id: <202412171007.4BHA7wIR024165@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 373d6dbf34a8 - main - pf tests: verify that ICMP destination unreachable makes it through NAT64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 373d6dbf34a8c4c506ccaa6ac3f7cc42493d8b48 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=373d6dbf34a8c4c506ccaa6ac3f7cc42493d8b48 commit 373d6dbf34a8c4c506ccaa6ac3f7cc42493d8b48 Author: Kristof Provost AuthorDate: 2024-11-11 16:48:49 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:15 +0000 pf tests: verify that ICMP destination unreachable makes it through NAT64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47798 --- tests/sys/netpfil/pf/nat64.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py index a3bd6048028e..12793662c171 100644 --- a/tests/sys/netpfil/pf/nat64.py +++ b/tests/sys/netpfil/pf/nat64.py @@ -39,11 +39,13 @@ class TestNAT64(VnetTestTemplate): } def vnet3_handler(self, vnet): + ToolsHelper.print_output("/sbin/sysctl net.inet.ip.forwarding=1") ToolsHelper.print_output("echo foo | nc -l 1234 &") def vnet2_handler(self, vnet): ifname = vnet.iface_alias_map["if1"].name + ToolsHelper.print_output("/sbin/route add default 192.0.2.2") ToolsHelper.print_output("/sbin/pfctl -e") ToolsHelper.pf_rules([ "pass inet6 proto icmp6", @@ -102,3 +104,24 @@ class TestNAT64(VnetTestTemplate): udp = reply.getlayer(sp.UDPerror) assert udp assert udp.dport == 1222 + + @pytest.mark.require_user("root") + def test_address_unreachable(self): + ToolsHelper.print_output("/sbin/route -6 add default 2001:db8::1") + + import scapy.all as sp + + packet = sp.IPv6(dst="64:ff9b::198.51.100.3") \ + / sp.UDP(dport=1222) / sp.Raw("bar") + reply = sp.sr1(packet, timeout=3) + print(reply.show()) + + # We expect an ICMPv6 error, not a UDP reply + assert not reply.getlayer(sp.UDP) + icmp = reply.getlayer(sp.ICMPv6DestUnreach) + assert icmp + assert icmp.type == 1 + assert icmp.code == 0 + udp = reply.getlayer(sp.UDPerror) + assert udp + assert udp.dport == 1222 From nobody Tue Dec 17 10:08:01 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDd5Mzgz5h0qm; Tue, 17 Dec 2024 10:08:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDd2nLwz49pl; Tue, 17 Dec 2024 10:08:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430081; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=x2N2cAtJdF1MrQz8EjD0uZHEwxslcOf6iCVTSDv4XcA=; b=ZpA0BRFEHALukvKtynIe5HTwww9nlG4fo5BThiK1IdgW8HgipDY+eZzYVE8XqEWDUYmYof tOcffiMg2jtI8+zOHUKM/EKi4ZXcW8ZGdnoS5mhDM1i/T1+UG3XYeaHiYBBkG3Mogmdyi/ jt9/GtNkgBYUUmVwl04RdhDxlK7u26BaKaYl3pbZ8OzQ4pWI3M4EbOnhvDQCPU7lqrK1sX Fk6hPgju42E9N1D3V9xZHG/YlJlA+UWOIgOMdd99l6G3fbmppdkS2mIoVr1NplPkw6o80/ 8nNofEtU914RpiqMkVwUe/HaaEjuHXNrPUEaHoYWofPsGPP07Cou1ndJNg736g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430081; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=x2N2cAtJdF1MrQz8EjD0uZHEwxslcOf6iCVTSDv4XcA=; b=ldKbjE7EIkBYbwyL8F+AuSRfRCiqmRc9zvTvzv61Yx59/TQIglxefcp2hSZn2qiub9SI44 GamhD0xiDly2S5iVYVWm2px6QrDxZhFH6jJXgbVnER0k9M6gvzbg3xwkrFLVU0d3s0pSng +fS/l7mT9X5KblFRDBuewRlubTqmBVgBKkuOLUxMI7N/JBd23j1v16CFG2AFCszRKpkUps n5a+AOWZ2CxR4sUzZngf4eyzbZLXJaBrbyeBWqog+mWPXyMl7P1k4HLYnBcB9W3f+DtMYy p8JC8WwOVFfqELFbjBjgaKJMi2puxncY1ZpRzfhFYFeO+gVcR7BJvZ+9GcJr5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430081; a=rsa-sha256; cv=none; b=vU0K96b6zr3L8GcdgPfV8MvceV2En97yUSDEOWKrvEVmVqU272KIkFH5CXFpx0oCF4qS8h 7D6hBWJCWMmB+1wLCilcJrz5iHcIBGeeGme0otOVLWdBk1ztb3v3D1fj7qJCSkUb5kOJ40 EsTkNmZUuDfWm2NWUZP5uLDfWbPsQwFwNL8ZQ2lZAjadpX9hJ/MPZ86ubKfYeMIXxz70rx 2BNTCOHoVv1+FMPsPZjqrhE8quql0Etu5B/JljFkzc5Bs/RsZ+u9aYrfbLLsq9tKq/rJ2W Pn7qb9LrM/ZJXMpRrEbW1k2fLR5Q1UtPoblWFRwEH3uJIDQksI/G14po7k7Uyg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDd1l0KzJS2; Tue, 17 Dec 2024 10:08:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA81An024281; Tue, 17 Dec 2024 10:08:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA81l4024278; Tue, 17 Dec 2024 10:08:01 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:01 GMT Message-Id: <202412171008.4BHA81l4024278@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: d7e9df4fc67f - main - pfctl: print_rule: rename opts -> ropts List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d7e9df4fc67f2ffaeafe0f130d67eb0f112a0858 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d7e9df4fc67f2ffaeafe0f130d67eb0f112a0858 commit d7e9df4fc67f2ffaeafe0f130d67eb0f112a0858 Author: Kristof Provost AuthorDate: 2024-11-12 10:58:51 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:15 +0000 pfctl: print_rule: rename opts -> ropts no binary change 1/2 from Lawrence Teo ok sthen dlg myself and gcc Obtained from: OpenBSD, henning , 6992ade79a Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47800 --- sbin/pfctl/pfctl_parser.c | 66 +++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 7cbca9a75af2..741915d41b0d 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -837,7 +837,7 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer static const char *anchortypes[] = { "anchor", "anchor", "anchor", "anchor", "nat-anchor", "nat-anchor", "binat-anchor", "binat-anchor", "rdr-anchor", "rdr-anchor" }; - int i, opts; + int i, ropts; char *p; if (verbose) @@ -1044,72 +1044,72 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer } printf(" probability %s%%", buf); } - opts = 0; + ropts = 0; if (r->max_states || r->max_src_nodes || r->max_src_states) - opts = 1; + ropts = 1; if (r->rule_flag & PFRULE_NOSYNC) - opts = 1; + ropts = 1; if (r->rule_flag & PFRULE_SRCTRACK) - opts = 1; + ropts = 1; if (r->rule_flag & PFRULE_IFBOUND) - opts = 1; + ropts = 1; if (r->rule_flag & PFRULE_STATESLOPPY) - opts = 1; + ropts = 1; if (r->rule_flag & PFRULE_PFLOW) - opts = 1; - for (i = 0; !opts && i < PFTM_MAX; ++i) + ropts = 1; + for (i = 0; !ropts && i < PFTM_MAX; ++i) if (r->timeout[i]) - opts = 1; - if (opts) { + ropts = 1; + if (ropts) { printf(" ("); if (r->max_states) { printf("max %u", r->max_states); - opts = 0; + ropts = 0; } if (r->rule_flag & PFRULE_NOSYNC) { - if (!opts) + if (!ropts) printf(", "); printf("no-sync"); - opts = 0; + ropts = 0; } if (r->rule_flag & PFRULE_SRCTRACK) { - if (!opts) + if (!ropts) printf(", "); printf("source-track"); if (r->rule_flag & PFRULE_RULESRCTRACK) printf(" rule"); else printf(" global"); - opts = 0; + ropts = 0; } if (r->max_src_states) { - if (!opts) + if (!ropts) printf(", "); printf("max-src-states %u", r->max_src_states); - opts = 0; + ropts = 0; } if (r->max_src_conn) { - if (!opts) + if (!ropts) printf(", "); printf("max-src-conn %u", r->max_src_conn); - opts = 0; + ropts = 0; } if (r->max_src_conn_rate.limit) { - if (!opts) + if (!ropts) printf(", "); printf("max-src-conn-rate %u/%u", r->max_src_conn_rate.limit, r->max_src_conn_rate.seconds); - opts = 0; + ropts = 0; } if (r->max_src_nodes) { - if (!opts) + if (!ropts) printf(", "); printf("max-src-nodes %u", r->max_src_nodes); - opts = 0; + ropts = 0; } if (r->overload_tblname[0]) { - if (!opts) + if (!ropts) printf(", "); printf("overload <%s>", r->overload_tblname); if (r->flush) @@ -1118,30 +1118,30 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer printf(" global"); } if (r->rule_flag & PFRULE_IFBOUND) { - if (!opts) + if (!ropts) printf(", "); printf("if-bound"); - opts = 0; + ropts = 0; } if (r->rule_flag & PFRULE_STATESLOPPY) { - if (!opts) + if (!ropts) printf(", "); printf("sloppy"); - opts = 0; + ropts = 0; } if (r->rule_flag & PFRULE_PFLOW) { - if (!opts) + if (!ropts) printf(", "); printf("pflow"); - opts = 0; + ropts = 0; } for (i = 0; i < PFTM_MAX; ++i) if (r->timeout[i]) { int j; - if (!opts) + if (!ropts) printf(", "); - opts = 0; + ropts = 0; for (j = 0; pf_timeouts[j].name != NULL; ++j) if (pf_timeouts[j].timeout == i) From nobody Tue Dec 17 10:07:59 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDc52NVz5h0wM; Tue, 17 Dec 2024 10:08:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDc2qlSz49mr; Tue, 17 Dec 2024 10:08:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=59RipIwNBlKHsntLR+x2JR/iCnthlaiTEkaWri53C/g=; b=i+ktdIQz3dqWIZEunrUMJf6Wtfc1Y34xrhzFippEwGIOLjRBLeIwegLbw+U7cjvrc6kUQ2 dERbPBYxnqFZ580376Rvj2ftElJrWQRMnWSONsmRF9XDmiceXiwufYMuoTWKxbcn6CaXR2 S9O9cO2kI7FJxsZmmOURzkzJUCkDMrqqMGpvMQxAiML9Pt83PyhAwKzsSFPMver2HwrZE6 16O/PnfUzKP6I7qkrPlaf0leYU3GecYLDn5wQhBZ5rK1lq9qc0BA8MwrQ+WxJlJj8w7wsz sy60Epmc2jreYoC2BIc761gW+UQH97K1YxSNCgPwiN91zmhGbo4EbXLheS8fqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=59RipIwNBlKHsntLR+x2JR/iCnthlaiTEkaWri53C/g=; b=dPSHG0+KUYky6kh3QUielrmBSJKQZIiVfAzgKOl0eKhLDzA3C7KZB2DVKbvXMJqu6kn36s T1SlXKxcL1hiiqfqqSI+goOHXn6AVEl1OGqnrhMFoe4hDbcX5auEnEjg2Ft0laqRLgTFMf x8VqaPlh1f3/bN41jY8UtnPofR/FPWYW31ZAKdmS731v0MB2c2Oo4WUjqdoEQzFqo6ux8J 6Lu2so3nztkSiyrWS5m5Wa7UoLrSsaebf3xepoVO8HlFksClRLIDsUhGM01EVYF/21++mY 7ABHU8Va9jmmBrA+0tWkacrqzpvBXxNMENUa+zfzbmcnjST3LT1Ve3bDvk1R5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430080; a=rsa-sha256; cv=none; b=fXE+QJOSSbNH2JCUIQlNwRKcRYC7H1A/74bDA+lok68mFA3mzzwXyTecrw4iMeZrH3zN/K RkkJGzRc9edYCHV7efdV3j8e4K9y3/SWtNUOrghYuQWsywQYsGt9awTxLBF9y+I5o9Wy/9 w8JjwfHu9k07BLeSshwAws9Ww3E203aelCdA7fcrG6WQTt2q5pJnDgjPbu3xDi48MQ3Xg6 RR6ZWW6ZbADEsjHwxZ0+7aAUZBl50gz6BekE+WkboC9iMfr5isOxpNOCAEHnnyYHx+kQNm brCesvGprtyIFnp8qAMxL+JUpgNf6kGkfW1FiN89dbaBUdVbq9F7uUCkrvuYRw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDc0nJNzJvh; Tue, 17 Dec 2024 10:08:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA80LH024224; Tue, 17 Dec 2024 10:08:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA7xPm024220; Tue, 17 Dec 2024 10:07:59 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:07:59 GMT Message-Id: <202412171007.4BHA7xPm024220@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: f1ddd7f1dae6 - main - pf: add forgotten fixup for icmp6 id's when translating List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f1ddd7f1dae6fa3cab8c5044e3b4f719bf93ec97 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f1ddd7f1dae6fa3cab8c5044e3b4f719bf93ec97 commit f1ddd7f1dae6fa3cab8c5044e3b4f719bf93ec97 Author: Kristof Provost AuthorDate: 2024-11-12 10:51:33 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:15 +0000 pf: add forgotten fixup for icmp6 id's when translating ok henning Obtained from: OpenBSD, mikeb , 7dde5f4db5 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47799 --- sys/netpfil/pf/pf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 4c1111c6106a..445aef881fe8 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7815,6 +7815,10 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[didx], 0); + if (nk->port[iidx] != pd->hdr.icmp6.icmp6_id) + pd->hdr.icmp6.icmp6_id = + nk->port[iidx]; + m_copyback(pd->m, pd->off, sizeof(struct icmp6_hdr), (caddr_t )&pd->hdr.icmp6); break; From nobody Tue Dec 17 10:08:02 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDf65wfz5h0ZC; Tue, 17 Dec 2024 10:08:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDf3j34z49vx; Tue, 17 Dec 2024 10:08:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430082; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OW9ykeg7aX9Dfo911Jnut82QTR40XLuuAN9zn/S+F5o=; b=I+AJm3Of5uCZIwQWZWHVG7ReNO2SaCvlxzu73r9Y9Or55zYU4vanNb9QKr5bI0+36NEJy1 NFNsZGSoQ344hkcdRc6gM9bqinmiyDw0N87o/Yxkyv1PhqR/KI+DqN1W8G+r2s8Enp/GMx K/RCNo04M8IvwZ2sZueOHKMbOTQptw6uxyxQHgLKLWBYUt2sfAqr7lVV53/eLZQa64C2fz Yoj9/BbNRn3s5O23pi6fm8Vw6nvUvY+6NTHD4FDIO727AvY/MI5qpgt2Ago5fjp916sop2 9jeN9aZTZ2Elgw2D6t7TQiKJfWIBcYn2CzuVNwqox+GXMONFvN9wt1G/R/1AXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430082; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OW9ykeg7aX9Dfo911Jnut82QTR40XLuuAN9zn/S+F5o=; b=B1TEkjDqfOVjdGjSqCQBAf0IzSzdZUvPxdtT3DiK1zuetCkG6iF+2/KN7HlpDOgtqjDb7a HpX/soWVBGpbxzIAx4x/nxhzF+dVsYH9TlkJwm41AQ+25EwTZQmI0jfTGiXhICjj1DdbuQ +MbOfG7IMyMy/doZXpz7gD2C3vQOPebidh4Xn0ADFytNRMR7D9SuWH6Yde+cujpm3ObGuR QOOO31m9/yC8yT5MqR5JEHXZ01fg7pDK0gDf+2vRKmnCV0QYRb7o7Lembp3jy9Dim4XDpQ JUQYzQjMoFa+bBqaoUh41hM14Ii/QMqr2QIDo2J0OPRqtiqhApQG29uVnUjTkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430082; a=rsa-sha256; cv=none; b=ZPmYKZBjWQO4fco+fdZJ5lZHIpHdveWdyUbZhOPkkUr5hJsA/np5+r1YpB23N6e0z4fqHF +WXEnLAoQ37gKdtCgCI1+n7wuFmdc+HTCnNo49eElrC4iDZ6xsapMs0GlEXSnYx2Ng+YA3 tHSNOWnDU1fqYxiSANJI2D+YEx8leQREppd2tB4f80YCCc0sJIPT+uec5gN5okW80cGoRo 16sltme7elsZlAZmkajz2ZsQwQyLnDJbo1OJbvbK5BP+20dmm8wtxLhfksmvIquYy8q4d7 NUhUwc1hzxV1Q9po0CjT5nmSKLeSPoLXMinwcYQTAlw8RmJoEFMEnp8WdwCzcg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDf2b56zJxt; Tue, 17 Dec 2024 10:08:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA82MU024334; Tue, 17 Dec 2024 10:08:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA82xI024330; Tue, 17 Dec 2024 10:08:02 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:02 GMT Message-Id: <202412171008.4BHA82xI024330@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: c6210cfd58f6 - main - pf: fix if-bound with nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c6210cfd58f6a570786106f35ebbe1c49f48287c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c6210cfd58f6a570786106f35ebbe1c49f48287c commit c6210cfd58f6a570786106f35ebbe1c49f48287c Author: Kristof Provost AuthorDate: 2024-11-15 15:29:54 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:16 +0000 pf: fix if-bound with nat64 Just as with reply-to rules we don't know what interface we will send this out of until we create the state. Create new nat64 rules as floating, but bind them to the appropriate interface on the first pf_route(), when we do know. Set state policy if-bound for the nat64 tests to validate this. See also: 6460322a0 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47801 --- sys/netpfil/pf/pf.c | 28 +++++++++++++++++++++++++--- tests/sys/netpfil/pf/nat64.sh | 1 + 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 445aef881fe8..08486d5d1467 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -438,8 +438,10 @@ enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; } while (0) static struct pfi_kkif * -BOUND_IFACE(struct pf_kstate *st, struct pfi_kkif *k) +BOUND_IFACE(struct pf_kstate *st, struct pf_pdesc *pd) { + struct pfi_kkif *k = pd->kif; + SDT_PROBE2(pf, ip, , bound_iface, st, k); /* Floating unless otherwise specified. */ @@ -450,7 +452,7 @@ BOUND_IFACE(struct pf_kstate *st, struct pfi_kkif *k) * Initially set to all, because we don't know what interface we'll be * sending this out when we create the state. */ - if (st->rule->rt == PF_REPLYTO) + if (st->rule->rt == PF_REPLYTO || (pd->af != pd->naf)) return (V_pfi_all); /* Don't overrule the interface for states created on incoming packets. */ @@ -6125,7 +6127,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, __func__, nr, sk, nk)); /* Swap sk/nk for PF_OUT. */ - if (pf_state_insert(BOUND_IFACE(s, pd->kif), pd->kif, + if (pf_state_insert(BOUND_IFACE(s, pd), pd->kif, (pd->dir == PF_IN) ? sk : nk, (pd->dir == PF_IN) ? nk : sk, s)) { REASON_SET(&reason, PFRES_STATEINS); @@ -8800,6 +8802,16 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, dst.sin_addr = nh->gw4_sa.sin_addr; else dst.sin_addr = ip->ip_dst; + + /* + * Bind to the correct interface if we're + * if-bound. We don't know which interface + * that will be until here, so we've inserted + * the state on V_pf_all. Fix that now. + */ + if (s->kif == V_pfi_all && ifp != NULL && + r->rule_flag & PFRULE_IFBOUND) + s->kif = ifp->if_pf_kif; } } @@ -9050,6 +9062,16 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, sizeof(dst.sin6_addr)); else dst.sin6_addr = ip6->ip6_dst; + + /* + * Bind to the correct interface if we're + * if-bound. We don't know which interface + * that will be until here, so we've inserted + * the state on V_pf_all. Fix that now. + */ + if (s->kif == V_pfi_all && ifp != NULL && + r->rule_flag & PFRULE_IFBOUND) + s->kif = ifp->if_pf_kif; } } diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 3e04dc6e7bc0..0ae2c0399daf 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -52,6 +52,7 @@ nat64_setup() jexec rtr pfctl -e pft_set_rules rtr \ + "set state-policy if-bound" \ "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" } From nobody Tue Dec 17 10:08:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDg69rRz5h0tR; Tue, 17 Dec 2024 10:08:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDg4Dzwz49tS; Tue, 17 Dec 2024 10:08:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KZJ/Jg4/ZvIlRR3iHbl6uV8Ns7N7d/syds5wQrrglVA=; b=WOatX47kPfqu2XtGpBDtM+mrNrEFd9lGAwIQ3a0LNAjGc8ngKwJqHWBJY27o0GIe4dYJf3 6FNTYY81iR/UBhOA67QDJkVzpmd09Fuguo0fvgTPZyVHnMtOnDBORLgODJ480e9YNdqaRE U24zXjuwwj5/33TOrdI3htFJPTqbhFtR+XQqMglTkeMhOOt+PQn/WLUyP330w27KzC8eCn AwqNRQHMfp2/XX8IHIPr0bKc0IMIRhQQyPR8cZWeTOy1+lrSFINO//AMBIqsjTwP1wjtBb ja4Ny3ffQ2+MIKva80lwedPwHSaR9c6M2FS7PVC9ueSU9PVZOKg/iFCzJSOAGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KZJ/Jg4/ZvIlRR3iHbl6uV8Ns7N7d/syds5wQrrglVA=; b=i/B5x3B0aKIPS/Se7Xu+lRjDdErg2XXjgfOYLji4v70J7oH3DyJhNKvdLWP8e5qAmWxndp Pxo1sjdAnN1DUD4vR2KwcFJpEqvNVMvmJGzmcWavbH1vTKYASt4ACon57iklNRqz3fbxyY oR5HCz5TkRjmc76Krv6NSEbQ0OvcVrEbG/+f+SVoVobAkqGI1XxYIOmuVZqV6mhjL9PoP3 oZ38MfhsY7zXnMWy1a8BGXcYkWiEkc46htnPIgEsMEQGHtOG7MIYqzoYjT07bEmpKgIYgJ pUZ6ymfWkCj2d5WJ95p2g/c49XXPkzcsC45RTVuWeNPJZZJLGvXy1tgvxiTV0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430083; a=rsa-sha256; cv=none; b=qIPzzwaRZVoxsTU4z6QDrBjfOh3MA8JYRM0yMvWYdO1BAb7WhQwUz8ussDdZ9ZWNjFLNi9 xrU60+qbQ0Jax8BgIPuh7Stvmq6Q3Z7r+Gr9aAek/5wENVi+H86kGGfUrFuUz2jXxod+z5 tGaZbyzBHysMD+ZvuoebRXO3g/mnfTESfJOUEY1BDxFehkZOBSe/V7CXesVWxzkestx7CN 1Y5wzc/N9xK/nX8wPw3KBrLyXiCbXrO14WHpHcLe4ftTOwKUMpBgeZxT8ESabawvB45mU5 eUYye2Y0WSm+mMOkDaUHOO/QGLrhUYNWl5k5jxIvxmEwO/a9EH6Hk0BUScQ6CA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDg3qrCzJv2; Tue, 17 Dec 2024 10:08:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA83q9024420; Tue, 17 Dec 2024 10:08:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA83xA024417; Tue, 17 Dec 2024 10:08:03 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:03 GMT Message-Id: <202412171008.4BHA83xA024417@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: b717c67686c0 - main - pf tests: verify that we preserve the hop limit/TTL for ICMP errors List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b717c67686c090ee0f0034dc33a860f23c10f7fe Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b717c67686c090ee0f0034dc33a860f23c10f7fe commit b717c67686c090ee0f0034dc33a860f23c10f7fe Author: Kristof Provost AuthorDate: 2024-11-18 11:16:18 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:16 +0000 pf tests: verify that we preserve the hop limit/TTL for ICMP errors Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47802 --- tests/sys/netpfil/pf/nat64.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py index 12793662c171..eeddd5118168 100644 --- a/tests/sys/netpfil/pf/nat64.py +++ b/tests/sys/netpfil/pf/nat64.py @@ -40,6 +40,7 @@ class TestNAT64(VnetTestTemplate): def vnet3_handler(self, vnet): ToolsHelper.print_output("/sbin/sysctl net.inet.ip.forwarding=1") + ToolsHelper.print_output("/sbin/sysctl net.inet.ip.ttl=62") ToolsHelper.print_output("echo foo | nc -l 1234 &") def vnet2_handler(self, vnet): @@ -125,3 +126,7 @@ class TestNAT64(VnetTestTemplate): udp = reply.getlayer(sp.UDPerror) assert udp assert udp.dport == 1222 + + # Check the hop limit + ip6 = reply.getlayer(sp.IPv6) + assert ip6.hlim == 62 From nobody Tue Dec 17 10:08:04 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDj0N0Wz5h0lh; Tue, 17 Dec 2024 10:08:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDh5L18z49wK; Tue, 17 Dec 2024 10:08:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ba42CCZNc+iFEJPZ8uCoCFbw2GCVTC7uAd4hsEXXKd4=; b=Dkgq+Nj4SsJmCjMBzdcl7hkwHHssD8La0fT3EdPI+9XhjzRC2wsa8F3cLRFwWQAmbDJM+q 4w69iOqtE2E9QKzxjfpHIr/CxW6aG5LxYQO/0A/7UA7RoOMhHR1vNwBWsik6B8zIq01uCB TSZA+BmBbBNfXZvoS3VqqTKTqyU8uO2PGiqmvr07++lMDzGYmxgEuQ4NlSI8+8HgXWJ5k4 +Hc8WNL1sch+xH2HPcSE7pnyiHEWpRavEwabLgO+IoK3ulmyM8Wqn8dbLJ/d2Zv7GgFa78 ZXpMeMEAq+V0M1G1eCglMC2uiNI8gLBrZWWn86r4t2POTvHzMsciB1Gv5u5/vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ba42CCZNc+iFEJPZ8uCoCFbw2GCVTC7uAd4hsEXXKd4=; b=XlcmtxEXy0xFTBP6CGbv2QnwhOByL2nIIV3NDTvFwo+5CntJqVrGinhbEezxv8tu1PGZTe U4oQQ033HjITwRqLruxIfATrGuxC0zd928hN+t0IEltLim8azOUobPshm/+5FOv6fz8kd9 UhBzkbW/qoptldYVdy49a30L7UTPRhhsjs9e4S/fJVyVtpO4mB2TRr38FMslxgHkNUNDFX Zq1bkuh0a4Pixbjmlsjsqoeb3hai1Nx0MwbR36b8k6F8cV+DMKU1fVHdoGgP3r2Xm5HoPV YxR1uS55WC7ZR5pFRctPpRPuNrkaYligj6/ti3WlohVCAoxiq0RWRZMc0iNQdg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430084; a=rsa-sha256; cv=none; b=Ft13NxCYjP2N31d8a3jFbdnywdtNHrh3MxYn22XCWiEf4hjtCD1nmhoLOCzN3+NowyxM1X QieofvnsICoumrqr8Nfa8NHRLkjWctTd5fyL2yZTt4SmU5xpqSryOP9mOYZqsLL8QdoykZ RG7321mE0JBimKDnc3eQsgl7iAqDSIzYoNIG+RtTyYdGYDoJVgkEqKUthvkjES/+7HD8tq ApfhwlMuEwvdsZDnP3i4Bimm+gd2ctAa7sVuqIwD0DnAdfhly+yrQMGAfApsfZXhjVn0wr kqonphRyJ3NhQlcglY5Ybx15aALKLFVZsEWU5c9PXMI/Mq0Kg74LnvDuJAo+kQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDh4Y9CzJVM; Tue, 17 Dec 2024 10:08:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA84ux024462; Tue, 17 Dec 2024 10:08:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA84V2024459; Tue, 17 Dec 2024 10:08:04 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:04 GMT Message-Id: <202412171008.4BHA84V2024459@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 6c5c91a039c7 - main - pf: update pd->tot_len after reassembly List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6c5c91a039c77244dac38f638a8e2323ae78ff3d Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6c5c91a039c77244dac38f638a8e2323ae78ff3d commit 6c5c91a039c77244dac38f638a8e2323ae78ff3d Author: Kristof Provost AuthorDate: 2024-11-21 14:53:28 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:16 +0000 pf: update pd->tot_len after reassembly Ensure that the packet length we track in struct pf_pdesc matches the reassembled packet size. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47803 --- sys/netpfil/pf/pf_norm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 350392623123..cea6f9e72638 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1198,6 +1198,7 @@ pf_normalize_ip(struct mbuf **m0, u_short *reason, return (PF_DROP); h = mtod(pd->m, struct ip *); + pd->tot_len = htons(h->ip_len); no_fragment: /* At this point, only IP_DF is allowed in ip_off */ @@ -1228,6 +1229,7 @@ pf_normalize_ip6(struct mbuf **m0, int off, u_short *reason, struct pf_pdesc *pd) { struct pf_krule *r; + struct ip6_hdr *h; struct ip6_frag frag; bool scrub_compat; @@ -1294,6 +1296,8 @@ pf_normalize_ip6(struct mbuf **m0, int off, u_short *reason, pd->m = *m0; if (pd->m == NULL) return (PF_DROP); + h = mtod(pd->m, struct ip6_hdr *); + pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr); } return (PF_PASS); From nobody Tue Dec 17 10:08:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDk27DFz5h0nn; Tue, 17 Dec 2024 10:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDj6NqQz4B7C; Tue, 17 Dec 2024 10:08:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=De0QTmVUwZkpWyb+WwLVbKokGpT8HfOxnhW315E1cDE=; b=RKAbwPv/KTqsFHaEFBq8tPd1iSe6VM5vxdnb7UnrJbpTFWtE5zOkiIhYvN+3uNzYiA5Td6 HuBYQG4JH/Q5c7fYXj263l3pjo5qTO+xlQmikgyBEEfUzg6t2dU8THr4BQjOXYRZAoaO39 J/9EU86bUfoAgDHrZWZa1nQsbpH8lE8QG9dyvD+BFjwLCw7YfNNBpmfclzj/oxfyTGeoyc O1CviOFNpTsjBYkuotPptlJTvwqIxPRaN5JWssLlrVQHsxLdyij8VVWw2CooFV/HtvluaP LvDn3JWqTJVn260nB4jF5BTAnKaQcTPQK2zNaS100dCcoO1CnF/x//PWtB7RRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=De0QTmVUwZkpWyb+WwLVbKokGpT8HfOxnhW315E1cDE=; b=IiF3Th8JYYIeCllH72Tn6hsH2ZsssrH9jqmI1b7dLUiykfD5dttbmhrpjYn9LYQiZLsaZS Dx1Zvabwm6La2yoiu7pN3mFlvrr67eXiQtG0QDG5DgllVW0cqHsr6nixXHVOu5KZsHl7IS cIA0Wb8VXAculGzuqeR4E5fk0vzGb6kRcJiBh1lpY+Y8E3dOmtHbshSGDSb/cgB6IfZfee ul8TFUYrFggSl+ZbIemuHFJtUZkvtuOFxCYMrpEwtk0sAgw1REZw6PpQdHBaxNCcT2Ljei f/qpLJHEkBTGYD/7SnZErkH6MkExwLxiNHAOWW0oDniSmm1dUOcHpToxzGXTuA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430085; a=rsa-sha256; cv=none; b=RsGgHgChPvwAqer9l+bPEAUQ+U9nAJko1jk4XOl2iQ8WlGR4XG9o2rNFXzmARsIv1e/7eo xo1hw7X+TMTp9XVAGpkWhCd6B3yMqei9P0QpPV9tipfMwT8SlI3dLUFIqi1rM4xdLXBmTb lyWb7anRpWMM9sZlCycoBmbHbeRKDQSxIoL3hJ9XWWZiGszvA4KIP47lkSawVF6ILxR0+3 f7jcZIzhXh00AXutOtwXkKNZQwMB1quv0bvehcFgeLYEATv0XtW8XOki5Kvs6laiRBAEZL 8TE5EFlgMVfAlwQHksXh86pCYXWxqQpPtAq/wBegMwEYMhZIfvnnSsTrM6h2SQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDj5YlQzJxv; Tue, 17 Dec 2024 10:08:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA85ZP024506; Tue, 17 Dec 2024 10:08:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA85ma024503; Tue, 17 Dec 2024 10:08:05 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:05 GMT Message-Id: <202412171008.4BHA85ma024503@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 7cae58a44955 - main - pf: handle fragmentation for nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7cae58a449559e7dca179129a37d971379d4e2c2 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7cae58a449559e7dca179129a37d971379d4e2c2 commit 7cae58a449559e7dca179129a37d971379d4e2c2 Author: Kristof Provost AuthorDate: 2024-11-22 15:30:25 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:16 +0000 pf: handle fragmentation for nat64 When we reassemble IPv4 packets tag them just like we tag the IPv6 reassembled packtes. Use this information as the basis for refragmenting the IPv6 packet. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47804 --- sys/net/pfvar.h | 7 +++++++ sys/netpfil/pf/pf.c | 16 +++++++++++++++- sys/netpfil/pf/pf_norm.c | 26 +++++++++++++++++++------- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index e0ac9561f463..d22f715d6a27 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1762,6 +1762,13 @@ struct pf_divert { #define PFFRAG_FRENT_HIWAT 5000 /* Number of fragment entries */ #define PFR_KENTRY_HIWAT 200000 /* Number of table entries */ +struct pf_fragment_tag { + uint16_t ft_hdrlen; /* header length of reassembled pkt */ + uint16_t ft_extoff; /* last extension header offset or 0 */ + uint16_t ft_maxlen; /* maximum fragment payload length */ + uint32_t ft_id; /* fragment id */ +}; + /* * Limit the length of the fragment queue traversal. Remember * search entry points based on the fragment offset. diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 08486d5d1467..13a299a8dcd4 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3440,6 +3440,8 @@ pf_translate_af(struct pf_pdesc *pd) struct ip *ip4; struct ip6_hdr *ip6; struct icmp6_hdr *icmp; + struct m_tag *mtag; + struct pf_fragment_tag *ftag; int hlen; hlen = pd->naf == AF_INET ? sizeof(*ip4) : sizeof(*ip6); @@ -3460,7 +3462,6 @@ pf_translate_af(struct pf_pdesc *pd) ip4->ip_hl = hlen >> 2; ip4->ip_len = htons(hlen + (pd->tot_len - pd->off)); ip_fillid(ip4); - ip4->ip_off = htons(IP_DF); ip4->ip_ttl = pd->ttl; ip4->ip_p = pd->proto; ip4->ip_src = pd->nsaddr.v4; @@ -3482,6 +3483,19 @@ pf_translate_af(struct pf_pdesc *pd) ip6->ip6_dst = pd->ndaddr.v6; pd->src = (struct pf_addr *)&ip6->ip6_src; pd->dst = (struct pf_addr *)&ip6->ip6_dst; + + /* + * If we're dealing with a reassembled packet we need to adjust + * the header length from the IPv4 header size to IPv6 header + * size. + */ + mtag = m_tag_find(pd->m, PACKET_TAG_PF_REASSEMBLED, NULL); + if (mtag) { + ftag = (struct pf_fragment_tag *)(mtag + 1); + ftag->ft_hdrlen = sizeof(*ip6); + ftag->ft_maxlen -= sizeof(struct ip6_hdr) - + sizeof(struct ip) + sizeof(struct ip6_frag); + } break; default: return (-1); diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index cea6f9e72638..4adace4c92cf 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -103,13 +103,6 @@ struct pf_fragment { TAILQ_HEAD(pf_fragq, pf_frent) fr_queue; }; -struct pf_fragment_tag { - uint16_t ft_hdrlen; /* header length of reassembled pkt */ - uint16_t ft_extoff; /* last extension header offset or 0 */ - uint16_t ft_maxlen; /* maximum fragment payload length */ - uint32_t ft_id; /* fragment id */ -}; - VNET_DEFINE_STATIC(struct mtx, pf_frag_mtx); #define V_pf_frag_mtx VNET(pf_frag_mtx) #define PF_FRAG_LOCK() mtx_lock(&V_pf_frag_mtx) @@ -750,8 +743,12 @@ pf_reassemble(struct mbuf **m0, int dir, u_short *reason) struct ip *ip = mtod(m, struct ip *); struct pf_frent *frent; struct pf_fragment *frag; + struct m_tag *mtag; + struct pf_fragment_tag *ftag; struct pf_fragment_cmp key; uint16_t total, hdrlen; + uint32_t frag_id; + uint16_t maxlen; /* Get an entry for the fragment queue */ if ((frent = pf_create_fragment(reason)) == NULL) @@ -784,6 +781,8 @@ pf_reassemble(struct mbuf **m0, int dir, u_short *reason) TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_len; hdrlen = frent->fe_hdrlen; + maxlen = frag->fr_maxlen; + frag_id = frag->fr_id; m = *m0 = pf_join_fragment(frag); frag = NULL; @@ -795,6 +794,19 @@ pf_reassemble(struct mbuf **m0, int dir, u_short *reason) m->m_pkthdr.len = plen; } + if ((mtag = m_tag_get(PACKET_TAG_PF_REASSEMBLED, + sizeof(struct pf_fragment_tag), M_NOWAIT)) == NULL) { + REASON_SET(reason, PFRES_SHORT); + /* PF_DROP requires a valid mbuf *m0 in pf_test() */ + return (PF_DROP); + } + ftag = (struct pf_fragment_tag *)(mtag + 1); + ftag->ft_hdrlen = hdrlen; + ftag->ft_extoff = 0; + ftag->ft_maxlen = maxlen; + ftag->ft_id = frag_id; + m_tag_prepend(m, mtag); + ip = mtod(m, struct ip *); ip->ip_sum = pf_cksum_fixup(ip->ip_sum, ip->ip_len, htons(hdrlen + total), 0); From nobody Tue Dec 17 10:08:06 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDl1BRkz5h0rM; Tue, 17 Dec 2024 10:08:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDk6Wz7z4BGK; Tue, 17 Dec 2024 10:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U0qF3slTd4ytYApwnV5Mdx1/ouza5PaQydU38tFOg44=; b=akLY8rz1GdBIGwYjE48Ht7i2+yU8ExtcyZ5ytRqG6xRMWXP0Z1yL0+ivlO4zGgz93GnNrw ABmVbCKRP9DaVnb9c+tD27Qj6bk6w6oCTwtrohqm4uTYZA6hu98r5a+RAu3HQFw35tQomk 4nnEMCj9VHeNGeTNef7vv6mJQ4EpHnEOK5rMD0G9/PV0Buxpi3UVJRmm+rLdSvV/oNo7Bx MYZ4OKRAaaH1gUvS4N0cQJijRi4VliFv3lH3ADCg4iBwrxPn6kUTyyl9rKAK6ESrtoniDB f19u1ksk6O/408NYDsJP22PfiRPhMHUl183SKnHTAhZaVu8GckZSlNumTjmirg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U0qF3slTd4ytYApwnV5Mdx1/ouza5PaQydU38tFOg44=; b=gSTg7FC8+NLPJiboIuNPyDIVf5umksTbcD1YcrbwaWAPb7baYPKTNtKxDHh783OtxKZeqs VU7HOOy8sZVC8uBFFjHg1PcHDf+OoVn5eY85tEPveX3p6Lj7ir8MduU3t7yr9AkpICDn3y i8lfClA8vLvwsW+mqQICMxpc6x2CG6+I65VfZ7MMgX1oOt42e4BMuKeqFH5i+9JgzruMfM oVCb4Yt5sD/MVwLk4viQxPWeUbkNx46wHm4mkLTSU/sZ9OTKs3vARpAJTHWgrLog/jFMja m5mCvSI0N9kOFyhgU0nQId4vueDsr93uBC55l/Xo7U1qRwI8MmR5jU0QtAQoMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430086; a=rsa-sha256; cv=none; b=SbTYhALx0M/vKGZ+1l/ZgTpJl5lWnhgbiqa2y01iXYhMuxJsU1fnSEnOhSmYk9HeO6hjqH iGPqlaG5ykOSz0yuXWtscC2X38IWXKR+kDgsC/MhFVdLrABPZCua9y/BW9LJtU6lkHoZXY iSbh8Vj81wCYzNgrr6f5a0fHJxEVbj5WIrwiH8KIrBiuOhCJFJPi5Z5P/IUl4G8cdbCKyJ ro9zl7rv6a5jCvOpRtMN4VsEAmta5l+WJ+ZmDkT6o8clAqH1oVDFM6Nob8AHUtQZh/wPye DuCO09loqjUe7lvdl2UGrGQ2aZuMOzTgO6TELsldJXqDeRpvmCSZydmNIpUwSQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDk67pTzJVN; Tue, 17 Dec 2024 10:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA86Fh024555; Tue, 17 Dec 2024 10:08:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA86KU024552; Tue, 17 Dec 2024 10:08:06 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:06 GMT Message-Id: <202412171008.4BHA86KU024552@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: e128e988a26a - main - pf tests: check packet reassembly with nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e128e988a26a2c439da6920a5d5839b961542285 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e128e988a26a2c439da6920a5d5839b961542285 commit e128e988a26a2c439da6920a5d5839b961542285 Author: Kristof Provost AuthorDate: 2024-11-20 16:26:55 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:16 +0000 pf tests: check packet reassembly with nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D47805 --- tests/sys/netpfil/pf/nat64.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 0ae2c0399daf..9e91e95570c1 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -52,6 +52,7 @@ nat64_setup() jexec rtr pfctl -e pft_set_rules rtr \ + "set reassemble yes" \ "set state-policy if-bound" \ "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" } @@ -82,6 +83,33 @@ icmp_echo_cleanup() pft_cleanup } +atf_test_case "fragmentation" "cleanup" +fragmentation_head() +{ + atf_set descr 'Test fragmented packets' + atf_set require.user root +} + +fragmentation_body() +{ + nat64_setup + + atf_check -s exit:0 -o ignore \ + ping6 -c 1 -s 1280 64:ff9b::192.0.2.2 + + atf_check -s exit:0 \ + -o match:'3 packets transmitted, 3 packets received, 0.0% packet loss' \ + ping6 -c 3 -s 2000 64:ff9b::192.0.2.2 + atf_check -s exit:0 \ + -o match:'3 packets transmitted, 3 packets received, 0.0% packet loss' \ + ping6 -c 3 -s 10000 -b 20000 64:ff9b::192.0.2.2 +} + +fragmentation_cleanup() +{ + pft_cleanup +} + atf_test_case "tcp" "cleanup" tcp_head() { @@ -178,6 +206,7 @@ sctp_cleanup() atf_init_test_cases() { atf_add_test_case "icmp_echo" + atf_add_test_case "fragmentation" atf_add_test_case "tcp" atf_add_test_case "udp" atf_add_test_case "sctp" From nobody Tue Dec 17 10:08:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDm1pDBz5h0wd; Tue, 17 Dec 2024 10:08:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDm0Qzsz4BGk; Tue, 17 Dec 2024 10:08:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430088; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o7aowNiX0b6U161kppvNB7pTyvSzM7AW9bdA9TbqjQY=; b=jH6vBmE5WsthxjSBaIemdvgwJA2SbqbJcBQalzQpcZThBaaxNL6sJ86jpmn32kTke7D5PQ j6lCWv/d9eEVYsP5iSiPkTr3venlqJf9NBBpRUxYnoaVPK+cUpbd9h5hhY3EnI8M2jpPtM eqW+EJ82m2aMxEfQe88U4doyEvA4FWd/Tj4ADp9RkqB6mFe4cgT8B7+6SYt8cpAxbzjH3x yEw8X9frID6LZE0LLdM37kIiXoCSUVEz4a3HM1hofmbBOfsB0HLpkHQng5RgWqGxIDFNM2 N0INBkP0DIe6ay2FibM1dDTLqjG3mmRI3lnctVNaScnX0Eo6PfEzC1S7lMDkPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430088; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o7aowNiX0b6U161kppvNB7pTyvSzM7AW9bdA9TbqjQY=; b=TgElAN2VBoVgqUtYlojEqOc+sbnpVcea0W2Uq63yNYEYDPtfLg1nRDwGwULZI757cxZ4vc eM8nHDVYuDCFw7CZPYlpaZGBJqQSUD7YZ2Tnfeqs3KbAkllCn2BYONFugL+OdTzglShu+O tKBh1IR0S7BgnYHh8tVsjXmoQv5blcEWrw1Kr1Y7XSyS9s2qBJw+jiYc5gbSD0dgz0fFzq R7oyWnRWx/8tB/gYvUaGIvbjOFyxT8hFlosANx7MPjCPXkHFCOPhnEeIlnwpZMxP1daFR7 umDcuyRF3hBcvcrWfdo+TjNeYdyHiLW8dcfIWA8DEV2mgQsIYlpI4gZ6g8/2Og== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430088; a=rsa-sha256; cv=none; b=Rv07S6lqGbnkoikhsmEZ2nU4pGg3cpFMstBvDVj4QGOr6TMEG1GUYlA6a0J2dy/TdhNz27 dc5xB12wFjZVFciDzfzf2BK3U2NEgAj2qOnuADR0lCa0f7xPEAtMuIzccANdCBvhAwv/Fg iE0ZVsKiUkk74VAjv2DpF+7DpV0r05TciaTqFNUBYL0cnVDViZohoTO53BfkTrftRKaHuu BZIRn5KmIo8JQsPazzy8cuYzQ+H8jgf0UP+OaohyUrU31sgrOJQMwKwuHwisMf3qrSGSIv 9GxO3VC1WjYXerylIzOPQ/r2N/a/q8sAshvuUGNDomaMlqIC1F9COX3a51z41g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDm02ckzJXH; Tue, 17 Dec 2024 10:08:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA87Nv024603; Tue, 17 Dec 2024 10:08:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA87mF024600; Tue, 17 Dec 2024 10:08:07 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:07 GMT Message-Id: <202412171008.4BHA87mF024600@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 1df79d81343d - main - pf: preserve TOS with nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1df79d81343dc7683a234708e1852a8e368dbed2 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1df79d81343dc7683a234708e1852a8e368dbed2 commit 1df79d81343dc7683a234708e1852a8e368dbed2 Author: Kristof Provost AuthorDate: 2024-12-02 16:50:02 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:17 +0000 pf: preserve TOS with nat64 When translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet. Discussed with mikeb@ Obtained from: OpenBSD, jca , fd92f2bb4f Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 13a299a8dcd4..881b3cf91140 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3460,6 +3460,7 @@ pf_translate_af(struct pf_pdesc *pd) bzero(ip4, hlen); ip4->ip_v = IPVERSION; ip4->ip_hl = hlen >> 2; + ip4->ip_tos = pd->tos; ip4->ip_len = htons(hlen + (pd->tot_len - pd->off)); ip_fillid(ip4); ip4->ip_ttl = pd->ttl; @@ -3473,6 +3474,7 @@ pf_translate_af(struct pf_pdesc *pd) ip6 = mtod(pd->m, struct ip6_hdr *); bzero(ip6, hlen); ip6->ip6_vfc = IPV6_VERSION; + ip6->ip6_flow |= htonl((u_int32_t)pd->tos << 20); ip6->ip6_plen = htons(pd->tot_len - pd->off); ip6->ip6_nxt = pd->proto; if (!pd->ttl || pd->ttl > IPV6_DEFHLIM) From nobody Tue Dec 17 10:08:09 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDn3fHmz5h0p2; Tue, 17 Dec 2024 10:08:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDn1Xtyz4BHB; Tue, 17 Dec 2024 10:08:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q67e3Nf5b/VJTvnZN6gwLpBFva4CR4wfUgWHCcDunxU=; b=qS+lNlZBuFbkxdKbRkr0wjea8t34vupxbcrxcPrEfQKhuAURPgn7nKR24EcH4XUzA/wXF3 uMit1ZWaoZTCvQ+fLmwq12a8ieEpsHc7vbOPfz9uTlcm8uc7AVdEAst7CPfpVbS0NAPLyi rmZTFEO2xfY79lyxmYcl6MMsN7AMkSJmPoh4oQcaENNhDTi3JQufmBL7Lr5qnuZVx+0F0w W3vngdAbvA9hZLglhXsy1fIOo6EFo+JtorpurbUxOb5vWPP22svgewOSCoSQ2uj5uiQqq8 HC6A2HfJm/0IFH0xsC5b6DQj7clSXH8ixCc4LIydNgOsJXJXc/ds9sm1SNQuPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q67e3Nf5b/VJTvnZN6gwLpBFva4CR4wfUgWHCcDunxU=; b=SE/BK/jHeBT70wrPiVlHqUTQPx8ZuC0yKatHfF1TckpSFij5gJS2GIACjcCZVPHm1CRR17 kd1khln1BbRfVjNTWXmFpPK+fSbfXgA2+kKF24NCwxYELYYcONQaUB37IPgbZ1NBzoGkDM gGp1Dje7y/SVNYEbKKWnmt4SJZJfX5sqsQeRLahd4HU0zw1b5J0klWxRfozsa8Jh8V0ZTJ 2QjIdOVXtMEKNPgoUnOeZPn+UIzFchNEvbFY5XUvoGiOqbPm9jesT5waIYYJNfd6ElwLNN 5yr7kAa4EbW8FfHCsRZnP4OkfgGuioCqc5vzUFqlMf+jVVzEBgs6A1zQ05DKQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430089; a=rsa-sha256; cv=none; b=Q3oFHZhWIoXt3d13WM2Hn6IuZhvVjARGQbAx9/sZK3OMjbOdJT6cGQOC2r3iuheay4gZNH Rt28PdgfqaJp5XXCfgvkVLu/wyxCVbbEkUxrt+aMTIjFKpqIo11TJ+GGpoThbx7wG4mHJg AjTA8QpXR3KWinn7d0Agn1OUob35F7AxYzGZxfEmOJRlyI3IdzrHCNkFXQZ19tBnjEi2P9 BSBSo1ScWoIOWsTY9DqDRfSVX3lXEnxhj5uNs2ZEW0vX1rqpnamV3RiNRTWSHk0pYWZTA5 QGA0EF+nBoE8ixlRkD7WOvdVgEHzkf4cpivAzUDnRtxUSIINeqwlc/Mhvrxo3g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDn102PzJVP; Tue, 17 Dec 2024 10:08:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA893f024653; Tue, 17 Dec 2024 10:08:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA89WQ024650; Tue, 17 Dec 2024 10:08:09 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:09 GMT Message-Id: <202412171008.4BHA89WQ024650@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 27fca15016a9 - main - pf tests: validate ToS translation with nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 27fca15016a90f0d044176ba5f8f5b0fa91469ba Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=27fca15016a90f0d044176ba5f8f5b0fa91469ba commit 27fca15016a90f0d044176ba5f8f5b0fa91469ba Author: Kristof Provost AuthorDate: 2024-12-02 17:01:42 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:17 +0000 pf tests: validate ToS translation with nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/nat64.sh | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 9e91e95570c1..c1202dfee2e8 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -203,6 +203,38 @@ sctp_cleanup() pft_cleanup } +atf_test_case "tos" "cleanup" +tos_head() +{ + atf_set descr 'ToS translation test' + atf_set require.user root +} + +tos_body() +{ + nat64_setup + + # Ensure we can distinguish ToS on the destination + jexec dst pfctl -e + pft_set_rules dst \ + "pass" \ + "block in inet tos 8" + + atf_check -s exit:0 -o ignore \ + ping6 -c 1 -z 4 64:ff9b::192.0.2.2 + atf_check -s exit:2 -o ignore \ + ping6 -c 1 -z 8 64:ff9b::192.0.2.2 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 -z 16 64:ff9b::192.0.2.2 + + jexec dst pfctl -sr -vv +} + +tos_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" @@ -210,4 +242,5 @@ atf_init_test_cases() atf_add_test_case "tcp" atf_add_test_case "udp" atf_add_test_case "sctp" + atf_add_test_case "tos" } From nobody Tue Dec 17 10:08:10 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDp6HK4z5h0rV; Tue, 17 Dec 2024 10:08:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDp3lgWz4Bhw; Tue, 17 Dec 2024 10:08:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430090; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sIkAyd/4rCLO3hTlbdxdySY+EKZ+3AjD024PFlrsn3Q=; b=loTUsd9R1ysYqyPUaV86h1Z/M7A1u/jOXusXXW44aqrUvee2cAWufVIGjDgpzn4COc3ky1 X2Irq6FrL+1ro4GMJprIoVwXMaJcsD0Q6eb/J/S9w4DULPYdJ7ULy1j59S5JHZp7J70kAX 9WD78vv6PXqQztK1buVZR1KHypBT5JUX/qQuj3C9arm8nGiBGwrhVQ9pO8+Qm/dqVQ3+By hlYAbvJpwhCsQN62vtEhWJFyfO2a07eFm5MChnLOTldD2jhDsxohvY0zvAct2mGg0OBFhE SVN6E6jt3psUnp2cGWy8goKBg9O0vAYYzjq98gVTuCaSwRyxY6xeszkcyusBOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430090; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sIkAyd/4rCLO3hTlbdxdySY+EKZ+3AjD024PFlrsn3Q=; b=NP82K3t9Tv9tOTxrJ33lLr2UeJFBAYRF9ZRLoxB3hmOFWBBJmvjIwrf4vpJSWQJj5vgUrH kVKq7MvVUZ8f1eUOtkr0KvIdREzOSSnYh/nTQoh9cpLCxbqa9WKhz/tgTMXqIoNgH2FgNM vsOFKzxpoZq15DEULlwWX2vVWNAjBKx+tUd01VGCWLh9WP2//mOduYJYEstizaxAZEWEBm N8TjhC5Q0c37obAbwa3UNAKGwZGf+AIlJofwkhjiDVFH0fhCGR68r+MhFR8KtuNon0CGdv Yp9tO++COXB0msZPzIkfBstaV03WD6WTfhXkNksw47dtT9ZtJVptyKb3JhS+Dw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430090; a=rsa-sha256; cv=none; b=xbz1/PaG2BvsQWWgjZwqJ+R4A4orymsW1umlfNx+sS9KpcNmSJASa5CP5zNN+2pjrt9S+Z 0B8Ra+IhwfOCuQmDPF92MRcKuN+m9NcGvEs4okePiSkkZC88u22pccLU9G18S5Joywx3BW hZoJWNQbJ8utyKmevWkcf3C2L5EDNSnZ/h3bNI/Iw7tH+ILxJ8vFiF0TWjcRddZrM7bvv6 8IxBUfpZy2tUBy0UAY3IfF8jQoZjAl4Kyaj8TG/nGU9FQXGH12+/NDTLXaqsUO/bb8Wsy0 4plP/1NA0ORaoM5yt9A14lStkS8pV4b2n9I84q0dcNcGY1e1iTEC5ZsCRZuWIg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDp2274zJvj; Tue, 17 Dec 2024 10:08:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8AQF024724; Tue, 17 Dec 2024 10:08:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8AN2024721; Tue, 17 Dec 2024 10:08:10 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:10 GMT Message-Id: <202412171008.4BHA8AN2024721@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 125e395278cf - main - pf tests: test not having an IPv4 address to nat64 to List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 125e395278cf01811a06bb7fdb2dce6854eafc3c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=125e395278cf01811a06bb7fdb2dce6854eafc3c commit 125e395278cf01811a06bb7fdb2dce6854eafc3c Author: Kristof Provost AuthorDate: 2024-12-05 17:23:29 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:17 +0000 pf tests: test not having an IPv4 address to nat64 to This isn't expected to work, for obvious reasons, but we also expect to not panic doing this. Exercise this special case. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/nat64.sh | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index c1202dfee2e8..809d058d34c9 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -235,6 +235,46 @@ tos_cleanup() pft_cleanup } +atf_test_case "no_v4" "cleanup" +no_v4_head() +{ + atf_set descr 'Test error handling when there is no IPv4 address to translate to' + atf_set require.user root +} + +no_v4_body() +{ + pft_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up + jexec dst route add default 192.0.2.1 + + # Sanity check + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + + jexec rtr pfctl -e + pft_set_rules rtr \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" + + atf_check -s exit:2 -o ignore \ + ping6 -c 3 64:ff9b::192.0.2.2 +} + +no_v4_cleanup() +{ + pft_cleanup +} atf_init_test_cases() { atf_add_test_case "icmp_echo" @@ -243,4 +283,5 @@ atf_init_test_cases() atf_add_test_case "udp" atf_add_test_case "sctp" atf_add_test_case "tos" + atf_add_test_case "no_v4" } From nobody Tue Dec 17 10:08:12 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDr5wbrz5h0p4; Tue, 17 Dec 2024 10:08:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDr3hqBz4B8V; Tue, 17 Dec 2024 10:08:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pH/1J77inAmQ8K4z82YjLSCMGoBSezBzu2UsH2GZSAU=; b=MU55AGayTviQtE1H3cbd9zDS+IlxE+nwBXv2PHtfZmAeo+NjICCeiaQt4qJcUOIZbbX7ZM 6pTbua2BBZglcSG+4AFJO+w8NR3e4lYVRt54FYvfICMzl9khA8WTQeErzXoitf/IaVpqKj KYxfNeOOSO6pc1M4Un/HY5qyZLSHVd/lBRz81nXM4V4Ng7IF22BqY3bfd1YQtOeP4532Xu WYMP7CAdVkEPWtgKzBEoqiILIgVaY8F3LA9mgC9GOHGGaHgbd9Pqq9i0L0h6mgb1mVIXOS z8Pdsf0sjnOyyznw6bmxJP+O99qoVTd7rn5HB5+YbEdygyMmD3lkJU/6DIG7fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pH/1J77inAmQ8K4z82YjLSCMGoBSezBzu2UsH2GZSAU=; b=tRPJT7taPzP13AoGhQnRRY0qrLsLRkzlRRAZkbdPuRerFWEcQ7RscKX19r8vOn5oFo6mo6 ja7Q45eGY7yvZd7HkSFZt0Wlbr1ZO2nmhGXc1IzZIAWnRV5YHkuj/xLagJlgEaO5m+P1F6 +DH5F9+gpOQgn6ytc0IDCh+V1lrke3IzBUVXOUV4Ncc1Tig7fzNXiFODAGdH2uhjDAfXsU anygYPOV6SiMoiRIjfMgqNwFa2234UOZuaYYfqK0Pm5I6QiJ527KYpxLHuzjYusMcozGpk BKfiy/wIsWoAqO4/hFp3K7VQc1NyesTYc7DIAbAu63vlE0Qaxz4mQJ/v0WeBGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430092; a=rsa-sha256; cv=none; b=R5nubR4RxTyGHT4dKxXdiPKejuNc3u9Lutd91dfylgeVpclS6W1IK1EEK728YSznuu4qdg MiZ9iIWm0ry9GYUDxbhx2TG8CJGOsV8OxqQMWVrQLPeNcC0r1olSpwDjviowIzr16MFIYO iCh6Hfqzgx2yK9o2EogIR/QmvkulNVb4SKdtQsBMeKkrqZCpKDGMM60ocgIf4tUqvASyEZ kOBTI/9x0kLs7lWCg8YfnND0vumey4Vj9zY3X0Zc4Oczv9pVz+9F/jShl3xiG4O14PbeQA ja/Iy8jC6QReXBEXHULVF7BzLZlWryk4T/yrL1+QZIntvocef9fJkjtb4uj//A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDr3K9NzJjm; Tue, 17 Dec 2024 10:08:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8Cj8024824; Tue, 17 Dec 2024 10:08:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8C3a024821; Tue, 17 Dec 2024 10:08:12 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:12 GMT Message-Id: <202412171008.4BHA8C3a024821@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: b0e3fb7e65c3 - main - pf: fix nat64 round-robin addresses from a table List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b0e3fb7e65c3a745177e52ec2f20a773b4d59c1e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b0e3fb7e65c3a745177e52ec2f20a773b4d59c1e commit b0e3fb7e65c3a745177e52ec2f20a773b4d59c1e Author: Kristof Provost AuthorDate: 2024-12-09 17:37:36 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:17 +0000 pf: fix nat64 round-robin addresses from a table We do multiple lookups during the nat64 process, some of which will fail due to address family mismatches. Do not reset the lookup offset so we actually use different addresses from the table. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_lb.c | 1 - tests/sys/netpfil/pf/nat64.sh | 67 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 0f08226c1c0d..35896bdcf5b1 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -598,7 +598,6 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, else rpool->cur = TAILQ_NEXT(rpool->cur, entries); if (rpool->cur->addr.type == PF_ADDR_TABLE) { - rpool->tblidx = -1; if (pfr_pool_get(rpool->cur->addr.p.tbl, &rpool->tblidx, &rpool->counter, af, NULL)) { /* table contains no address of type 'af' */ diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index b6b2b97a2f63..827891373903 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -341,6 +341,72 @@ pool_cleanup() pft_cleanup } +atf_test_case "table_round_robin" "cleanup" +table_round_robin_head() +{ + atf_set descr 'Use a table of IPv4 addresses in round-robin mode' + atf_set require.user root +} + +table_round_robin_body() +{ + pft_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + jexec rtr ifconfig ${epair_link}a 192.0.2.1/24 up + jexec rtr ifconfig ${epair_link}a inet alias 192.0.2.3/24 up + jexec rtr ifconfig ${epair_link}a inet alias 192.0.2.4/24 up + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up + jexec dst route add default 192.0.2.1 + + # Sanity checks + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.1 + + jexec rtr pfctl -e + pft_set_rules rtr \ + "set reassemble yes" \ + "set state-policy if-bound" \ + "table { 192.0.2.1, 192.0.2.3, 192.0.2.4 }" \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from round-robin" + + # Use pf to count sources + jexec dst pfctl -e + pft_set_rules dst \ + "pass" + + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.2 + + # Verify on dst that we saw different source addresses + atf_check -s exit:0 -o match:".*192.0.2.1.*" \ + jexec dst pfctl -ss + atf_check -s exit:0 -o match:".*192.0.2.3.*" \ + jexec dst pfctl -ss + atf_check -s exit:0 -o match:".*192.0.2.4.*" \ + jexec dst pfctl -ss +} + +table_round_robin_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" @@ -351,4 +417,5 @@ atf_init_test_cases() atf_add_test_case "tos" atf_add_test_case "no_v4" atf_add_test_case "pool" + atf_add_test_case "table_round_robin" } From nobody Tue Dec 17 10:08:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDt0Ftfz5h0p6; Tue, 17 Dec 2024 10:08:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDs55XKz4BxF; Tue, 17 Dec 2024 10:08:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WNp483xuLeNqbUqI26VPj5UZcxtl/e633cxNeCtge/w=; b=ijNAY/pcn6s0AzPsSt2yrPq9ZJxZfIzIt1RfLXPw4ZfZ9LyPAFGAyqATmHgG0wwexBAcp2 0e3CtGIC9jdwNtP4G9p7Hu70c/7mx2Rx+m5OtjC9Sh/nH1BmFgVedCEXtMN4MZzbu/uWp1 A97viWQrfcqEHUno85NRZogBww/JqzgqsNBhqTXNBF8q92cEsz17IuV3BazHvobottJHM5 oIQ0+zwuITZhFceplRZ6hbV9qNoPaZd/l3QbLId01mGJCZ37pqIWXVi91bXkZYM1MOQeax j/ltB04Gr3edX0c1dztZN6Eyq9OJaroMVqawlJugsZjAst0QhNAVwaf+CMM4RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WNp483xuLeNqbUqI26VPj5UZcxtl/e633cxNeCtge/w=; b=C/OC4+9UNxxAO4xHIPMcIr1XO/zxJssdo+u4UN26LOTBPbqALTE/8jhMwErafJ6ATUG2vm 2e+lfY1mi0QZC/r/eC+I5n7ZMbL4iEAXkhS9jC7UVAe6JB934kMlFVRclE9SOSDhdFEPu7 6YcR6LYOR4Wy76uGWijYqXwy5uoH6/C07FPntz5CTAG4ujVGwUfZzXE0EqUmF6uo4Xq+aq WU7l/qJzdta6Yh3jlPWvqef3xQFbv4Q8Rjsj/ZAFw5Nqwl6RMQGaSvNlCGYY+ZAbVaIgEX zjJFjDsOybMYFE9pfClsSPwFdZ9O5jBBx5GfOypoZRU3EbvbkXmbjzxoQW/0Ow== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430093; a=rsa-sha256; cv=none; b=iAGws8e82Y496O9RhWGCLWIRVkZoLEXqmi34/U0z4p5IrHXNqsg1mD9nZeNTwZQkHREoc+ iLizPrnxyglLkuXMnva+halPJL1utTO0pNSFNm/jBRa1eZquPmVdjYKraY9xSrhFfo7j+u OukOgf7BFuR1Nw52Vfdo1264PnnQFOu6rOOonSRrUTSCitLYsxwwyUTLobCebYyinaWbej Tah56ptDHl/hEFv2yANKPLZC18euEQMgaVBQwLmLG4BbrPCF2rspGV3FS359UpGowlXxOz 9dJ57qCCKaOHnPu6MGDsi/ajAjBkKnbaACRlYc5nsM0ExHzTVKTxoACiFK5uLg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDs4gvVzJjn; Tue, 17 Dec 2024 10:08:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8Dwk024882; Tue, 17 Dec 2024 10:08:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8DZM024879; Tue, 17 Dec 2024 10:08:13 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:13 GMT Message-Id: <202412171008.4BHA8DZM024879@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: e0dcc51ddb43 - main - pfctl: do not allow af-to tables without round-robin List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e0dcc51ddb43201e58f15645f000e27f061df081 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e0dcc51ddb43201e58f15645f000e27f061df081 commit e0dcc51ddb43201e58f15645f000e27f061df081 Author: Kristof Provost AuthorDate: 2024-12-10 11:00:06 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:17 +0000 pfctl: do not allow af-to tables without round-robin Tables can only be used as a redirspec (i.e. in pf_map_addr()) in round-robin mode. Enforce this for af-to tables as well. Add a test case to verify. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 14 +++++++++++--- tests/sys/netpfil/pf/nat64.sh | 23 +++++++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index fc24cbc238ba..fc9cf86081f6 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -2827,11 +2827,19 @@ pfrule : action dir logquick interface route af proto fromto r.free_flags |= PFRULE_DN_IS_QUEUE; } - if ($9.marker & FOM_AFTO) + if ($9.marker & FOM_AFTO) { r.naf = $9.nat.af; - r.nat.opts = $9.nat.pool_opts.type; - r.nat.opts |= $9.nat.pool_opts.opts; + r.nat.opts = $9.nat.pool_opts.type; + r.nat.opts |= $9.nat.pool_opts.opts; + + if ((r.nat.opts & PF_POOL_TYPEMASK) != + PF_POOL_ROUNDROBIN && + disallow_table($9.nat.rdr->host, "tables are only " + "supported in round-robin pools")) + YYERROR; + } + expand_rule(&r, $4, $5.host, $9.nat.rdr ? $9.nat.rdr->host : NULL, $7, $8.src_os, $8.src.host, $8.src.port, $8.dst.host, $8.dst.port, $9.uid, $9.gid, $9.rcv, $9.icmpspec, ""); diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 827891373903..b0559ac1f98c 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -341,6 +341,28 @@ pool_cleanup() pft_cleanup } + +atf_test_case "table" +table_head() +{ + atf_set descr 'Tables require round-robin' + atf_set require.user root +} + +table_body() +{ + pft_init + + echo "pass in on epair inet6 from any to 64:ff9b::/96 af-to inet from " | \ + atf_check -s exit:1 \ + -e match:"tables are only supported in round-robin pools" \ + pfctl -f - +} + +table_cleanup() +{ + pft_cleanup +} atf_test_case "table_round_robin" "cleanup" table_round_robin_head() { @@ -417,5 +439,6 @@ atf_init_test_cases() atf_add_test_case "tos" atf_add_test_case "no_v4" atf_add_test_case "pool" + atf_add_test_case "table" atf_add_test_case "table_round_robin" } From nobody Tue Dec 17 10:08:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDv10Jmz5h0wv; Tue, 17 Dec 2024 10:08:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDt620Vz4Bs3; Tue, 17 Dec 2024 10:08:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ol6Xpj1t8PYdzWgewNUtjJstsFJ30J3E0o0pOlnqT7c=; b=phxmpHqrWh1r8vrlxSGD9tEWxtI+jAIIQ3ySlfdQ3Re/OQcrum8EdUoJQeyQiAh7HmMSPR QzinEBxMkYuxH3lmi+Hi0zw7oqor8tJQSiNj5kMyvy1qBfnPuAmab/Msyvxyqj2MWG0I9k 0dsEPW+uwk/SfdAzTBot/cNMQk0u8ihf0mRq1NSqUQaYHY/FccukSiqrVN8cXzXvGULaQ0 gaNT4an2Y5O1HK9Sx9Yub3Q6XsVPWL+ZRzDMIJaV8nmRPiztaF9sLYHGPBha9PV1NitBM0 T3yHvW7wNjc9ATtKHAXs8HfflzakwSqtytB1kAckrlRbSCuCWrogQriANVH0gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ol6Xpj1t8PYdzWgewNUtjJstsFJ30J3E0o0pOlnqT7c=; b=kJWpE0uZH49N4EVNYCTbqG0FeXI+zYSQdKWg5Oar6WaNg67qhvvj8mqcLqLobBbdKW/x+j d4hTCQlSMbR7gM8WfntwmN+1TFywwZzwRrKfym9aHnUCAfcZKjXArsc5lJgqyZ99iDRev0 Plwt7sBVUmUG2RRQv7kQqq/kufosTmAwC7jlr9U4WNVS+3MHwpLlTORorp6uGrfHbZJyFG GqGmWJRUQWw3acgZNzp4rQCzKfYCHkiXzfAVPdtLbXn18IQEdQ+mxlBoRt+1yq9re1Hroi X+ZrRfwFTDzFC5vflBZhKW4Q1oqNN6ZDJrg3FLZX3Uz2ouLKb2l2YNc16DOojQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430094; a=rsa-sha256; cv=none; b=QvQDVdpXPhqf6zoT2L1ms67Fc8ZTNJrwfQqT/mjkyz9H4QA8xq9bw2MrzEGfCyW824LNhe +WqmMoDP+dJ3Q+tTak8J3i7/DjO1QtInRFjku5IqIYm58oXB2cSwL7kg6M420Rie5hKSsv b6/V2vhX5uJoE2EGum00vVsixPhJRsBffkJ0KPeJJfFRoD7n8aWWdRauoBWau8yEdyxjGn CSo8Q4G6mrh+XtSOrmaSW9KE/tKUAUA/ehufMpMHJf3lJCpVR+f16ComzASAVQmytGJ4Mi 8vHWcCDXlV5Q1nv0YdKLM8CW1l4UqLllNDmPGfTWdIGSjPdPi8NUQRxDdHSonw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDt5DP0zJjp; Tue, 17 Dec 2024 10:08:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8ERL024943; Tue, 17 Dec 2024 10:08:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8EGA024940; Tue, 17 Dec 2024 10:08:14 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:14 GMT Message-Id: <202412171008.4BHA8EGA024940@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: bdb583afa198 - main - pf tests: test address range as nat64 from address List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bdb583afa1980b5479836a4b6d2977da1648cd69 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=bdb583afa1980b5479836a4b6d2977da1648cd69 commit bdb583afa1980b5479836a4b6d2977da1648cd69 Author: Kristof Provost AuthorDate: 2024-12-11 10:47:43 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:18 +0000 pf tests: test address range as nat64 from address Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/nat64.sh | 65 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index b0559ac1f98c..3091213baa0c 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -276,6 +276,70 @@ no_v4_cleanup() pft_cleanup } +atf_test_case "range" "cleanup" +range_head() +{ + atf_set descr 'Test using an address range for the IPv4 side' + atf_set require.user root +} + +range_body() +{ + pft_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + jexec rtr ifconfig ${epair_link}a 192.0.2.2/24 up + jexec rtr ifconfig ${epair_link}a inet alias 192.0.2.3/24 up + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.254/24 up + jexec dst route add default 192.0.2.2 + + # Sanity checks + atf_check -s exit:0 -o ignore \ + jexec rtr ping -c 1 192.0.2.254 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.2 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.3 + + jexec rtr pfctl -e + pft_set_rules rtr \ + "set reassemble yes" \ + "set state-policy if-bound" \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from 192.0.2.2/31 round-robin" + + # Use pf to count sources + jexec dst pfctl -e + pft_set_rules dst \ + "pass" + + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.254 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.254 + + # Verify on dst that we saw different source addresses + atf_check -s exit:0 -o match:".*192.0.2.2.*" \ + jexec dst pfctl -ss + atf_check -s exit:0 -o match:".*192.0.2.3.*" \ + jexec dst pfctl -ss +} + +range_cleanup() +{ + pft_cleanup +} + atf_test_case "pool" "cleanup" pool_head() { @@ -438,6 +502,7 @@ atf_init_test_cases() atf_add_test_case "sctp" atf_add_test_case "tos" atf_add_test_case "no_v4" + atf_add_test_case "range" atf_add_test_case "pool" atf_add_test_case "table" atf_add_test_case "table_round_robin" From nobody Tue Dec 17 10:08:15 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDw2cCPz5h0x1; Tue, 17 Dec 2024 10:08:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDw0JP3z4BLM; Tue, 17 Dec 2024 10:08:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rZmCNCZTl4Tm7dGGetAkeIZNZrP9k7cKHu/DwyW0Qt8=; b=a7745vKUPHg1/NjH2BknRI8MMAUbWff4lcorIyfKK4xffT5MCG/8FjTBG0QYwTivrKX4ZH po5Zz0sLezfayMC5d30Mi3c48DbOERfkwgklTYh+Jpqe3viSsOK/NPmFawfrGgpWIP803b mjw9lGw4mznwB7L6h4oiup6H44WQhc6ls09cCKDNrWwz01ifQBYAB0RWwQq+KuBgPsXUba jo1i0LrPgDZ/dRx++6Ni/iusSBXRuBaHplrY6N8mjUMtmqEG9XVlSk70QH6EXgLP2A+xW8 hMhiZBV5IXu5fQNsbxkBBV9RPKHH/qxhfYsjyGsJ3Lc2lvaZI63/R+En9xbGnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rZmCNCZTl4Tm7dGGetAkeIZNZrP9k7cKHu/DwyW0Qt8=; b=x7MMLiZrMaMLpWJVY6y2sdz1AJ/JIree6T/hVw4tMZ0JSxztztizn1nEaYQK+bQbgG16jA UZ63LuQasvGHKNMGkzBp+y3071gbShTS/2q/ASl95RGVMnENd3f2f9+edJdYaGQcBSafU0 OwhnuW4w72IGqBpp8bqa7gKddkBm+KCfien272XSf5vai/m0N85eMtefTVW+qVvHO3D8Xm M7A+nV3DEGQfxQY726oJZfymxF/X6mvYcoweEjZ2ugFdfgY7eaOwq5j2dN2wOvUSB5NIwy 4rL+ZcvFXvlckmLcH5uUPLOQqjyRYP8gFve1Y4hIdxbSt45lh06YLCtPungoBg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430096; a=rsa-sha256; cv=none; b=PGYu9WoE4v4YlpWgheCIAdwoWLECQDafC+jGPq+Y8FUWMvW4eF+sEkxSk5pMYZXZ2cb4g4 +5k3OjckMLNyF4509iMzH1gzqsSDb1SHunCwKBLwoFTmu57hs/HGil/i2igi/MRTk8IsJr ekoD2wQNqXUFa4QihFKr2nzS7ebc8hx7wHLJP0pd2ujvGRaweynPOsTcS7ZR+MM3TK1QEK 1LDBZhElZXsxx0oyrUZKZIj3xoBrcImLNYP0wNCWGf51ILCLRgCgV4ju7jQDPbKiBGdJBd MBHolStayJb51hR1a7Jpl1OTukqEnDBJCatNWz2krNL9DkWdWJmIok4gaLClkg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDv6YBzzJxw; Tue, 17 Dec 2024 10:08:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8FeK025006; Tue, 17 Dec 2024 10:08:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8Fuk025003; Tue, 17 Dec 2024 10:08:15 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:15 GMT Message-Id: <202412171008.4BHA8Fuk025003@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 7f3d159b9ff2 - main - pf tests: test using an address range inside a table for nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7f3d159b9ff2b594778e9180fb7910721495a24f Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7f3d159b9ff2b594778e9180fb7910721495a24f commit 7f3d159b9ff2b594778e9180fb7910721495a24f Author: Kristof Provost AuthorDate: 2024-12-11 14:09:34 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:18 +0000 pf tests: test using an address range inside a table for nat64 Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/nat64.sh | 63 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 3091213baa0c..318b6a61bcab 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -427,6 +427,68 @@ table_cleanup() { pft_cleanup } + +atf_test_case "table_range" "cleanup" +table_range_head() +{ + atf_set descr 'Test using an address range within a table for the IPv4 side' + atf_set require.user root +} + +table_range_body() +{ + pft_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + jexec rtr ifconfig ${epair_link}a 192.0.2.2/24 up + jexec rtr ifconfig ${epair_link}a inet alias 192.0.2.3/24 up + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.254/24 up + jexec dst route add default 192.0.2.2 + + # Sanity checks + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.2 + + jexec rtr pfctl -e + pft_set_rules rtr \ + "set reassemble yes" \ + "set state-policy if-bound" \ + "table { 192.0.2.2/31 }" \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from round-robin" + + # Use pf to count sources + jexec dst pfctl -e + pft_set_rules dst \ + "pass" + + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.254 + atf_check -s exit:0 -o ignore \ + ping6 -c 1 64:ff9b::192.0.2.254 + + # Verify on dst that we saw different source addresses + atf_check -s exit:0 -o match:".*192.0.2.2.*" \ + jexec dst pfctl -ss + atf_check -s exit:0 -o match:".*192.0.2.3.*" \ + jexec dst pfctl -ss +} + +table_range_cleanup() +{ + pft_cleanup +} + atf_test_case "table_round_robin" "cleanup" table_round_robin_head() { @@ -505,5 +567,6 @@ atf_init_test_cases() atf_add_test_case "range" atf_add_test_case "pool" atf_add_test_case "table" + atf_add_test_case "table_range" atf_add_test_case "table_round_robin" } From nobody Tue Dec 17 10:08:16 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDx3QfBz5h0vL; Tue, 17 Dec 2024 10:08:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDx14Vtz4C8d; Tue, 17 Dec 2024 10:08:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WYq0liV+0g1eF6Y2AIm5+KMhv14Qdqb4Aed2mIx5L0U=; b=ya3TB+LX5Za5X2JuUAXTXR0XbWJZ5N0E5a+HZgN2SZPhq1+s4qXvFapfxseI9a5LyM3Lwg SGbrNsNt8hLgt8/Hmv1ei/cVdIXhizw906F9BhrSzTAbd9sqdgUvZUio8ag0YSWhaStkyN jouAVySzD33VKGYzfrHCq0nPMCvyZIbYq8jhSERsz5XNgnN3PPsqEnG0rMKGtIiI/uMrQ6 zsPcQAA00xmVCUccgVRejjuci6JfzmVB0joBZ7Ecw50UMaCLLJKoaTM5PdJpNOOkkK2Xuy sFvpZz5VPkamaE+ZTqCLrb2/AggIIFDCQI1f3bNyQxdUBpirAC3xjFJetdJViQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WYq0liV+0g1eF6Y2AIm5+KMhv14Qdqb4Aed2mIx5L0U=; b=bo94mE7Xpzb75J9afgHmHhfjiVR/LkEQnKJVWGIZrjO26kEopwIeUP+Anzrm/NfiOBVj8c aUnuw7aL/5oaq/Dl1k+BnZbssGNnNzFNuWMSuIRJVtJtbnkPNdzn9uDbcCXmobj2SOPw6g 340L+Ocd3aDAs0hyLskfdPgyuK3jsasD2H6wgmwrnhSh8vNranFdQLl5MqAgPqjNWnyT74 Xa2/qOKbwi/qiaf6ENv4yIQKbt/qpEkdsIddpbQZZxe/JEmoLp9owI/D4Vsjd7iXzEvohA L0ZCcsirXVV1ZOfrpqLCgl2T+qQW8XV5+zz3IehlyCobdz3rc/nIc2Hfz4Lsxg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430097; a=rsa-sha256; cv=none; b=CrOIL8r8RKgYxQlyKYJ7JZ92e1qTv/d5oz/TsmMU2w/fR1vX2r0vMz8532oeKCE+Z5NLiq OV+a2Aed0Oc+BF1h+6Jv/hHMibNqeyq3wHyxuQNF7mebu3/ZXgfWqz6+kDBxoB49lNrWW8 CznoadyabwwK8MPslMCPkSZYlOJ9p16gqSmxh8ziboNyDDlXDMCYc+D0Yy1AJZTDAKStka IpwJODdLFri6RB66oGMS8T1s+FmwUQYnX5ZvFdZfJeF9v/1PXmKPTTvJJfZQAc1GpPjORW bO4u6qM0ypPAuN28KaDEWkCatZwKwdo4Lj1Vcy0PaPxI7EIXm/6bcb/T2mouYg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDx0bkZzJjq; Tue, 17 Dec 2024 10:08:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8Gum025054; Tue, 17 Dec 2024 10:08:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8GVZ025051; Tue, 17 Dec 2024 10:08:16 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:16 GMT Message-Id: <202412171008.4BHA8GVZ025051@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 08a512019ccb - main - pf: fix dummynet + route-to for IPv6 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 08a512019ccb19d1e05d4069faa959a530256ec1 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=08a512019ccb19d1e05d4069faa959a530256ec1 commit 08a512019ccb19d1e05d4069faa959a530256ec1 Author: Kristof Provost AuthorDate: 2024-12-12 12:41:42 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:18 +0000 pf: fix dummynet + route-to for IPv6 Apply the fixes from c6f1116357904 and b8ef285f6cc6a to IPv6 as well. Ensure that when dummynet re-injects it does so in the correct direction, and uses the correct dummynet pipes. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 881b3cf91140..d9c0beb0169f 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -9130,6 +9130,28 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; } + if (pd->dir == PF_IN) { + uint16_t tmp; + /* + * Make sure dummynet gets the correct direction, in case it needs to + * re-inject later. + */ + pd->dir = PF_OUT; + + /* + * The following processing is actually the rest of the inbound processing, even + * though we've marked it as outbound (so we don't look through dummynet) and it + * happens after the outbound processing (pf_test(PF_OUT) above). + * Swap the dummynet pipe numbers, because it's going to come to the wrong + * conclusion about what direction it's processing, and we can't fix it or it + * will re-inject incorrectly. Swapping the pipe numbers means that its incorrect + * decision will pick the right pipe, and everything will mostly work as expected. + */ + tmp = pd->act.dnrpipe; + pd->act.dnrpipe = pd->act.dnpipe; + pd->act.dnpipe = tmp; + } + /* * If the packet is too large for the outgoing interface, * send back an icmp6 error. From nobody Tue Dec 17 10:08:18 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDy55gzz5h0x6; Tue, 17 Dec 2024 10:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDy2J4fz4C94; Tue, 17 Dec 2024 10:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S4omzMrQL039YXILBIj1/bijvlcJVAVPuR/cKM3z+Qk=; b=ewEWQquI/REHu4I5rOXh6SHYz0CWWg8mbjPi9kQeYE0FGuFURlc7w4jUuXt0LPfMIRtdat i/F0u67GBa//2kLGCHsWSC3XDMnNM4DJXkf+9qsod69PZWkxStAXZrtOcBo2U1ZbV3KuzX WykIcIFJ53Sy7zMuFATq3VVZckI6o4kj0Na/sjJ7FxFw6HL0ww9cBHGySLxNVT6fPM9vjz if6ozohiaC+SHug5QzLZfbc0thHhcTrFXB4u/cEIoX/82qNNdDXo6mN8D7t8IDLxauu9rn TmaVGAlwedJrWBKCQJe0y1F2OmkoYV9l8ZGVAFGlYQmycwBYiv7XjXDhfpUCew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S4omzMrQL039YXILBIj1/bijvlcJVAVPuR/cKM3z+Qk=; b=Q7lKpiK5HScnV2RWvJKAq84N1nFtIc9FyRN8Muw++O15QnvF5Kv2RorxfAbFhsVmXkGhDT gyNaFqh2CVj/Mm4j3gEXujWYUSzjPMhcFHpEPuUPa0vG7FoBKRsdOr4vwsRFTfA6x08ERW xvZ2EV/leXKjiiPTjJW63J/isnekegede8BGO/l/ERoC7rytsXw7tk2fQMnoYNwrKbzY7a KUG3QrpmA2bTOxTPq/FFI1TJLtF4niUKJ04xWcMo3S6q3WZtAxZmlowy0fTB1sciHcjhrk 4YYl6vC9m/yg5ljuFsPWxFFBSOwhnm4d4c923Y9KLdb2SsHgepu7FvUB8rnPOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430098; a=rsa-sha256; cv=none; b=FTJIYWlLXGfnKyMt5Ey3jGDUEuJMzlBrzPevBcv0vBDKPipWzmhQW4eFKi/MuIF1jnQTrb UTsIwALFFxkDv2g1jJqizXZ+Z5Yms4glDqqMRbc00Jhr4yG51HUOSS6+bk7wfPAHlwx0IS FtAxea4JoRRpBdkFi8MuC7AaeRvN0s2+A5f7TevyVqiEDg2rSNAY3Sz/PXdg/2qpkLvBGN FqYKygZfH6uvcWMyJR+3tA0KuNv897zxT6/JKeFtPLIJZKWOTK1EUi3l9e02BSW7djHVy9 eNRe0ZoGSSRN3K0h3v5ikyjNeQCTmtvIKCsuMGd1ccmVAUrTnC6knfXJHHhjjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDy1LFzzJv3; Tue, 17 Dec 2024 10:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8IjZ025118; Tue, 17 Dec 2024 10:08:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8IJL025115; Tue, 17 Dec 2024 10:08:18 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:18 GMT Message-Id: <202412171008.4BHA8IJL025115@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 706b42cc4bd9 - main - pf: give the correct address family to dummynet after nat64 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 706b42cc4bd9a255ed920b1a4095856f8df9e52c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=706b42cc4bd9a255ed920b1a4095856f8df9e52c commit 706b42cc4bd9a255ed920b1a4095856f8df9e52c Author: Kristof Provost AuthorDate: 2024-12-12 12:50:24 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:18 +0000 pf: give the correct address family to dummynet after nat64 Pass the new address family rather than the incoming one. In most (i.e. all but nat64) that's the same, but for nat64 we want the new address family instead. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index d9c0beb0169f..9128562fd71c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -9381,7 +9381,7 @@ pf_pdesc_to_dnflow(const struct pf_pdesc *pd, const struct pf_krule *r, dnflow->f_id.proto = pd->proto; dnflow->f_id.extra = dnflow->rule.info; - switch (pd->af) { + switch (pd->naf) { case AF_INET: dnflow->f_id.addr_type = 4; dnflow->f_id.src_ip = ntohl(pd->src->v4.s_addr); @@ -9490,7 +9490,7 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate *s, MPASS(sa != NULL); - switch (pd->af) { + switch (pd->naf) { case AF_INET: memcpy(&pd->pf_mtag->dst, sa, sizeof(struct sockaddr_in)); From nobody Tue Dec 17 10:08:19 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCDz6863z5h0rg; Tue, 17 Dec 2024 10:08:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCDz2sRnz4CMw; Tue, 17 Dec 2024 10:08:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U3lWjvBxTIHGQIcNB/pzJrtqEhDnou3PBrNepncUqGA=; b=lpYLnza6S2Y17bNbyyrhP6WLoGZZRtHi77drtp073m23WrEzgsGfATd75j/G/XISzVplEC cFRPRVVPy4uzMjYCv7cq7UWNBJOqdC4LKJiT4ezMovqZhHbUjEdLEHgcVXK0Aodf8O838i F+R53XTWfJYpNzIYaPBHbYfwl69PmQXRwQZxKCB+75hzePz0FxwNuz/hDKgEnPQb3Z92vQ K2SqfX/doKJvwXGHHKqs5rv+SxmY8SrCLElJyNhU3txkXO1rpZuNxtGEFcYGp+ue4QBK85 n1yUEGWVeYzcpphu/z1RkBtZt2YrBWFNWvbSrAhHszfFSzCxK2QlWir8dV8zrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U3lWjvBxTIHGQIcNB/pzJrtqEhDnou3PBrNepncUqGA=; b=JglhO8Jk3Yh20BizcCQg1PJyzqE61VUI55spUYiVSRkFBtn2fPZ/Gp+oAoxfdEGfN3MXdI LItEfDrUfdLOt0cmyQp85f2zm7VheyW5xtAvrDJUsy2WW6dxTk3klUqI4jBOjDzK9TTftW K8LbSjUtu+p5+KFQKEnQ6zZN28X1gb9wLZ/O+uriAIHKuQ5hgMn94TJC9a7kJw5wc+w2sQ dAjB9N5HpZmg3/BNUNZmFL8gDhiVF8dKp4mZJjF+fDAgoUrx8id29lcX66KcdgcUrq8tIP PerjRO65nI5OaVC7E6FXSBNxFvGRAUjlBLlJ9ML9bX6WFlXL50Jyk6+vzTlJiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430099; a=rsa-sha256; cv=none; b=IBQjRyUrvh7HkiirZnkYqLrjDWGrfbVmYHt93j0uFOmW6AVT8Kej7dvKnhYapiyuw4woGz hXW9X3/rjHAVFwMnCwWz9aoJYWS7il5dbKUrH2GkasuSe74OMtxB1ev6El8sVWoclbTf5F hzQ+K/p62VGygY8y4OrA4a7HEFKuXFz3iy9S9yhJvQuwA5yIWu9BLvHEkeq2db47SKUSQl nErVtnNJkiHAt3xEE9BwlRNi/iOJyffX0jhs2zB+HDCAilTPvg+C61orF8TtL7r9jxtSBX B6ssqAfmg3hIgStOSsRL8x8RCbCPGY5S1hG5geI71gyBGI/0zLMxFCue9NejjA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCDz2TbGzJS3; Tue, 17 Dec 2024 10:08:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8JeG025180; Tue, 17 Dec 2024 10:08:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8JHA025177; Tue, 17 Dec 2024 10:08:19 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:19 GMT Message-Id: <202412171008.4BHA8JHA025177@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 32cac604487b - main - pf tests: test dummynet on nat64 rules List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 32cac604487b4c6a8588c5df7641bdb5b452711f Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=32cac604487b4c6a8588c5df7641bdb5b452711f commit 32cac604487b4c6a8588c5df7641bdb5b452711f Author: Kristof Provost AuthorDate: 2024-12-12 14:35:34 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:18 +0000 pf tests: test dummynet on nat64 rules Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/nat64.sh | 55 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh index 318b6a61bcab..79fa0c99a311 100644 --- a/tests/sys/netpfil/pf/nat64.sh +++ b/tests/sys/netpfil/pf/nat64.sh @@ -555,6 +555,60 @@ table_round_robin_cleanup() pft_cleanup } +atf_test_case "dummynet" "cleanup" +dummynet_head() +{ + atf_set descr 'Test dummynet on af-to rules' + atf_set require.user root +} + +dummynet_body() +{ + pft_init + dummynet_init + + epair_link=$(vnet_mkepair) + epair=$(vnet_mkepair) + + ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad + route -6 add default 2001:db8::1 + + vnet_mkjail rtr ${epair}b ${epair_link}a + jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad + jexec rtr ifconfig ${epair_link}a 192.0.2.1/24 up + + vnet_mkjail dst ${epair_link}b + jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up + jexec dst route add default 192.0.2.1 + + # Sanity checks + atf_check -s exit:0 -o ignore \ + ping6 -c 1 2001:db8::1 + atf_check -s exit:0 -o ignore \ + jexec dst ping -c 1 192.0.2.1 + + jexec rtr pfctl -e + jexec rtr dnctl pipe 1 config delay 600 + pft_set_rules rtr \ + "set reassemble yes" \ + "set state-policy if-bound" \ + "pass in on ${epair}b inet6 from any to 64:ff9b::/96 dnpipe 1 af-to inet from (${epair_link}a)" + + # The ping request will pass, but take 1.2 seconds (.6 in, .6 out) + # So this works: + atf_check -s exit:0 -o ignore \ + ping6 -c 1 -t 2 64:ff9b::192.0.2.2 + + # But this times out: + atf_check -s exit:2 -o ignore \ + ping6 -c 1 -t 1 64:ff9b::192.0.2.2 +} + +dummynet_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "icmp_echo" @@ -569,4 +623,5 @@ atf_init_test_cases() atf_add_test_case "table" atf_add_test_case "table_range" atf_add_test_case "table_round_robin" + atf_add_test_case "dummynet" } From nobody Tue Dec 17 10:08:20 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCCF06bvZz5h0pM; Tue, 17 Dec 2024 10:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCCF0437xz4CQB; Tue, 17 Dec 2024 10:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ED+1QYNbxnZYSK26U/+Flpq3wWBXzfDNhGvjFnhNzlM=; b=dPwGqh+lYXuWOmJbtI+yDldjVvU0XTqTuZlsuZIlCNcjPgLktlITKBs/RHywcdjzHmYDu1 3i4KgBKiiToORIC61iDzoBL6NWne0ETCFxpDj4K/CKhcHsC4iT2lV6ho6NYMghIRcY8zqN nL3ndreoOoQLebwR0igllLiBYntjqKsp67qDkUFZFU82LgpTxKKuvEHI1j4vNq67SXvGC1 CjS/JXPnjPF9HTSiEuFFDm89FRf/JjKBVt3Gl7b+ODS7h0NaULCdPCGC3d78FhU8cDtNhl qaDJmI8sgyVKEDBf7qZWrjE+vfD5bCEdi00NedsmWDsZJny69DFU7JM/Eibusw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734430100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ED+1QYNbxnZYSK26U/+Flpq3wWBXzfDNhGvjFnhNzlM=; b=GGxq91Ph4Twp3DMdcoGr4ECPtmdJjXwKlRR6p4wx607NM8OXfGO3J3G6oj1zlr20x0LWBI mzZUCo5+urcWuDHIx8IM2J3tzPMDJ1lsZSHmYP8eksVVDPGwoE3qv9O6Lgh8AGmEdl6MIf eX8DskNhX+agYqjmTgu+cCSq7N/m3BEjzMjA34POVE2eRLQ1jSzvi+ABnG4ajtpTYXy7we QuPiKUw7fhzp+tpi1vOKlV7iedpYCVVRJm8PfYH7osQyolzz51mr1wjBxxEbm5/aN6KnsS nojej5xfagqkesXuuiPSSpaL3n8RQfR886APQJoPboGRDTz4elDOszPGbm54Cw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734430100; a=rsa-sha256; cv=none; b=t4eqZvBFRQ6yWmeoKMTb5YvQXOb5tiKgcanypMLtnikxOtgHD8q0hOZKbGyFfCXUYET3ln v9rtFbwSYTmj0q+sbdY//uSgUGEVkhEMCRYfJ1Ajwq4A0oWAPeEHh1DOtp/JDrGWurQw2X nekbzb+j/FFzv3Sx5Dbx7VDu+K7lNKf7Liq81XXKOhOvJ939zAGCRjWIVzSmmzPFHURbag UdtnfOsqGbZFWkB3A8j3mrhFJTufeuJJgWcllvYrM/WShxIHsYefBi2TRos6osP6T62/bq U+iel4F/LlFPfq15AyPNu9F1kqal+pvx01c14bgaq6GAEn4DHtLJB3FoNOJinQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCCF03gNMzJVR; Tue, 17 Dec 2024 10:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHA8KDu025237; Tue, 17 Dec 2024 10:08:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHA8KB2025234; Tue, 17 Dec 2024 10:08:20 GMT (envelope-from git) Date: Tue, 17 Dec 2024 10:08:20 GMT Message-Id: <202412171008.4BHA8KB2025234@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 5d1219378dd5 - main - pf: teach nat64 to handle 0 UDP checksums List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5d1219378dd5d9b031926cf7806455f33677792b Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5d1219378dd5d9b031926cf7806455f33677792b commit 5d1219378dd5d9b031926cf7806455f33677792b Author: Kristof Provost AuthorDate: 2024-12-16 10:23:59 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 10:07:19 +0000 pf: teach nat64 to handle 0 UDP checksums For IPv4 it's valid for a UDP checksum to be 0 (i.e. no checksum). This isn't the case for IPv6, so if we translate a UDP packet from IPv4 to IPv6 we need to ensure that the checksum is calculated. Add a test case to verify this. Rework the server jail so it can listen for TCP and UDP packets at the same time. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 12 +++++++++ tests/sys/netpfil/pf/nat64.py | 61 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 9128562fd71c..f2e19693b863 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3469,6 +3469,7 @@ pf_translate_af(struct pf_pdesc *pd) ip4->ip_dst = pd->ndaddr.v4; pd->src = (struct pf_addr *)&ip4->ip_src; pd->dst = (struct pf_addr *)&ip4->ip_dst; + pd->off = sizeof(struct ip); break; case AF_INET6: ip6 = mtod(pd->m, struct ip6_hdr *); @@ -3485,6 +3486,7 @@ pf_translate_af(struct pf_pdesc *pd) ip6->ip6_dst = pd->ndaddr.v6; pd->src = (struct pf_addr *)&ip6->ip6_src; pd->dst = (struct pf_addr *)&ip6->ip6_dst; + pd->off = sizeof(struct ip6_hdr); /* * If we're dealing with a reassembled packet we need to adjust @@ -9094,6 +9096,16 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, PF_STATE_UNLOCK(s); } + if (pd->af != pd->naf) { + struct udphdr *uh = &pd->hdr.udp; + + if (pd->proto == IPPROTO_UDP && uh->uh_sum == 0) { + uh->uh_sum = in6_cksum_pseudo(ip6, + ntohs(uh->uh_ulen), IPPROTO_UDP, 0); + m_copyback(m0, pd->off, sizeof(*uh), pd->hdr.any); + } + } + if (ifp == NULL) { m0 = *m; *m = NULL; diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py index eeddd5118168..64ec5ae15262 100644 --- a/tests/sys/netpfil/pf/nat64.py +++ b/tests/sys/netpfil/pf/nat64.py @@ -25,6 +25,9 @@ # SUCH DAMAGE. import pytest +import selectors +import socket +import sys from atf_python.sys.net.tools import ToolsHelper from atf_python.sys.net.vnet import VnetTestTemplate @@ -41,7 +44,44 @@ class TestNAT64(VnetTestTemplate): def vnet3_handler(self, vnet): ToolsHelper.print_output("/sbin/sysctl net.inet.ip.forwarding=1") ToolsHelper.print_output("/sbin/sysctl net.inet.ip.ttl=62") - ToolsHelper.print_output("echo foo | nc -l 1234 &") + ToolsHelper.print_output("/sbin/sysctl net.inet.udp.checksum=0") + + sel = selectors.DefaultSelector() + t = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + t.bind(("0.0.0.0", 1234)) + t.setblocking(False) + t.listen() + sel.register(t, selectors.EVENT_READ, data=None) + + u = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + u.bind(("0.0.0.0", 4444)) + u.setblocking(False) + sel.register(u, selectors.EVENT_READ, data="UDP") + + while True: + events = sel.select(timeout=20) + for key, mask in events: + sock = key.fileobj + if key.data is None: + conn, addr = sock.accept() + print(f"Accepted connection from {addr}") + data = types.SimpleNamespace(addr=addr, inb=b"", outb=b"") + events = selectors.EVENT_READ | selectors.EVENT_WRITE + sel.register(conn, events, data=data) + elif key.data == "UDP": + recv_data, addr = sock.recvfrom(1024) + print(f"Received UDP {recv_data} from {addr}") + sock.sendto(b"foo", addr) + else: + if mask & selectors.EVENT_READ: + recv_data = sock.recv(1024) + print(f"Received TCP {recv_data}") + sock.send(b"foo") + else: + print("Unknown event?") + t.close() + u.close() + return def vnet2_handler(self, vnet): ifname = vnet.iface_alias_map["if1"].name @@ -130,3 +170,22 @@ class TestNAT64(VnetTestTemplate): # Check the hop limit ip6 = reply.getlayer(sp.IPv6) assert ip6.hlim == 62 + + @pytest.mark.require_user("root") + def test_udp_checksum(self): + ToolsHelper.print_output("/sbin/route -6 add default 2001:db8::1") + + import scapy.all as sp + + # Send an outbound UDP packet to establish state + packet = sp.IPv6(dst="64:ff9b::192.0.2.2") \ + / sp.UDP(sport=3333, dport=4444) / sp.Raw("foo") + + # Get a reply + # We'll send the reply without UDP checksum on the IPv4 side + # but that's not valid for IPv6, so expect pf to update the checksum. + reply = sp.sr1(packet, timeout=5) + + udp = reply.getlayer(sp.UDP) + assert udp + assert udp.chksum != 0 From nobody Tue Dec 17 11:20:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCDqx4w8Sz5h5JQ; Tue, 17 Dec 2024 11:20:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCDqx445Bz4TxQ; Tue, 17 Dec 2024 11:20:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734434413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NZ5VzI6vx6cXxLvDO7fWMms5UOx4u7NapzDV28H3TYs=; b=hSVqBaXLpCfM3etz5Oi44z8VWbMxTvTJSkKElB96rJRbAYggx4awI9iTucTTpcLpirETqy f2sWZZj9+OE7oXHnJ9QohRPnR0TFHjd7jcMKX+Uovagxu0xGUu7+nnlBf3oFv7U4St4590 Eqh9nobl5oq3hBkH8vFMogtlAzz86LOWT9d+1cyab4tETgG2SjR6VSB2UKqDsnJfaTtakH eZ+kN/S4GFSom2tTsXAnOOXQ9HI/ZWTkpit0YFcwyWOkQST2AWbsVzFwvQlk3Dghl+PPXI /ZbGv485qwcYvGSTNHzZnSzTGoDfYA5bcs2KmM1yih7EvRuo9lptf9kDxLdpfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734434413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NZ5VzI6vx6cXxLvDO7fWMms5UOx4u7NapzDV28H3TYs=; b=s212kJuSctyH0Pz7BcED8yGvwqQE7wU3YMYV/znzv/SGJtLnlYSAK97hNiQ5A5yVka4Hyl OLV13e4Vq/GrD/stk/eRP+zSNpkedOxOmAcBXKKL9Lw08oQIpChTv8u1l6J7uyf/j0vGv8 DMi+sEcyhFKFzPvgqj+36YFY8WO3Q2ESboMAcfIb87KEmeXMEDD1lbZ+gZxhS92YtL+cnq x5Y3ZHve9Mgi6LgCODwf1SNefjA10xhVg9JbklN6bSJ89HJB8vDWvUxGWXq+uQ1SerCSG0 +uanZrP6PfXL9gZI8eVshZI8PoTWYWWy1xrA5NRp4h69jd2BvlLjf0+yxTpI1g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734434413; a=rsa-sha256; cv=none; b=Be+gi5KUrgMU4/BuhkYTIQFGgl9fKDkQET4vFz3mrrG90Ac5Fzm7F7/O+0p5Z/3MaWmxnj GgxwrSZwUavUIECjmiazVRp2nuKRpQG47JpHCVsq6Ne8473TMdbAHkl/M8AExCYziAuEOH 1D4JUvMChGZfM3Oe8nG3yTK9GLWs46IuF1wrtIBcBQq9t58XPbVnkHbYQt4HtTtyPuonC5 0UQk3eUPZsNPkFXSA6iytJTi+8fsfNLD6xGAgJoabzQKGapjww6Gipu2ZY8GMn0sXJqqXw U55H52d6tiabc804Fr6t3pQfIjXq8RU6bFz54zF75/RXxXpCHkygf2YzPWOALg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCDqx35NXzL0S; Tue, 17 Dec 2024 11:20:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHBKDj6062025; Tue, 17 Dec 2024 11:20:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHBKDeO062020; Tue, 17 Dec 2024 11:20:13 GMT (envelope-from git) Date: Tue, 17 Dec 2024 11:20:13 GMT Message-Id: <202412171120.4BHBKDeO062020@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ruslan Bukin Subject: git: a7bf553d175a - main - riscv vmm: add SSTC extension check. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: br X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a7bf553d175a27b03cbad7d0f94e40991df2958b Auto-Submitted: auto-generated The branch main has been updated by br: URL: https://cgit.FreeBSD.org/src/commit/?id=a7bf553d175a27b03cbad7d0f94e40991df2958b commit a7bf553d175a27b03cbad7d0f94e40991df2958b Author: Ruslan Bukin AuthorDate: 2024-12-17 10:35:24 +0000 Commit: Ruslan Bukin CommitDate: 2024-12-17 10:35:44 +0000 riscv vmm: add SSTC extension check. Check if RISC-V SSTC is available and advertise to the guest. This is needed for Eswin EIC7700 that does not include SSTC. As we don't have a mechanism for reporting extension presence from the kernel to userspace, then use vm_cap_type for now. Reviewed by: mhorne, markj Differential Revision: https://reviews.freebsd.org/D48058 --- lib/libvmmapi/riscv/vmmapi_machdep.c | 1 + sys/riscv/include/vmm.h | 1 + sys/riscv/vmm/vmm_riscv.c | 4 ++++ usr.sbin/bhyve/riscv/bhyverun_machdep.c | 9 ++++++++- usr.sbin/bhyve/riscv/fdt.c | 17 +++++++++-------- usr.sbin/bhyve/riscv/fdt.h | 2 +- 6 files changed, 24 insertions(+), 10 deletions(-) diff --git a/lib/libvmmapi/riscv/vmmapi_machdep.c b/lib/libvmmapi/riscv/vmmapi_machdep.c index 9c70185942c9..4da2fb909f61 100644 --- a/lib/libvmmapi/riscv/vmmapi_machdep.c +++ b/lib/libvmmapi/riscv/vmmapi_machdep.c @@ -40,6 +40,7 @@ #include "internal.h" const char *vm_capstrmap[] = { + [VM_CAP_SSTC] = "sstc", [VM_CAP_MAX] = NULL, }; diff --git a/sys/riscv/include/vmm.h b/sys/riscv/include/vmm.h index 1093e1cd0096..6c027f50e97a 100644 --- a/sys/riscv/include/vmm.h +++ b/sys/riscv/include/vmm.h @@ -275,6 +275,7 @@ struct vre { */ enum vm_cap_type { VM_CAP_UNRESTRICTED_GUEST, + VM_CAP_SSTC, VM_CAP_MAX }; diff --git a/sys/riscv/vmm/vmm_riscv.c b/sys/riscv/vmm/vmm_riscv.c index 6a76f8cf4f26..e276f8583e37 100644 --- a/sys/riscv/vmm/vmm_riscv.c +++ b/sys/riscv/vmm/vmm_riscv.c @@ -903,6 +903,10 @@ vmmops_getcap(void *vcpui, int num, int *retval) ret = ENOENT; switch (num) { + case VM_CAP_SSTC: + *retval = has_sstc; + ret = 0; + break; case VM_CAP_UNRESTRICTED_GUEST: *retval = 1; ret = 0; diff --git a/usr.sbin/bhyve/riscv/bhyverun_machdep.c b/usr.sbin/bhyve/riscv/bhyverun_machdep.c index 39d6a7cdf231..d06b517a6624 100644 --- a/usr.sbin/bhyve/riscv/bhyverun_machdep.c +++ b/usr.sbin/bhyve/riscv/bhyverun_machdep.c @@ -308,6 +308,8 @@ bhyve_init_platform(struct vmctx *ctx, struct vcpu *bsp) int error; int pcie_intrs[4] = {PCIE_INTA, PCIE_INTB, PCIE_INTC, PCIE_INTD}; vm_paddr_t fdt_gpa; + char isa[32]; + int retval; bootrom = get_config_value("bootrom"); if (bootrom == NULL) { @@ -321,8 +323,13 @@ bhyve_init_platform(struct vmctx *ctx, struct vcpu *bsp) return (error); } + error = vm_get_capability(bsp, VM_CAP_SSTC, &retval); + assert(error == 0); + snprintf(isa, sizeof(isa), "%s%s", "rv64imafdc", + retval == 1 ? "_sstc" : ""); + fdt_gpa = vm_get_highmem_base(ctx) + roundup2(len, FDT_DTB_ALIGN); - error = fdt_init(ctx, guest_ncpus, fdt_gpa, FDT_SIZE); + error = fdt_init(ctx, guest_ncpus, fdt_gpa, FDT_SIZE, isa); if (error != 0) return (error); diff --git a/usr.sbin/bhyve/riscv/fdt.c b/usr.sbin/bhyve/riscv/fdt.c index 54b75c68ea76..bef3f64b0c64 100644 --- a/usr.sbin/bhyve/riscv/fdt.c +++ b/usr.sbin/bhyve/riscv/fdt.c @@ -84,7 +84,7 @@ set_single_reg(void *fdt, uint64_t start, uint64_t len) } static void -add_cpu(void *fdt, int cpuid) +add_cpu(void *fdt, int cpuid, const char *isa) { char node_name[16]; @@ -94,7 +94,7 @@ add_cpu(void *fdt, int cpuid) fdt_property_string(fdt, "device_type", "cpu"); fdt_property_string(fdt, "compatible", "riscv"); fdt_property_u32(fdt, "reg", cpuid); - fdt_property_string(fdt, "riscv,isa", "rv64imafdc_sstc"); + fdt_property_string(fdt, "riscv,isa", isa); fdt_property_string(fdt, "mmu-type", "riscv,sv39"); fdt_property_string(fdt, "clock-frequency", "1000000000"); @@ -110,7 +110,7 @@ add_cpu(void *fdt, int cpuid) } static void -add_cpus(void *fdt, int ncpu) +add_cpus(void *fdt, int ncpu, const char *isa) { int cpuid; @@ -120,14 +120,15 @@ add_cpus(void *fdt, int ncpu) fdt_property_u32(fdt, "#size-cells", 0); fdt_property_u32(fdt, "timebase-frequency", 10000000); - for (cpuid = 0; cpuid < ncpu; cpuid++) { - add_cpu(fdt, cpuid); - } + for (cpuid = 0; cpuid < ncpu; cpuid++) + add_cpu(fdt, cpuid, isa); + fdt_end_node(fdt); } int -fdt_init(struct vmctx *ctx, int ncpu, vm_paddr_t fdtaddr, vm_size_t fdtsize) +fdt_init(struct vmctx *ctx, int ncpu, vm_paddr_t fdtaddr, vm_size_t fdtsize, + const char *isa) { void *fdt; const char *bootargs; @@ -162,7 +163,7 @@ fdt_init(struct vmctx *ctx, int ncpu, vm_paddr_t fdtaddr, vm_size_t fdtsize) set_single_reg(fdt, vm_get_highmem_base(ctx), vm_get_highmem_size(ctx)); fdt_end_node(fdt); - add_cpus(fdt, ncpu); + add_cpus(fdt, ncpu, isa); /* Finalized by fdt_finalized(). */ fdtroot = fdt; diff --git a/usr.sbin/bhyve/riscv/fdt.h b/usr.sbin/bhyve/riscv/fdt.h index 9bebe6ffa29d..60140a82a211 100644 --- a/usr.sbin/bhyve/riscv/fdt.h +++ b/usr.sbin/bhyve/riscv/fdt.h @@ -36,7 +36,7 @@ struct vmctx; int fdt_init(struct vmctx *ctx, int ncpu, vm_paddr_t addrp, - vm_size_t size); + vm_size_t size, const char *isa); void fdt_add_aplic(uint64_t dist_base, uint64_t dist_size); void fdt_add_pcie(int intrs[static 4]); void fdt_add_uart(uint64_t uart_base, uint64_t uart_size, int intr); From nobody Tue Dec 17 11:28:49 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCF1s2QSRz5h5hK; Tue, 17 Dec 2024 11:28:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCF1s1v1Tz4VF0; Tue, 17 Dec 2024 11:28:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734434929; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X8T5XX6XIz5575M+bAxW8z+ADhX3+YWwgewqsvUctfA=; b=GoCOORLS47B+e6UeZ7l0NId23Vrq4FIjO/YO9I+YRe3Kt1/sg9cDWhxdkmkiRJsxWSUUD4 q9HAITerioyxJWfivtDQeRmI8l1RhlrB33igBekvnnX2Xs5dtb+DlL4cvKBg8h83PgBsbe wWMyRtPtPR9Xd4r2u3ZD1oGWY6jZFfqzLd2ulKM8++YdEQf4d8DXs60Dr/Cww5jbFaMROr HblsTM8yKD9lrmFfUaVjA3qWNRFS7rFMFn9SKfU0czs0d3A14ZqpZoAjJe+6udEf+jW7hM zYxZcGFzqnDFwIRuSrPK/9hasEGa0UqDX7S3+pnp1OIwwEecoeYqf7kQTNxcXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734434929; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X8T5XX6XIz5575M+bAxW8z+ADhX3+YWwgewqsvUctfA=; b=pUWpc/PAG/egzudhNlGXpFfOSGwgdkIklmhBH+mmb9Pe0P50k15tYxAJA4Ogb7XDFeXaWk 0IyY4Y4YUUQ9bU8zZ+e0TXqMNqfbVEwd39N9XFISKgEF1bG683BOFSFdsjEveg0yAQfBEh LZWKkUBAus7qHikKZ228CG7xllfd6wHNC1daw2Fs4wSlFPQs9QzQiTEkp6U+GH4q1sc8vc wri6ERz3m1XAvERBv82crdDWjvA1GHR6ufooXiz3O0RecZkxM0dleBv2X0xqbRx2N2mH1F GxmGWgMmFlaZqy+mciks48SxlCQVhDMFFS/JuU8q7Xpp73eADofEwx6dFlixsQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734434929; a=rsa-sha256; cv=none; b=X8cYPu3AASpXs1/YdD8G1J+rreSQoXgvHtWWx8J2Xd9FSRRDGD9JViJaOlW7srPocAzuzq 0z80moDge8AtF2Qo4DWTF7jGlgho5z06NcRrzpKUY6Wms5UVKPhrddiBWO7QszVy37oBzW RCW3ZFEg3GT1fASvKXnuaqFB+axVhk+5LrDS+LDle4B6wDNpllyWRsGJ4KmZzi7x2XbgFr qqXbcC9KHQt/21+jNUZHphuPVCNKqn5whF3cfKD8wgmsSzZVrkbqWAoxUvntxAMwUNJsB0 WG67CJ3sn/YBivBxc2vLrcXYb9hChMw9nmMmEetPS9P9mQEx2etxvuJDPzLvXg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCF1s1VDwzLnc; Tue, 17 Dec 2024 11:28:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHBSn6N073706; Tue, 17 Dec 2024 11:28:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHBSn0S073703; Tue, 17 Dec 2024 11:28:49 GMT (envelope-from git) Date: Tue, 17 Dec 2024 11:28:49 GMT Message-Id: <202412171128.4BHBSn0S073703@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ruslan Bukin Subject: git: 6766e8ceb5c6 - main - riscv: Add SiFive CCache driver. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: br X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6766e8ceb5c6bc27453b45a21330aaf59c783fd5 Auto-Submitted: auto-generated The branch main has been updated by br: URL: https://cgit.FreeBSD.org/src/commit/?id=6766e8ceb5c6bc27453b45a21330aaf59c783fd5 commit 6766e8ceb5c6bc27453b45a21330aaf59c783fd5 Author: Ruslan Bukin AuthorDate: 2024-12-17 11:21:22 +0000 Commit: Ruslan Bukin CommitDate: 2024-12-17 11:28:25 +0000 riscv: Add SiFive CCache driver. Eswin EIC7700 has non-coherent DMAs but predate the standard RISC-V Zicbom extension, so we need to use the SiFive CCache controller for non-standard cache management operations. Tested on SiFive Premier P550. Reviewed by: mhorne, jrtc27 Differential Revision: https://reviews.freebsd.org/D47831 --- sys/riscv/sifive/sifive_ccache.c | 177 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) diff --git a/sys/riscv/sifive/sifive_ccache.c b/sys/riscv/sifive/sifive_ccache.c new file mode 100644 index 000000000000..9006d02aa85e --- /dev/null +++ b/sys/riscv/sifive/sifive_ccache.c @@ -0,0 +1,177 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024 Ruslan Bukin + * + * This software was developed by the University of Cambridge Computer + * Laboratory (Department of Computer Science and Technology) under Innovate + * UK project 105694, "Digital Security by Design (DSbD) Technology Platform + * Prototype". + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +#define SIFIVE_CCACHE_CONFIG 0x000 +#define CCACHE_CONFIG_WAYS_S 8 +#define CCACHE_CONFIG_WAYS_M (0xff << CCACHE_CONFIG_WAYS_S) +#define SIFIVE_CCACHE_WAYENABLE 0x008 +#define SIFIVE_CCACHE_FLUSH64 0x200 + +#define SIFIVE_CCACHE_LINE_SIZE 64 + +#define RD8(sc, off) (bus_read_8((sc)->res, (off))) +#define WR8(sc, off, val) (bus_write_8((sc)->res, (off), (val))) +#define CC_WR8(offset, value) \ + *(volatile uint64_t *)((uintptr_t)ccache_va + (offset)) = (value) + +static struct ofw_compat_data compat_data[] = { + { "sifive,eic7700", 1 }, + { NULL, 0 } +}; + +struct ccache_softc { + struct resource *res; +}; + +static void *ccache_va = NULL; + +static struct resource_spec ccache_spec[] = { + { SYS_RES_MEMORY, 0, RF_ACTIVE }, + { -1, 0 } +}; + +/* + * Non-standard EIC7700 cache-flushing routine. + */ +static void +ccache_flush_range(vm_offset_t start, size_t len) +{ + vm_offset_t paddr; + vm_offset_t sva; + vm_offset_t step; + uint64_t line; + + if (ccache_va == NULL || len == 0) + return; + + mb(); + + for (sva = start; len > 0;) { + paddr = pmap_kextract(sva); + step = min(PAGE_SIZE - (paddr & PAGE_MASK), len); + for (line = rounddown2(paddr, SIFIVE_CCACHE_LINE_SIZE); + line < paddr + step; + line += SIFIVE_CCACHE_LINE_SIZE) + CC_WR8(SIFIVE_CCACHE_FLUSH64, line); + sva += step; + len -= step; + } + + mb(); +} + +static void +ccache_install_hooks(void) +{ + struct riscv_cache_ops eswin_ops; + + eswin_ops.dcache_wbinv_range = ccache_flush_range; + eswin_ops.dcache_inv_range = ccache_flush_range; + eswin_ops.dcache_wb_range = ccache_flush_range; + + riscv_cache_install_hooks(&eswin_ops, SIFIVE_CCACHE_LINE_SIZE); +} + +static int +ccache_probe(device_t dev) +{ + + if (!ofw_bus_status_okay(dev)) + return (ENXIO); + + if (ofw_bus_search_compatible(dev, compat_data)->ocd_data == 0) + return (ENXIO); + + if (device_get_unit(dev) != 0) + return (ENXIO); + + device_set_desc(dev, "SiFive Cache Controller"); + + return (BUS_PROBE_DEFAULT); +} + +static int +ccache_attach(device_t dev) +{ + struct ccache_softc *sc; + size_t config, ways; + + sc = device_get_softc(dev); + + if (bus_alloc_resources(dev, ccache_spec, &sc->res) != 0) { + device_printf(dev, "cannot allocate resources for device\n"); + return (ENXIO); + } + + /* Non-standard EIC7700 cache unit configuration. */ + config = RD8(sc, SIFIVE_CCACHE_CONFIG); + ways = (config & CCACHE_CONFIG_WAYS_M) >> CCACHE_CONFIG_WAYS_S; + WR8(sc, SIFIVE_CCACHE_WAYENABLE, (ways - 1)); + + ccache_va = rman_get_virtual(sc->res); + ccache_install_hooks(); + + return (0); +} + +static device_method_t ccache_methods[] = { + /* Device interface */ + DEVMETHOD(device_probe, ccache_probe), + DEVMETHOD(device_attach, ccache_attach), + DEVMETHOD_END +}; + +static driver_t ccache_driver = { + "ccache", + ccache_methods, + sizeof(struct ccache_softc), +}; + +EARLY_DRIVER_MODULE(ccache, simplebus, ccache_driver, 0, 0, + BUS_PASS_BUS + BUS_PASS_ORDER_FIRST); +MODULE_VERSION(ccache, 1); From nobody Tue Dec 17 11:47:10 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCFR22Xj1z5h6ly; Tue, 17 Dec 2024 11:47:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCFR2225zz4XGy; Tue, 17 Dec 2024 11:47:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734436030; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vx7PQpPWSM1R5FhHntyXbohA4tjxdcm83hPvdxmY9c0=; b=MP9liO5j+AsAGoaC4KFKrdJNgYEoaxi0OQJBKQZhVSGTIx6/V7s0s5isdfi2M0ZbE0YAjl +PNWD7mB5Yj5CLzVtTUhTsHrAKmxIVimHq7RDKEmwegNRIGGA19Oe+iQI/9r2BQaqC1RES ckbgNo4kGqbfFhzNGmSkVxfyWRPKHwF4NQmu7UFlhFTLK1CxK5GAdvDKe3wkP5zwe4HAnw iuBU0nQOXR1c/LAd2HDOT0iBHxWwKAJBK2GVjfGARJWZ8X+5hVG0oivpp+c5REED3BtGrF QuMyD+DLutKTeFsjMecmnOll5H9Glxb2GCdA+v0AE9pX1p7F7mdWVXEmA/yQcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734436030; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Vx7PQpPWSM1R5FhHntyXbohA4tjxdcm83hPvdxmY9c0=; b=eBpimZid9ZEUkUgdSdm4mP17waoCwSMrOfe4KWAw//Idqh3vx296oqZEADcoZBpU88sgPj ZR4j8AfRlx7DYSuzSFMwB5Zr7MECb8da1EBCkUPOJS4RmQOSMXga+2rQXacGs8Lf+Rrg3d o19CeuD8aLwOkSlxQALbrKoQv43JQhWYqT7f0ws9+Aq9BvTjuQWsqf9NtWkTL1aDRUlJCL K93WQrFNhiY3MTOGBZyZ8Km+I0DU0yFlyfiO5NgNrbwKloa8odbIuiMfppaOjoHh4YXUUG LU0QGIe2HHnXmVJ5Ls6SFVLlswgs64SIavADGTRzQQVELgAg/QXq13Q2AlDbCQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734436030; a=rsa-sha256; cv=none; b=Fnl+Jll68amrhQGyJDlibWaAUloN7WFVKizMGQkj4DfN90TaguNCwNdMJTbe8J4AMW5BZv QssDwwAZtQU0ABeXBKqPwyYkYaf5am5IA+zqV4SZNh3/QQzq9D5u9GHzRWqaePyl1cgtMi gbMOhdIghGKfVRyxtthAYRZ/VHF/RUQyF2XfCvmHpUa5UdIpxJc0fOMHWQlbFCaghdTmVX KDzxf9ZRKYuhSJCYleerccM/LEHS1JzXg/0RmoOGuAkfEvF9DAYa/4kmifRZEhP9AHXlMp vFbhH7OckVdQYkYBfiRkMAGnWtebHLE6fjtXlJ4dZaAUimt1Tp3GqgKyIU8T5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCFR21C6bzLHR; Tue, 17 Dec 2024 11:47:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHBlA1W010568; Tue, 17 Dec 2024 11:47:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHBlAs7010565; Tue, 17 Dec 2024 11:47:10 GMT (envelope-from git) Date: Tue, 17 Dec 2024 11:47:10 GMT Message-Id: <202412171147.4BHBlAs7010565@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ruslan Bukin Subject: git: 56816e687557 - main - riscv: Eswin hwreset support added. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: br X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 56816e68755725371ac89dc5aa882fdce46605a5 Auto-Submitted: auto-generated The branch main has been updated by br: URL: https://cgit.FreeBSD.org/src/commit/?id=56816e68755725371ac89dc5aa882fdce46605a5 commit 56816e68755725371ac89dc5aa882fdce46605a5 Author: Ruslan Bukin AuthorDate: 2024-12-17 11:35:08 +0000 Commit: Ruslan Bukin CommitDate: 2024-12-17 11:46:10 +0000 riscv: Eswin hwreset support added. Add reset controller driver for Eswin EIC7700. This one has two reset cells in FDT, which is unusual, so provide a custom hwreset_map method. Tested on SiFive Premier P550. Reviewed by: mhorne, jrtc27 Differential Revision: https://reviews.freebsd.org/D47853 --- sys/riscv/eswin/eswin_reset.c | 190 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 190 insertions(+) diff --git a/sys/riscv/eswin/eswin_reset.c b/sys/riscv/eswin/eswin_reset.c new file mode 100644 index 000000000000..13139e0c85ea --- /dev/null +++ b/sys/riscv/eswin/eswin_reset.c @@ -0,0 +1,190 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024 Ruslan Bukin + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include +#include +#include + +#include "syscon_if.h" +#include "hwreset_if.h" + +struct eswin_rst_softc { + device_t dev; + struct mtx mtx; + struct syscon *syscon; +}; + +#define RESET_BLOCK 0x400 +#define RESET_ID_TO_REG(x) (RESET_BLOCK + (x) * 4) + +#define ERST_LOCK(sc) mtx_lock(&(sc)->mtx) +#define ERST_UNLOCK(sc) mtx_unlock(&(sc)->mtx) +#define ERST_ASSERT_LOCKED(sc) mtx_assert(&(sc)->mtx, MA_OWNED); +#define ERST_ASSERT_UNLOCKED(sc) mtx_assert(&(sc)->mtx, MA_NOTOWNED); + +#define ERST_READ(_sc, _reg) \ + SYSCON_READ_4(sc->syscon, (_reg)) +#define ERST_WRITE(_sc, _reg, _val) \ + SYSCON_WRITE_4(sc->syscon, (_reg), (_val)) + +static struct ofw_compat_data compat_data[] = { + { "eswin,eic7700-reset", 1 }, + { NULL, 0 }, +}; + +static int +eswin_rst_probe(device_t dev) +{ + + if (!ofw_bus_status_okay(dev)) + return (ENXIO); + + if (ofw_bus_search_compatible(dev, compat_data)->ocd_data == 0) + return (ENXIO); + + device_set_desc(dev, "Eswin Reset"); + + return (BUS_PROBE_DEFAULT); +} + +static int +eswin_rst_attach(device_t dev) +{ + struct eswin_rst_softc *sc; + int error; + + sc = device_get_softc(dev); + sc->dev = dev; + + error = syscon_get_by_ofw_node(dev, OF_parent(ofw_bus_get_node(dev)), + &sc->syscon); + if (error != 0) { + device_printf(dev, "Couldn't get syscon handle of parent\n"); + return (error); + } + + mtx_init(&sc->mtx, device_get_nameunit(sc->dev), NULL, MTX_DEF); + + hwreset_register_ofw_provider(dev); + + return (0); +} + +static int +eswin_rst_reset_assert(device_t dev, intptr_t id, bool reset) +{ + struct eswin_rst_softc *sc; + uint32_t reg; + uint32_t base; + uint32_t bit; + + sc = device_get_softc(dev); + + base = RESET_ID_TO_REG(id >> 5); + bit = id & 0x1f; + + ERST_LOCK(sc); + reg = ERST_READ(sc, base); + if (reset) + reg &= ~(1 << bit); + else + reg |= (1 << bit); + ERST_WRITE(sc, base, reg); + ERST_UNLOCK(sc); + + return (0); +} + +static int +eswin_rst_reset_is_asserted(device_t dev, intptr_t id, bool *reset) +{ + struct eswin_rst_softc *sc; + uint32_t reg; + uint32_t base; + uint32_t bit; + + sc = device_get_softc(dev); + + base = RESET_ID_TO_REG(id >> 5); + bit = id & 0x1f; + + ERST_LOCK(sc); + reg = ERST_READ(sc, base); + *reset = (reg & (1 << bit)) == 0; + ERST_UNLOCK(sc); + + return (0); +} + +static int +eswin_rst_map(device_t provider_dev, phandle_t xref, int ncells, + pcell_t *cells, intptr_t *id) +{ + + KASSERT(ncells == 2, ("wrong ncells")); + + *id = cells[0] << 5; + *id |= ilog2(cells[1]); + + return (0); +} + +static device_method_t eswin_rst_methods[] = { + /* Device interface. */ + DEVMETHOD(device_probe, eswin_rst_probe), + DEVMETHOD(device_attach, eswin_rst_attach), + + /* Reset interface. */ + DEVMETHOD(hwreset_assert, eswin_rst_reset_assert), + DEVMETHOD(hwreset_is_asserted, eswin_rst_reset_is_asserted), + DEVMETHOD(hwreset_map, eswin_rst_map), + + DEVMETHOD_END +}; + +static driver_t eswin_rst_driver = { + "eswin_rst", + eswin_rst_methods, + sizeof(struct eswin_rst_softc) +}; + +EARLY_DRIVER_MODULE(eswin_rst, simplebus, eswin_rst_driver, 0, 0, + BUS_PASS_BUS + BUS_PASS_ORDER_LATE); From nobody Tue Dec 17 14:11:24 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCJdT0JbWz5hH3k; Tue, 17 Dec 2024 14:11:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCJdS6rTpz4lhH; Tue, 17 Dec 2024 14:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734444685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xeppPUGkJHwzOPjQI5mkrnVobevtZ4uSxfKB4GPIhZY=; b=ieN1LHp+DpcG4SuIyQTWseQ9YvkuIIq6FGY9vflalJ62Ps35t2GnJyHe19xGVbPOs+rdMC jaRee/RS+YZcK3s4Y89QVHyY4bDxK3D3c1SXfufaKKj98nWQW3bxYGoTZwQzd6vkGryoYl W9v0/lwfZ10WmcwDmkx2BoHYbWvVDN+RnHJMssdv2PESBd2SzNRVE3608jR6Ws+Oz0yJqF idyc15u52WKRe/3usHSLwFXbRDLTCtMOOw0vzjgoUXywKrNSV3agils2tBTX9I8HpenGFZ UpMktOYrBN5F0QjQu5w/Zm5YrLA1cnuE0Olynyh1jIb61SDAIi0Uzgt0WJpojg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734444685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xeppPUGkJHwzOPjQI5mkrnVobevtZ4uSxfKB4GPIhZY=; b=BwteLqbWIpZFuKOFCl1HAnsY9wijc7z7iUw87Eai3zStZJmvYaK9QPHOgpAM6xchdqaziq MzaaANvNk5culB/iAmyWosjYVSW6rdSlDCebQiXOQUMFmJ+s9IrvECnAYK73rTiZ+/dubD r1Skkk8x//e3oJ9X+GbPfSqH7PPylCjELUva1dmHezTfWjlMFnD/qjUhk132GVJFiG/RFa 8S7HSrmZazp6i6DK0SFiR0pfc1IY8osGY9+16E7NHMYMVPHGDcmP3qN4+swSdBxvmyfzoX JTvB/e4kibGUlcNjYJ+0Z8wbs8+zT7jPf2BnNVLK80UipHLmB+0AO5RF2Upd4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734444685; a=rsa-sha256; cv=none; b=KiZ4mBwe0M0lULEwJsqdUKXsMEziIxNG0lcwfiQYFQyXUil6StYMDkE+DSWlcc9NAIqFF7 Y7Df5hvsfl8Qe1NUE0u0nSaQlqf9kFtQPwCxhy2cb8YzPr9aQcxWMcpkQkJLj7DNUr2s9t RTJZkU4+pC+GxARNoUEbSnj6zI9HeoZ7KPe4e+NZhksCxijES1qXvZayQsNC6sjkcJsFBU 0IpoTVxuANCZbP+rtQFVT8TmYk5+LT0x7XYzO4CWaBOVtetYIkLnVkAu9y76toxHkGq70f b1Gurn1vynV62RtJP2zkvttdju11hiMAFUuo5B+QqKmxs8P/wQTq8Uc+YRkePA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCJdS6S9tzR2s; Tue, 17 Dec 2024 14:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEBOFd086055; Tue, 17 Dec 2024 14:11:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEBOTY086052; Tue, 17 Dec 2024 14:11:24 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:11:24 GMT Message-Id: <202412171411.4BHEBOTY086052@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: fa5f4c10a8ce - main - atomic: Update interceptor function signatures after commit 5e9a82e898d5 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fa5f4c10a8ce457bc1c4276933fd7dd34d75f6d6 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fa5f4c10a8ce457bc1c4276933fd7dd34d75f6d6 commit fa5f4c10a8ce457bc1c4276933fd7dd34d75f6d6 Author: Mark Johnston AuthorDate: 2024-12-17 14:05:00 +0000 Commit: Mark Johnston CommitDate: 2024-12-17 14:07:40 +0000 atomic: Update interceptor function signatures after commit 5e9a82e898d5 Fixes: 5e9a82e898d5 ("atomics: Constify loads") --- sys/kern/subr_asan.c | 2 +- sys/kern/subr_csan.c | 2 +- sys/kern/subr_msan.c | 2 +- sys/sys/atomic_san.h | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/kern/subr_asan.c b/sys/kern/subr_asan.c index 9f8a7bfccd40..0edb631d1475 100644 --- a/sys/kern/subr_asan.c +++ b/sys/kern/subr_asan.c @@ -760,7 +760,7 @@ kasan_casueword(volatile u_long *base, u_long oldval, u_long *oldvalp, } #define _ASAN_ATOMIC_FUNC_LOAD(name, type) \ - type kasan_atomic_load_##name(volatile type *ptr) \ + type kasan_atomic_load_##name(const volatile type *ptr) \ { \ kasan_shadow_check((uintptr_t)ptr, sizeof(type), true, \ __RET_ADDR); \ diff --git a/sys/kern/subr_csan.c b/sys/kern/subr_csan.c index 5d0e6607403c..cca5fadc5afe 100644 --- a/sys/kern/subr_csan.c +++ b/sys/kern/subr_csan.c @@ -440,7 +440,7 @@ kcsan_copyout(const void *kaddr, void *uaddr, size_t len) } #define _CSAN_ATOMIC_FUNC_LOAD(name, type) \ - type kcsan_atomic_load_##name(volatile type *ptr) \ + type kcsan_atomic_load_##name(const volatile type *ptr) \ { \ kcsan_access((uintptr_t)ptr, sizeof(type), false, true, \ __RET_ADDR); \ diff --git a/sys/kern/subr_msan.c b/sys/kern/subr_msan.c index 1c18a4a4f8e5..0c4e589ec1e6 100644 --- a/sys/kern/subr_msan.c +++ b/sys/kern/subr_msan.c @@ -1220,7 +1220,7 @@ kmsan_casueword(volatile u_long *base, u_long oldval, u_long *oldvalp, } #define _MSAN_ATOMIC_FUNC_LOAD(name, type) \ - type kmsan_atomic_load_##name(volatile type *ptr) \ + type kmsan_atomic_load_##name(const volatile type *ptr) \ { \ kmsan_check_arg(sizeof(ptr), \ "atomic_load_" #name "():args"); \ diff --git a/sys/sys/atomic_san.h b/sys/sys/atomic_san.h index e22324b87623..93a9bfcbf593 100644 --- a/sys/sys/atomic_san.h +++ b/sys/sys/atomic_san.h @@ -65,10 +65,10 @@ type sp##_atomic_readandclear_##name(volatile type *) #define ATOMIC_SAN_LOAD(sp, name, type) \ - type sp##_atomic_load_##name(volatile type *) + type sp##_atomic_load_##name(const volatile type *) #define ATOMIC_SAN_LOAD_ACQ(sp, name, type) \ - type sp##_atomic_load_acq_##name(volatile type *) + type sp##_atomic_load_acq_##name(const volatile type *) #define ATOMIC_SAN_STORE(sp, name, type) \ void sp##_atomic_store_##name(volatile type *, type) From nobody Tue Dec 17 14:25:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCJyC2d1jz5hHKk; Tue, 17 Dec 2024 14:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCJyC1t2Yz4nBR; Tue, 17 Dec 2024 14:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734445555; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SAwTBBc7/MVgRFFe69zxPTghi221RPAGXyqxvFMU2mE=; b=hLNljdzD5/ZvoHwRArfSYGPg/o4C6fQGumv3/OOlUMsK/P5ZRV/PKbVYP+BwBSsf/QEcA8 iE48FapJjP4CBIbTNj+n87bNtnHwWqaCpAILeabJbTHNXZOEywoB+q3k45JCtzdeCrNpTV MGrA5HF9fLCtaVqLVRugQM1/52jmjgdhvFpsjDZLf5Kna7kKAMbyOIDDjsaFDQtt36oZwz sreztsPTqyRzSPuNG7QOYuLQZr3SuzF5x/3z+aS0nf1mLgTdb4BM9oBmFPSN0cst49s/ek bvgcaeLxyeuSV/dwEvIiIFG7rDkyAijaf+KuMw972KQMCkhftEUnDRBSxTGwWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734445555; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SAwTBBc7/MVgRFFe69zxPTghi221RPAGXyqxvFMU2mE=; b=JltPgO9iav9sIOGnGPrPO+0P6g7hpeKYLllIR7N3NPsPtjwzsnO9c60Pfu3RWZBNfAVIII AMcVPzXQTJ1oB5zug7i2dI8/YVKZekJpUrzK+VqYmaG65Lb1NHS9iZYZippZxQMsAYo4ZW cVQ9gxyaWHJGJyx2n+9UCH2BK5Q0jc91bwx8Z+qnplo5CcIWXUwBEW1A4AABTawPZl2N+Y 75yGf7GFID+icO1CINSxgLIwh4t56+jCUyz5Zmg6Sqnx4o1YfspC9sj27ncuvmxeVUzYTu cUpwDIAen6DY0VmdKL8vd+J/YvFTIUHT2vTH342CCVImPH3XRr6rEkB2aFuQdg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734445555; a=rsa-sha256; cv=none; b=x67/mat4/vEnNcC+K2dCA+H5JcQzLsIqNiWeKj4gbXqeJWmftbXTiL8U+O80BiANhjh4kp +Vl0mcwPNKwjhKKYyGYumJMv81qPWQH44hIRO9NmmXzk0tn3LY6DNZS2P+r/nJo/g+a2vV 9s23lXdOE/e7hmXI8ajB8zbFlxo2ER38RBeoLQZgbkMSeFH9mq6aSkb4WyjdAU0aHvZHgJ NB+oRj7igmCiQTZgq4gQJlDHMzWc3UO4MC9kd9j/DGSQS3tieMdjaJsJPN3KZXOj0Nmnjt DQCHekLmTyFLs1XgJqUOnm4XDD7goT6EQXFVUnMYKS5eZUQ3qJTZ839J3h0bVw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCJyC1SwFzRYY; Tue, 17 Dec 2024 14:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEPtS5010194; Tue, 17 Dec 2024 14:25:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEPtkW010191; Tue, 17 Dec 2024 14:25:55 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:25:55 GMT Message-Id: <202412171425.4BHEPtkW010191@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 2eace89d00b3 - main - arm64: add a driver for the Apple watchdog List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2eace89d00b38740a5f7414ce82adf150f4009c6 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=2eace89d00b38740a5f7414ce82adf150f4009c6 commit 2eace89d00b38740a5f7414ce82adf150f4009c6 Author: Kyle Evans AuthorDate: 2024-12-17 14:14:54 +0000 Commit: Kyle Evans CommitDate: 2024-12-17 14:24:14 +0000 arm64: add a driver for the Apple watchdog Ensure it's disarmed upon attach, provide basic reset functionality. Register definitions/usage obtained from OpenBSD. Reviewed by: ray Differential Revision: https://reviews.freebsd.org/D39824 --- sys/arm64/apple/apple_wdog.c | 236 +++++++++++++++++++++++++++++++++++++++++++ sys/conf/files.arm64 | 3 + 2 files changed, 239 insertions(+) diff --git a/sys/arm64/apple/apple_wdog.c b/sys/arm64/apple/apple_wdog.c new file mode 100644 index 000000000000..7bd34e48ba03 --- /dev/null +++ b/sys/arm64/apple/apple_wdog.c @@ -0,0 +1,236 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2022 Michael J. Karels + * Copyright (c) 2012 Alexander Rybalko + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +#include +#include + +#define APPLE_WDOG_WD0_TIMER 0x0000 +#define APPLE_WDOG_WD0_RESET 0x0004 +#define APPLE_WDOG_WD0_INTR 0x0008 +#define APPLE_WDOG_WD0_CNTL 0x000c + +#define APPLE_WDOG_WD1_TIMER 0x0010 +#define APPLE_WDOG_WD1_RESET 0x0014 +#define APPLE_WDOG_WD1_CNTL 0x001c + +#define APPLE_WDOG_WD2_TIMER 0x0020 +#define APPLE_WDOG_WD2_RESET 0x0024 +#define APPLE_WDOG_WD2_CNTL 0x002c + +#define APPLE_WDOG_CNTL_INTENABLE 0x0001 +#define APPLE_WDOG_CNTL_INTSTAT 0x0002 +#define APPLE_WDOG_CNTL_RSTENABLE 0x0004 + +#define READ(_sc, _r) bus_space_read_4((_sc)->bst, (_sc)->bsh, (_r)) +#define WRITE(_sc, _r, _v) bus_space_write_4((_sc)->bst, (_sc)->bsh, (_r), (_v)) + +struct apple_wdog_softc { + device_t dev; + struct resource * res; + bus_space_tag_t bst; + bus_space_handle_t bsh; + clk_t clk; + uint64_t clk_freq; + struct mtx mtx; +}; + +static struct ofw_compat_data compat_data[] = { + {"apple,wdt", 1}, + {NULL, 0} +}; + +static void apple_wdog_watchdog_fn(void *private, u_int cmd, int *error); +static void apple_wdog_reboot_system(void *, int); + +static int +apple_wdog_probe(device_t dev) +{ + + if (!ofw_bus_status_okay(dev)) + return (ENXIO); + + if (ofw_bus_search_compatible(dev, compat_data)->ocd_data == 0) + return (ENXIO); + + device_set_desc(dev, "Apple Watchdog"); + + return (BUS_PROBE_DEFAULT); +} + +static int +apple_wdog_attach(device_t dev) +{ + struct apple_wdog_softc *sc; + int error, rid; + + sc = device_get_softc(dev); + sc->dev = dev; + + rid = 0; + sc->res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, RF_ACTIVE); + if (sc->res == NULL) { + device_printf(dev, "could not allocate memory resource\n"); + return (ENXIO); + } + + sc->bst = rman_get_bustag(sc->res); + sc->bsh = rman_get_bushandle(sc->res); + + error = clk_get_by_ofw_index(dev, 0, 0, &sc->clk); + if (error != 0) { + device_printf(dev, "cannot get clock\n"); + goto fail; + } + error = clk_enable(sc->clk); + if (error != 0) { + device_printf(dev, "cannot enable clock\n"); + goto fail; + } + error = clk_get_freq(sc->clk, &sc->clk_freq); + if (error != 0) { + device_printf(dev, "cannot get base frequency\n"); + goto fail_clk; + } + + mtx_init(&sc->mtx, "Apple Watchdog", "apple_wdog", MTX_DEF); + EVENTHANDLER_REGISTER(watchdog_list, apple_wdog_watchdog_fn, sc, 0); + EVENTHANDLER_REGISTER(shutdown_final, apple_wdog_reboot_system, sc, + SHUTDOWN_PRI_LAST); + + /* Reset the watchdog timers. */ + WRITE(sc, APPLE_WDOG_WD0_CNTL, 0); + WRITE(sc, APPLE_WDOG_WD1_CNTL, 0); + + return (0); + +fail_clk: + clk_disable(sc->clk); +fail: + bus_release_resource(dev, SYS_RES_MEMORY, 0, sc->res); + return (error); +} + +static void +apple_wdog_watchdog_fn(void *private, u_int cmd, int *error) +{ + struct apple_wdog_softc *sc; + uint64_t sec; + uint32_t ticks, sec_max; + + sc = private; + mtx_lock(&sc->mtx); + + cmd &= WD_INTERVAL; + + if (cmd > 0) { + sec = ((uint64_t)1 << (cmd & WD_INTERVAL)) / 1000000000; + sec_max = UINT_MAX / sc->clk_freq; + if (sec == 0 || sec > sec_max) { + /* + * Can't arm + * disable watchdog as watchdog(9) requires + */ + device_printf(sc->dev, + "Can't arm, timeout must be between 1-%d seconds\n", + sec_max); + WRITE(sc, APPLE_WDOG_WD1_CNTL, 0); + mtx_unlock(&sc->mtx); + *error = EINVAL; + return; + } + + ticks = sec * sc->clk_freq; + WRITE(sc, APPLE_WDOG_WD1_TIMER, 0); + WRITE(sc, APPLE_WDOG_WD1_RESET, ticks); + WRITE(sc, APPLE_WDOG_WD1_CNTL, APPLE_WDOG_CNTL_RSTENABLE); + + *error = 0; + } else + WRITE(sc, APPLE_WDOG_WD1_CNTL, 0); + + mtx_unlock(&sc->mtx); +} + +static void +apple_wdog_reboot_system(void *private, int howto) +{ + struct apple_wdog_softc *sc = private; + + /* Only handle reset. */ + if ((howto & (RB_HALT | RB_POWEROFF)) != 0) + return; + + printf("Resetting system ... "); + + WRITE(sc, APPLE_WDOG_WD1_CNTL, APPLE_WDOG_CNTL_RSTENABLE); + WRITE(sc, APPLE_WDOG_WD1_RESET, 1); + WRITE(sc, APPLE_WDOG_WD1_TIMER, 0); + + /* Wait for watchdog timeout; should take milliseconds. */ + DELAY(2000000); + + /* Not reached ... one hopes. */ + printf("failed to reset.\n"); +} + +static device_method_t apple_wdog_methods[] = { + DEVMETHOD(device_probe, apple_wdog_probe), + DEVMETHOD(device_attach, apple_wdog_attach), + + DEVMETHOD_END +}; + +static driver_t apple_wdog_driver = { + "apple_wdog", + apple_wdog_methods, + sizeof(struct apple_wdog_softc), +}; + +DRIVER_MODULE(apple_wdog, simplebus, apple_wdog_driver, 0, 0); diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64 index 3846301977d1..d13953a0bff3 100644 --- a/sys/conf/files.arm64 +++ b/sys/conf/files.arm64 @@ -538,6 +538,9 @@ arm/annapurna/alpine/alpine_serdes.c optional al_serdes fdt \ no-depend \ compile-with "${CC} -c -o ${.TARGET} ${CFLAGS} -I$S/contrib/alpine-hal -I$S/contrib/alpine-hal/eth ${.IMPSRC}" +# Apple +arm64/apple/apple_wdog.c optional soc_apple_t8103 fdt + # Broadcom arm64/broadcom/brcmmdio/mdio_mux_iproc.c optional soc_brcm_ns2 fdt arm64/broadcom/brcmmdio/mdio_nexus_iproc.c optional soc_brcm_ns2 fdt From nobody Tue Dec 17 14:25:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCJyD2xyhz5hHcC; Tue, 17 Dec 2024 14:25:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCJyD2f1lz4nGp; Tue, 17 Dec 2024 14:25:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734445556; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FyVOOD7NQHD3339F8vgatgqj485yD83A5c36Xd7AHzo=; b=LG5kqVXGBVydsx/xnXoZRjMsY9dXFG7trCXrQ+P5B6K+2v6mHR+RvkVpngZridZKIiqu0x yvOlwmytqkPBxor2sqtZSlCTOkAb+2vBEc259ASdUcpVYQVGjElu9WKMYePrWMAt602zYv XlXMyQdGmezqd9iA89CVb9wvtgaZoqacoFFvwVgs/d9qJIkeakSgPMc75wJXMR+duNLfl6 ZRHIEvMQhgihgYDXytxBnYI6bIhyF4FwjL7H0purw8fMcLHW2nSjeiCTVsv3o9G1VHpzpo W3YP1m5/2LJTjBs8wakdd6zMziKrQyOdBICE5oh8yt+ZxTpCczpJQz4ExOv4vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734445556; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FyVOOD7NQHD3339F8vgatgqj485yD83A5c36Xd7AHzo=; b=hoR8TDmoiunxyPxWZAMJjR16KDLQFnFWjalsqyJu4nq5RLyoI4bRw2ZNeoDPvmdNRiyFNe +yXmJzVuo3xAtRmzwY9ZCW2H0aqaH1ks9q55/gqINiPnCrF8P/Fb1bu0POoU9NSdogjcXi T1PMpVu0G4FJMEwjLdm7iC7esdOlyOI+h7tntqXoTarrHYuFOyz+Ev8qC7+845RhqXsoom i4NQN8/IBvvOWobbqOFPBdy3f7zECvXQ0I4MgOrPCVm2jobuPpN2OEZqXaLSXpPt6wBbzX e0E/JXsVRTN7GfgI6wFVJDV2urfbw3AO/hYHoRj6FUr4Pm0+M8jkMYDqEg/NNw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734445556; a=rsa-sha256; cv=none; b=XDnbBnrZOu/6LNN6wy7OYntEvSQS0Zh2WHBxs55t37JuTMwKaD1LWAwhYKJjptanuuFdNl Q+X9YWXgRk8onPNKDFCZ7u1LLDoT/2w4k1QAwptIPG+kh9igBqadsL+fckBhoX1KuZxXoc XRWZESXQg9QZ3mtQmulHcfXRSMuZPgZi9es2+SK32V/Zd1fXttQcDZ3xd4eSIazfpFd5dF s43bhQuJ+Z3nv4/MOVDXpW64w7DdZt18R+zVHmweMKjY8k4D6Pvm+c1Zx3YKliSdDdsgZB gK3TWAOL9dFHYlQJCfeo0RLGM7zudTg480MyeXGlLppqUA3qYX/KbztDZNjzdA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCJyD2FGmzRjG; Tue, 17 Dec 2024 14:25:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEPuRI010253; Tue, 17 Dec 2024 14:25:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEPuSP010250; Tue, 17 Dec 2024 14:25:56 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:25:56 GMT Message-Id: <202412171425.4BHEPuSP010250@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 04160e000898 - main - arm64: add a driver for the Apple Interrupt Controller List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 04160e0008982fa0e03ebcc3747d81bcd547f751 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=04160e0008982fa0e03ebcc3747d81bcd547f751 commit 04160e0008982fa0e03ebcc3747d81bcd547f751 Author: Kyle Evans AuthorDate: 2024-12-17 14:14:54 +0000 Commit: Kyle Evans CommitDate: 2024-12-17 14:24:14 +0000 arm64: add a driver for the Apple Interrupt Controller Some limited support for later multi-die SoC is included, but not at all tested and not expected to be functional yet. kevans needs to finish getting his serial boards constructed, as the beefiest AS machine that actually has multiple die to support in his fleet is currently a dedicated serial console. Reviewed by: andrew Co-authored-by: Andrew Turner Co-authored-by: Mike Karels Differential Revision: https://reviews.freebsd.org/D48079 --- sys/arm64/apple/apple_aic.c | 779 ++++++++++++++++++++++++++++++++++++++++++++ sys/conf/files.arm64 | 1 + 2 files changed, 780 insertions(+) diff --git a/sys/arm64/apple/apple_aic.c b/sys/arm64/apple/apple_aic.c new file mode 100644 index 000000000000..48aea99035d2 --- /dev/null +++ b/sys/arm64/apple/apple_aic.c @@ -0,0 +1,779 @@ +/*- + * Copyright (c) 2021 Andrew Turner + * Copyright (c) 2022 Michael J. Karels + * Copyright (c) 2022 Kyle Evans + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "opt_platform.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#ifdef SMP +#include +#include +#endif + +#include + +#include +#include +#include + +#include + +#include "pic_if.h" + +#define AIC_INFO 0x0004 +#define AIC_INFO_NDIE(val) (((val) >> 24) & 0xf) +#define AIC_INFO_NIRQS(val) ((val) & 0x0000ffff) + +#define AIC_WHOAMI 0x2000 +#define AIC_EVENT 0x2004 +#define AIC_EVENT_DIE(val) (((val) >> 24) & 0xff) +#define AIC_EVENT_TYPE(val) (((val) >> 16) & 0xff) +#define AIC_EVENT_TYPE_NONE 0 +#define AIC_EVENT_TYPE_IRQ 1 +#define AIC_EVENT_TYPE_IPI 4 +#define AIC_EVENT_IRQ(val) ((val) & 0xffff) +#define AIC_EVENT_IPI_OTHER 1 +#define AIC_EVENT_IPI_SELF 2 +#define AIC_IPI_SEND 0x2008 +#define AIC_IPI_ACK 0x200c +#define AIC_IPI_MASK_SET 0x2024 +#define AIC_IPI_MASK_CLR 0x2028 +#define AIC_IPI_OTHER 0x00000001 +#define AIC_IPI_SELF 0x80000000 +#define AIC_TARGET_CPU(irq) (0x3000 + (irq) * 4) +#define AIC_SW_SET(irq) (0x4000 + (((irq) >> 5) * 4)) +#define AIC_SW_CLEAR(irq) (0x4080 + (((irq) >> 5) * 4)) +#define AIC_MASK_SET(irq) (0x4100 + (((irq) >> 5) * 4)) +#define AIC_MASK_CLEAR(irq) (0x4180 + (((irq) >> 5) * 4)) +#define AIC_IRQ_MASK(irq) (1u << ((irq) & 0x1f)) + +#define AIC_IPI_LOCAL_RR_EL1 s3_5_c15_c0_0 +#define AIC_IPI_GLOBAL_RR_EL1 s3_5_c15_c0_1 + +#define AIC_IPI_SR_EL1 s3_5_c15_c1_1 +#define AIC_IPI_SR_EL1_PENDING (1 << 0) + +#define AIC_FIQ_VM_TIMER s3_5_c15_c1_3 +#define AIC_FIQ_VM_TIMER_VEN (1 << 0) +#define AIC_FIQ_VM_TIMER_PEN (1 << 1) +#define AIC_FIQ_VM_TIMER_BITS (AIC_FIQ_VM_TIMER_VEN | AIC_FIQ_VM_TIMER_PEN) + +#define CNTV_CTL_ENABLE (1 << 0) +#define CNTV_CTL_IMASK (1 << 1) +#define CNTV_CTL_ISTATUS (1 << 2) +#define CNTV_CTL_BITS \ + (CNTV_CTL_ENABLE | CNTV_CTL_IMASK | CNTV_CTL_ISTATUS) + +#define AIC_MAXCPUS 32 +#define AIC_MAXDIES 4 + +static struct ofw_compat_data compat_data[] = { + { "apple,aic", 1 }, + { NULL, 0 } +}; + +enum apple_aic_irq_type { + AIC_TYPE_INVAL, + AIC_TYPE_IRQ, + AIC_TYPE_FIQ, + AIC_TYPE_IPI, +}; + +struct apple_aic_irqsrc { + struct intr_irqsrc ai_isrc; + enum apple_aic_irq_type ai_type; + struct { + /* AIC_TYPE_IRQ */ + enum intr_polarity ai_pol; + enum intr_trigger ai_trig; + u_int ai_irq; + }; +}; + +#ifdef SMP +#define AIC_NIPIS INTR_IPI_COUNT +#endif + +struct apple_aic_softc { + device_t sc_dev; + struct resource *sc_mem; + struct apple_aic_irqsrc *sc_isrcs[AIC_MAXDIES]; + u_int sc_nirqs; + u_int sc_ndie; +#ifdef SMP + struct apple_aic_irqsrc sc_ipi_srcs[AIC_NIPIS]; + u_int *sc_cpuids; /* cpu index to AIC CPU ID */ + uint32_t *sc_ipimasks; +#endif +}; + +static u_int aic_next_cpu; + +static device_probe_t apple_aic_probe; +static device_attach_t apple_aic_attach; + +static pic_disable_intr_t apple_aic_disable_intr; +static pic_enable_intr_t apple_aic_enable_intr; +static pic_map_intr_t apple_aic_map_intr; +static pic_setup_intr_t apple_aic_setup_intr; +static pic_teardown_intr_t apple_aic_teardown_intr; +static pic_post_filter_t apple_aic_post_filter; +static pic_post_ithread_t apple_aic_post_ithread; +static pic_pre_ithread_t apple_aic_pre_ithread; +#ifdef SMP +static pic_bind_intr_t apple_aic_bind_intr; +static pic_init_secondary_t apple_aic_init_secondary; +static pic_ipi_send_t apple_aic_ipi_send; +static pic_ipi_setup_t apple_aic_ipi_setup; +#endif + +static int apple_aic_irq(void *); +static int apple_aic_fiq(void *); + +static int +apple_aic_probe(device_t dev) +{ + + if (!ofw_bus_status_okay(dev)) + return (ENXIO); + + if (ofw_bus_search_compatible(dev, compat_data)->ocd_data == 0) + return (ENXIO); + + device_set_desc(dev, "Apple Interrupt Controller"); + return (BUS_PROBE_DEFAULT); +} + +static int +apple_aic_attach(device_t dev) +{ + struct apple_aic_softc *sc; + struct intr_irqsrc *isrc; + const char *name; + intptr_t xref; + int error, rid; + u_int i, cpu, j, info; + + sc = device_get_softc(dev); + sc->sc_dev = dev; + + rid = 0; + sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, + RF_ACTIVE); + if (sc->sc_mem == NULL) { + device_printf(dev, "Unable to allocate memory\n"); + return (ENXIO); + } + + info = bus_read_4(sc->sc_mem, AIC_INFO); + sc->sc_nirqs = AIC_INFO_NIRQS(info); + sc->sc_ndie = AIC_INFO_NDIE(info) + 1; + if (bootverbose) + device_printf(dev, "Found %d interrupts, %d die\n", + sc->sc_nirqs, sc->sc_ndie); + + for (i = 0; i < sc->sc_ndie; i++) { + sc->sc_isrcs[i] = mallocarray(sc->sc_nirqs, + sizeof(**sc->sc_isrcs), M_DEVBUF, M_WAITOK | M_ZERO); + } + +#ifdef SMP + sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * mp_maxid + 1, + M_DEVBUF, M_WAITOK | M_ZERO); + sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * mp_maxid + 1, + M_DEVBUF, M_WAITOK | M_ZERO); + + cpu = PCPU_GET(cpuid); + sc->sc_cpuids[cpu] = bus_read_4(sc->sc_mem, AIC_WHOAMI); + if (bootverbose) + device_printf(dev, "BSP CPU %d: whoami %x\n", cpu, + sc->sc_cpuids[cpu]); +#endif + + + name = device_get_nameunit(dev); + for (i = 0; i < sc->sc_ndie; i++) { + struct apple_aic_irqsrc *die_isrcs; + + die_isrcs = sc->sc_isrcs[i]; + for (j = 0; j < sc->sc_nirqs; j++) { + isrc = &die_isrcs[j].ai_isrc; + die_isrcs[j].ai_pol = INTR_POLARITY_CONFORM; + die_isrcs[j].ai_trig = INTR_TRIGGER_CONFORM; + die_isrcs[j].ai_type = AIC_TYPE_INVAL; + die_isrcs[j].ai_irq = j; + + error = intr_isrc_register(isrc, dev, 0, "%s,d%us%u", name, + i, j); + if (error != 0) { + device_printf(dev, "Unable to register irq %u:%u\n", + i, j); + return (error); + } + } + } + + xref = OF_xref_from_node(ofw_bus_get_node(dev)); + if (intr_pic_register(dev, xref) == NULL) { + device_printf(dev, "Unable to register interrupt handler\n"); + return (ENXIO); + } + + if (intr_pic_claim_root(dev, xref, apple_aic_irq, sc, + INTR_ROOT_IRQ) != 0) { + device_printf(dev, + "Unable to set root interrupt controller\n"); + intr_pic_deregister(dev, xref); + return (ENXIO); + } + + if (intr_pic_claim_root(dev, xref, apple_aic_fiq, sc, + INTR_ROOT_FIQ) != 0) { + device_printf(dev, + "Unable to set root fiq controller\n"); + intr_pic_deregister(dev, xref); + return (ENXIO); + } + +#ifdef SMP + if (intr_ipi_pic_register(dev, 0) != 0) { + device_printf(dev, "could not register for IPIs\n"); + return (ENXIO); + } +#endif + + OF_device_register_xref(xref, dev); + + return (0); +} + +static int +apple_aic_map_intr_fdt(struct apple_aic_softc *sc, + struct intr_map_data_fdt *data, u_int *irq, enum apple_aic_irq_type *typep, + enum intr_polarity *polp, enum intr_trigger *trigp, u_int *die) +{ + if (data->ncells != 3) + return (EINVAL); + + /* XXX AIC2 */ + *die = 0; + + /* + * The first cell is the interrupt type: + * 0 = IRQ + * 1 = FIQ + * The second cell is the interrupt number + * The third cell is the flags + */ + switch(data->cells[0]) { + case 0: + if (typep != NULL) + *typep = AIC_TYPE_IRQ; + break; + case 1: + if (typep != NULL) + *typep = AIC_TYPE_FIQ; + break; + default: + return (EINVAL); + } + + *irq = data->cells[1]; + if (*irq > sc->sc_nirqs) + return (EINVAL); + + if (trigp != NULL) { + if ((data->cells[2] & FDT_INTR_EDGE_MASK) != 0) + *trigp = INTR_TRIGGER_EDGE; + else + *trigp = INTR_TRIGGER_LEVEL; + } + if (polp != NULL) { + if ((data->cells[2] & FDT_INTR_LEVEL_HIGH) != 0) + *polp = INTR_POLARITY_HIGH; + else + *polp = INTR_POLARITY_LOW; + } + + return (0); +} + +static int +apple_aic_map_intr(device_t dev, struct intr_map_data *data, + struct intr_irqsrc **isrcp) +{ + struct apple_aic_softc *sc; + int error; + u_int irq; + u_int die; + + sc = device_get_softc(dev); + + error = 0; + switch(data->type) { + case INTR_MAP_DATA_FDT: + error = apple_aic_map_intr_fdt(sc, + (struct intr_map_data_fdt *)data, &irq, NULL, NULL, NULL, + &die); + if (error == 0) + *isrcp = &sc->sc_isrcs[0 /* XXX */][irq].ai_isrc; + break; + default: + return (ENOTSUP); + } + + return (error); +} + +static int +apple_aic_setup_intr(device_t dev, struct intr_irqsrc *isrc, + struct resource *res, struct intr_map_data *data) +{ + struct apple_aic_softc *sc; + enum apple_aic_irq_type type; + struct apple_aic_irqsrc *ai; + enum intr_trigger trig; + enum intr_polarity pol; + int error; + u_int die, irq; + + sc = device_get_softc(dev); + ai = (struct apple_aic_irqsrc *)isrc; + + if (data != NULL) { + KASSERT(data->type == INTR_MAP_DATA_FDT, + ("%s: Only FDT data is supported (got %#x)", __func__, + data->type)); + error = apple_aic_map_intr_fdt(sc, + (struct intr_map_data_fdt *)data, &irq, &type, &pol, &trig, + &die); + if (error != 0) + return (error); + } else { + pol = INTR_POLARITY_CONFORM; + trig = INTR_TRIGGER_CONFORM; + } + + if (isrc->isrc_handlers != 0) { + /* TODO */ + return (0); + } + + if (pol == INTR_POLARITY_CONFORM) + pol = INTR_POLARITY_LOW; + if (trig == INTR_TRIGGER_CONFORM) + trig = INTR_TRIGGER_EDGE; + + ai->ai_pol = pol; + ai->ai_trig = trig; + ai->ai_type = type; + + /* + * Only the timer uses FIQs. These could be sent to any CPU. + */ + switch (type) { + case AIC_TYPE_IRQ: + /* XXX die sensitive? */ + aic_next_cpu = intr_irq_next_cpu(aic_next_cpu, &all_cpus); + bus_write_4(sc->sc_mem, AIC_TARGET_CPU(irq), + 1 << sc->sc_cpuids[aic_next_cpu]); + break; + case AIC_TYPE_FIQ: + isrc->isrc_flags |= INTR_ISRCF_PPI; + break; + default: + return (EINVAL); + } + + return (0); +} + +static int +apple_aic_teardown_intr(device_t dev, struct intr_irqsrc *isrc, + struct resource *res, struct intr_map_data *data) +{ + panic("%s\n", __func__); +} + +static void +apple_aic_enable_intr(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_irqsrc *ai; + struct apple_aic_softc *sc; + u_int irq; + + ai = (struct apple_aic_irqsrc *)isrc; + irq = ai->ai_irq; + switch(ai->ai_type) { + case AIC_TYPE_IRQ: + sc = device_get_softc(dev); + bus_write_4(sc->sc_mem, AIC_MASK_CLEAR(irq), AIC_IRQ_MASK(irq)); + break; + case AIC_TYPE_IPI: + /* Nothing needed here. */ + break; + case AIC_TYPE_FIQ: + /* TODO */ + break; + default: + panic("%s: %x\n", __func__, ai->ai_type); + } +} + +static void +apple_aic_disable_intr(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_irqsrc *ai; + struct apple_aic_softc *sc; + u_int irq; + + ai = (struct apple_aic_irqsrc *)isrc; + irq = ai->ai_irq; + switch(ai->ai_type) { + case AIC_TYPE_IRQ: + sc = device_get_softc(dev); + bus_write_4(sc->sc_mem, AIC_MASK_SET(irq), AIC_IRQ_MASK(irq)); + break; + case AIC_TYPE_IPI: + /* Nothing needed here. */ + break; + case AIC_TYPE_FIQ: + /* TODO */ + break; + default: + panic("%s: %x\n", __func__, ai->ai_type); + } +} + +static void +apple_aic_post_filter(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_softc *sc; + struct apple_aic_irqsrc *ai; + int irq; + + ai = (struct apple_aic_irqsrc *)isrc; + irq = ai->ai_irq; + switch(ai->ai_type) { + case AIC_TYPE_IRQ: + sc = device_get_softc(dev); + bus_write_4(sc->sc_mem, AIC_SW_CLEAR(irq), AIC_IRQ_MASK(irq)); + bus_write_4(sc->sc_mem, AIC_MASK_CLEAR(irq), AIC_IRQ_MASK(irq)); + break; + case AIC_TYPE_FIQ: + /* TODO */ + break; + default: + panic("%s: %x\n", __func__, ai->ai_type); + } +} + +static void +apple_aic_pre_ithread(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_softc *sc; + struct apple_aic_irqsrc *ai; + int irq; + + ai = (struct apple_aic_irqsrc *)isrc; + sc = device_get_softc(dev); + irq = ai->ai_irq; + bus_write_4(sc->sc_mem, AIC_SW_CLEAR(irq), AIC_IRQ_MASK(irq)); + apple_aic_disable_intr(dev, isrc); + /* ACK IT */ +} + +static void +apple_aic_post_ithread(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_softc *sc; + struct apple_aic_irqsrc *ai; + int irq; + + ai = (struct apple_aic_irqsrc *)isrc; + sc = device_get_softc(dev); + irq = ai->ai_irq; + + bus_write_4(sc->sc_mem, AIC_MASK_CLEAR(irq), AIC_IRQ_MASK(irq)); + apple_aic_enable_intr(dev, isrc); +} + +#ifdef SMP +static void +apple_aic_ipi_received(struct apple_aic_softc *sc, struct trapframe *tf) +{ + uint32_t mask; + uint32_t ipi; + int cpu; + + cpu = PCPU_GET(cpuid); + + mask = atomic_readandclear_32(&sc->sc_ipimasks[cpu]); + + while (mask != 0) { + ipi = ffs(mask) - 1; + mask &= ~(1 << ipi); + + intr_ipi_dispatch(ipi); + } +} +#endif + +static int +apple_aic_irq(void *arg) +{ + struct apple_aic_softc *sc; + uint32_t die, event, irq, type; + struct apple_aic_irqsrc *aisrc; + struct trapframe *tf; + + sc = arg; + tf = curthread->td_intr_frame; + + event = bus_read_4(sc->sc_mem, AIC_EVENT); + type = AIC_EVENT_TYPE(event); + + /* If we get an IPI here, we really goofed. */ + MPASS(type != AIC_EVENT_TYPE_IPI); + + if (type != AIC_EVENT_TYPE_IRQ) { + if (type != AIC_EVENT_TYPE_NONE) + device_printf(sc->sc_dev, "unexpected event type %d\n", + type); + return (FILTER_STRAY); + } + + die = AIC_EVENT_DIE(event); + irq = AIC_EVENT_IRQ(event); + + if (die >= sc->sc_ndie) + panic("%s: unexpected die %d", __func__, die); + if (irq >= sc->sc_nirqs) + panic("%s: unexpected irq %d", __func__, irq); + + aisrc = &sc->sc_isrcs[die][irq]; + if (intr_isrc_dispatch(&aisrc->ai_isrc, tf) != 0) { + device_printf(sc->sc_dev, "Stray irq %u:%u disabled\n", + die, irq); + return (FILTER_STRAY); + } + + return (FILTER_HANDLED); +} + +static int +apple_aic_fiq(void *arg) +{ + struct apple_aic_softc *sc; + struct apple_aic_irqsrc *isrcs; + struct trapframe *tf; + + sc = arg; + tf = curthread->td_intr_frame; + +#ifdef SMP + /* Handle IPIs. */ + if ((READ_SPECIALREG(AIC_IPI_SR_EL1) & AIC_IPI_SR_EL1_PENDING) != 0) { + WRITE_SPECIALREG(AIC_IPI_SR_EL1, AIC_IPI_SR_EL1_PENDING); + apple_aic_ipi_received(sc, tf); + } +#endif + + /* + * FIQs don't store any state in the interrupt controller at all outside + * of IPI handling, so we have to probe around outside of AIC to + * determine if we might have been fired off due to a timer. + */ + isrcs = sc->sc_isrcs[0]; + if ((READ_SPECIALREG(cntv_ctl_el0) & CNTV_CTL_BITS) == + (CNTV_CTL_ENABLE | CNTV_CTL_ISTATUS)) { + intr_isrc_dispatch(&isrcs[AIC_TMR_GUEST_VIRT].ai_isrc, tf); + } + + if (has_hyp()) { + uint64_t reg; + + if ((READ_SPECIALREG(cntp_ctl_el0) & CNTV_CTL_ISTATUS) != 0) { + intr_isrc_dispatch(&isrcs[AIC_TMR_GUEST_PHYS].ai_isrc, + tf); + } + + reg = READ_SPECIALREG(AIC_FIQ_VM_TIMER); + if ((reg & AIC_FIQ_VM_TIMER_PEN) != 0) { + intr_isrc_dispatch(&isrcs[AIC_TMR_HV_PHYS].ai_isrc, tf); + } + + if ((reg & AIC_FIQ_VM_TIMER_VEN) != 0) { + intr_isrc_dispatch(&isrcs[AIC_TMR_HV_VIRT].ai_isrc, tf); + } + } + + return (FILTER_HANDLED); +} + +#ifdef SMP +static int +apple_aic_bind_intr(device_t dev, struct intr_irqsrc *isrc) +{ + struct apple_aic_softc *sc = device_get_softc(dev); + static int aic_next_cpu; + uint32_t targets = 0; + u_int irq, cpu; + + MPASS(((struct apple_aic_irqsrc *)isrc)->ai_type == AIC_TYPE_IRQ); + irq = ((struct apple_aic_irqsrc *)isrc)->ai_irq; + if (CPU_EMPTY(&isrc->isrc_cpu)) { + aic_next_cpu = intr_irq_next_cpu(aic_next_cpu, &all_cpus); + CPU_SETOF(aic_next_cpu, &isrc->isrc_cpu); + bus_write_4(sc->sc_mem, AIC_TARGET_CPU(irq), + sc->sc_cpuids[aic_next_cpu] << 1); + } else { + CPU_FOREACH_ISSET(cpu, &isrc->isrc_cpu) { + targets |= sc->sc_cpuids[cpu] << 1; + } + bus_write_4(sc->sc_mem, AIC_TARGET_CPU(irq), targets); + } + return (0); +} + +static void +apple_aic_ipi_send(device_t dev, struct intr_irqsrc *isrc, cpuset_t cpus, + u_int ipi) +{ + struct apple_aic_softc *sc; + uint64_t aff, localgrp, sendmask; + u_int cpu; + + sc = device_get_softc(dev); + sendmask = 0; + localgrp = CPU_AFF1(CPU_AFFINITY(PCPU_GET(cpuid))); + + KASSERT(isrc == &sc->sc_ipi_srcs[ipi].ai_isrc, + ("%s: bad ISRC %p argument", __func__, isrc)); + for (cpu = 0; cpu <= mp_maxid; cpu++) { + if (CPU_ISSET(cpu, &cpus)) { + aff = CPU_AFFINITY(cpu); + sendmask = CPU_AFF0(aff); + atomic_set_32(&sc->sc_ipimasks[cpu], 1 << ipi); + + /* + * The above write to sc_ipimasks needs to be visible + * before we write to the ipi register to avoid the + * targetted CPU missing the dispatch in + * apple_aic_ipi_received(). Note that WRITE_SPECIALREG + * isn't a memory operation, so we can't relax this to a + * a dmb. + */ + dsb(ishst); + + if (CPU_AFF1(aff) == localgrp) { + WRITE_SPECIALREG(AIC_IPI_LOCAL_RR_EL1, + sendmask); + } else { + sendmask |= CPU_AFF1(aff) << 16; + WRITE_SPECIALREG(AIC_IPI_GLOBAL_RR_EL1, + sendmask); + } + + isb(); + } + } +} + +static int +apple_aic_ipi_setup(device_t dev, u_int ipi, struct intr_irqsrc **isrcp) +{ + struct apple_aic_softc *sc = device_get_softc(dev); + struct apple_aic_irqsrc *ai; + + KASSERT(ipi < AIC_NIPIS, ("%s: ipi %u too high", __func__, ipi)); + + ai = &sc->sc_ipi_srcs[ipi]; + ai->ai_type = AIC_TYPE_IPI; + + *isrcp = &ai->ai_isrc; + return (0); +} + +static void +apple_aic_init_secondary(device_t dev, uint32_t rootnum) +{ + struct apple_aic_softc *sc = device_get_softc(dev); + u_int cpu = PCPU_GET(cpuid); + + /* We don't need to re-initialize for the FIQ root. */ + if (rootnum != INTR_ROOT_IRQ) + return; + + sc->sc_cpuids[cpu] = bus_read_4(sc->sc_mem, AIC_WHOAMI); + if (bootverbose) + device_printf(dev, "CPU %d: whoami %x\n", cpu, + sc->sc_cpuids[cpu]); + + bus_write_4(sc->sc_mem, AIC_IPI_MASK_SET, AIC_IPI_SELF | AIC_IPI_OTHER); +} +#endif + +static device_method_t apple_aic_methods[] = { + /* Device interface */ + DEVMETHOD(device_probe, apple_aic_probe), + DEVMETHOD(device_attach, apple_aic_attach), + + /* Interrupt controller interface */ + DEVMETHOD(pic_disable_intr, apple_aic_disable_intr), + DEVMETHOD(pic_enable_intr, apple_aic_enable_intr), + DEVMETHOD(pic_map_intr, apple_aic_map_intr), + DEVMETHOD(pic_setup_intr, apple_aic_setup_intr), + DEVMETHOD(pic_teardown_intr, apple_aic_teardown_intr), + DEVMETHOD(pic_post_filter, apple_aic_post_filter), + DEVMETHOD(pic_post_ithread, apple_aic_post_ithread), + DEVMETHOD(pic_pre_ithread, apple_aic_pre_ithread), +#ifdef SMP + DEVMETHOD(pic_bind_intr, apple_aic_bind_intr), + DEVMETHOD(pic_init_secondary, apple_aic_init_secondary), + DEVMETHOD(pic_ipi_send, apple_aic_ipi_send), + DEVMETHOD(pic_ipi_setup, apple_aic_ipi_setup), +#endif + + /* End */ + DEVMETHOD_END +}; + +static DEFINE_CLASS_0(aic, apple_aic_driver, apple_aic_methods, + sizeof(struct apple_aic_softc)); + +EARLY_DRIVER_MODULE(aic, simplebus, apple_aic_driver, 0, 0, + BUS_PASS_INTERRUPT + BUS_PASS_ORDER_MIDDLE); diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64 index d13953a0bff3..3335dfe6cab1 100644 --- a/sys/conf/files.arm64 +++ b/sys/conf/files.arm64 @@ -539,6 +539,7 @@ arm/annapurna/alpine/alpine_serdes.c optional al_serdes fdt \ compile-with "${CC} -c -o ${.TARGET} ${CFLAGS} -I$S/contrib/alpine-hal -I$S/contrib/alpine-hal/eth ${.IMPSRC}" # Apple +arm64/apple/apple_aic.c optional soc_apple_t8103 fdt arm64/apple/apple_wdog.c optional soc_apple_t8103 fdt # Broadcom From nobody Tue Dec 17 14:39:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCKFY6LS7z5hHtC for ; Tue, 17 Dec 2024 14:39:13 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCKFY2pdcz4q5q for ; Tue, 17 Dec 2024 14:39:13 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4364a37a1d7so9018605e9.3 for ; Tue, 17 Dec 2024 06:39:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734446352; x=1735051152; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0i+PTfSDtKvdYOU1Rv5YK8rXlyRqZPahh0mkDqIbft0=; b=ZCJrDW7Hyo2L2LVc1mTfoN1N5kiDT4ZdHF8343bAp8iomBONhjWjpVBgBL3v8vej2w w9O/EOkEZlfLxvk9hXhi08QW9/ZUPlOyZ6xO43AzrcGJ09SxRndYgW4szG7mfZNy2ESf clsIVGTUybYi4l4JySGOgk861jAOTqUs7uQKkMK6cxgBRpC5P6vqou5fl6PjGiLXnRlN r6TzCGzirLq2wSlxjqezrUKPo+GYaCEA9Uhx48LozDQ8fpGe7rcwIW87w9VAmiwEOBZx SDWHhAkcr/gNi/MxgkcTj2wXuKFenfa+Q4KMam95PN1pkeMAenhW0onOIlXDn3+CvuNi Z/2A== X-Forwarded-Encrypted: i=1; AJvYcCVsfYJjaqb3+De559hwwjNlDvJsIOEGP2ATSaw0m0ngUeetYdbwVIEAAkyn07f6TGk/WLi5ROV6XU9XE6e8cJU0CI+ZHA==@freebsd.org X-Gm-Message-State: AOJu0Yz22GHBAZVhB1tF58qdzds+GpEfsnWvCWZPPBaeezpgwlKxaBD7 /XpVXcA7N99jnb0a2Jz1sRMA5F2MiwJX5Bq9XpnUTe18/j08iKOY5o6ivpaCq8B8go7TIGVfb6+ HuvQ= X-Gm-Gg: ASbGncuaKJJO1DqdQuaTWU5vKBjEQEgCvxMCtoCUqa9yluljsUkJU8JO6U3q8YV6BI9 tbPmZX8h3x8ntNnZKLmYZMxWBj/3lYa1kvhvMB0BBuT6zIofgGOUWBN44+hc5dfguvzA8M9iQer XRcOGe7Ep6mXyqectwJ+24l7xsYcPMzDTpU/k3/NapXCh4GHiEd6q+V/nveFOvEVazjzMey55nY Spl/fwCLsn8Tc8CpamLD4DoXZYb36Ntrym+WwzOC81/M0nGafAAWuugKM6JUJddCJLzz7w= X-Google-Smtp-Source: AGHT+IF8RjFMkXl4+FXWo3IoXQA3SPU/Yzi6w1NKP83I4kyiNHe0p7WeBErCjcTnGxkYbrGBP7tLNQ== X-Received: by 2002:a5d:6dab:0:b0:386:3711:ff8c with SMTP id ffacd0b85a97d-38880acd891mr11665825f8f.23.1734446351597; Tue, 17 Dec 2024 06:39:11 -0800 (PST) Received: from smtpclient.apple ([131.111.5.201]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-388c801ad9asm11220757f8f.58.2024.12.17.06.39.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Dec 2024 06:39:11 -0800 (PST) Content-Type: text/plain; charset=utf-8 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.200.121\)) Subject: Re: git: 56816e687557 - main - riscv: Eswin hwreset support added. From: Jessica Clarke In-Reply-To: <202412171147.4BHBlAs7010565@gitrepo.freebsd.org> Date: Tue, 17 Dec 2024 14:39:00 +0000 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <202412171147.4BHBlAs7010565@gitrepo.freebsd.org> To: Ruslan Bukin X-Mailer: Apple Mail (2.3826.200.121) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4YCKFY2pdcz4q5q X-Spamd-Bar: ---- On 17 Dec 2024, at 11:47, Ruslan Bukin wrote: >=20 > The branch main has been updated by br: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D56816e68755725371ac89dc5aa882fdc= e46605a5 >=20 > commit 56816e68755725371ac89dc5aa882fdce46605a5 > Author: Ruslan Bukin > AuthorDate: 2024-12-17 11:35:08 +0000 > Commit: Ruslan Bukin > CommitDate: 2024-12-17 11:46:10 +0000 >=20 > riscv: Eswin hwreset support added. >=20 > Add reset controller driver for Eswin EIC7700. >=20 > This one has two reset cells in FDT, which is unusual, so provide a > custom hwreset_map method. >=20 > Tested on SiFive Premier P550. >=20 > Reviewed by: mhorne, jrtc27 I gave one review comment, I didn=E2=80=99t get to approving it. Are you writing these manually rather than using (git-)arc?... Jess From nobody Tue Dec 17 14:48:52 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCKSh594Hz5hK2y; Tue, 17 Dec 2024 14:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCKSh4hjdz4rZw; Tue, 17 Dec 2024 14:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446932; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VhqzjZcgMNkIyCA3FU7hyCKlmxYgQo+fNi01lXrQwYM=; b=Thr2GfRdBRLei63zG/2Fc5AJddCAfvInwxzWRvuleKSpo8IibTEBLDi2s0/aFf/4qNmvYB YYxt48o+BnZ0t/IA32ZQR+E0ey3HzkZQ54OvHZ23Obae8W3M4NXYwXnQwLN7G/kuXPu0zt H/Js2I/qH3+/HSWsNgl4yxb4AyJsWTa+JQZmyDq5hs2z5FIwQF9Ow++9qqNsPOosWNRBag hdKSVaJKlZk1neewEv7qYLr/GSMr+SOcXSzClftnYExEbQcHoXsSvcUTEWPO+ep7mKVKY5 6M0+Gi210z9+22tbLoCCTTqYERVpafuvnHh3+JTDheYZpb20nAJ+Ed1DALL2hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446932; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VhqzjZcgMNkIyCA3FU7hyCKlmxYgQo+fNi01lXrQwYM=; b=fET2bjzwqGWrhb4hd/Lk0PMIJ0eXyUQOSn+5dzr/P/MbHCylJUfgyya39icJFA7TQfRqn7 YnhelfoQkqEFUN9EqMjwa6T+flyUc+qlX1erq5USI4KzAtlgWuX4DtrxCQhUAS3/tNX3Hb qYb8cUiQrKMpVCjq4upu/otLCcHBQWQbUJctcfSSzJDK5ls3JxsFrfII6Vrkivdqv6UQ4W F92tkznW0CEvohOr6dUFvgUR9HSxIPNgdxIFh8LeNrUNsN5hd4rUwMb4C1YaBDFbUcMsBz tp3DygR1D7X5YJBjvIjiiqceXWpOhrKPmalXNZmOhhNG5+HS0dFLxldj57W1Ng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734446932; a=rsa-sha256; cv=none; b=WJNTEcqHngnNXpat2cAM7VvY33NW6jMeT9P92Qyk/GWw6Yrjx65X7EbGmiVJ2ThwiLPpgI TtzaqLrT5Q22dzxgdrbe3BYG+z6u8T+9p85yXCnV2AZmKSwRUBPBC5cQ1PlS7QyvPOTwW0 wsshw95p13KORwf8NckvnbD3PvbH+xNhQjJC/hb1Fr8tszvnskEo42ckHZUZmjKuAIQHaz zBbckKz7QlbvW2HKxalLVGUayrGzdTZbDdGwj5TaHl34leveyhvvyWbj0E0xQDu1Io91H9 4kXlpNPqvSpRLLGxr7qNi6dIZmNfUEluAqNospQhKp+n2KrzQMfbgbxxoyFQ/Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCKSh4BHhzRqk; Tue, 17 Dec 2024 14:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEmq1H047848; Tue, 17 Dec 2024 14:48:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEmqp7047845; Tue, 17 Dec 2024 14:48:52 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:48:52 GMT Message-Id: <202412171448.4BHEmqp7047845@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: f1ddb6fb8c4d - main - MAC/do: Fix a compilation warning about an unused function List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f1ddb6fb8c4d051a205dae3a848776c9d56f86ff Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f1ddb6fb8c4d051a205dae3a848776c9d56f86ff commit f1ddb6fb8c4d051a205dae3a848776c9d56f86ff Author: Olivier Certner AuthorDate: 2024-12-17 14:17:16 +0000 Commit: Olivier Certner CommitDate: 2024-12-17 14:47:42 +0000 MAC/do: Fix a compilation warning about an unused function grant_supplementary_group_from_flags() had been used in previous versions of the recent changes, but recently has not been needed anymore. It has been kept around just in case deliberately, by analogy with grant_primary_group_from_flags() (this one still being used). --- sys/security/mac_do/mac_do.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index c5f986920db1..8175f8ccdab4 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1628,7 +1628,7 @@ grant_primary_group_from_flags(const flags_t flags) * - EJUSTRETURN: Flags are agnostic. * - EPERM: Access denied. */ -static int +static int __unused grant_supplementary_group_from_flags(const flags_t flags) { if ((flags & MDF_SUPP_MASK) != 0) From nobody Tue Dec 17 14:48:53 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCKSk1Cq3z5hK1C; Tue, 17 Dec 2024 14:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCKSj5VsPz4rXX; Tue, 17 Dec 2024 14:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X208F7ntdlqmOIqMuiXAB4EcMclQ8HrBEWLSkIWAQ34=; b=dWB6Z6I749RzvmNsekPjeY7nyZ+KyW5yRVQAMzZj5cz03JfauPZxVrDKjv7hp0gfgJlxPA nCOlg2pKwfgBEuaahZj4/EYfQJTmmXIZor2RopkZpZqlYL9GbnoDdsrPlk5Ux8l+v4kaj3 CIoR6wROAK1bSRHc817TRdXku+BjXIk8YsWdXMEjRA8E06arTKTK1G9h5pkKto+KdR4047 EmDp34JMDgoQSDll87Uhb1+xwn9h2Op9z2ZTPp2s+WeAYJ56zoqoak4Nbj2oN/2SRwmrjg Hu8ocgz4rI2029oFV5TPwtNYRjBXyB6vgvX/rSiqz8KPW5wYdFj+pnRV5z3BcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X208F7ntdlqmOIqMuiXAB4EcMclQ8HrBEWLSkIWAQ34=; b=TEXNvnwCMLsha3vtMvrWtFIjaRKKizGkccM0i6IfTIIwDO7WGk9T8XttlYnwl8CTb/S+g/ 6bwp1FSQlXJWqZc1E5kl+6jB6AqO0abjSQnSpNvAC9pPzylU763dMjondeExr0tyHHFhH4 WAZx+wKCM+yjN4okEZ+a6Kn0/nTfXKZi6rCPDjjnc060YrAc+AGIJz66vdl5eiymPZC7Hl QPoXSQ/abHN0V6bkyaz1TNbCaP7Kvskj7EKKLnVkZU2veTiuEaTKS/nTin3HEWktUDIiu3 Gka+FGP2NO8EzT5f5PsGUJF5cnYMs2MVtpL349x6+6laVzaz7gdVNoZgJteBDg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734446933; a=rsa-sha256; cv=none; b=vDUG2LOIMxhtH+eQWm2eUsW1CyMnR3K+DAMZ5LiXI7aWUx5ZjaL3qlW0HyWK+wpdlRcksl 9178+QLt2RBW2LF8BOP0G732Sou2Av+nMUOsv8A28Uq29BON2z3xMnDzyWoggRTn/F7zGE MUjxR7T6ONTDZDTn4tGuAUNxuNtpCG7eiOlX2mj+Ac1be4NVq9FtA7QGuCJiVf37tc3CLi EFRD4N9RJ0n/9kY2Q3UoyOwfXJsOKBbqkOpBP/XLQNHPxdyMwhzquuVWDhZAudc4s9Qie4 SiT6qySvtW0rPCbNfawjCC1mdsJD+XJsKQ6Wst6+fGe4K6IPFP8rWiSTuXjM0w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCKSj53ChzSLS; Tue, 17 Dec 2024 14:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEmrW8047897; Tue, 17 Dec 2024 14:48:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEmrEl047894; Tue, 17 Dec 2024 14:48:53 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:48:53 GMT Message-Id: <202412171448.4BHEmrEl047894@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: fa368cc86ceb - main - x86 atomics: Remove unused WANT_FUNCTIONS List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fa368cc86cebe7185b3a99d4f6083033da377eee Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=fa368cc86cebe7185b3a99d4f6083033da377eee commit fa368cc86cebe7185b3a99d4f6083033da377eee Author: Olivier Certner AuthorDate: 2024-12-09 16:13:09 +0000 Commit: Olivier Certner CommitDate: 2024-12-17 14:48:22 +0000 x86 atomics: Remove unused WANT_FUNCTIONS This macro has not been in use since commit "inline atomics and allow tied modules to inline locks" (r335873, f4b3640475cec929). Reviewed by: markj, kib, emaste, imp MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48061 --- sys/amd64/include/atomic.h | 3 --- sys/i386/include/atomic.h | 15 --------------- 2 files changed, 18 deletions(-) diff --git a/sys/amd64/include/atomic.h b/sys/amd64/include/atomic.h index e0801d0880e0..78717a8d6544 100644 --- a/sys/amd64/include/atomic.h +++ b/sys/amd64/include/atomic.h @@ -385,7 +385,6 @@ ATOMIC_LOADSTORE(long); #undef ATOMIC_LOAD #undef ATOMIC_STORE #undef ATOMIC_LOADSTORE -#ifndef WANT_FUNCTIONS /* Read the current value and store a new value in the destination. */ static __inline u_int @@ -592,8 +591,6 @@ atomic_swap_long(volatile u_long *p, u_long v) #define atomic_testandset_ptr atomic_testandset_long #define atomic_testandclear_ptr atomic_testandclear_long -#endif /* !WANT_FUNCTIONS */ - #endif /* !SAN_NEEDS_INTERCEPTORS || SAN_RUNTIME */ #endif /* !_MACHINE_ATOMIC_H_ */ diff --git a/sys/i386/include/atomic.h b/sys/i386/include/atomic.h index 4bb74b7ada01..01eb4476120c 100644 --- a/sys/i386/include/atomic.h +++ b/sys/i386/include/atomic.h @@ -299,17 +299,6 @@ atomic_thread_fence_seq_cst(void) #ifdef _KERNEL -#ifdef WANT_FUNCTIONS -int atomic_cmpset_64_i386(volatile uint64_t *, uint64_t, uint64_t); -int atomic_cmpset_64_i586(volatile uint64_t *, uint64_t, uint64_t); -uint64_t atomic_load_acq_64_i386(const volatile uint64_t *); -uint64_t atomic_load_acq_64_i586(const volatile uint64_t *); -void atomic_store_rel_64_i386(volatile uint64_t *, uint64_t); -void atomic_store_rel_64_i586(volatile uint64_t *, uint64_t); -uint64_t atomic_swap_64_i386(volatile uint64_t *, uint64_t); -uint64_t atomic_swap_64_i586(volatile uint64_t *, uint64_t); -#endif - /* I486 does not support SMP or CMPXCHG8B. */ static __inline int atomic_cmpset_64_i386(volatile uint64_t *dst, uint64_t expect, uint64_t src) @@ -618,8 +607,6 @@ ATOMIC_LOADSTORE(long); #undef ATOMIC_STORE #undef ATOMIC_LOADSTORE -#ifndef WANT_FUNCTIONS - static __inline int atomic_cmpset_long(volatile u_long *dst, u_long expect, u_long src) { @@ -874,8 +861,6 @@ atomic_swap_long(volatile u_long *p, u_long v) #define atomic_testandset_ptr(p, val) \ atomic_testandset_int((volatile u_int *)(p), (val)) -#endif /* !WANT_FUNCTIONS */ - #if defined(_KERNEL) #define mb() __mbk() #define wmb() __mbk() From nobody Tue Dec 17 14:48:54 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCKSl18tcz5hK31; Tue, 17 Dec 2024 14:48:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCKSk6P0lz4rXf; Tue, 17 Dec 2024 14:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446934; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W84gI7ZQjWaP4L6OECd8Hhbqkb/ZhN6PfVF35nghorg=; b=PA3i5mVSJqIYp4rgeZOD1vqos/ogfrqcsHXZF6KMxgDr3DFUvGhnz3Jvc4FrdiFidylQnC EfofgvoLgVjzIFDhUkpVi/gmZEbwfrrkKUQYuW1fSzJAzIt6QWfvlG5a9Uh/kGcLEafpn0 jFkMF/vAWRJBkia+4BVKw70YEvosylJJemSVTuvWS/yAbbT1P3C3/StyeY0zyv7auzNYlI 8eJTrta5jYdDr7XAnsjd+CRDZaQzkfuwtSFK012h5v8E9Q7pHPiS4HZ7G08p34wWj2Y209 8io4C64eXnDV5gqD92+hVpwepnbO7I3W15LfHpO/BOLK4sCoM1VGOWy4lXj20A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734446934; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W84gI7ZQjWaP4L6OECd8Hhbqkb/ZhN6PfVF35nghorg=; b=us8gJkbQSHNrFgCzGf5UPK9Kj8HTmZfHMTmyur7+PCZwjA2d05WXyuX+C1kgQdtNjUHYxx OIQZZYqRSGwtXYiertHgNaXrLyGx89Y72plBUf4HBe8eYLrcpswRk/zfWu+OtwlZ5wS0OB H7pnHDVHZMwm4nTrzlRY3GP9lCDuupJWK5Ji8iMpweewALCMm9RJYQpiS6RHaTqTLcnjAE JWPRfmIZChkx7E0fzWateEhv74i4zANbGKrSXXOpejFinHVJg5kDTKSpbj9m9q4vz+k7Ck O80mcT3jHND6DULUYrtUllH1DgMjUhuuVNAmd4eNuKWV7MXMJJKIuNwaXbZFRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734446934; a=rsa-sha256; cv=none; b=rcVVTGX1bP69JDqDyzmVIq+Y2mwy+LVQ8zNvbHuSRv0ppME3g7hkrJlJ1A6rVy+qvk6Yyv lvI2O8n4jmBEmdYRGx5/L5iuA3ZPJv8hE6HT6CquWY10KDNbei8cYuyR8YwSNTd8rv3jRR 3oPdVS7pobJ0VgZAMyWvoo4/TYJqiZE8ieerX9HjPz6DE8se2ncvYRM7T0XwpYRUb/cipY UlwlXDGcUPRYf12WJcOZsQOgf3PHhsmSvKXf24jS/TkaJKm/LeQ/mA5XTmbCuxyPkevpA+ TQvEQEGym8iTvMSEefzwH1oFdqrs7EbOjXJ6GTy6txaFppxeKnytdnQPrnc3hg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCKSk5qZgzRbT; Tue, 17 Dec 2024 14:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHEmsED047945; Tue, 17 Dec 2024 14:48:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHEmsMP047942; Tue, 17 Dec 2024 14:48:54 GMT (envelope-from git) Date: Tue, 17 Dec 2024 14:48:54 GMT Message-Id: <202412171448.4BHEmsMP047942@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 32c45723fa53 - main - atomic(9): Update manpage after constifying atomic loads List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 32c45723fa53d384e19ce52aec15972e73305a8c Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=32c45723fa53d384e19ce52aec15972e73305a8c commit 32c45723fa53d384e19ce52aec15972e73305a8c Author: Olivier Certner AuthorDate: 2024-12-16 17:58:50 +0000 Commit: Olivier Certner CommitDate: 2024-12-17 14:48:22 +0000 atomic(9): Update manpage after constifying atomic loads MFC after: 5 days Sponsored by: The FreeBSD Foundation --- share/man/man9/atomic.9 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/share/man/man9/atomic.9 b/share/man/man9/atomic.9 index 581aac9878c8..df24cd4a4d2b 100644 --- a/share/man/man9/atomic.9 +++ b/share/man/man9/atomic.9 @@ -20,7 +20,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 19, 2024 +.Dd December 16, 2024 .Dt ATOMIC 9 .Os .Sh NAME @@ -60,7 +60,7 @@ .Ft void .Fn atomic_interrupt_fence "void" .Ft -.Fn atomic_load_[acq_] "volatile *p" +.Fn atomic_load_[acq_] "const volatile *p" .Ft .Fn atomic_readandclear_ "volatile *p" .Ft void From nobody Tue Dec 17 15:39:10 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCLZk5Pm5z5hMmn; Tue, 17 Dec 2024 15:39:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCLZk4sQ8z3yfQ; Tue, 17 Dec 2024 15:39:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734449950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ISMV8jxbNWrNaUEB0j4MAUYvQsJnckqvCL9wSFnwevs=; b=VzPSNO1I4HzNB66c6MOOqktbkw82hhZZsd6wxtohV84MmNeenpnC0f/CGIjvUC2sTrCfcb jg/8yJcxEqUJt3rHm/7bWZi2vofZ/L5BmjHz9JA22ixDxJrbvKjwP4/Vv7/bLPIIYOzfWx m0DGprkYyN4eJS5chmjFNlCG8yLNPBF8AyvZB/5tJraFPQvl62LLQjcQ/bps51T+rrARPH jauI0TOE4tYsZUodTZvNHkFrRZfXjQRmQEwDv6NtKZgfm9w0WPYpqmICD9+LIyZhcpVj0p ZS9kwfBDa7AQ9MUd/XkvMpp0Ctg/Yacl9cZN8PPkTyW3Irni+5MKhs1ricLwuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734449950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ISMV8jxbNWrNaUEB0j4MAUYvQsJnckqvCL9wSFnwevs=; b=cYr1k5klIcZavk4DVM1kDqOpy7XeX9c66ghzGkyz+qzsyNS2HEvdc3JiLi9sNHkFJHuKqR bMWCnd5EtvAXQRuM2jZTBUrkVbQOo/nRdPRqMNBa2v+za9JfugrH0gzG8+Uxw15FjM9LyA wQghM5yjRlYeqW5JafHtqNZR/XExK3zwk2nJvsiepLL+/RkylhtgRpNNpYH8HGOm+/M2Qg uWzZxFG6DlL1Wg3zAToXZvuYgDQaeAXjFznPJVFL1hqYO4cgrKWbgYCpnGgremmXEq35Da PNPTZPXY7v5AfMV0OYcDDhI1DeQZH4m1ukvTN5q53I/ftMt8xlyFyRvgqCZQuw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734449950; a=rsa-sha256; cv=none; b=DcU9Zb4uSNdJIrFcibG+dZ2lNlmSNxp7DKITiqJ0aW13tY+KEmhaQ1K3BAcjxSY2+482TE yBkO7pP5oWMlqintVJzvwEtQYEeIYEtd7tbXS1C2wCxC1zWGmsTuo5JPXQDaj8BEUsC22Z kP4XDUttURcQj6Z6IXinLtOYhEP9qoByDnutyQuug+jznA+f4wGeAz9Whr5OI5kwUisI14 lfn6YmYt7wN8+PJhbomKYe6lad9qiu0fjClpAw4GIW8GlABMOnlEtfdRIs4sVAK1sjFx3F AuVgrvifou0nFIThX/bURrDaaOjpK+dP7TtyvsWglcQllTy01D8z4Eln43vVhQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCLZk4DVNzTqZ; Tue, 17 Dec 2024 15:39:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHFdAsl041527; Tue, 17 Dec 2024 15:39:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHFdATo041524; Tue, 17 Dec 2024 15:39:10 GMT (envelope-from git) Date: Tue, 17 Dec 2024 15:39:10 GMT Message-Id: <202412171539.4BHFdATo041524@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 92e237e1cc27 - main - arm64: apple: re-align to recent standards List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 92e237e1cc278eb240424b186258cb2089455bfa Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=92e237e1cc278eb240424b186258cb2089455bfa commit 92e237e1cc278eb240424b186258cb2089455bfa Author: Kyle Evans AuthorDate: 2024-12-17 15:37:27 +0000 Commit: Kyle Evans CommitDate: 2024-12-17 15:38:50 +0000 arm64: apple: re-align to recent standards In the time these have lingered in my tree, we've started to drop the __FBSDID tags. Make sure we're using SPDX tags (and the correct one) as well. Reported by: mhorne --- sys/arm64/apple/apple_aic.c | 2 ++ sys/arm64/apple/apple_wdog.c | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/arm64/apple/apple_aic.c b/sys/arm64/apple/apple_aic.c index 48aea99035d2..b500099a5430 100644 --- a/sys/arm64/apple/apple_aic.c +++ b/sys/arm64/apple/apple_aic.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-2-Clause + * * Copyright (c) 2021 Andrew Turner * Copyright (c) 2022 Michael J. Karels * Copyright (c) 2022 Kyle Evans diff --git a/sys/arm64/apple/apple_wdog.c b/sys/arm64/apple/apple_wdog.c index 7bd34e48ba03..aaa899298571 100644 --- a/sys/arm64/apple/apple_wdog.c +++ b/sys/arm64/apple/apple_wdog.c @@ -1,5 +1,5 @@ /*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2022 Michael J. Karels * Copyright (c) 2012 Alexander Rybalko @@ -26,8 +26,6 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include -__FBSDID("$FreeBSD$"); #include #include From nobody Tue Dec 17 17:35:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCPBM1SSNz5hVQn; Tue, 17 Dec 2024 17:36:43 +0000 (UTC) (envelope-from br@bsdpad.com) Received: from mail.bsdpad.com (mail.bsdpad.com [116.202.106.248]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCPBL6hGdz4Fs7; Tue, 17 Dec 2024 17:36:42 +0000 (UTC) (envelope-from br@bsdpad.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bsdpad.com; s=20201212; h=Subject:To:From; bh=jrh7TDeEfPc833p7VFK359+2QXwnwMIJBMgIGNfsIxk=; b=NszdEw5lPblw9hQEPfYOxQfuTK BfEnYV5bNuNdO/pHeAImz701xj5fEQj/+NxMYdTe9OTKMf3VlgmEDz/Nq9GfwXckdsAznydaZ4BY6 OKQcux53OTVMVmps4qddmrY49TpNlTFE0BxqXCaKugbE0HinlU/SfmSB623Fyw6fsmZ9P3OBha1h9 SRwlASU4ooR4eK/StwPtCp/a8J67keSj2If+2adPKTG2uEOlIjqK2PNnkOxx4VBUYGXsnU+UDpAs2 vwQ3R8vmj3y38BXH9TczOP8iMP+ravywWl9pnYhmWm/RqWQj1NjlNVbLIJTDjV1xVgApmyM4No9xv 3bKMDTuA==; Received: from localhost ([127.0.0.1] helo=bsdpad.com) by mail.bsdpad.com with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1tNbUD-00049o-0G; Tue, 17 Dec 2024 17:35:57 +0000 Received: by bsdpad.com (nbSMTP-1.00) for uid 1001 br@bsdpad.com; Tue, 17 Dec 2024 17:35:57 +0000 (GMT) Date: Tue, 17 Dec 2024 17:35:56 +0000 From: Ruslan Bukin To: Jessica Clarke Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Subject: Re: git: 56816e687557 - main - riscv: Eswin hwreset support added. Message-ID: References: <202412171147.4BHBlAs7010565@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:116.202.0.0/16, country:DE] X-Rspamd-Queue-Id: 4YCPBL6hGdz4Fs7 X-Spamd-Bar: ---- On Tue, Dec 17, 2024 at 02:39:00PM +0000, Jessica Clarke wrote: > On 17 Dec 2024, at 11:47, Ruslan Bukin wrote: > > > > The branch main has been updated by br: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=56816e68755725371ac89dc5aa882fdce46605a5 > > > > commit 56816e68755725371ac89dc5aa882fdce46605a5 > > Author: Ruslan Bukin > > AuthorDate: 2024-12-17 11:35:08 +0000 > > Commit: Ruslan Bukin > > CommitDate: 2024-12-17 11:46:10 +0000 > > > > riscv: Eswin hwreset support added. > > > > Add reset controller driver for Eswin EIC7700. > > > > This one has two reset cells in FDT, which is unusual, so provide a > > custom hwreset_map method. > > > > Tested on SiFive Premier P550. > > > > Reviewed by: mhorne, jrtc27 > > I gave one review comment, I didn’t get to approving it. Are you > writing these manually rather than using (git-)arc?... > > Jess > I apologize. I'm using git arc. The comment you left resulted to a positive impact on the code so I decided to indicate you as well, despite you did not press Accept. Ruslan From nobody Tue Dec 17 17:43:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCPLk53bXz5hVjj; Tue, 17 Dec 2024 17:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCPLk4Vq5z4GVC; Tue, 17 Dec 2024 17:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734457438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jLgxuJSqQcj/s++99NcY5ALY0Xosfk4rEvD+RkFVsSo=; b=r9buXM9TQIRPTF07lvmmHKjPlx3d7oDerUp8vkAvMQqLFTJj46zmY2gU9w7dmn0+pOtkwp uOmTCPGcGNzlfc6Cg/w8pw401a89bntVLG42VSBWpW/iyt0A+fVmG5pkiMNhZZbWtuJZbu CylUWJv1EJ+DW5bWp7+TG3h8FQq1W2UXjscYsf2S8gMSxxw/vqfyKjPf6RCYMPdb7IRfMC r9vcwcOUlbfSyerrcciFGh5moE2y5LDF8R96f2kv3LOw3X/6IpcrjAcytoXKCVREoe45Im pVAdu3e+85oXxugpCHYVXHp+CJMMkk4q520cBn6SNqsdgSD1b+PU+AExZYEsTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734457438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jLgxuJSqQcj/s++99NcY5ALY0Xosfk4rEvD+RkFVsSo=; b=nOIWcekBczG7p5ho5iRXZ268YRf9F9ni/uxmsm/1fOGPDbASEVD7zgEZ37Kl6i6U+ZvCcz az7zroXlXeYbjyIx5FNtG5+kwSwJbwOPmBIfn6ZIBQuFhijE1T0mTeZ+Al/BselQzU87LE BNUbxIL9NTBZ8wulTXmvu/jp98iAukaXciuMK54cJH2IDQn+bQwv8OjU9zxjtl4dWwxKoF 2hylIZZ4M4f95oDmvdwN7qLyFXR87z7eyU7TeS2fEsZQEv2WjmTLDRHqv533u3Gv+nDLnB crDIpC2QcOidZ0QIYtBeq4ttmW3JyygN6ffCiydEa/SGxucd1f9/nIDcmSE8Nw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734457438; a=rsa-sha256; cv=none; b=Ydr03b8TP+v4zxBFIsLh4Qs3DxJI3eIuaWqm+0/JtLEdqILQeI3lPSfVqY+Z5fPlu8AWTR 1EEVwavXg8NZQ4kNgwlkvZCraqGB6TTkMZjsxih50kRByYQQ37doLUtReRYVFeCEfVtHMV C/99Co3lmrxA3wt0gR0iu3rA9Nqk8e9lRkQ+rYLihbKGjUBIM4u+y3miYIiVLQjKvBlwy5 d4jfPSIGtoVTMbWrzk2P78eiZCC3prS0Uh2YXRbxhP5LSkPHQK/XR7QCUrNx4lGyWB3pq+ 8214lH+1IazYoR2OY0JrF6qSHZjXT8+aaU2OSyd13oQoA0Z24uf7/7RHKPHDIA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCPLk41JhzYk7; Tue, 17 Dec 2024 17:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHHhwhG082136; Tue, 17 Dec 2024 17:43:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHHhw8G082133; Tue, 17 Dec 2024 17:43:58 GMT (envelope-from git) Date: Tue, 17 Dec 2024 17:43:58 GMT Message-Id: <202412171743.4BHHhw8G082133@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ruslan Bukin Subject: git: 4f5845126993 - main - riscv: connect eswin to the build. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: br X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4f58451269930e227e527c8e077d7255bf2fae14 Auto-Submitted: auto-generated The branch main has been updated by br: URL: https://cgit.FreeBSD.org/src/commit/?id=4f58451269930e227e527c8e077d7255bf2fae14 commit 4f58451269930e227e527c8e077d7255bf2fae14 Author: Ruslan Bukin AuthorDate: 2024-12-17 17:41:55 +0000 Commit: Ruslan Bukin CommitDate: 2024-12-17 17:42:09 +0000 riscv: connect eswin to the build. Connect Eswin IP drivers to the build. Reviewed by: mhorne Differential Revision: https://reviews.freebsd.org/D48119 --- sys/riscv/conf/GENERIC | 1 + sys/riscv/conf/std.eswin | 5 +++++ sys/riscv/eswin/files.eswin | 2 ++ 3 files changed, 8 insertions(+) diff --git a/sys/riscv/conf/GENERIC b/sys/riscv/conf/GENERIC index 5dfc624c9dfe..23d8a4e47eee 100644 --- a/sys/riscv/conf/GENERIC +++ b/sys/riscv/conf/GENERIC @@ -201,5 +201,6 @@ device iicoc # OpenCores I2C controller support # Include SoC specific configuration include "std.allwinner" +include "std.eswin" include "std.sifive" include "std.starfive" diff --git a/sys/riscv/conf/std.eswin b/sys/riscv/conf/std.eswin new file mode 100644 index 000000000000..11e2b0f10a9a --- /dev/null +++ b/sys/riscv/conf/std.eswin @@ -0,0 +1,5 @@ +# +# Eswin SoC support +# + +files "../eswin/files.eswin" diff --git a/sys/riscv/eswin/files.eswin b/sys/riscv/eswin/files.eswin new file mode 100644 index 000000000000..57b598a1e9ce --- /dev/null +++ b/sys/riscv/eswin/files.eswin @@ -0,0 +1,2 @@ +riscv/sifive/sifive_ccache.c standard +riscv/eswin/eswin_reset.c optional hwreset From nobody Tue Dec 17 17:47:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCPRg2dmmz5hVSr for ; Tue, 17 Dec 2024 17:48:15 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCPRg13wFz4H3G for ; Tue, 17 Dec 2024 17:48:15 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2eec9b3a1bbso3862326a91.3 for ; Tue, 17 Dec 2024 09:48:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20230601.gappssmtp.com; s=20230601; t=1734457691; x=1735062491; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8ITd7o23SvKngkhgOgh5BeOSkEQxlwB9xe259U6gJgM=; b=Z4Jrp/ksuWsya48mx9d/r3zXV6kN4vUQ7Ip2l/yPtk77+JA/stYEhbY4CeyiUbCEWC bM63Irp/wKje3yRhp2hA/E+eozUHzv8F8czDXKWTYwIIS5zyMa490c/oVvRJhdvWPknm l/jH/I+yC9nhXM4dymQf+FpqfyL8wMlk1n8/Xtvgzt2/wq2Htt1d6wR2n7z/BQhEBrm4 RM3X+ui61NLeH9zVatPItcTO/S+E+6mjv5oBWj+/D7KEOSWgu2yuukvYbRTm4qGUvYdL NVN91TB9M51XbQ88U44lh7YencesNaqCsIgkJX9Gd/GMp4E64jujoC6k3yTV/uHbPeBH zEkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734457691; x=1735062491; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8ITd7o23SvKngkhgOgh5BeOSkEQxlwB9xe259U6gJgM=; b=RfWN23I9iSNXOlsRa4mM2iIq1WTlc3CkiGyI8Xcnk6zIlY3v5jEDsl5xPWE+Q37Jv8 GoTZW3EMlHr7cjgUei1XwUAPP0Zo50AFc9VZE/LObe8D/xsIPQAXkaqFkTM5rY7JUeRC 7FoUBK60wrxjmUq4XXh7hKSKUJOJMq6qZioNfsTztFMV18t8BrW5KF8xLU5+1EENBD+8 moT1XtV4pCz/NaNeVOWqgEXQNU361ELSPmDmRlLxIZGFC3UEpxSKzJ+R67PTL10z8egr BgBiQF0xW71ctlvjK8fvlGTrVeI/U8MQwDKDWO4TX+3Jpn4OxM1/OHchzW3tM5f6fmAP fxPQ== X-Forwarded-Encrypted: i=1; AJvYcCU5y3LEHUJ2vZanEZ2hYBnYS3UONkwYuBt+vdG67RjOXyoDMwQw8RPLxXPGl7yPndaQSUBYSEt3nnOFp9YvhpJ7AMcNzQ==@freebsd.org X-Gm-Message-State: AOJu0YyAg4aw7L6SPHcLIV/9CfHIDQMUteGoDENCRxxL8uLLg43aL0e6 nhhtCOZAAGI2CUZBYJywyLNyIP+AxX9iLaNvGksoaDhnxdKkJJIVQf3LA8hiDYIq15YexFsXsc0 WDBrxIaX5ze+a29ZOwIoLufSaHnuwcP1RKugxOA== X-Gm-Gg: ASbGncuOa/q0S8hgPlif3j0C4sIBC2NBSlMGvrUkLlyQhuBm+fSxb24kOVTwP9OfMbu B0bpXuTz0ku7mr0goFIXG05KrY46A1VDCvgbuY9q4byfMDXYVWjQ8a8wRw4Ng3B9FraP8 X-Google-Smtp-Source: AGHT+IG5Pi87kwT883XlnpGGgA6FHkS6WRrIxvnUiK47pUC8XZxABxq1DriV4XO0g/QVyHvhSE502glz4pez1KZrvRk= X-Received: by 2002:a17:90b:2652:b0:2ee:b666:d14a with SMTP id 98e67ed59e1d1-2f28fd6a6a8mr28815406a91.17.1734457690797; Tue, 17 Dec 2024 09:48:10 -0800 (PST) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202412171147.4BHBlAs7010565@gitrepo.freebsd.org> In-Reply-To: From: Warner Losh Date: Tue, 17 Dec 2024 10:47:58 -0700 Message-ID: Subject: Re: git: 56816e687557 - main - riscv: Eswin hwreset support added. To: Ruslan Bukin Cc: Jessica Clarke , src-committers , "" , "" Content-Type: multipart/alternative; boundary="00000000000089dbb506297ae67b" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4YCPRg13wFz4H3G X-Spamd-Bar: ---- --00000000000089dbb506297ae67b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Dec 17, 2024, 10:36=E2=80=AFAM Ruslan Bukin wrote: > On Tue, Dec 17, 2024 at 02:39:00PM +0000, Jessica Clarke wrote: > > On 17 Dec 2024, at 11:47, Ruslan Bukin wrote: > > > > > > The branch main has been updated by br: > > > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3D56816e68755725371ac89dc5aa882fd= ce46605a5 > > > > > > commit 56816e68755725371ac89dc5aa882fdce46605a5 > > > Author: Ruslan Bukin > > > AuthorDate: 2024-12-17 11:35:08 +0000 > > > Commit: Ruslan Bukin > > > CommitDate: 2024-12-17 11:46:10 +0000 > > > > > > riscv: Eswin hwreset support added. > > > > > > Add reset controller driver for Eswin EIC7700. > > > > > > This one has two reset cells in FDT, which is unusual, so provide = a > > > custom hwreset_map method. > > > > > > Tested on SiFive Premier P550. > > > > > > Reviewed by: mhorne, jrtc27 > > > > I gave one review comment, I didn=E2=80=99t get to approving it. Are yo= u > > writing these manually rather than using (git-)arc?... > > > > Jess > > > > I apologize. I'm using git arc. The comment you left resulted to a > positive impact on the code so I decided to indicate you as well, > despite you did not press Accept. > Discussed-with: I think is the trailer to use for this situation where input was given without final approval. Warner > --00000000000089dbb506297ae67b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Dec 17, 2024, 10:36=E2= =80=AFAM Ruslan Bukin <br@freebsd.org<= /a>> wrote:
On Tue, Dec 17, 2024= at 02:39:00PM +0000, Jessica Clarke wrote:
> On 17 Dec 2024, at 11:47, Ruslan Bukin <br@FreeBSD.org> wrote: > >
> > The branch main has been updated by br:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=3D56816e68755725371ac89dc5a= a882fdce46605a5
> >
> > commit 56816e68755725371ac89dc5aa882fdce46605a5
> > Author:=C2=A0 =C2=A0 =C2=A0Ruslan Bukin <br@FreeBSD.org> > > AuthorDate: 2024-12-17 11:35:08 +0000
> > Commit:=C2=A0 =C2=A0 =C2=A0Ruslan Bukin <br@FreeBSD.org> > > CommitDate: 2024-12-17 11:46:10 +0000
> >
> >=C2=A0 =C2=A0 riscv: Eswin hwreset support added.
> >
> >=C2=A0 =C2=A0 Add reset controller driver for Eswin EIC7700.
> >
> >=C2=A0 =C2=A0 This one has two reset cells in FDT, which is unusua= l, so provide a
> >=C2=A0 =C2=A0 custom hwreset_map method.
> >
> >=C2=A0 =C2=A0 Tested on SiFive Premier P550.
> >
> >=C2=A0 =C2=A0 Reviewed by: mhorne, jrtc27
>
> I gave one review comment, I didn=E2=80=99t get to approving it. Are y= ou
> writing these manually rather than using (git-)arc?...
>
> Jess
>

I apologize. I'm using git arc. The comment you left resulted to a
positive impact on the code so I decided to indicate you as well,
despite you did not press Accept.

Discussed-with: I think is the trailer to = use for this situation where input was given without final approval.=C2=A0<= /div>

Warner=C2=A0
--00000000000089dbb506297ae67b-- From nobody Tue Dec 17 20:33:45 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCT6d3m5cz5hhYS; Tue, 17 Dec 2024 20:33:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCT6d34Dnz4c5W; Tue, 17 Dec 2024 20:33:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467625; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RMoDBhnmpjlIJgbn/oQQYVwb5SeaYlVBxj4jNLtlHwk=; b=fAzKLWH2agQQOwYt0gBiWi8ZOIJFlHVspQ0DdNM3buV3vBHFFHBepYxcJZJXUQoMlEmWIZ u/v7Y7n9acT1fWeMWEwMlVHtsD8MPe8ENlQ8+gx9pVfJqkBdVGfUOzzSryte3vZdHXbUKF MXYNMm/4YWKZ/Zt8JzQislVvZ/3wWPtNuZVu9jkfVF5Csn6OOJbi/M7rUD80Sk0OXcGPFE ln0OB7dgoMBk5wUUKstwTDWu7BW0NgtbIsTSREsRzXRqA77Fk0az2BWukn6KR2NedzLddQ vj6qLwGKgiSI1RD/XZ5hZx7rxQy2Ik+CjrMTJwnA5irVyHKmpAe3+J3OBrSDPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467625; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RMoDBhnmpjlIJgbn/oQQYVwb5SeaYlVBxj4jNLtlHwk=; b=SvQ6bPC1N1D1z9EObkxvDHAskiMuKiWzfuQvmayT75meAYhnTg7i18YGUqMYTyIUOl53ic HqYVcKBQLT7h+DDU4AK/rB6hjUZ9GZjZxyrPbLXSnB/FPUL2TFneEv41+bgBW4QN+XOPvi 5gU2H4KCbejxilVq1cxbmgSMgaL4S4rGS5yA4rAB/K1P1rgBa43M64rGPIf4SdJ4iWJ6MF AKa/rFjdD5icv188iX23dY8M+VEKXlXaSAlpZ8NTlWcF65cXcVwkbaH1KuENhH3LOTXues XHQoI5+8m55EPiGf/Lx0PRtX7r57dACJbIUC/k56ErXqEcfuiba+Kv5STC2iNA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734467625; a=rsa-sha256; cv=none; b=R9112IKKBHe60zBiXeuMu1YWn/FpvfAveuKnxx0Z2jC+cNLi5GRnTol2g478fefv1tY0hU LSj7h80+i9zbnMqKrGygW0lOSWhZMXVIn7t7aSra7MSzGUlN340uN41mKkxGsFkVLQcQWM Be7a4jXIKBpCCPDyI6ZI5Q6/XfC5R/4tQsTxu9D/ffHGyYzd1ex6gCGpEq8eAR9RFJ3MxH 2joKazJ/gGzBtmjKrZP4FfmfjFlAPvsVZCNVSZpcCGWOaNK/6ptR1ytFoB/yySdWxyUSun fB6Gq3JVi6EbMPPaVoXnepfzwl01zuZacOl9hUz3KA4hr91McdtbLCKNmuvFEQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCT6d2grpzfFG; Tue, 17 Dec 2024 20:33:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHKXj2s098760; Tue, 17 Dec 2024 20:33:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHKXjsE098757; Tue, 17 Dec 2024 20:33:45 GMT (envelope-from git) Date: Tue, 17 Dec 2024 20:33:45 GMT Message-Id: <202412172033.4BHKXjsE098757@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 01eb1261443d - main - pf: fix double free in pf_state_key_attach() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 01eb1261443dddcb50a3a278f1278fffdfb0d36e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=01eb1261443dddcb50a3a278f1278fffdfb0d36e commit 01eb1261443dddcb50a3a278f1278fffdfb0d36e Author: Kristof Provost AuthorDate: 2024-12-11 22:27:21 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 20:33:11 +0000 pf: fix double free in pf_state_key_attach() In 371bd29d4b we fixed a state key leak, but unintentionally introduced a double free. We pass through the relevant code twice, first for PF_SK_WIRE, then for PF_SK_STACK. If we fail to attach on the second pass we have a more complex cleanup job, handled by pf_detach_state(). We must only free the state keys manually on the first pass, on the second one pf_detach_state() takes care of everything. Tested by: yds Fixes: 371bd29d4b22257a7e92e1e711cca3d94cfbd00d MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index f2e19693b863..11d37747b3a0 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1477,11 +1477,13 @@ keyattach: s->timeout = PFTM_UNLINKED; PF_HASHROW_UNLOCK(ih); KEYS_UNLOCK(); - uma_zfree(V_pf_state_key_z, skw); - if (skw != sks) - uma_zfree(V_pf_state_key_z, sks); - if (idx == PF_SK_STACK) + if (idx == PF_SK_WIRE) { + uma_zfree(V_pf_state_key_z, skw); + if (skw != sks) + uma_zfree(V_pf_state_key_z, sks); + } else { pf_detach_state(s); + } return (EEXIST); /* collision! */ } } From nobody Tue Dec 17 20:33:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCT6f5Vp3z5hh92; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCT6f47b0z4c5X; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7yH9YqQ2dlofpVjWs0XA6JpaKfPX3GO/Zt1qXam3Nk=; b=CsfHPsmTcSPeGXVvDdguyEU59zoiUXsfwxpJe1II0KHJijrn7mirUojKsWDfUTlMvg+TRl jgJJc6EUApjL62krNwgSu88NhvX95/GmbGtOZMw9QPNbnupznQic+zjIoXFrzn6BdZOJEq M4+n74Uc9DlmqjFowTA9pNj8lwesbB65BRJC1oNuVfwqSGRG50zaYjGO9xv6uzCTDcXhNM apka5A7r3rQX2EQrs2emPXmZ9XPljk21UB/KcC0FS9TKkFXgKHDeNDF85ufpW9W4WBc8QP QRoj/T5GWltb8BpAzilBIbQ43z/2LtHMS8+HzJOWlxyHiCo47afmxjNthWaqgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7yH9YqQ2dlofpVjWs0XA6JpaKfPX3GO/Zt1qXam3Nk=; b=bzdVWENe/ikutpaZ+kOaLbOAx0x/OqIjo8y45DYEXMuxK6oyfElv15G7Cb28DhbKAFIwlB CnPfMj9IvKCUZGznSG4SDEhTPXlSpwvmkE5seQ1Ufe6JthtC7lbCXJyHmW76hn1WIe7LBb NaOUVAl+eBcdSrouT25dPANsJcxKhoyMP5s3JrHDfjUq+gMJnBuIDg9bXeI9dL20rLkkcU 8MDr5rIOjHgbAtprL7jKDqsVdnXL+D7UfAOU3kcAZk+Qv6J3OWZDtVCmFSixShJbD2GAHv LSg7jy3OR9jbtprbbZi/xC6PwWyD5KhK8OiFNh+gDxPo+gLeiKp+7to9VUrjQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734467626; a=rsa-sha256; cv=none; b=alloSPW/hqek9IISy+/L2pVVUpRA3VMZ+p7/iiixZ40yJaJcNCx12UGOm6XsWoRP/YoLHv witsFdGHqREp4/+eXgpTScYDL1NQflqYU1OywfD4brc5/GA1Ow3UHV6HnnLi7X3JzLCilM fjqVBMJQ9oIJJQc4BTxhIXwR+uPjxkQEJPTh+TJ0en25ptfYLZnEfaVkvmjJc0F6GSgi/M n+KCREtIlyi4GE6LgxMzXKZamEJbRWTpPN3ppJpf1ODlIa93//s5+s3AzUz+eHbfLrfC4n JEkU/AXuiYmhyVxyQEvnuApK5I6mxS5/hVT8SRImrWwMdmKe7Y2Vf0E0wOjh0w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCT6f3kwPzfQx; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHKXkEi098811; Tue, 17 Dec 2024 20:33:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHKXkZS098808; Tue, 17 Dec 2024 20:33:46 GMT (envelope-from git) Date: Tue, 17 Dec 2024 20:33:46 GMT Message-Id: <202412172033.4BHKXkZS098808@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: f25d7ff3037e - main - pf: SCTP abort messages fully close the connection List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c commit f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c Author: Kristof Provost AuthorDate: 2024-12-16 15:02:18 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 20:33:11 +0000 pf: SCTP abort messages fully close the connection As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We should mode the state to CLOSED rather than CLOSING. Suggested by: Oliver Thomas See also: https://redmine.pfsense.org/issues/15924 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 11d37747b3a0..695ecfc0269d 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7181,14 +7181,14 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd, (*state)->timeout = PFTM_SCTP_ESTABLISHED; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_ABORT | + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_SHUTDOWN_COMPLETE)) { if (src->state < SCTP_SHUTDOWN_PENDING) { pf_set_protostate(*state, psrc, SCTP_SHUTDOWN_PENDING); (*state)->timeout = PFTM_SCTP_CLOSING; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE)) { + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE | PFDESC_SCTP_ABORT)) { pf_set_protostate(*state, psrc, SCTP_CLOSED); (*state)->timeout = PFTM_SCTP_CLOSED; } From nobody Tue Dec 17 20:54:41 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCTZn3K97z5hjLH; Tue, 17 Dec 2024 20:54:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCTZn2nQ1z4fPx; Tue, 17 Dec 2024 20:54:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734468881; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GL7ZZNN/7kSbccsydGsdsNBh75xv3XyfShAx/jNl6k0=; b=VhXmMiEdLMJl6JlCbGx+0HCh+rDqvuDswQQsWQickqIZxGrsK3FaFWgpW/pVt0a7fuvSsl qOgNBpQZOpUfYnjsG2JT+F/w4SJEbZ7Fl7ZBCnBLbFU8oICxK39QDPuqGzhKiaXLmGSeYN eaofaMisZvmeC7dCJA1WrT+jxivcmS7JwpWo1tlA8kS4UlszOQBb2/Q1sruTyOkD1NFHuU Lu99cUcJGeRkwz1qsS1vI299LRKa6zjbDReb6ANcYuI+w/lG58FdY5UCeMVlkyeR3rUUJh 4rvfRopKrv6fPR6HpPSWbbHil3lcxMpFX4TtrDcigN8WZ7HylbAY80pIxjdaWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734468881; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GL7ZZNN/7kSbccsydGsdsNBh75xv3XyfShAx/jNl6k0=; b=aZXYF/WhZyK9JYccID5V9kAwXxcB+c180yjEzgwBtO+Z377epw2VFe19NkJSOzG+5HTTQK 1plpjDscB6pN3a3WDT73K/JDU50qO1eBw43tPbnPUsYydud2ZRfX1l0kjRb6ksxnzf3Quz ydbgZRrDqw0eNHmeN2GrEReWPmcgYdQio6E/CD5F0gyEwQhPWkgIErPJBR6h9Sz8IFWwGe 8C+wlzIpsaJYE8wZqBQ28d6nwa7ZGjo2p0S1RvNSviBuSS4TrWS+521EzE/2RWgBm8QZul eHj1AbkUERji7ar3E71qq2h9f2WyQCaoIxWqWLQysped5P5zemLLZ424wsPLLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734468881; a=rsa-sha256; cv=none; b=xR6tyQIV6JzZjq68FUEJMuzBOadsFrbJpeH2PVokR6VfCsa2eh6YFV60GQL54bVgkmW2av 9Ve6f9krwuUo5rMAX30JZ8YrQ/qS+f5gX2AHsbHoKQNBLX8C+U41PjLMXbsAFMjukatk52 la0D68B/iWt/JvFhZiOINCU9nhCjcLGpY7bx6Zz6z73kxTUWblveByZzQHGjFQzEMhcq6R bg8TfmLZ00B56EXr79fG4vLR2hTiFfiv3Q1hL3UtdZlQwYYtYlEnnCN6NSb1fWn9YLZvZo XgldEn4uudcVOLXglHqDnzhXdt+quv6qIDAN18//lqO4KwyozlY/xbYe3IcwoA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCTZn1wB3zfr5; Tue, 17 Dec 2024 20:54:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHKsfge036435; Tue, 17 Dec 2024 20:54:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHKsfan036432; Tue, 17 Dec 2024 20:54:41 GMT (envelope-from git) Date: Tue, 17 Dec 2024 20:54:41 GMT Message-Id: <202412172054.4BHKsfan036432@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jessica Clarke Subject: git: e1060f6dfd80 - main - ofw: Fix inverted bcmp in ofw_bus_node_status_okay List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrtc27 X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e1060f6dfd80b34cab6d439bf7420ad686ddc8f1 Auto-Submitted: auto-generated The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=e1060f6dfd80b34cab6d439bf7420ad686ddc8f1 commit e1060f6dfd80b34cab6d439bf7420ad686ddc8f1 Author: Jessica Clarke AuthorDate: 2024-12-17 20:51:56 +0000 Commit: Jessica Clarke CommitDate: 2024-12-17 20:51:56 +0000 ofw: Fix inverted bcmp in ofw_bus_node_status_okay Otherwise this matches any two-character status except for ok. Fixes: e5e94d2de987 ("Expand OpenFirmware API with ofw_bus_node_status_okay method") MFC after: 1 week --- sys/dev/ofw/ofw_bus_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/ofw/ofw_bus_subr.c b/sys/dev/ofw/ofw_bus_subr.c index a6d562cd8e9d..4d0479dfb957 100644 --- a/sys/dev/ofw/ofw_bus_subr.c +++ b/sys/dev/ofw/ofw_bus_subr.c @@ -210,7 +210,7 @@ ofw_bus_node_status_okay(phandle_t node) OF_getprop(node, "status", status, OFW_STATUS_LEN); if ((len == 5 && (bcmp(status, "okay", len) == 0)) || - (len == 3 && (bcmp(status, "ok", len)))) + (len == 3 && (bcmp(status, "ok", len) == 0))) return (1); return (0); From nobody Tue Dec 17 21:06:12 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCTr45DrJz5hjvP; Tue, 17 Dec 2024 21:06:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCTr44k0xz4fxT; Tue, 17 Dec 2024 21:06:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734469572; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jssoqsrpc97+S7pXMHJUnQzZp1kmJyGlRoIoEmNVANg=; b=DrP4g02OnFWQSxcIOR5LhOvU8J4ylOv0dIt4gfPJsMN5uK2Y+0NRFadmJn3XVX2Y/X1x3K 8aU38Paq1TkpyH8Nf/ZUeCg5POGxBDe2kx/KvfQq750TrMqDSsoUOAAF4lhuvgCCjmQ9F/ 3wx9OqbpDpHnJjs6vQQBI0d8G5OHcC0f37P/9h40C58PYI8NANb3rck0N6i2i5eGN97uU2 lKmGJq8TqmLBRe1mw3MtMLdtq+xsaBwJwsgpLA2kVOSI8k4VZimP5CHrKT9gScx+BI57iH qHCI/ld7srsopUKQumK/gRFbbW2XxufwysDTVD/w+C1i0OB7kwCqBAi0PpD8nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734469572; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jssoqsrpc97+S7pXMHJUnQzZp1kmJyGlRoIoEmNVANg=; b=FlhWLd82blK25BNnFcUD2AA+Ytw/NezuFwlu9OUNvP5epjcYQtbqpAiEFCSWI2DtPY6f3t 3aA1EuwVoavlZkLluyyygTngPX+M8E2eq7fUB4gtblRpmisTZ27n7LeKTvFP0/8ae0Tr3l gZ9x8o6etjoyZHAgI8+m4+7XulYZCus7KmxVSZVXhj2duzH1I0p+lk17ovevmTtPykKOG9 mZQ6IBF3s9WBNhM128m3+VeiUDGAMS3pYF57mIrLRHSJLSTLLFa8b/nIzjws3pAa5reQFQ clxzsv3mK33z+AcaffLJ6agkbbmjWtZGFZ0Lq1bYkQvTkx0aykJLAH2gFMcKtA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734469572; a=rsa-sha256; cv=none; b=lq+0tVq8tUNSOkakpgwmpBPSJhJVKDPDJ9JXhS3EhzGIfH/5q38JHBmPHBsKTTSgR74EkW nEG44G7TgijwbKZCjHbRx72JcMohBulPUgv7WZ1ytz2Q1Mx9XYPA+4OrFRT7XSsZwnQMhp dSzQLrbZOZvgTQe8eXv7ljD/Ake7+KFEq//JkY593i7hYR+wK6TWd0kw1YDPz27BNrOmGZ UhG66GW+GlmsyKcrtPsH7Hika+T8LP9WezaJexpAIt3cAGk//clH1Q76PLXAqQiWX2vQ+o d/ZOObJad4XatxFbq5cLAjQUzaSUGCocinhaS2HurgcZKjEk3KyYNFdmY34HAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCTr44LN9zfhy; Tue, 17 Dec 2024 21:06:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHL6CiX056462; Tue, 17 Dec 2024 21:06:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHL6Chl056459; Tue, 17 Dec 2024 21:06:12 GMT (envelope-from git) Date: Tue, 17 Dec 2024 21:06:12 GMT Message-Id: <202412172106.4BHL6Chl056459@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alan Somers Subject: git: 22bb70a6b3bb - main - namei: add more detail about LOCKSHARED's behavior List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 22bb70a6b3bb7799276ab480e40665b7d6e4ce25 Auto-Submitted: auto-generated The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=22bb70a6b3bb7799276ab480e40665b7d6e4ce25 commit 22bb70a6b3bb7799276ab480e40665b7d6e4ce25 Author: Alan Somers AuthorDate: 2024-12-17 20:10:57 +0000 Commit: Alan Somers CommitDate: 2024-12-17 21:05:59 +0000 namei: add more detail about LOCKSHARED's behavior [skip ci] MFC after: 2 weeks Sponsored by: ConnectWise Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D48125 --- share/man/man9/namei.9 | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/share/man/man9/namei.9 b/share/man/man9/namei.9 index 0be73f68cdda..63a6d3b11f6f 100644 --- a/share/man/man9/namei.9 +++ b/share/man/man9/namei.9 @@ -31,7 +31,7 @@ .\" If you integrate this manpage in another OS, I'd appreciate a note .\" - eivind@FreeBSD.org .\" -.Dd July 8, 2023 +.Dd December 17, 2024 .Dt NAMEI 9 .Os .Sh NAME @@ -124,7 +124,6 @@ Lock vnode on return with unless .Dv LOCKSHARED is also set. -The .Xr VOP_UNLOCK 9 should be used to release the lock (or @@ -153,8 +152,20 @@ and .Xr vrele 9 . .It Dv LOCKSHARED Lock vnode on return with -.Dv LK_SHARED . -The +.Dv LK_SHARED , +if permitted by the file system that owns the vnode. +The file system must explicitly permit this by setting +.Dv MNTK_LOOKUP_SHARED +in +.Dv mp->mnt_kern_flag +during mount and by calling +.Fn VN_LOCK_ASHARE +when allocating the vnode. +If +.Dv LOCKLEAF +is specified but shared locking is not permitted, then the vnode will be +returned with +.Dv LK_EXCLUSIVE . .Xr VOP_UNLOCK 9 should be used to release the lock (or From nobody Tue Dec 17 21:50:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCVpc558Vz5hmSm; Tue, 17 Dec 2024 21:50:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCVpc4ZqKz4kbR; Tue, 17 Dec 2024 21:50:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734472200; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0zJpcOQ5dzpERgbHY0Ou7VPTwllYgDYHFJPT9/+KiZU=; b=uG2tixFhTV1ytCOu8ZMRQEHgv01coGd2gMgwNWXccZ3wpEKWr31RrJxR78L01onc62kgS4 ylGCnRsMycyd46bbFrnddQkto7BuSqal8h36YpNOngh4L+YzJ5DA9QNarwG4CAlV2JwrCm s/VqWZUdi9tbQxrIOIqvUz3OX2+QhB8/sYsZToNgnVqt94z9fVoGqxrtA1kVP3U8FMOCyP meY5D4b1a7dFXbR5VqpLLE1HS1km5+Mud9HTds0h0+I2K8BM8vBb8w7OkEdeGnqj5MRSeM RMI1IKauzPEcb1Uf9XE8m+nB96rtxeFK1QNn1UFtapx4eRpKwOjLbqk9B1+z8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734472200; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0zJpcOQ5dzpERgbHY0Ou7VPTwllYgDYHFJPT9/+KiZU=; b=Zp2U74pdcgg1SLUVcYD2sO0Vpm/ewz6I3KkRX5PJIBKfWG8TyZPUq0R8CAk9nt2JBO+9F0 YBjHyPAXaix9LWXugceeSCDZ04O446MqJ5eqSOcki/NcLvcDIpMIpQKnojQvkuJ754CXZg wGj2DiaMp9Yqyx+R2R5bn1NgCH01hSu/N/AdgXR5MZaD0xJvHyrFVV/LbMgbUbq9EQ45Ax Edcd5UvrQ8YJx4TtpbzEJOg/7MUCHCGcPVhiCvUDNV5f2bK877OG7q/ZvI6BNQPEBpn6Zb T78WzbsZyOYNAOU8AnQ0Xpa45ZhnRM7oZISfnwSgO6PPnkwHApBdiMbq5vJpXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734472200; a=rsa-sha256; cv=none; b=RhE8oHvxKAZUYOHYvD0iOF1tHvF8d0cPIBFlZEW9CYhBNSSF3puA/XsyQQmF90TI44M0uR XhBjpl42fq7AWbYb0frS85V40TUyfu3aFpau+OlK1JTnr8IKEIHU532m+Sov+YYXDKDkJF E5eAPYzM0ROmDMNs5EZ8yl307A2psVKpkXjSjDEksaHKn+Xv71cs+8R1vwDzIXQxR6MQ5z ddpWO1w+7/Ksya69Vtz8DT+rXctIrZfwIdKuDwrOUscdqxNfAj+CIcFjzNCLBnxG6O77WA 3S2ADPhdz3soP+vGqNk1vK6AIA3zQ+KpUNywoFi7cY0nrER1sWZhKLPyW4+A9Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCVpc4BFQzh17; Tue, 17 Dec 2024 21:50:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHLo04E031178; Tue, 17 Dec 2024 21:50:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHLo0mQ031152; Tue, 17 Dec 2024 21:50:00 GMT (envelope-from git) Date: Tue, 17 Dec 2024 21:50:00 GMT Message-Id: <202412172150.4BHLo0mQ031152@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: c7d13682a1ad - main - lagg: do not advertize support for ipsec offload List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c7d13682a1ad0e8f35d59989d64546c74da80eed Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=c7d13682a1ad0e8f35d59989d64546c74da80eed commit c7d13682a1ad0e8f35d59989d64546c74da80eed Author: Konstantin Belousov AuthorDate: 2024-12-16 12:38:39 +0000 Commit: Konstantin Belousov CommitDate: 2024-12-17 21:49:31 +0000 lagg: do not advertize support for ipsec offload It is not implemented, and most likely cannot be, in a robust manner. Reviewed by: Ariel Ehrenberg , slavash Sponsored by: NVidia networking --- sys/net/if_lagg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/net/if_lagg.c b/sys/net/if_lagg.c index 988f23fc029c..9bc42cb8cbe6 100644 --- a/sys/net/if_lagg.c +++ b/sys/net/if_lagg.c @@ -692,6 +692,7 @@ lagg_capabilities(struct lagg_softc *sc) ena2 &= lp->lp_ifp->if_capenable2; } } while (pena != ena || pena2 != ena2); + ena2 &= ~IFCAP2_BIT(IFCAP2_IPSEC_OFFLOAD); /* Get other capabilities from the lagg ports */ cap = cap2 = ~0; @@ -703,6 +704,7 @@ lagg_capabilities(struct lagg_softc *sc) hwa &= lp->lp_ifp->if_hwassist; if_hw_tsomax_common(lp->lp_ifp, &hw_tsomax); } + cap2 &= ~IFCAP2_BIT(IFCAP2_IPSEC_OFFLOAD); if (CK_SLIST_FIRST(&sc->sc_ports) == NULL) cap = cap2 = hwa = 0; From nobody Tue Dec 17 22:34:26 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCWnt6c2Mz5hpb6; Tue, 17 Dec 2024 22:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCWnt5jzrz4qDm; Tue, 17 Dec 2024 22:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734474866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FEYDISxlKbh+KqLiwSjwtxQ0QJRoKG+Re4MK6VvfQY8=; b=iuQgSaz6uxdlo/YI2j2oF5XiJ/36eG1ELZSYFd1ReOjl2ACg9pU2Zr7V+TKMWffkbjzNrl /j3ji6VIuC37wDczsyhndiNJnJ+2A40xZcCrADUGShEGJyBgdoUQF5h/ble56q4gEP9EcP 4NFluF1YFOTvfyez3lK11km1Jszcdhs0YIieGdZnd9P5CzmvMJ5VkEnqPu9Wh5ZCgkwa0D EQvXICJSJtjIktcEJD0vjLczYl4fvCiZAlS7Vi1oB308I9US7P6/9RU24n9sy4ZnBlNf2k XuFULoZBpKpSxv+tmFTre6zue6nudx+5lEGkedrKtww0vwgB1tgb5EWUCevCLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734474866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FEYDISxlKbh+KqLiwSjwtxQ0QJRoKG+Re4MK6VvfQY8=; b=R8qTWGpd+KonMOaz/eVeg1d4I1bSYEfMO3jNdRy6/i9TuvPmPelx6/3zifR1eQucTJc7zt 0R1qWkt8kZ+WfzkZ7WkSv+2ScLhElSxZUQvLzENuZjR4o1MMUgDL0EngB7BohHp/LJaVLg zl5WElEhAzPSSHWSwRHQuti0XAjKGxne26I/q2OqxdfoePHiMlasz7KJY3B01Zx+4TlGS2 26czBA862a4UCGr1aR6xU5nb/mf8Q3qDDy5j6U5woGLnEgLFhce3LgSouXIsoQQxbjZWTX lqzGe/z5ekv9Z9XtevHhRZdds9INb4lcdHpb+XbzJFf3WHKX3a4cxTTQv1bIGA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734474866; a=rsa-sha256; cv=none; b=SF0ZiUzoTQNJLylLmu7UmrANDtZ4+49v7C2KHJFb8M3tIS6tzDiYRP/+qnMiJgBNzs1tXO 9tQjlvkfBOEYqYDs/O/vjmVuJyZTNIkYYIx/tD6UXEBPWISQApnkDVud77jfGKnmAfssZP QvT+8Z8WWxFhgb2AWRpcrGRGtqblNOOEloBnS7MzYKnfrFb7rDtdfEmn2MeesgRZ3s+7mJ LDjcV7Q1JwrMO0Ilci3Qgw13h4TDwFFG/gvKsbg8tj6V3SEtqrVG94JjMw5sDMVxghpzqR GYLBSZ/oE2C40bqi1wcZH3p/X8WiqWfcF4RLXvQ1KU6idxkpCJovB+tkqqhpng== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCWnt5JrnzhsC; Tue, 17 Dec 2024 22:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHMYQeI023517; Tue, 17 Dec 2024 22:34:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHMYQsf023514; Tue, 17 Dec 2024 22:34:26 GMT (envelope-from git) Date: Tue, 17 Dec 2024 22:34:26 GMT Message-Id: <202412172234.4BHMYQsf023514@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: a2d78713171c - main - sed: The change ("c") command should start a new cycle. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a2d78713171cf138b5ae50d61f82df1af7574c95 Auto-Submitted: auto-generated The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=a2d78713171cf138b5ae50d61f82df1af7574c95 commit a2d78713171cf138b5ae50d61f82df1af7574c95 Author: Valeriy Ushakov AuthorDate: 2024-12-17 22:27:01 +0000 Commit: Warner Losh CommitDate: 2024-12-17 22:34:06 +0000 sed: The change ("c") command should start a new cycle. The "c" command should start the next cycle as clarified in POSIX 2024. This is also consistent with historical and gnu sed behavior. This patch is from OpenBSD by way of NetBSD with a tweak to the man page date by me. Confirmed the test case in the bug now works. PR: 271817 Obtained from: NetBSD (1.39 uwe), OpenBSD (1.39 millert) Sponsored by: Netflix --- usr.bin/sed/process.c | 2 +- usr.bin/sed/sed.1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index ddf9a976bc46..d06dc09542e1 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -134,7 +134,7 @@ redirect: psl = 0; if (cp->a2 == NULL || lastaddr || lastline()) (void)fprintf(outfile, "%s", cp->t); - break; + goto new; case 'd': pd = 1; goto new; diff --git a/usr.bin/sed/sed.1 b/usr.bin/sed/sed.1 index 02bfbf0e9f31..345f673310d8 100644 --- a/usr.bin/sed/sed.1 +++ b/usr.bin/sed/sed.1 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 8, 2021 +.Dd December 17, 2024 .Dt SED 1 .Os .Sh NAME @@ -372,7 +372,7 @@ If the label is not specified, branch to the end of the script. .Pp .It [2addr]c\e .It text -Delete the pattern space. +Delete the pattern space and start the next cycle. With 0 or 1 address or at the end of a 2-address range, .Em text is written to the standard output. From nobody Wed Dec 18 13:22:17 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCvVK4cMLz5hLFZ; Wed, 18 Dec 2024 13:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCvVK48Mhz49kj; Wed, 18 Dec 2024 13:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734528137; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aA1ugc1tue+Iqa7vU07PCzaofR0dRKrmRR3EoHTnEb8=; b=CGInjVRDK6FqxQ9ZWHNq8FTAVqhZooPhKSzk7gB/PcOxjU8/NAWbK0oAZ3Kly67jCY/oXO xcxRC9FKUMGRFwTV/di+rS1SntIgYW8oyYJCdw70/2KZf6hTvxLK+GNFI6WklokN70057e G5ToV3/SDfoaadmnAnk9cOQ2m05RUBu8dDuIDoAPWFQuRyw1SCMTyI0TeJyb5LuhMm+7tL qmKjzAIjwxVlZIhJt8Glw3T3wOsFU4Kf0IzFMKPP9DtEGG/j0xqw9BiV1i2l2Dabd2MgWJ NTmbrFXczTrXJCA8aZKRVHLxDY4v0/EQtlsrt0sNXT49YMcISrsBK0WR7DsA1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734528137; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aA1ugc1tue+Iqa7vU07PCzaofR0dRKrmRR3EoHTnEb8=; b=uWH+/8ux4VoMEr4KVHNqnZ9bugAgs+jAB4mlJR9mqX0HreNhDj81+PndP/BQj2yJZHqmNZ EH2I37FyU/4BiovPwDSmBAAS/FXcbW4NbasN1gZBA7ma0p9bB2Zr1J0AdgLMYaAigwfu1j 0S4vwXJjRuJSJZ54MkiCQyRhZcfR11IfOI+Ttxr+i9B+FiAFesgL68jMw1mX6+Y3tFVneo rU5zcMBpGqvqIogYc2LMDv+/aa0emdpNGco9Z3cGxlOLe7O9GW7ZBuUn+JSDu2gVJVieqt MIq9ZbRu5XRW+dmoJP7UAKqmY9oH3Cb0xRlR+2Tcxan+WLqlWOOkz4BlNL+zJg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734528137; a=rsa-sha256; cv=none; b=O0G/DbngY5uAlupUkDWYrNbPkDU3FO2v16RDkTkA5GScu6ABL3CeTC0UZxOrMnKcnrq8Ay zM9pr5ceebHL5gk84tA+PJHW7RHFlCIRUJCswa0Pz52JMDTDKvdwrcz/BtUeMcC0gAavXN XMVUFLkgQKvn72t4yVqaFHeSmQzuknBmb/UeGslZfZotLKWOWdFtUmtSKjwEfknkwLZMRK yOjzUfQTNq18mBz5B1X4Mj0N4xP8n7OzyfNlsm2wbGGPZkJDT7rGEB4GodGAOqz7tAcdn1 +tCS1gB0dwi8S2PoFQvZUdecaJ1Z5GnupZ4jYLUM6JPUHSxlDIL2KvUa+/nFng== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCvVK3lq8z18Qh; Wed, 18 Dec 2024 13:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIDMHIL080852; Wed, 18 Dec 2024 13:22:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIDMHZ3080849; Wed, 18 Dec 2024 13:22:17 GMT (envelope-from git) Date: Wed, 18 Dec 2024 13:22:17 GMT Message-Id: <202412181322.4BIDMHZ3080849@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: 6e423be7cb73 - main - ow_temp(4): fix typo List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6e423be7cb735376b35bc24c10f81dea5bab4275 Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=6e423be7cb735376b35bc24c10f81dea5bab4275 commit 6e423be7cb735376b35bc24c10f81dea5bab4275 Author: Pau Amma AuthorDate: 2024-12-18 13:21:29 +0000 Commit: Mitchell Horne CommitDate: 2024-12-18 13:21:54 +0000 ow_temp(4): fix typo Reviewed by: mhorne, imp Differential Revision: https://reviews.freebsd.org/D48128 --- share/man/man4/ow_temp.4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/man/man4/ow_temp.4 b/share/man/man4/ow_temp.4 index aa92a12103a8..5afce6bd69d5 100644 --- a/share/man/man4/ow_temp.4 +++ b/share/man/man4/ow_temp.4 @@ -66,7 +66,7 @@ tree: .It temperature The last temperature read, in milli-Kelvin. .It badcrc -The number of CRC errors in reading the temperature form the +The number of CRC errors in reading the temperature from the device. Some CRC errors are to be expected. High rates of CRC errors, however, generally indicate a noisy From nobody Wed Dec 18 14:34:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCx672SClz5hQ7v; Wed, 18 Dec 2024 14:34:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCx671cCxz4N01; Wed, 18 Dec 2024 14:34:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734532495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ibNKuy4KkhZI/E7ieOws+hzsw7o4QF+MCLl2BlSnry8=; b=UXnr5fgUvQCH0CcxS1Ux3gXHlme6bhOBxaes5zwAbdssJB1YiT6Xl+6sEx0LVFROt55kOK 5KXmJj/P7EWwlKrTTc3w2mqcrUWj1pAJdzZxSf7woNR66vZ5mbU0iaaEuACg4WrV8vynMS C7ljcbJgBCV0r6YoKSKgB1gkWlDyoiu7flSXW5BUY85SUKa6DkWGMbadPePQSYEzncqKA9 Ha7/xh8yu0Vr2KbvavMnLJO/uIxCcOGEbz0HI5mUeKl6KHxJik/KnSm0XyCTMGlrPhjv+w HW8Kuw5MZKsJO96H3/AcxwY0K1ijBL6B6+2ukcDpML1fMRyMGP8YSfx8bYmjfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734532495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ibNKuy4KkhZI/E7ieOws+hzsw7o4QF+MCLl2BlSnry8=; b=t6aj6rFzJ+wi9DpMwQ/3eQ0MbsP9Qw2byblqw7NjEogJ90pF/NaJkblJ5tLQhFn1nEGp2l v/x8+mpBnKQZ2bOOCnc8oZYBTsG3DPN/E8cqRUD00S9hHfQ/nR+HnJt5drGWfCX22B+3Jr z3WxUsU+kqdRALscsY2LxCjLRXMKzSNVjNn794wvEGJ+j8U27+2ibLKU7qXKcTSaJgizA4 64FrWUMK9VAoQ2h5IAg0nLHSx9jFbE2eJrCutkb4PNRK0wd1xg+SHJLmcXX53tcj2kYEw5 tIx7UEfL0jiXbEzwi9mLrsRVNe16Omt6wdbA0IIXgNeIchN+a+f9BimbOEAcbQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734532495; a=rsa-sha256; cv=none; b=ERc+apj66RXvTg+uzzDB1v99ROm2jAevxMb+r0uzceVtd9MDwLb+pRvVBeorVB5QaHZsKu vMGDQTcA3vNjlMwdhscE5h2OmpOutVuygC6lZJQvRVUnc3/ez9lOPGa50RceP061lDT+H+ ZgS9PcQFxjTIchYjeJd58aFkKs3dVK3wsrAUVvzEQwTwmrPsBRWVVkSpArtGxAaIkbbzte Fxv7dSUfZcpCWQI/Pup+0Wk1UlcUVHFWv4FCM935GaDZn0cyDvC+F5dCzpd1JjNgTXN1Em SeWGjRjU6J/WWFSZUaRdBL/TbgJY9UpFaCKCmFdTiECvlP4hKxtJepwVqWM7rQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCx671519z1BMQ; Wed, 18 Dec 2024 14:34:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIEYtvG012115; Wed, 18 Dec 2024 14:34:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIEYtS2012112; Wed, 18 Dec 2024 14:34:55 GMT (envelope-from git) Date: Wed, 18 Dec 2024 14:34:55 GMT Message-Id: <202412181434.4BIEYtS2012112@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Juraj Lutter Subject: git: d9ad257a2649 - main - fsck_msdosfs(8): Introduce -B option as no-op List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: otis X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d9ad257a2649e83f19e1454898d5bbb76bc7483a Auto-Submitted: auto-generated The branch main has been updated by otis: URL: https://cgit.FreeBSD.org/src/commit/?id=d9ad257a2649e83f19e1454898d5bbb76bc7483a commit d9ad257a2649e83f19e1454898d5bbb76bc7483a Author: Juraj Lutter AuthorDate: 2024-12-18 13:24:04 +0000 Commit: Juraj Lutter CommitDate: 2024-12-18 14:34:14 +0000 fsck_msdosfs(8): Introduce -B option as no-op When performing a background fsck on msdosfs devices, it ends with the following error: fsck_msdosfs: illegal option -- B usage: fsck_msdosfs -p [-f] filesystem ... fsck_msdosfs [-ny] filesystem ... Introduce -B option as a compatibility with fsck_ffs(8) and also update the descriptions for -B and -C in fsck_msdosfs(8) manual page. Reviewed by: imp Approved by: imp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48132 --- sbin/fsck_msdosfs/fsck_msdosfs.8 | 14 +++++++++----- sbin/fsck_msdosfs/main.c | 5 +++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/sbin/fsck_msdosfs/fsck_msdosfs.8 b/sbin/fsck_msdosfs/fsck_msdosfs.8 index 963818ea8bd7..a74649e0c47e 100644 --- a/sbin/fsck_msdosfs/fsck_msdosfs.8 +++ b/sbin/fsck_msdosfs/fsck_msdosfs.8 @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd January 6, 2020 +.Dd December 18, 2024 .Dt FSCK_MSDOSFS 8 .Os .Sh NAME @@ -32,10 +32,10 @@ .Sh SYNOPSIS .Nm .Fl p -.Op Fl Cf +.Op Fl BCf .Ar filesystem ... .Nm -.Op Fl CMny +.Op Fl BCMny .Ar filesystem ... .Sh DESCRIPTION The @@ -71,10 +71,14 @@ making any changes. .Pp The options are as follows: .Bl -tag -width indent +.It Fl B +Ignored for +.Xr fsck 8 +compatibility. .It Fl C -Compatibility with the corresponding +Ignored for .Xr fsck 8 -option (skip check if clean), defined to no-op. +compatibility. .It Fl F Compatibility with the wrapper .Xr fsck 8 diff --git a/sbin/fsck_msdosfs/main.c b/sbin/fsck_msdosfs/main.c index 0713189daa2d..49a811964ab9 100644 --- a/sbin/fsck_msdosfs/main.c +++ b/sbin/fsck_msdosfs/main.c @@ -68,9 +68,10 @@ main(int argc, char **argv) skipclean = 1; allow_mmap = 1; - while ((ch = getopt(argc, argv, "CfFnpyM")) != -1) { + while ((ch = getopt(argc, argv, "BCfFnpyM")) != -1) { switch (ch) { - case 'C': /* for fsck_ffs compatibility */ + case 'B': /* for fsck_ffs compatibility */ + case 'C': break; case 'f': skipclean = 0; From nobody Wed Dec 18 15:22:24 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCy9B3dVcz5hTlg; Wed, 18 Dec 2024 15:22:38 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f41.google.com (mail-io1-f41.google.com [209.85.166.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCy994FG1z4QrS; Wed, 18 Dec 2024 15:22:37 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.41 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=freebsd.org (policy=none) Received: by mail-io1-f41.google.com with SMTP id ca18e2360f4ac-844df397754so219529739f.2; Wed, 18 Dec 2024 07:22:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734535356; x=1735140156; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kioRMvKtILYE9eczSQIk7qymVN+/2UyxIA4FpZHLUkQ=; b=PZ80uKHYrFqAit0JTwX2n8XQ4u2uf4hgi3sKrTjx5JnAkLLFdPHM4K+zGovMs2m4ub RjtRzcQ7lKQ1rYyF0A4A56N33e+71DJofmRW+qqKBbkKuN/h/8BYu8i+YgFITGWKl7oB DZSo5ZAa1Ez72JRGO2+7i2SRtR8QIGYR5rT57AYpVGMk/BH927we1Ges8K8ISf9Y/Xhg gu2c9pkBMCeunX9RJufNRBsgN2wR68w4+4OCyGzZ2EvioZ+LZKybUY/9uSV9hDxY29mA mRnwANVE7A9B4WpDvvcTMbcmhippE/0ieXMZF57Osnq1D6caRxTURCOMSkFBvbvjZ85G v9gg== X-Forwarded-Encrypted: i=1; AJvYcCWdEkLbfkqSJVRTnEVl8y310AQXXwXklOA/dkDQL2s8AlZpKjePYwgz8VZ3hwHI3WxYge73VY4ABKnIKEioZcPMS36qiqE=@freebsd.org, AJvYcCWeQxu5Rza9JzNdhxepGEUOwLV5Z53YxwwywoCzyeblI26tjfUT0Ep5Y6A/AS0L9QPy95vhcSepbZkCvuH5gwkKflBt@freebsd.org X-Gm-Message-State: AOJu0YyDQ5VVdMUqbQ1hyOAsaXOJngS62I3+/YpN3KbQt59QhKUJl3rI f7f74aua+FSZMuYWXTBmwZMtcI1PMRH4I1zk8n9lfkpVymhRilUgtDNwUTJUDpdHKyNe3zLgdwr GOPrA+/8n5qrKcWz6HsP2+aZm1xdHH4CF X-Gm-Gg: ASbGnctm1PDZ1yUzaAZ/Z6lvwg128S+b9MLVLHwWr9J9gYFKlFQ0aMO23hGfCRh9uU2 nxFs8x+VVunriEgvb93BHr2njQMo1+4txxoox1w== X-Google-Smtp-Source: AGHT+IHdMJNf4JrxnM4DBmAlg+FsRDmfgQYRmLZD1SgYNeEmsVH8t3oLMDhMPhkOFsAqT/SMm4hFExxQQU87OPgARGo= X-Received: by 2002:a05:6e02:1565:b0:3a7:708b:da28 with SMTP id e9e14a558f8ab-3bdc4e21d72mr27253395ab.21.1734535355946; Wed, 18 Dec 2024 07:22:35 -0800 (PST) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> In-Reply-To: From: Ed Maste Date: Wed, 18 Dec 2024 10:22:24 -0500 Message-ID: Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length To: John Baldwin Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-2.37 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_SHORT(-0.82)[-0.823]; NEURAL_HAM_LONG(-0.65)[-0.650]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), No valid DKIM,none]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FREEFALL_USER(0.00)[carpeddiem]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_ONE(0.00)[1]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.41:from]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.41:from]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org]; RCPT_COUNT_THREE(0.00)[4] X-Rspamd-Queue-Id: 4YCy994FG1z4QrS X-Spamd-Bar: -- On Mon, 16 Dec 2024 at 18:16, John Baldwin wrote: > > Well, the default --short length is not based on when Git detects a conflict, > it's a function of the total number of objects in a repository. This means > it may be different if you just fetch some other remote with many revisions > in the same clone for example. The thing I don't know is what formula git > uses and how close we are/aren't to rolling over to 13 just with src.git > alone. It seems to me that the most fool-proof thing though if we really > want reproduciblility is to drop --short entirely. Short of that, if > you can tell git to run in a mode where it ignores user configuration (though > I don't see a way to do that). I believe the algorithm can be found in repo_find_unique_abbrev_r: unsigned long count = repo_approximate_object_count(r); /* * Add one because the MSB only tells us the highest bit set, * not including the value of all the _other_ bits (so "15" * is only one off of 2^4, but the MSB is the 3rd bit. */ len = msb(count) + 1; /* * We now know we have on the order of 2^len objects, which * expects a collision at 2^(len/2). But we also care about hex * chars, not bits, and there are 4 bits per hex. So all * together we need to divide by 2 and round up. */ len = DIV_ROUND_UP(len, 2); /* * For very small repos, we stick with our regular fallback. */ if (len < FALLBACK_DEFAULT_ABBREV) len = FALLBACK_DEFAULT_ABBREV; Regardless of the algorithm, 12 is in fact the minimum to avoid short conflicts in our tree now. Both 296adaa5766 and 13c64df775c are conflicting 11-character short hashes. Certainly putting the full hash into uname would guarantee reproducibility, although IMO it makes uname unwieldy. That said, it doesn't matter what Git's algorithm chooses as the short hash length; specifying --short bypasses that algorithm. `git rev-parse --verify --short=12 HEAD` will give us a 12-character short hash as long as that hash is unique. The reproducibility concern is thus: what is the probability that the 12-character short hash is unique at the time and in a repo from which an image is built, but is not unique for the attempt to reproduce it, or vice-versa. This probability is rather small. If you look at arbitrary commits 6 or 7 characters are usually sufficient for a unique hash today. For instance, some latest -pX from recent releng/ branches: 13.3: 72aa3d 13.4: 3f40d5 14.0: f10e32 14.1: 74b6c98 14.2: c8918d6 The status quo of --short=12 should be fine for quite some time. From nobody Wed Dec 18 16:17:45 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCzNn6rChz5hY4v; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCzNn5jnGz4VqN; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ek+jmvOCdJd5fqva2h3QxkTKkLfti45bXd+w/gbEj50=; b=diaJxYZpSGLiGNZhT0KZeeSR5cM017zEz5Kkl74mJ/k/zDEYt34cKaN1MOl7v/quIjvFC+ gsGSA0ceBfigoj2iC8S+x1sehMr1Qyf46sjJz1qt52LHCl8aaPdscT8g6x2awupHQD++h+ cI7Si8D++fMjhwDfa7MnVvtJBOSj3sUKmsraofvcHAZLe77cGEKLJnV2SpEN1e64LGvg9c y8bh+61qItlqoHl89hgo9X8TQwIbzizhT685DA5mkSZgHFGRWND0rofpvtw0RZiTHLQbah gWodC1EP2Yt3cu+C5TxOkIxJ25GGqOFKj52+T5l85ure8UoFcrw9IFxOlJK1gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ek+jmvOCdJd5fqva2h3QxkTKkLfti45bXd+w/gbEj50=; b=O10Fe4vkAJGldbfysvwvsNSwx3jLDARy7FmxaOAu9LIDby9UVZbQHH8UmCtSkSwkz6dk/Q ZNc11ExrT9w+Kk5GjfdhpGpr4I9yK1cGlGABP96n8VogyIc+OYJriPa3uDLLXNi0fN++Ai YaSLn7gtQnRLX4+skqoXXW9Lxihyf0rP34uYVJfo/qQrp3CX87Pbkg07juzPiaeNRD5/rr Kqpp1P2k3VCKWZj0zPasYOo/5GnU2pRMTVH/+cMTn628RljQvnTjL207en7kTn3ThEa6ZI CpMU9zkPtiLrLFKvS/lp3t3up5Mso3SYptsnFe1k627a9PoUiwmJsLLqe2ygQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734538665; a=rsa-sha256; cv=none; b=I9YMasqCpjaFybaWWyajbjdg0tKXNKO/eiXZhFoGAISoCdt3sbwIYXWLDpjrLD5nOpNL+p mtSaCOXc4PxA2y9egtyZ0vrXFT07IzppZ8HhgnIPnfYq8gl58uBOau9WtA9E0KZfQRzvt1 sLe6cfqKelDC/L5lzmAu2jJnoLX0EpyttmWW54IszSen6B03/55uwp20Zz9N0oB1duRcq2 IuDY+Q/Zlpjhgp2Iybys8hlNt5OMWWD7Fbe9R6xpasNuvyOv4qnbltr3i+OFPXAZhHmzLd T9OIQGTDR1cTC0jhzn5QDwIYK33a/AAZTruu3UBHHC+rm1VufrFo1BrvFn0zMg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCzNn5KTfzFk6; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIGHjcT099405; Wed, 18 Dec 2024 16:17:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIGHjw1099402; Wed, 18 Dec 2024 16:17:45 GMT (envelope-from git) Date: Wed, 18 Dec 2024 16:17:45 GMT Message-Id: <202412181617.4BIGHjw1099402@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 3624de539499 - main - if_ovpn: improve reconnect handling List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3624de5394991c0cacd42d5a3b33e35c1a002e09 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=3624de5394991c0cacd42d5a3b33e35c1a002e09 commit 3624de5394991c0cacd42d5a3b33e35c1a002e09 Author: Kristof Provost AuthorDate: 2024-12-18 16:10:29 +0000 Commit: Kristof Provost CommitDate: 2024-12-18 16:10:29 +0000 if_ovpn: improve reconnect handling When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new socket rather than reusing the existing one. This used to be rejected because we expect all peers to use the same socket. However, if there are no peers it's safe to release the previous socket and install the tunnel function on the new one. See also: https://redmine.pfsense.org/issues/15928 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index b269742ed8b9..8dc90ecce725 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -622,8 +622,20 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl) } /* Must be the same socket as for other peers on this interface. */ - if (sc->so != NULL && so != sc->so) - goto error_locked; + if (sc->so != NULL && so != sc->so) { + if (! RB_EMPTY(&sc->peers)) { + ret = EBUSY; + goto error_locked; + } + + /* + * If we have no peers we can safely release the socket and accept + * a new one. + */ + ret = udp_set_kernel_tunneling(sc->so, NULL, NULL, NULL); + sorele(sc->so); + sc->so = NULL; + } if (sc->so == NULL) { sc->so = so; From nobody Wed Dec 18 16:21:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCzTQ4FBpz5hY8w; Wed, 18 Dec 2024 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCzTQ3n7Qz4Wwr; Wed, 18 Dec 2024 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538906; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OcAhHM2EgyedwOdRPxUovAtDbDoHDqVYCokIG7B/QS4=; b=wiJ9SY3CF81I1CxrvXgxgCfAROWhTRvgNNd6CJx2i/ODiUQjHQLsx5a9LVquWRNST/ueNu ZI1NmT1Yg2Jn2IxJ14MJ80fwSoc/+px0XsZeTofgFYcgVWmzZfc0j+X7Y7X6sOtDhsp26c Zwy9cKNIx3NodOT4dnuXaoaSd8ndvf4YQDPp5vINQD+cM4fIwGS8ju7eJcrpX7OLvWeAha MiTUTgDl7/hF390p5Z5Arg38P5FZCYo5rK7lQ85Z7t9WcYdGlvvJIisfLpB6bvu/xoT20W YhwwZXsZ3DRFaxisE1XLIPgqrIzi1V8Ii9DBVA+CsL7PwUrJzBim6ZWyjU/8DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538906; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OcAhHM2EgyedwOdRPxUovAtDbDoHDqVYCokIG7B/QS4=; b=ynSbLe7W6bf5/yUUOKV08QOj2jqvPngGqxh1hOlDwrqQ0Nei7lnI+WNsgWHq4zIPuEVPzV GRMW47gEfeqS82k5b3z8gUn4QziRGP5K2y/r5IbVEFtWy40RyPLYNtPdzyNhr8AMBxzm/w kTqABu2D1JKvaVO2BxCX+3LgNfSyokYIFGoOsEq9VSYemQ2IVUXf0NVDs2GCPaVF6QhYyO K1ISgOVOTyxzR46MjEqLYR9QX9bfOubK0wW66JVGTTdx+nbvMHg9QRjOgOqj2/NhGQF35f Z3qXyB6urVnAYQVRpqpew+ZRBqr3GbJcoh9LdMveYiRySBBn1Oywpv6uUl33zQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734538906; a=rsa-sha256; cv=none; b=hDS1pti7g7XxUT2LxI0Mgm14SlHq/sA6jfymvxxOJf7yEMxqjQ3OcW66GnfjxEJ1LCoAMJ jElsrBWNdJ1RXHeLVLc4LgidsM3FnGxG+/7l6ejID4LvAtjgUTsko9JM6E4yS5IBhsv2IY aBetqoUmSSC7g8Y5VLRlmLvYYlN4aHsmOWDP0lj0R4fQzQ0pd+wLHhvBVFH+liJ1x1ppn1 G3nedVBRCUGMJIqUhe4J+6ON/U5TajugDJR2BvLB924hy0RBjhjrrhdVtyr2gxQLHOwSwW CXtDUmWagzdTrzPJUHe/GB540ru7TeL2jfnkIzCQg17HCH48ZRytRucGr8c6mQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCzTQ3MpszG1w; Wed, 18 Dec 2024 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIGLkj2015473; Wed, 18 Dec 2024 16:21:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIGLkkC015470; Wed, 18 Dec 2024 16:21:46 GMT (envelope-from git) Date: Wed, 18 Dec 2024 16:21:46 GMT Message-Id: <202412181621.4BIGLkkC015470@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alan Somers Subject: git: b18799757947 - main - fusefs: More accurately test the unique tokens in the test suite List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b1879975794772ee51f0b4865753364c7d7626c3 Auto-Submitted: auto-generated The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=b1879975794772ee51f0b4865753364c7d7626c3 commit b1879975794772ee51f0b4865753364c7d7626c3 Author: Alan Somers AuthorDate: 2024-12-18 01:38:05 +0000 Commit: Alan Somers CommitDate: 2024-12-18 16:21:35 +0000 fusefs: More accurately test the unique tokens in the test suite Every fuse ticket has a "unique" token. As the name implies, they're supposed to be unique. Previously the fusefs test suite verified their uniqueness by relying on the fact that they are also sequential. But they aren't guaranteed to be sequential. Enhance the tests by removing that convenient assumption. MFC after: 2 weeks Sponsored by: Axcient --- tests/sys/fs/fusefs/mockfs.cc | 15 ++++++--------- tests/sys/fs/fusefs/mockfs.hh | 6 ++++-- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/tests/sys/fs/fusefs/mockfs.cc b/tests/sys/fs/fusefs/mockfs.cc index bd7bd1b663f9..023cecd0276f 100644 --- a/tests/sys/fs/fusefs/mockfs.cc +++ b/tests/sys/fs/fusefs/mockfs.cc @@ -421,6 +421,7 @@ MockFS::MockFS(int max_readahead, bool allow_other, bool default_permissions, uint32_t kernel_minor_version, uint32_t max_write, bool async, bool noclusterr, unsigned time_gran, bool nointr, bool noatime, const char *fsname, const char *subtype) + : m_uniques(new std::unordered_set) { struct sigaction sa; struct iovec *iov = NULL; @@ -436,7 +437,7 @@ MockFS::MockFS(int max_readahead, bool allow_other, bool default_permissions, m_pm = pm; m_time_gran = time_gran; m_quit = false; - m_last_unique = 0; + if (m_pm == KQ) m_kq = kqueue(); else @@ -738,14 +739,10 @@ void MockFS::audit_request(const mockfs_buf_in &in, ssize_t buflen) { default: FAIL() << "Unknown opcode " << in.header.opcode; } - /* - * Check that the ticket's unique value is sequential. Technically it - * doesn't need to be sequential, merely unique. But the current - * fusefs driver _does_ make it sequential, and that's easy to check - * for. - */ - if (in.header.unique != ++m_last_unique) - FAIL() << "Non-sequential unique value"; + /* Verify that the ticket's unique value is actually unique. */ + if (m_uniques->find(in.header.unique) != m_uniques->end()) + FAIL() << "Non-unique \"unique\" value"; + m_uniques->insert(in.header.unique); } void MockFS::init(uint32_t flags) { diff --git a/tests/sys/fs/fusefs/mockfs.hh b/tests/sys/fs/fusefs/mockfs.hh index 958964f769d4..38efcd049a61 100644 --- a/tests/sys/fs/fusefs/mockfs.hh +++ b/tests/sys/fs/fusefs/mockfs.hh @@ -36,6 +36,8 @@ extern "C" { #include "fuse_kernel.h" } +#include + #include #define TIME_T_MAX (std::numeric_limits::max()) @@ -298,8 +300,8 @@ class MockFS { /* pid of the test process */ pid_t m_pid; - /* The unique value of the header of the last received operation */ - uint64_t m_last_unique; + /* Every "unique" value of a fuse ticket seen so far */ + std::unique_ptr> m_uniques; /* Method the daemon should use for I/O to and from /dev/fuse */ enum poll_method m_pm; From nobody Wed Dec 18 17:12:36 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD0c73qKxz5hcC1; Wed, 18 Dec 2024 17:12:39 +0000 (UTC) (envelope-from glebius@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD0c73MgMz4dCn; Wed, 18 Dec 2024 17:12:39 +0000 (UTC) (envelope-from glebius@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734541959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TTAqOYEeuaHDX3Y/oH4trNs/NjVNba6Bc6gj1U5Bypc=; b=KU2Qs4aLoHxyOewqwaaMWEcz+1hc2IjKB9nfFoe1iMmxtsQBUOaS0oJVJl5uvLrmIyg2CJ s8/lGu61uN6l/XyylP2fi37++mp4PKO97Zu5TZa7qPnJ38bfJMq9Elsz4XW25ZWWdD1KDd JtMnZKvBnhWwyrmTw8+oJfX+f2ZffS5yYLgqe7X9jF9IaT3D6SqF2jTdXnneqIpr2Uf+Y7 ccMYoGJyHT6M/l3GNbxlNoP6tgbrKkGOTQ5rxxPcy4p5VbgBiCOcGadVH6mRxan9uMdZkW 4dWpVPodg6T5c5BbZYBNZvqfEXnNTUuA0mep8neKTHRYh0IGK0jYIDX7vsHZdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734541959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TTAqOYEeuaHDX3Y/oH4trNs/NjVNba6Bc6gj1U5Bypc=; b=rA6uf2ZlphGs4Fk0+347BDez1wsxAW1ILEnIemYH4ygW+bcvJ3WyHxElQ6VwhJMh7+V/m6 vaDqObE6FJOLCiRiu27jPhuiMXRyw/yQAgdFYy0mpHnBrnBeKlfQx/naDHAzKmmhzJWOUB CqYKHeOmyT4y4J82NuXcJshID4TBt2HOti73IP2lE21/OKC+pLFM2NMkA1pNPc/XdHWQ8l vndj6yNnrIROlikoK1Yo7KJkIelkqsxT9tDbir9DgTD+PrfjE3kOupkDPqinZavrIdRIUY /+me7jb0kB75ZtI8Xjo2hPTcD7JP/PR3H8gINElOge4fXt4jKTOQVhitT0gQWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734541959; a=rsa-sha256; cv=none; b=nApD8k9jhK31vUjh+D9S/v8wRbFX9Wj6R2zdZz09o5R1Tszvv+daU2WRMQGqASiHvKhROh MVAxwhHCDc/dz/N1YB26J0Zn0LTJzZYrdaHB045J7B64VvS7WK+WGjMKJMC8h5ZdQ4bCwu GEthohke7Sc/tF5m9wlVi3uZ9cCZPfiRyzH37FnG27ngIOrctw9XQSvFqyJ57oi4w9w0Im YNrOSvPx2X84Vuucg6wiQMCiut8gyPj8V4V/YuNN7HNH53HtdYbAkiC1w7rey8v/jxCR7k +SCdYggKdf9rB3dhpcD9UmoFBeVQgLZXe08/OcPo1mPu2uiO1qKMH+SbNLGGjw== Received: from cell.glebi.us (glebi.us [162.251.186.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: glebius) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YD0c65d15z1J1W; Wed, 18 Dec 2024 17:12:38 +0000 (UTC) (envelope-from glebius@freebsd.org) Date: Wed, 18 Dec 2024 09:12:36 -0800 From: Gleb Smirnoff To: Ed Maste Cc: John Baldwin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length Message-ID: References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Dec 18, 2024 at 10:22:24AM -0500, Ed Maste wrote: E> That said, it doesn't matter what Git's algorithm chooses as the short E> hash length; specifying --short bypasses that algorithm. `git E> rev-parse --verify --short=12 HEAD` will give us a 12-character short E> hash as long as that hash is unique. The reproducibility concern is E> thus: what is the probability that the 12-character short hash is E> unique at the time and in a repo from which an image is built, but is E> not unique for the attempt to reproduce it, or vice-versa. This E> probability is rather small. E> E> If you look at arbitrary commits 6 or 7 characters are usually E> sufficient for a unique hash today. For instance, some latest -pX from E> recent releng/ branches: E> E> 13.3: 72aa3d E> 13.4: 3f40d5 E> 14.0: f10e32 E> 14.1: 74b6c98 E> 14.2: c8918d6 E> E> The status quo of --short=12 should be fine for quite some time. AFAIU John's concern is that you can't guarantee a reproducible build from a "dirty" repository. A repository that has more branches than just the official ones. I just make a quick check on Netflix repo, that has both the current FreeBSD history and the before-the-official-git history together, as well as splitted ports subdirectories and of course our own stuff. For short hashes there are roughly 2x more ambiguities than for a "clean" repo. Apparently chance of collision on a long hash is also doubled. We can of course say that we don't provide reproducible builds from a "dirty" repo. But would be a real limitation. That would cancel a legitimate scenario: git subtree add FreeBSD && cd FreeBSD && make a reproducible build -- Gleb Smirnoff From nobody Wed Dec 18 18:25:19 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD2Cz6GpJz5hhYr; Wed, 18 Dec 2024 18:25:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD2Cz5Qdxz4mpM; Wed, 18 Dec 2024 18:25:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734546319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gUM+lNjTD3vaAoiFGxkDPUcDUbDE0wkDSrayMgMqSr0=; b=eE58w84mfca0mUHdBByEHz1Wunr6xhngN6vdzUIw1WLzkGvJyK9LP4i6j8kvszb2i2yH61 NYoGn8qOMQt+0hPaf2VtOwfXiWj3fuuAM10txHINJKHo3v2bNvWou2QMZSMLgHoiId3aKt uw1sG1BkGgVqVyhorsFRDLGukRoRRRB2CTJr/Jz+tGnhgW/L2A0uc0mPe763DlyXdE4Tkd cDUsezpmoLJaicjqTU0vtCW26a9kE6Qa/N+gSCz6APhKrDedEqtsu4Jc9DAcPhjWSwg0Cx 2sprbJSjm0VO56rYgWap4jMitb2UbpRj5dVvMWDfoOoiTZF1qaH09ZzNuZk1nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734546319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gUM+lNjTD3vaAoiFGxkDPUcDUbDE0wkDSrayMgMqSr0=; b=Xv8nm4O6f14/v253ZG58WppnVCJEKGDVkKwptFz0Hl9cYz6oR3vsMmB/lLL3jaopimU3jF CpwhrFWSW+9g+rKWZ/TrTqIG0HnvhWZU/Ck2+UUhl55il1wOUQyHU30Og+aY/oMZYx9zLI bQI3wj49LP096D/XRfB0qR0aX/dVymqetbzWwTT/aNnKwMO3GTxLegfBmMFgaz1USC0gv1 JvOyVA7BvEcfKO0Nd9/q/8KtE8+BrRCysMsmKt3gtB6DGBsZNaQuiXUpbRxbnxwgN97+6N irQ8iMk+EBIbDKyiVj3IcT+hyqfs3GxnqYZItLWQa7DlPQroNh3eegvI6ISwuw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734546319; a=rsa-sha256; cv=none; b=AEE/CuD7mHl/70WPH9o+RjjFqdKzjR697uJFiB/fcHTsIHBPrunCk0B0NojotnNKfxutw8 7p7SmwC5rTRw4WLGmPnIApD9dMjD4TKnVM9IohZF4WeqVjqzv+Fr1aLFsE1iSr6uXcuIWx M/xhzX6/LVhVFr5YehgTICBCvwg/Bcah/lKEd9VvPCiu0Rldv+9ZhYKn0RvW3Ykesl5CMJ 8cngRUTUn55OKUDlmdN4GgJJ5eBzqpSLB4IcQ86z4jAYO+im1SehpCKL68lsPmtlHaAkiT 4eeEf8VjDKfi+yoEklCSokqGUfQ+yCdpy5gdyDRL5hcF+MsauTwu5hXHVsTicg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD2Cz51xKzJ6v; Wed, 18 Dec 2024 18:25:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIIPJUs040725; Wed, 18 Dec 2024 18:25:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIIPJ9J040722; Wed, 18 Dec 2024 18:25:19 GMT (envelope-from git) Date: Wed, 18 Dec 2024 18:25:19 GMT Message-Id: <202412181825.4BIIPJ9J040722@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alan Somers Subject: git: 53f73aaffdda - main - fusefs: delete a comment in the tests List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 53f73aaffddaedff019555679d686ec401330d39 Auto-Submitted: auto-generated The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=53f73aaffddaedff019555679d686ec401330d39 commit 53f73aaffddaedff019555679d686ec401330d39 Author: Alan Somers AuthorDate: 2024-12-18 18:24:03 +0000 Commit: Alan Somers CommitDate: 2024-12-18 18:24:03 +0000 fusefs: delete a comment in the tests Even on a riscv embedded system, the fusefs tests run fast enough that 10 seconds is a reasonable timeout. [skip ci] MFC after: 2 weeks Sponsored by: ConnectWise --- tests/sys/fs/fusefs/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/sys/fs/fusefs/Makefile b/tests/sys/fs/fusefs/Makefile index 86d942bea472..d91199fd519e 100644 --- a/tests/sys/fs/fusefs/Makefile +++ b/tests/sys/fs/fusefs/Makefile @@ -65,7 +65,6 @@ TEST_METADATA.default_permissions_privileged+= required_user="root" TEST_METADATA.mknod+= required_user="root" TEST_METADATA.nfs+= required_user="root" -# TODO: drastically increase timeout after test development is mostly complete TEST_METADATA+= timeout=10 FUSEFS= ${SRCTOP}/sys/fs/fuse From nobody Wed Dec 18 18:38:30 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD2WB657rz5hjFd; Wed, 18 Dec 2024 18:38:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD2WB5S8pz4pGZ; Wed, 18 Dec 2024 18:38:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734547110; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tj2TK+W4Lu42OLdGP3BDrj1mkHOBRtKTcloNvhArNqE=; b=K8wyoX8XHYM5dkEHtD++UpYObpgizjiY6s40dIfGSlIqHV00BjcDkB7emFm+v4WFTWSpYn Z3U7k7GZ5B9bacun3YBqRv42HHUhJVNLf4EuM4p/wKt+oF+2Yg6ujBbJ2JM6in7HRUc+r1 bv6C09jIrtAENnPFeyAM5KtGU3c4e/dwfer/BP/zlFDgW6Jqer7DswXUFHLNdwYsrlDcxr 4idomT40fVEBOscS5svocJpwpb78aWt/gwtQ2G4q/t/J0wizrRcv26v1/0ruUQrUfp2IVe jl1RnPi5DqjyiL2sg32lrq6xkGotNBL4kRz1lUuBEtI6Y2LPPzhW6cph6j8jnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734547110; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tj2TK+W4Lu42OLdGP3BDrj1mkHOBRtKTcloNvhArNqE=; b=kOoA/Chw5wS94C/bPCLXh7CrK+fy1peCdtAxv025ochHXP5kHgaFuhyhIC+lnYDenJlRAY /pY8JUOAwEThJvYAi8yrVuqpVmuKdo3YyUge0iaWrqVUT101LDj3ZZ48q7w95TF/Gvb6aQ GSeUw3kziKIrGFwvKQDK9kzU5hh9o6xkLkSk7gwnsJPu0c2CWk0+tagznzUAd0C4cVM/2N IPp7c4K8xU9V7u+vpDtO630qsXo38auveTQsYVxosrs60FKXCXcKGhXVIl6uxVcVQMZZ1m Gp6fHCKgnQl67ESI6l3OnyRi8vsJew0PKnEXxNYS2RKx0Wk27t5IuzVGV4ms0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734547110; a=rsa-sha256; cv=none; b=l+ZDyLWS/iuGTqtqN5Dgh6NZDq0L1s9KFBhbwvwHThuxj5BJkrB8rLVxTCnE5yHD86nQnb MeEYx12N8lHTPT6/H48lK9DaAPhA3T9d9n5YKgMr5AlbIGbeL9XTMe1gZAiSK6ZD5BDBlW Ob6UmpdJdWY6YSUv6aBAn7D4AnqQ92TSm8GFPxJdIlDfQu0U15148fOtdJIj4le/er4qez Npw/pPCpOgStPOg/A6BT4mBb++Q3jRSCiWzzGAtr3fo7aarRCaaY2mrtIHA+ZgfyCqnDyj e7GSGMxACTYJ6+bK+LbHcFQC3VnRy37nzoLtqJsIRxi+2TchwVZPYKK0UvTLog== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD2WB4xPvzJvH; Wed, 18 Dec 2024 18:38:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIIcUp5061151; Wed, 18 Dec 2024 18:38:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIIcUMt061148; Wed, 18 Dec 2024 18:38:30 GMT (envelope-from git) Date: Wed, 18 Dec 2024 18:38:30 GMT Message-Id: <202412181838.4BIIcUMt061148@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: ff7e00eb4dd6 - main - tests: remove reference to renamed test List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ff7e00eb4dd6bbe5f7621e77f887766b162929fc Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=ff7e00eb4dd6bbe5f7621e77f887766b162929fc commit ff7e00eb4dd6bbe5f7621e77f887766b162929fc Author: Gleb Smirnoff AuthorDate: 2024-12-18 18:38:10 +0000 Commit: Gleb Smirnoff CommitDate: 2024-12-18 18:38:10 +0000 tests: remove reference to renamed test Fixes: ae5c3dfd3e75bb287984947359d4f958aea505ec --- tests/sys/netinet/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/sys/netinet/Makefile b/tests/sys/netinet/Makefile index 786b79aa94c7..9fac7152e137 100644 --- a/tests/sys/netinet/Makefile +++ b/tests/sys/netinet/Makefile @@ -40,7 +40,6 @@ TEST_METADATA.forward+= required_programs="python" \ execenv_jail_params="vnet allow.raw_sockets" TEST_METADATA.output+= required_programs="python" TEST_METADATA.redirect+= required_programs="python" -TEST_METADATA.tcp6_v4mapped_bind_test+= is_exclusive="true" PROGS= udp_dontroute tcp_user_cookie From nobody Wed Dec 18 19:32:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD3jg1rybz5gnSm; Wed, 18 Dec 2024 19:32:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD3jg1J8Kz4wBQ; Wed, 18 Dec 2024 19:32:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734550359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oehJwsDeYLvhru6eoRLbqsITpPMsWNGVnwmbiwcYB5g=; b=ltLyzqY4DYx1eo7jN+HXfgJh0GQlDrz+JCAewrgBVVMNhA99KvKez7C2pMZUDQeuxJvAvV gjY2IUrmKHxwf0Nc1KLYkEjfep2GLgOohNXx/8nupCiCVQD//Tf8j2Oqi5NiHjZk6x6t7c nQy5FxqcdM9Q2l8aoYDlLpkULyKpTvW/WyLsjrFMUPIGK6WnFXMY2bdMwunPkIAqc/+J4r V383R8bIHeXgZEwlnx35FLQ6srUbrqYUtsaW/xbD74bw6Q1KLwQ9Xqt7pLS4aJlE1YSXC5 nYB7C5spMARHHiru3OGmdTaHBQPGMgNxTTS7xWnqPP0NdtRpCf7AsdcVIDldzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734550359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oehJwsDeYLvhru6eoRLbqsITpPMsWNGVnwmbiwcYB5g=; b=sMmOjpni5qtkzI7MJGUaTnPx2/1kjslEQYtyd3euIbCnPkd5Oyx6gM7r3Ccia3Jk82Nih5 s1vgPMZ9RXuLUwPyERaRdkCJUWBFtGls94xoMXI+GnoxFqbfKKdpuhhK8FaHCsOxoYdHlS 45ZibZoLqckzVBnqvyxn5IjzMxT/ew7S+n3Ajlot7UZvTiIlnGe4680isnjT9c42cNOxHb w7VVUDf4J2bPUbOTeNARWfuD/AH6K94+SOR+mnUs7bXKB5qPNzo3Zr+GnDJ4tBsSQkoTmZ OdXv3nxx4pMXfNmH6YoVtciwP4IJQsbf5egKXipMYrleiJoGwqoEjy7AdY6tPA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734550359; a=rsa-sha256; cv=none; b=qu2+fIs+eeDvrSyK0GESClnjCLhNrmY+n2QM0F+1TMxJGhK7bpRJVkLW81pg0Ds9xWMv1H bhyK5ceYTZ7EJ+gfm0DdUmKZMHeMlO+QaqLnDO66GORg7dJbKqNs/dgYhI6/MIFx9lI2CC j9CnnacT7BmvG6sEwfLMlW03U9XjpLW7SP2U2n/WD/LwJTcoN7i8RPFwNYvHHwSBRpN3bG cHR7PIdEr7lj2cPmnuYfRfBVBOCgt6UXAct00VHA4kKz1mcfOB0wbDNBqf1ANNTujJ41fU 7Ha1vQ7QrGtjU+ROJELHeXhTG5u/siNW3z9vWJM2CrO6D6zxnjX3dQDtM/gm6w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD3jg0vp4zM5N; Wed, 18 Dec 2024 19:32:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIJWdU4070804; Wed, 18 Dec 2024 19:32:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIJWd8v070801; Wed, 18 Dec 2024 19:32:39 GMT (envelope-from git) Date: Wed, 18 Dec 2024 19:32:39 GMT Message-Id: <202412181932.4BIJWd8v070801@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: cf6b389f7c48 - main - rtwn: add tx power training for RTL8812/RTL8821 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cf6b389f7c485f735c3d84a7e3fe6833e91321e4 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=cf6b389f7c485f735c3d84a7e3fe6833e91321e4 commit cf6b389f7c485f735c3d84a7e3fe6833e91321e4 Author: Adrian Chadd AuthorDate: 2024-12-07 15:47:45 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 19:31:18 +0000 rtwn: add tx power training for RTL8812/RTL8821 This apparently kicks off TX power level self-calibration, which can't hurt. Locally tested: * RTL8812AU, STA * RTL8821AU, STA Obtained from: Linux rtw88 Differential Revision: https://reviews.freebsd.org/D47978 Reviewed by: bz, imp --- sys/dev/rtwn/rtl8812a/r12a_chan.c | 32 ++++++++++++++++++++++++++++++++ sys/dev/rtwn/rtl8812a/r12a_reg.h | 1 + 2 files changed, 33 insertions(+) diff --git a/sys/dev/rtwn/rtl8812a/r12a_chan.c b/sys/dev/rtwn/rtl8812a/r12a_chan.c index 749f0e09e831..d71e0a8177fd 100644 --- a/sys/dev/rtwn/rtl8812a/r12a_chan.c +++ b/sys/dev/rtwn/rtl8812a/r12a_chan.c @@ -180,6 +180,36 @@ r12a_write_txpower_ofdm(struct rtwn_softc *sc, int chain, SM(R12A_TXAGC_OFDM54, power[RTWN_RIDX_OFDM54])); } +static void +r12a_tx_power_training(struct rtwn_softc *sc, int chain, + const struct ieee80211_channel *c, uint8_t power[RTWN_RIDX_COUNT]) +{ + uint32_t write_data; + int32_t power_level; + int i; + + write_data = 0; + + power_level = (int32_t) power[RTWN_RIDX_HT_MCS(7)]; + for (i = 0; i < 3; i++) { + if (i == 0) + power_level -= 10; + else if (i == 1) + power_level -= 8; + else + power_level -= 6; + + /* Handle underflow and the minimum value (2) */ + if (power_level < 2) + power_level = 2; + + write_data |= ((power_level & 0xff) << (i * 8)); + } + + rtwn_bb_setbits(sc, R12A_TX_PWR_TRAINING(chain), + 0x00ffffff, write_data); +} + static void r12a_write_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, uint8_t power[RTWN_RIDX_COUNT]) @@ -189,6 +219,8 @@ r12a_write_txpower(struct rtwn_softc *sc, int chain, r12a_write_txpower_ofdm(sc, chain, c, power); r12a_write_txpower_ht(sc, chain, c, power); r12a_write_txpower_vht(sc, chain, c, power); + + r12a_tx_power_training(sc, chain, c, power); } static int diff --git a/sys/dev/rtwn/rtl8812a/r12a_reg.h b/sys/dev/rtwn/rtl8812a/r12a_reg.h index 13867fb76973..f1fc4ee2f302 100644 --- a/sys/dev/rtwn/rtl8812a/r12a_reg.h +++ b/sys/dev/rtwn/rtl8812a/r12a_reg.h @@ -124,6 +124,7 @@ #define R12A_TXAGC_NSS2IX5_2IX2(chain) (0xc48 + (chain) * 0x200) #define R12A_TXAGC_NSS2IX9_2IX6(chain) (0xc4c + (chain) * 0x200) #define R12A_INITIAL_GAIN(chain) (0xc50 + (chain) * 0x200) +#define R12A_TX_PWR_TRAINING(chain) (0xc54 + (chain) * 0x200) #define R12A_AFE_POWER_1(chain) (0xc60 + (chain) * 0x200) #define R12A_AFE_POWER_2(chain) (0xc64 + (chain) * 0x200) #define R12A_SLEEP_NAV(chain) (0xc80 + (chain) * 0x200) From nobody Wed Dec 18 21:21:24 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD67P1tRbz5gx61; Wed, 18 Dec 2024 21:21:37 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-il1-f172.google.com (mail-il1-f172.google.com [209.85.166.172]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD67P09jQz55G4; Wed, 18 Dec 2024 21:21:37 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-f172.google.com with SMTP id e9e14a558f8ab-3a81324bbdcso533635ab.1; Wed, 18 Dec 2024 13:21:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734556896; x=1735161696; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=beryF4TW9ubuGG+GmK5J2qrK82o02wfdcsgCRSNfJ38=; b=oRze5asgXJ20J+n/yUGlRvjj/75+Mdoxo8zaTENfXOZ93cGY02QpXdRiNL7KZTWGhE Vs6JQodk++ekG9eSvbJf5s1n9ddzNrheoyZFdbW9bL9kvMxSQfKk6rP+MOrbATrXIRUB B/WpLoZIif9Q8wmsW8JAaIQ35kIlQDszyR8nJbKtsZyp+qbgBKin/tv5egEs+EuvZVpN tlugmHkVrtnf9wWmONzsFlnyzpMoU8YbjYZj0M6E71JP9K6t0xGOaAoeefDecQcZvOAe sOWdNV22FXwGZyNhzDsOBW0cZ2m9vAFA9MeVTDDbDXI7AvYpCWYblH0xVPzAKKapZ3E6 XqFA== X-Forwarded-Encrypted: i=1; AJvYcCVpM3eyfdeiOdvAVWfRmPFc6X95BhqEE3Qk2CszIvG/qMmA4s5quUgX9HrqLpaM+nHonoyh3l1rqPzCeoWcjkarmYWR@freebsd.org, AJvYcCW2Ytj/BhkK9nWXvQGewCQh6dK0iwirBzUVdF6h+zUcsMz3XmdsuimSgg6nlbNKnS6EDxATLjHzIPQaudxcoT8=@freebsd.org, AJvYcCWxKsvnOg25sRTbX26NroqfZQum4OtuXBVixh/CX6Omalfg/W7GPw4G19w61yB5dHQDRCJDYeRfeScJ7fzUZ/kXX4PClWE=@freebsd.org X-Gm-Message-State: AOJu0YzgQ6RxlweLeCyXHLa5AJbfPEdmlhizsoqCgVkQ8I3h8Dz6lR33 tXv2deOl++9lZ1AFz3Fy0C7yQeJJt3mgar3pwueTg/6pEiQyfVyCnvGZJlvkmLFR5xVAggVvWMN 27RAqUaRBhnC3NELndDznmKjoxRsEbCsV X-Gm-Gg: ASbGnctPnZMbVaCRVSM4kdoLJmNjI1TwaXGpaVC0z478FXPj63jgz6epOlDbpB+0dMD qplgad1K1umEQ6IkgX5sAPmiTn5larYK2D9MjooEocxm6L3XcKdT8UHAWY18Jt5Ttur/Uchk3 X-Google-Smtp-Source: AGHT+IGA9MjR4BaN/TZF1RWDp0J9d//GlL3YjzeqR9gwN6nSZLwamnc7LYNPdSQAtVcDJ+Bppu775kQ2AWTsluOgm0k= X-Received: by 2002:a05:6e02:3b89:b0:3a7:dd45:bca1 with SMTP id e9e14a558f8ab-3c013b0716amr10838245ab.17.1734556895855; Wed, 18 Dec 2024 13:21:35 -0800 (PST) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> In-Reply-To: From: Ed Maste Date: Wed, 18 Dec 2024 16:21:24 -0500 Message-ID: Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length To: Gleb Smirnoff Cc: John Baldwin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4YD67P09jQz55G4 X-Spamd-Bar: ---- On Wed, 18 Dec 2024 at 12:12, Gleb Smirnoff wrote: > > E> The status quo of --short=12 should be fine for quite some time. > > AFAIU John's concern is that you can't guarantee a reproducible build from a > "dirty" repository. A repository that has more branches than just the official > ones. I just make a quick check on Netflix repo, that has both the current > FreeBSD history and the before-the-official-git history together, as well as > splitted ports subdirectories and of course our own stuff. For short hashes > there are roughly 2x more ambiguities than for a "clean" repo. Apparently > chance of collision on a long hash is also doubled. I suspect the six or seven character hashes I listed are still unique in your repository. If not, adding one more character to get to seven or eight will be enough. Pick a release and give `git rev-parse --verify --short=1 ` a try in your repo -- I'm sure you'll get a unique short hash that's still much shorter than 12 characters. From nobody Wed Dec 18 23:48:57 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PP61Lrz5h7nX; Wed, 18 Dec 2024 23:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PP5QLfz44dW; Wed, 18 Dec 2024 23:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565737; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qmfauz8nY4DZK3/OEjFNwsPqhEj6ViO4cx48KUF5UjE=; b=qnorBnm/RRJHXikmRpxBzLV+ykGOnHZPTUHikHej3efruUuk8QYT5cVb1o8nTr8mekW7E8 A1Pz7AAQstmeHJUyOy/W2/i8SQ4k4i7KyvRzNdCfZx/Pz8UP0gQu3EYcoo+nR3BUPk7ZG1 UcA/YSCnr/lPUnqvhrAvtR4nRPVesQBL0WtElpZyd2885Cdndff1mikWzJ3ur5OrpJ0mpu 0ZmD1xfAd+tZq2/y1NIstlE6CSh/K/jlgDZZnjwRiveV15C7jZPhUMJvT4pgP0RhhjcAuf tlbPgbyQxsfMxJsB1hisuZhJSjJIjaM3jeYrZY1si25MfR1zSAoT12qkFO+1Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565737; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qmfauz8nY4DZK3/OEjFNwsPqhEj6ViO4cx48KUF5UjE=; b=oICUdPWrtXLRZGhvfN3/oGZVTMCL7jYCuDEdwr4HY26i2nuJqbGesRAQEGWp8CkO+FtMag FXhUJUfiI3zMnag/FGV5IsmwVNy+eycegSYYB78jDnz6d8Fd3HiaCsYlzdkPhaLihG3B/d CnvFfajL4fclrp1T3XWrONuZlzAS8B/9crLprr++Uy0BUxU2CZxwZ0GN36MsUDaS/KplUH xb+eZlMrtm7KrFbGSGS2p/6klczyxCc0ySoDCSRgEyKUwD65eQVBXX0jed+pSv2Fu997Yh zF/e99LvRpbiSDfIO9T/uZilk0ML4Y/3kcDPOiXnyKLlQY6cLyJepLuf2uZf+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565737; a=rsa-sha256; cv=none; b=Kk6OYNB8TCKajitlqm+MfcXwEKj+6ZmQfMpH/gDc8vNMi7qmCTtW0PEFJKFdzMQp8paeEk 5TB6ggyJjBC1DYI2ve17A+tMNfmi9k3XUrL7trbFsfxB6KLEWBeOX18BtGKXWAu9HembsZ azFw5uIfAcjYgiKGsD7WLMheN+kHrVZERNPnvlVUTGMngytA+e1+EiqjACPL+rt9MLtoho rDVzKHoeny6SoZb4q6VbLLOd0py5tUahs2AmqKhqTfnrFQrS3JC8KjmDxlus3jTEch2kdN goBNyhGSjEN2Q0bTlamz4atGoLmCbSJwWqNUrG2Lns/r088zabtBOHkMxaHAjw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PP4vKwzTLZ; Wed, 18 Dec 2024 23:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINmvOR037998; Wed, 18 Dec 2024 23:48:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINmvvd037995; Wed, 18 Dec 2024 23:48:57 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:48:57 GMT Message-Id: <202412182348.4BINmvvd037995@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: b71805e991fb - main - rtwn: add APIs for setting transmit power List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b71805e991fb955005640bdec81618e37d3af47c Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=b71805e991fb955005640bdec81618e37d3af47c commit b71805e991fb955005640bdec81618e37d3af47c Author: Adrian Chadd AuthorDate: 2024-12-07 16:32:04 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:45:24 +0000 rtwn: add APIs for setting transmit power The RTL8188/RTL8192/RTL8821/RTL8812 NICs all seem happy to have their transmit power changed at runtime - and it does seem to do what's expected - the transmit power level does change. So, add the API call here, even though it's all currently no-ops. A follow-up commit will land changes for the chipsets to both limit transmit power to the configured / regulatory limit AND allow reconfiguration at runtime. Differential Revision: https://reviews.freebsd.org/D47979 Reviewed by: bz, imp --- sys/dev/rtwn/if_rtwn.c | 9 +++++++++ sys/dev/rtwn/if_rtwn_nop.h | 6 ++++++ sys/dev/rtwn/if_rtwnvar.h | 4 ++++ sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c | 1 + sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c | 1 + sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c | 1 + sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c | 1 + sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c | 1 + sys/dev/rtwn/rtl8812a/usb/r12au_attach.c | 1 + sys/dev/rtwn/rtl8821a/usb/r21au_attach.c | 1 + 10 files changed, 26 insertions(+) diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c index d4b45aa9eea7..fdf44467680b 100644 --- a/sys/dev/rtwn/if_rtwn.c +++ b/sys/dev/rtwn/if_rtwn.c @@ -232,6 +232,7 @@ rtwn_attach(struct rtwn_softc *sc) | IEEE80211_C_WME /* 802.11e */ | IEEE80211_C_SWAMSDUTX /* Do software A-MSDU TX */ | IEEE80211_C_FF /* Atheros fast-frames */ + | IEEE80211_C_TXPMGT /* TX power control */ ; if (sc->sc_hwcrypto != RTWN_CRYPTO_SW) { @@ -696,6 +697,14 @@ rtwn_ioctl_reset(struct ieee80211vap *vap, u_long cmd) case IEEE80211_IOC_LDPC: error = 0; break; + case IEEE80211_IOC_TXPOWER: + { + struct rtwn_softc *sc = vap->iv_ic->ic_softc; + RTWN_LOCK(sc); + error = rtwn_set_tx_power(sc, vap); + RTWN_UNLOCK(sc); + } + break; default: error = ENETRESET; break; diff --git a/sys/dev/rtwn/if_rtwn_nop.h b/sys/dev/rtwn/if_rtwn_nop.h index 4d7c63c87cd8..5e205617a12d 100644 --- a/sys/dev/rtwn/if_rtwn_nop.h +++ b/sys/dev/rtwn/if_rtwn_nop.h @@ -54,6 +54,12 @@ rtwn_nop_softc_vap(struct rtwn_softc *sc, struct ieee80211vap *vap) { } +static __inline int +rtwn_nop_int_softc_vap(struct rtwn_softc *sc, struct ieee80211vap *vap) +{ + return (0); +} + static __inline void rtwn_nop_softc_uint8_int(struct rtwn_softc *sc, uint8_t *buf, int len) { diff --git a/sys/dev/rtwn/if_rtwnvar.h b/sys/dev/rtwn/if_rtwnvar.h index 163ab6068ee6..3f14c05eb79d 100644 --- a/sys/dev/rtwn/if_rtwnvar.h +++ b/sys/dev/rtwn/if_rtwnvar.h @@ -366,6 +366,8 @@ struct rtwn_softc { void (*sc_init_antsel)(struct rtwn_softc *); void (*sc_post_init)(struct rtwn_softc *); int (*sc_init_bcnq1_boundary)(struct rtwn_softc *); + int (*sc_set_tx_power)(struct rtwn_softc *, + struct ieee80211vap *); const uint8_t *chan_list_5ghz[3]; int chan_num_5ghz[3]; @@ -590,6 +592,8 @@ void rtwn_suspend(struct rtwn_softc *); (((_sc)->sc_post_init)((_sc))) #define rtwn_init_bcnq1_boundary(_sc) \ (((_sc)->sc_init_bcnq1_boundary)((_sc))) +#define rtwn_set_tx_power(_sc, _vap) \ + (((_sc)->sc_set_tx_power)((_sc), (_vap))) /* * Methods to access subfields in registers. diff --git a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c index 060572f54800..e4c0027c39a5 100644 --- a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c +++ b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c @@ -191,6 +191,7 @@ r88ee_attach(struct rtwn_pci_softc *pc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r88ee_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->mac_prog = &rtl8188e_mac[0]; sc->mac_size = nitems(rtl8188e_mac); diff --git a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c index fcd26cd9a212..400c0a148f35 100644 --- a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c +++ b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c @@ -184,6 +184,7 @@ r88eu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r88eu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->mac_prog = &rtl8188e_mac[0]; sc->mac_size = nitems(rtl8188e_mac); diff --git a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c index 4c12403bf4fb..e992f1c50f26 100644 --- a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c +++ b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c @@ -221,6 +221,7 @@ r92ce_attach(struct rtwn_pci_softc *pc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r92ce_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->mac_prog = &rtl8192ce_mac[0]; sc->mac_size = nitems(rtl8192ce_mac); diff --git a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c index 8585333290bf..6482c933eec2 100644 --- a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c +++ b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c @@ -213,6 +213,7 @@ r92cu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = r92c_init_antsel; sc->sc_post_init = r92cu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->mac_prog = &rtl8192cu_mac[0]; sc->mac_size = nitems(rtl8192cu_mac); diff --git a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c index e0eadd72056b..c134ba22a430 100644 --- a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c +++ b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c @@ -164,6 +164,7 @@ r92eu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r92eu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->mac_prog = &rtl8192eu_mac[0]; sc->mac_size = nitems(rtl8192eu_mac); diff --git a/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c b/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c index 70655092d1be..4b86461b2f25 100644 --- a/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c +++ b/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c @@ -251,6 +251,7 @@ r12au_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = r12a_init_antsel; sc->sc_post_init = r12au_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->chan_list_5ghz[0] = r12a_chan_5ghz_0; sc->chan_list_5ghz[1] = r12a_chan_5ghz_1; diff --git a/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c b/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c index 59fa183fd804..75d8f3669c12 100644 --- a/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c +++ b/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c @@ -237,6 +237,7 @@ r21au_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = r12a_init_antsel; sc->sc_post_init = r12au_post_init; sc->sc_init_bcnq1_boundary = r21a_init_bcnq1_boundary; + sc->sc_set_tx_power = rtwn_nop_int_softc_vap; sc->chan_list_5ghz[0] = r12a_chan_5ghz_0; sc->chan_list_5ghz[1] = r12a_chan_5ghz_1; From nobody Wed Dec 18 23:48:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PQ6cQCz5h7nY; Wed, 18 Dec 2024 23:48:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PQ61Zlz44xl; Wed, 18 Dec 2024 23:48:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nWqnzdAWqNZiv2QrkVSJCbICNo0rUlv6D9W9Kx7m+lM=; b=BHkJ5nTiae11St7YSKA/O0qEiExXhYN3wu1F8iMThvkYZRYg11DuHHUT5VjZkpWbDUKiZL 0rC/rp8cBGnVDlNuIYPzZUiCC5gz1jDjDgeh/npPeHFQh4WET07FKo3amyKAIQ6UuZRca0 R7JwyzrzVuS0WPSr7xhXxEUKqrpIKpSDMxmcZioo+uV5NlyuqfJy41ifUwvWJEbqBiBZ/T oMbvAb3zHZ61ILbwVCY1ZKIH2BvB6rH3IWeEDDsOGl69dyheAYCdbLHJyrMTF1hrWXegpM N0CwMGshhEUH7qZpUcHSzVf9BZFycW/8rVGK3jQfSJ27K/NPkPh9pvjbB7q2mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nWqnzdAWqNZiv2QrkVSJCbICNo0rUlv6D9W9Kx7m+lM=; b=qNFwMia4H07zS0K0emUro7VZ0XLciVW/2RF3GgojLdx7gFEGQ8hThZ/WwW4q2SnaryB4kK NhKAexAdP62EeYybO6zsAEKox54CjRgcjJNUfsHlLPF92XlQ6hMm1DjzZdH/2sUpqauoZH n17gj+XRdBvRVlecofNId47EL3RGN06AJXQ/Jo9isMj6fj73+vojUpCdFiWABFprm4gHY7 ZJRjFLh5CiFAhHdOGTWiJS8siOAnPi6Osn3hfp/nouTjJMFzoRn8QfNeISl2NlyTZEGIBG GE6XJOLYWhMp5nYNn+5Ca5FEou1HAoagz7uSzJwdvXMGUtOSp4x0/TDFulGKHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565738; a=rsa-sha256; cv=none; b=dqUNQgg0SiD8pU6IqUu3KoBnTdjlVVDbN2khMYJURdtWEoZzCge5BDia3MD6zKxIi7DK4n PbFNw9qcgvx3oHTu8Lg75DcGpV1OfdU71RE06eDOgbzJnaNZ7uHCQcB7hw/hdVY3cSP9UR nmU5Vs8KzNmYfWvUxm2Y152LXKGsBu+1yNUmSZiO27z7PXLilnM4NPAYeQLUiOT957E4TU /8bNRSOMpJ6gwxT5o4TGeavofun11yeC/zgRE4cWAedTWJBrDyw/SGKs8wrsJH87LeHZLP D0eLUkringId49IpW/GvV+M5kPbFbm2IuFc/JReoW+OOwg92U7v+J365XZNgPQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PQ5dCZzTLb; Wed, 18 Dec 2024 23:48:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINmwqZ038071; Wed, 18 Dec 2024 23:48:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINmw7a038068; Wed, 18 Dec 2024 23:48:58 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:48:58 GMT Message-Id: <202412182348.4BINmw7a038068@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 6858c6b1e1a9 - main - rtwn: refactor out the TX power register power dump, condense output List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6858c6b1e1a9b151bad31bba3d354d2414a29c68 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=6858c6b1e1a9b151bad31bba3d354d2414a29c68 commit 6858c6b1e1a9b151bad31bba3d354d2414a29c68 Author: Adrian Chadd AuthorDate: 2024-12-08 15:44:43 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:45:47 +0000 rtwn: refactor out the TX power register power dump, condense output * Refactor out the TX power register register dump - it's done in a couple places and it makes sense to refactor it. * Condense the output into a few lines per transmit chain. It's very long with the 8 and 16 MCS rates, and it made it difficult to eyeball what's going on when tweaking TX power. Differential Revision: https://reviews.freebsd.org/D47986 Reviewed by: bz, imp --- sys/dev/rtwn/rtl8192c/r92c.h | 1 + sys/dev/rtwn/rtl8192c/r92c_chan.c | 64 +++++++++++++++++++++++++++++++-------- sys/dev/rtwn/rtl8192e/r92e_chan.c | 11 ++----- 3 files changed, 55 insertions(+), 21 deletions(-) diff --git a/sys/dev/rtwn/rtl8192c/r92c.h b/sys/dev/rtwn/rtl8192c/r92c.h index f73e92f7c932..759a946dac3c 100644 --- a/sys/dev/rtwn/rtl8192c/r92c.h +++ b/sys/dev/rtwn/rtl8192c/r92c.h @@ -54,6 +54,7 @@ void r92c_temp_measure(struct rtwn_softc *); uint8_t r92c_temp_read(struct rtwn_softc *); /* r92c_chan.c */ +void r92c_dump_txpower(struct rtwn_softc *, int, uint8_t[RTWN_RIDX_COUNT]); void r92c_get_txpower(struct rtwn_softc *, int, struct ieee80211_channel *, uint8_t[RTWN_RIDX_COUNT]); void r92c_write_txpower(struct rtwn_softc *, int, diff --git a/sys/dev/rtwn/rtl8192c/r92c_chan.c b/sys/dev/rtwn/rtl8192c/r92c_chan.c index 108fbbf16c59..5404ad4a81bf 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_chan.c +++ b/sys/dev/rtwn/rtl8192c/r92c_chan.c @@ -53,6 +53,56 @@ #include #include +void +r92c_dump_txpower(struct rtwn_softc *sc, int chain, + uint8_t power[RTWN_RIDX_COUNT]) +{ + +#ifdef RTWN_DEBUG + if (sc->sc_debug & RTWN_DEBUG_TXPWR) { + int i; + + /* Print CCK */ + RTWN_DPRINTF(sc, RTWN_DEBUG_TXPWR, + "TX [%d]: CCK: 1M: %d 2M: %d 5.5M: %d 11M: %d\n", + chain, + power[RTWN_RIDX_CCK1], + power[RTWN_RIDX_CCK2], + power[RTWN_RIDX_CCK55], + power[RTWN_RIDX_CCK11]); + /* Print OFDM */ + RTWN_DPRINTF(sc, RTWN_DEBUG_TXPWR, + "TX [%d]: OFDM: 6M: %d 9M: %d 12M: %d 18M: %d 24M: %d " + "36M: %d 48M: %d 54M: %d\n", + chain, + power[RTWN_RIDX_OFDM6], + power[RTWN_RIDX_OFDM9], + power[RTWN_RIDX_OFDM12], + power[RTWN_RIDX_OFDM18], + power[RTWN_RIDX_OFDM24], + power[RTWN_RIDX_OFDM36], + power[RTWN_RIDX_OFDM48], + power[RTWN_RIDX_OFDM54]); + /* Print HT, 1 and 2 stream */ + for (i = 0; i < sc->ntxchains; i++) { + RTWN_DPRINTF(sc, RTWN_DEBUG_TXPWR, + "TX [%d]: MCS%d-%d: %d %d %d %d %d %d %d %d\n", + chain, + i * 8, + i * 8 + 7, + power[RTWN_RIDX_HT_MCS(i * 8 + 0)], + power[RTWN_RIDX_HT_MCS(i * 8 + 1)], + power[RTWN_RIDX_HT_MCS(i * 8 + 2)], + power[RTWN_RIDX_HT_MCS(i * 8 + 3)], + power[RTWN_RIDX_HT_MCS(i * 8 + 4)], + power[RTWN_RIDX_HT_MCS(i * 8 + 5)], + power[RTWN_RIDX_HT_MCS(i * 8 + 6)], + power[RTWN_RIDX_HT_MCS(i * 8 + 7)]); + } + } +#endif +} + static int r92c_get_power_group(struct rtwn_softc *sc, struct ieee80211_channel *c) { @@ -224,18 +274,8 @@ r92c_set_txpower(struct rtwn_softc *sc, struct ieee80211_channel *c) memset(power, 0, sizeof(power)); /* Compute per-rate Tx power values. */ rtwn_r92c_get_txpower(sc, i, c, power); -#ifdef RTWN_DEBUG - if (sc->sc_debug & RTWN_DEBUG_TXPWR) { - int max_mcs, ridx; - - max_mcs = RTWN_RIDX_HT_MCS(sc->ntxchains * 8 - 1); - - /* Dump per-rate Tx power values. */ - printf("Tx power for chain %d:\n", i); - for (ridx = RTWN_RIDX_CCK1; ridx <= max_mcs; ridx++) - printf("Rate %d = %u\n", ridx, power[ridx]); - } -#endif + /* Optionally print out the power table */ + r92c_dump_txpower(sc, i, power); /* Write per-rate Tx power values to hardware. */ r92c_write_txpower(sc, i, power); } diff --git a/sys/dev/rtwn/rtl8192e/r92e_chan.c b/sys/dev/rtwn/rtl8192e/r92e_chan.c index c6e911309cd2..4c761f61809d 100644 --- a/sys/dev/rtwn/rtl8192e/r92e_chan.c +++ b/sys/dev/rtwn/rtl8192e/r92e_chan.c @@ -132,15 +132,6 @@ r92e_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, if (power[ridx] > R92C_MAX_TX_PWR) power[ridx] = R92C_MAX_TX_PWR; } - -#ifdef RTWN_DEBUG - if (sc->sc_debug & RTWN_DEBUG_TXPWR) { - /* Dump per-rate Tx power values. */ - printf("Tx power for chain %d:\n", chain); - for (ridx = RTWN_RIDX_CCK1; ridx < RTWN_RIDX_LEGACY_HT_COUNT; ridx++) - printf("Rate %d = %u\n", ridx, power[ridx]); - } -#endif } static void @@ -153,6 +144,8 @@ r92e_set_txpower(struct rtwn_softc *sc, struct ieee80211_channel *c) memset(power, 0, sizeof(power)); /* Compute per-rate Tx power values. */ r92e_get_txpower(sc, i, c, power); + /* Optionally print out the power table */ + r92c_dump_txpower(sc, i, power); /* Write per-rate Tx power values to hardware. */ r92c_write_txpower(sc, i, power); } From nobody Wed Dec 18 23:48:59 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PS3vYmz5h7hS; Wed, 18 Dec 2024 23:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PS1kkQz45Dn; Wed, 18 Dec 2024 23:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7bEcCSIKLNJ/3a3cRx9SCuiw33gxVyus1eLmUiTjQeQ=; b=jNeaEewsxTI+2PmkNadf14KYplH5aMQ2IQP7PigPjQLNq5tQjSfvKuAqr1mLd3ta2BWFB3 gJpTrlb4nS9WiMXbH/3qM9TV5qo8EhQBFk0AiTC+BTqKyoRcPu8k++QkjLTf6Vmh5ZofI3 wk+CXW/Ag2ws87KICgx/A13YwvW0bwd04YEZOeik6Y+Go8sI9CTV1CQy35HEJb00E6y9Xg 2boJxnZwN84VDJ0gRAFrbkuFHf+ripdSDTi2N0EzGDDgrYvt4FV4G9ua5YQaDfTC6Hqrie jfvvKewd+Htwhg9YwF4lCgyHsYvmuBf8ymJjJbfJrFr7yVkTJHf2FkoaDO3KLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7bEcCSIKLNJ/3a3cRx9SCuiw33gxVyus1eLmUiTjQeQ=; b=xOdxTX8lm0bPnnMxZ8YlkTgG9SUVPszpbElbG4aqgZ+fWZ3yhiPDgcgEahzq9linXAM2EY vlGZbN985jelTTVpJbIhfUA69tmNTectugFhgJAgKnAgBGl/z6CDWeb8VLr/YL/ILHiXcN EWA/oDahs4O/Y3h0u1E018erFg4XKyLAanBadv/aksYuu6TZ7ffFBrcjcpjleNh4weaq7B 39rN9pJrLp4BjHpjPLspr4XxJLCK6jgfnKH7y+8SabXmdylp77is7L5W1vp3t7ahZbG8lN QKftmjYCrDuOcQbj7oa/LCGI6dLzQlK63mXr08buAmEm5MqBXdcVrJXrBSpqww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565740; a=rsa-sha256; cv=none; b=O3Sowa2ZJDVUt1DCxCRGHaGIpEAaHljSu1w+ealv1v9BqCoiF/FvDCmwks38W94x/bqC/C 3G3dj5Nwi+HvZeIAHmSZaRBONiPF2lOlpcruRaunZMtxhwAojKxiYFeG/Uue55Z0Hw/7Mc hL7BgnhQ3NlkwRMqHtT1AF7wFnx6Ko8R3ulX71A6Uer0/kYOb3+Iy1DiYSaLBXUx746HUt OAQNxAettW2hDgTbW83gQSsyreQ9ehV5mA6B5TGofEeuGulDMGtUbXtxXJscU+cytQmXY7 RavJ4elbTBScmRBOQo69uIuDS9/DQgF6zwBJlJdl/ibmKOYNQweod6c6gbe+oA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PR6k80zTLc; Wed, 18 Dec 2024 23:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINmx4W038132; Wed, 18 Dec 2024 23:48:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINmxT1038129; Wed, 18 Dec 2024 23:48:59 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:48:59 GMT Message-Id: <202412182348.4BINmxT1038129@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 0ea7f8ca66f3 - main - rtwn: try enforcing net80211 regulatory / txpower limits for 11n chips List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0ea7f8ca66f34299727aacecc335de4dfe7e1f94 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=0ea7f8ca66f34299727aacecc335de4dfe7e1f94 commit 0ea7f8ca66f34299727aacecc335de4dfe7e1f94 Author: Adrian Chadd AuthorDate: 2024-12-08 15:51:42 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:46:15 +0000 rtwn: try enforcing net80211 regulatory / txpower limits for 11n chips This is an attempt to reverse engineer what the actual transmit power calculations are doing and apply net80211 limits on them. It doesn't look as simple as just applying the check at the end - there are plenty of places where offsets are calculated between different PHY modes and 1 / 2 antenna MCS transmit rates. There are also some places where the offset being added is negative, so handle the potential underflow so when things hit 0, they don't just wrap and cause the maximum transmit power into the registers. This is being done to aide in power/performance debugging - if there are issues with the transmit power being wrongly calculated and are too high, the output waveform will be distorted and it will effect performance. Being able to drop the transmit power by a few dB here and there can quickly identify if this is happening (because suddenly higher MCS rates / OFDM rates suddenly work better!) I've tested each NIC through the transmit power values from 0 dBm to 30dBm via ifconfig (and they're all capped far before that, normally around 20-25dBm) and they're not underflowing. Locally tested: * RTL8192CU, STA * RTL8192EU, STA * RTL8188EU, STA Differential Revision: https://reviews.freebsd.org/D47987 Reviewed by: bz, imp --- sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c | 2 +- sys/dev/rtwn/rtl8188e/r88e_chan.c | 34 +++++++++++++++++++--- sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c | 2 +- sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c | 2 +- sys/dev/rtwn/rtl8192c/r92c.h | 1 + sys/dev/rtwn/rtl8192c/r92c_chan.c | 31 ++++++++++++++++++++- sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c | 2 +- sys/dev/rtwn/rtl8192e/r92e.h | 1 + sys/dev/rtwn/rtl8192e/r92e_chan.c | 48 ++++++++++++++++++++++++++------ sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c | 2 +- 10 files changed, 107 insertions(+), 18 deletions(-) diff --git a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c index e4c0027c39a5..d8c0a98e43a3 100644 --- a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c +++ b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c @@ -191,7 +191,7 @@ r88ee_attach(struct rtwn_pci_softc *pc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r88ee_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; - sc->sc_set_tx_power = rtwn_nop_int_softc_vap; + sc->sc_set_tx_power = r92c_set_tx_power; sc->mac_prog = &rtl8188e_mac[0]; sc->mac_size = nitems(rtl8188e_mac); diff --git a/sys/dev/rtwn/rtl8188e/r88e_chan.c b/sys/dev/rtwn/rtl8188e/r88e_chan.c index 51474bc1b819..f91862720639 100644 --- a/sys/dev/rtwn/rtl8188e/r88e_chan.c +++ b/sys/dev/rtwn/rtl8188e/r88e_chan.c @@ -84,6 +84,7 @@ void r88e_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, uint8_t power[RTWN_RIDX_COUNT]) { + const struct ieee80211com *ic = &sc->sc_ic; struct r92c_softc *rs = sc->sc_priv; const struct rtwn_r88e_txpwr *rt = rs->rs_txpwr; uint8_t cckpow, ofdmpow, bw20pow, htpow = 0; @@ -96,15 +97,36 @@ r88e_get_txpower(struct rtwn_softc *sc, int chain, return; } - /* XXX net80211 regulatory */ + /* + * Treat the entries in 1/2 dBm resolution where 0 = 0dBm. + * Apply the adjustments afterwards; assume that the vendor + * driver is applying offsets to make up for the actual + * target power in dBm. + */ max_mcs = RTWN_RIDX_HT_MCS(sc->ntxchains * 8 - 1); KASSERT(max_mcs <= RTWN_RIDX_LEGACY_HT_COUNT, ("increase ridx limit\n")); /* Compute per-CCK rate Tx power. */ - cckpow = rt->cck_tx_pwr[group]; for (ridx = RTWN_RIDX_CCK1; ridx <= RTWN_RIDX_CCK11; ridx++) { - power[ridx] = (ridx == RTWN_RIDX_CCK2) ? cckpow - 9 : cckpow; + /* + * Note: the regulatory limit is applied to cckpow before + * it's subtracted for CCK2. + */ + cckpow = rt->cck_tx_pwr[group]; + if (cckpow > ic->ic_txpowlimit) + cckpow = ic->ic_txpowlimit; + + /* + * If it's CCK2 then we subtract the 9 (4.5dB?) offset + * and make sure we aren't going to underflow. + */ + if (ridx == RTWN_RIDX_CCK2 && cckpow < 9) + cckpow = 0; + else if (ridx == RTWN_RIDX_CCK2) + cckpow = cckpow - 9; + + power[ridx] = cckpow; } if (group < 5) @@ -112,14 +134,18 @@ r88e_get_txpower(struct rtwn_softc *sc, int chain, /* Compute per-OFDM rate Tx power. */ ofdmpow = htpow + rt->ofdm_tx_pwr_diff; + if (ofdmpow > ic->ic_txpowlimit) + ofdmpow = ic->ic_txpowlimit; for (ridx = RTWN_RIDX_OFDM6; ridx <= RTWN_RIDX_OFDM54; ridx++) power[ridx] = ofdmpow; bw20pow = htpow + rt->bw20_tx_pwr_diff; + if (bw20pow > ic->ic_txpowlimit) + bw20pow = ic->ic_txpowlimit; for (ridx = RTWN_RIDX_HT_MCS(0); ridx <= max_mcs; ridx++) power[ridx] = bw20pow; - /* Apply max limit. */ + /* Apply max limit */ for (ridx = RTWN_RIDX_CCK1; ridx <= max_mcs; ridx++) { if (power[ridx] > R92C_MAX_TX_PWR) power[ridx] = R92C_MAX_TX_PWR; diff --git a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c index 400c0a148f35..752761415bce 100644 --- a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c +++ b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c @@ -184,7 +184,7 @@ r88eu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r88eu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; - sc->sc_set_tx_power = rtwn_nop_int_softc_vap; + sc->sc_set_tx_power = r92c_set_tx_power; sc->mac_prog = &rtl8188e_mac[0]; sc->mac_size = nitems(rtl8188e_mac); diff --git a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c index e992f1c50f26..ddb9fa9ae8c1 100644 --- a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c +++ b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c @@ -221,7 +221,7 @@ r92ce_attach(struct rtwn_pci_softc *pc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r92ce_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; - sc->sc_set_tx_power = rtwn_nop_int_softc_vap; + sc->sc_set_tx_power = r92c_set_tx_power; sc->mac_prog = &rtl8192ce_mac[0]; sc->mac_size = nitems(rtl8192ce_mac); diff --git a/sys/dev/rtwn/rtl8192c/r92c.h b/sys/dev/rtwn/rtl8192c/r92c.h index 759a946dac3c..c602f314825a 100644 --- a/sys/dev/rtwn/rtl8192c/r92c.h +++ b/sys/dev/rtwn/rtl8192c/r92c.h @@ -59,6 +59,7 @@ void r92c_get_txpower(struct rtwn_softc *, int, struct ieee80211_channel *, uint8_t[RTWN_RIDX_COUNT]); void r92c_write_txpower(struct rtwn_softc *, int, uint8_t power[RTWN_RIDX_COUNT]); +int r92c_set_tx_power(struct rtwn_softc *, struct ieee80211vap *); void r92c_set_bw20(struct rtwn_softc *, uint8_t); void r92c_set_chan(struct rtwn_softc *, struct ieee80211_channel *); void r92c_set_gain(struct rtwn_softc *, uint8_t); diff --git a/sys/dev/rtwn/rtl8192c/r92c_chan.c b/sys/dev/rtwn/rtl8192c/r92c_chan.c index 5404ad4a81bf..f93159a3c94e 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_chan.c +++ b/sys/dev/rtwn/rtl8192c/r92c_chan.c @@ -131,6 +131,7 @@ void r92c_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, uint8_t power[RTWN_RIDX_COUNT]) { + const struct ieee80211com *ic = &sc->sc_ic; struct r92c_softc *rs = sc->sc_priv; struct rtwn_r92c_txpwr *rt = rs->rs_txpwr; const struct rtwn_r92c_txagc *base = rs->rs_txagc; @@ -144,7 +145,12 @@ r92c_get_txpower(struct rtwn_softc *sc, int chain, return; } - /* XXX net80211 regulatory */ + /* + * Treat the entries in 1/2 dBm resolution where 0 = 0dBm. + * Apply the adjustments afterwards; assume that the vendor + * driver is applying offsets to make up for the actual + * target power in dBm. + */ max_mcs = RTWN_RIDX_HT_MCS(sc->ntxchains * 8 - 1); KASSERT(max_mcs <= RTWN_RIDX_LEGACY_HT_COUNT, ("increase ridx limit\n")); @@ -199,6 +205,10 @@ r92c_get_txpower(struct rtwn_softc *sc, int chain, for (ridx = RTWN_RIDX_CCK1; ridx <= max_mcs; ridx++) { if (power[ridx] > R92C_MAX_TX_PWR) power[ridx] = R92C_MAX_TX_PWR; + /* Apply net80211 limits */ + if (power[ridx] > ic->ic_txpowlimit) + power[ridx] = ic->ic_txpowlimit; + } } @@ -281,6 +291,25 @@ r92c_set_txpower(struct rtwn_softc *sc, struct ieee80211_channel *c) } } +/* + * Only reconfigure the transmit power if there's a valid BSS node and + * channel. Otherwise just let the next call to r92c_set_chan() + * configure the transmit power. + */ +int +r92c_set_tx_power(struct rtwn_softc *sc, struct ieee80211vap *vap) +{ + if (vap->iv_bss == NULL) + return (EINVAL); + if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) + return (EINVAL); + + /* Set it for the current channel */ + r92c_set_txpower(sc, vap->iv_bss->ni_chan); + + return (0); +} + static void r92c_set_bw40(struct rtwn_softc *sc, uint8_t chan, int prichlo) { diff --git a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c index 6482c933eec2..8e9c4987a359 100644 --- a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c +++ b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c @@ -213,7 +213,7 @@ r92cu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = r92c_init_antsel; sc->sc_post_init = r92cu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; - sc->sc_set_tx_power = rtwn_nop_int_softc_vap; + sc->sc_set_tx_power = r92c_set_tx_power; sc->mac_prog = &rtl8192cu_mac[0]; sc->mac_size = nitems(rtl8192cu_mac); diff --git a/sys/dev/rtwn/rtl8192e/r92e.h b/sys/dev/rtwn/rtl8192e/r92e.h index 331750c48726..280cc1464ac6 100644 --- a/sys/dev/rtwn/rtl8192e/r92e.h +++ b/sys/dev/rtwn/rtl8192e/r92e.h @@ -46,6 +46,7 @@ void r92e_detach_private(struct rtwn_softc *); /* r92e_chan.c */ void r92e_set_chan(struct rtwn_softc *, struct ieee80211_channel *); +int r92e_set_tx_power(struct rtwn_softc *sc, struct ieee80211vap *vap); /* r92e_fw.c */ #ifndef RTWN_WITHOUT_UCODE diff --git a/sys/dev/rtwn/rtl8192e/r92e_chan.c b/sys/dev/rtwn/rtl8192e/r92e_chan.c index 4c761f61809d..4c7121a80c89 100644 --- a/sys/dev/rtwn/rtl8192e/r92e_chan.c +++ b/sys/dev/rtwn/rtl8192e/r92e_chan.c @@ -90,6 +90,7 @@ static void r92e_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, uint8_t power[RTWN_RIDX_COUNT]) { + const struct ieee80211com *ic = &sc->sc_ic; struct r92e_softc *rs = sc->sc_priv; int i, ridx, group, max_mcs; @@ -103,19 +104,32 @@ r92e_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, max_mcs = RTWN_RIDX_HT_MCS(sc->ntxchains * 8 - 1); /* XXX regulatory */ - /* XXX net80211 regulatory */ - for (ridx = RTWN_RIDX_CCK1; ridx <= RTWN_RIDX_CCK11; ridx++) + for (ridx = RTWN_RIDX_CCK1; ridx <= RTWN_RIDX_CCK11; ridx++) { power[ridx] = rs->cck_tx_pwr[chain][group]; - for (ridx = RTWN_RIDX_OFDM6; ridx <= max_mcs; ridx++) + if (power[ridx] > ic->ic_txpowlimit) + power[ridx] = ic->ic_txpowlimit; + } + for (ridx = RTWN_RIDX_OFDM6; ridx <= max_mcs; ridx++) { power[ridx] = rs->ht40_tx_pwr_2g[chain][group]; + if (power[ridx] > ic->ic_txpowlimit) + power[ridx] = ic->ic_txpowlimit; + } + + for (ridx = RTWN_RIDX_OFDM6; ridx <= RTWN_RIDX_OFDM54; ridx++) { + /* Ensure we don't underflow if the power delta is -ve */ + int8_t pwr; - for (ridx = RTWN_RIDX_OFDM6; ridx <= RTWN_RIDX_OFDM54; ridx++) - power[ridx] += rs->ofdm_tx_pwr_diff_2g[chain][0]; + pwr = power[ridx] + rs->ofdm_tx_pwr_diff_2g[chain][0]; + if (pwr < 0) + pwr = 0; + + power[ridx] = pwr; + } for (i = 0; i < sc->ntxchains; i++) { uint8_t min_mcs; - uint8_t pwr_diff; + int8_t pwr_diff, pwr; if (IEEE80211_IS_CHAN_HT40(c)) pwr_diff = rs->bw40_tx_pwr_diff_2g[chain][i]; @@ -123,8 +137,13 @@ r92e_get_txpower(struct rtwn_softc *sc, int chain, struct ieee80211_channel *c, pwr_diff = rs->bw20_tx_pwr_diff_2g[chain][i]; min_mcs = RTWN_RIDX_HT_MCS(i * 8); - for (ridx = min_mcs; ridx <= max_mcs; ridx++) - power[ridx] += pwr_diff; + for (ridx = min_mcs; ridx <= max_mcs; ridx++) { + /* Ensure we don't underflow */ + pwr = power[ridx] + pwr_diff; + if (pwr < 0) + pwr = 0; + power[ridx] = pwr; + } } /* Apply max limit. */ @@ -151,6 +170,19 @@ r92e_set_txpower(struct rtwn_softc *sc, struct ieee80211_channel *c) } } +int +r92e_set_tx_power(struct rtwn_softc *sc, struct ieee80211vap *vap) +{ + + if (vap->iv_bss == NULL) + return (EINVAL); + if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) + return (EINVAL); + + r92e_set_txpower(sc, vap->iv_bss->ni_chan); + return (0); +} + static void r92e_set_bw40(struct rtwn_softc *sc, uint8_t chan, int prichlo) { diff --git a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c index c134ba22a430..35ff5cb65853 100644 --- a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c +++ b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c @@ -164,7 +164,7 @@ r92eu_attach(struct rtwn_usb_softc *uc) sc->sc_init_antsel = rtwn_nop_softc; sc->sc_post_init = r92eu_post_init; sc->sc_init_bcnq1_boundary = rtwn_nop_int_softc; - sc->sc_set_tx_power = rtwn_nop_int_softc_vap; + sc->sc_set_tx_power = r92e_set_tx_power; sc->mac_prog = &rtl8192eu_mac[0]; sc->mac_size = nitems(rtl8192eu_mac); From nobody Wed Dec 18 23:49:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PT3Wsdz5h7PV; Wed, 18 Dec 2024 23:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PT0zCPz45Bf; Wed, 18 Dec 2024 23:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GbhG149hFoJ8IgKrmxyQOLkRAUum2FnLbm79O6bhDxw=; b=S8dbIpOnPEEVJizYrM/SeUSp0X82RZVKngLziHHezt/PBMR1kHWpfzDd06lAVGzwoiwdAn 4PdhcE0CnI7Jq8ZQRqiXJvI/Cm5CFE6j67YvHVvJAzW94Pyg8IkAVuj5HX2xL3o5LvGT4a iKaIWVa9u+j3PRIRiRbnBOyXJhXANVkLI4SfGmZQDPhGfT9KTcbjZRM+8lLF1CJOJCOzi+ 0JjsiQMxxYfMDkrrLaTnTkDaoDWaO0XFWWhOuwwC4MfCugL/kM0U7kq2yFmQOUKGM1UVtd epBwMEjuwIBD5ZQ0mVd9RUgQc3KN0UmBlgScu6gIgdavDAQPM55Yf/Fih8yFeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GbhG149hFoJ8IgKrmxyQOLkRAUum2FnLbm79O6bhDxw=; b=QsB8pRLRHnMnIpjzYUoqRSP+YbbPri9OXO+4UHD36fhnu30gxky9tAJFniknuu5uR+HsbR DJBpanSFSAwABSBmltquaczR8THKCMKQQNJ8oVoC4LtTwAilCW2sfIgCi1mK3292vW84mc d2zUEP6hNneOVVcV8haE5YRPnt74B5f0d+Ep6xZWfkggUsvp7iHEmNRVtgF4OXoAtXGbAm IHPcvb1gmbaN1fet1eFsaHWdRGU8T/weB9XacDAvNHtKmHFmbQyDhVqdg8Pt+uG63BqugL RyCJHT/QPf4OmF1KJLf6NxqXD/+AAlqm0d5CQDfwTbNMRzaUXV/cUeyS9J+hKw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565741; a=rsa-sha256; cv=none; b=KuKTJHa7U8eGCwlUYlfAPl2pJ3drXyXgzaycLUOarKnIA8gq0Qs7Wn19r6qLgV/o6T8+22 xCpFuPUrixX/JAZOvBf4cKDyKKFCVLLTY6epIXCqzIG1HHZI/A7a0WszfUlUB2O+04Kjue CYvT/5T5BFjQRr/IIhWDMl3rYpLkDfZ0rI8gLv8bbK++lAGmpb3CKioDf9xeTnUe0zoxlI k4muNUFlv9mwsCgcNcEATav8qMir+cSHAbnn1/PGcBIcn+X0IqcXLGctJZXVmTd2UyaZYu uLtJ0UdX8Fi5OPA3BKiqV++ePTJjgZj1gW4cGpjVbtE91VbSyhLf8+bO0ZJN7Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PT0P5TzTFW; Wed, 18 Dec 2024 23:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINn0HF038191; Wed, 18 Dec 2024 23:49:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINn0VL038188; Wed, 18 Dec 2024 23:49:00 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:49:00 GMT Message-Id: <202412182349.4BINn0VL038188@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 25af78d0bdcf - main - ath_rate_sample: correct the "best rate" calculation List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 25af78d0bdcfda995de27afc602fd86abdbef346 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=25af78d0bdcfda995de27afc602fd86abdbef346 commit 25af78d0bdcfda995de27afc602fd86abdbef346 Author: Adrian Chadd AuthorDate: 2024-12-08 17:09:55 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:46:52 +0000 ath_rate_sample: correct the "best rate" calculation This should be a *9 rather than a *10 so higher stream MCS rates (eg comparing MCS0 and MCS8) that have slightly longer average transmit times (but better burst transmit times) get considered. This mirrors what the later code does when considering if a rate change is needed. Locally tested: * AR9280, AP mode * AR9380, AP mode Differential Revision: https://reviews.freebsd.org/D47988 Reviewed by: imp --- sys/dev/ath/ath_rate/sample/sample.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/ath/ath_rate/sample/sample.c b/sys/dev/ath/ath_rate/sample/sample.c index 58eea8f64993..58df9ad1c1cd 100644 --- a/sys/dev/ath/ath_rate/sample/sample.c +++ b/sys/dev/ath/ath_rate/sample/sample.c @@ -397,7 +397,8 @@ pick_best_rate(struct ath_node *an, const HAL_RATE_TABLE *rt, * be abstracted out and properly handled. */ if (an->an_node.ni_flags & IEEE80211_NODE_HT) { - if (best_rate_tt == 0 || ((tt * 10) <= (best_rate_tt * 10))) { + if (best_rate_tt == 0 || + ((tt * 9) <= (best_rate_tt * 10))) { best_rate_tt = tt; best_rate_rix = rix; best_rate_pct = pct; From nobody Wed Dec 18 23:49:02 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PV3y6qz5h7hT; Wed, 18 Dec 2024 23:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PV1wVcz44vW; Wed, 18 Dec 2024 23:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AlHnj4N/znxIIOc55BgSqonILPOaS09kN3K97sZ0H0Y=; b=d4BOwuqKEfia+TI1R8JamnXkGqlXLCXVAOGR11beQrYxGqWvByMNDMjwhkkclqLEOHtz+4 AN0+Q8QnlNtKcjtkQmDyOsq8ty/aphg5kUmfzV8tvaOMNdj17Ji/XPm5RK9CAPS/FGTyI2 HA7BzWOOxcR4jOE4ehnwsLx5nEFLtBhy2psnaqB+r0SPAHjhKetvv+WorqgCdyi8w3wNzM vo9kirLkVp13omC04ApQLhd0QzbHcGdaj4AdD57Hh+FaAF3hYGN1rAuo4vvfCf0AmzJhuK n8FYZBEcnGUwH/rxpHdBLUGZjR5qIMEbijZ/xEIrafH5gHeRnexncxjfWU6BwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AlHnj4N/znxIIOc55BgSqonILPOaS09kN3K97sZ0H0Y=; b=ilYE7KcI+qP00L+fHC8zr93otSk+KyRCTryw6TiszEfMF/wdKDsmTjXcLvDmuozNTT1ZQ1 0vs3FRVRzG9s4X5+DjbbWaXt6kC2Su6eT0RjkKLOUohJodGYJ0NAE3fOZTXPIBQbnxUpuJ V+8YBkHHSV3vMQlTVAsaEktKjHkM9zzGaT9Xey47WhCYYgjcdmnvpUe2rKi3kj3Tp8ixA2 xRj2K4cJQ7FEzpUkO3S3ccrin6cUWsVorq3FIlit45eRJPlZ7OsOc+/rjv6AIGHIS3IPAf OmKGoYZ62SBDRmXI/ucmak4CmUyugaa4f/cBJ/VYum4C6AMbUWenM9NPD8OGRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565742; a=rsa-sha256; cv=none; b=Q1jgJbp8fpvRd6Jb+Kn88ksyjcEFDWnZM7ufK+DSViZf8YUUOXz2dgqsfnjcR33YO7Ro/s caYjT9IzUIJWavl5TkdRk/K4LbjUUwo01Wwc57ZCRDlSqIxfR/F6tbZsF47wyuckl1tAeu P80avLe8lyF4A5IYbFyv92iCY5qndeYElbXWzfZCo8DEIeF8ZejtVlAv4Ksi2TIaWxnLxM mvizqSfUMhC9u6ZxfKC81o6NbqLTi2fEnHQfoe6jLFQ4Cj1r2adlqM1RRqWCBXPruAZk+h Icw5VnN/FKUkuY1wIFJOzA5sQXBUM7/UC1NPinYiM3VZzMYA15Nhd+UIOUIRGQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PV1Pt3zTm1; Wed, 18 Dec 2024 23:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINn2J7038247; Wed, 18 Dec 2024 23:49:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINn2gP038244; Wed, 18 Dec 2024 23:49:02 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:49:02 GMT Message-Id: <202412182349.4BINn2gP038244@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 638fcd53db7d - main - rtwn: bump up the RX USB buffers List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 638fcd53db7d538bf2cf229458c9b954c44a576c Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=638fcd53db7d538bf2cf229458c9b954c44a576c commit 638fcd53db7d538bf2cf229458c9b954c44a576c Author: Adrian Chadd AuthorDate: 2024-12-08 19:33:21 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:47:37 +0000 rtwn: bump up the RX USB buffers We should just keep the RX pipeline busy. Differential Revision: https://reviews.freebsd.org/D47990 Reviewed by: imp --- sys/dev/rtwn/usb/rtwn_usb_var.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/rtwn/usb/rtwn_usb_var.h b/sys/dev/rtwn/usb/rtwn_usb_var.h index 646dde66aeab..27cd2b4e2762 100644 --- a/sys/dev/rtwn/usb/rtwn_usb_var.h +++ b/sys/dev/rtwn/usb/rtwn_usb_var.h @@ -30,7 +30,7 @@ #define RTWN_IFACE_INDEX 0 -#define RTWN_USB_RX_LIST_COUNT 1 +#define RTWN_USB_RX_LIST_COUNT 16 #define RTWN_USB_TX_LIST_COUNT 16 struct rtwn_data { From nobody Wed Dec 18 23:49:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PX0RYWz5h7g4; Wed, 18 Dec 2024 23:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PW2w9Lz44vq; Wed, 18 Dec 2024 23:49:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XwRBikk767Ft7J4wR83mH/3yY+PLbm2q38uq2zmNj1o=; b=ZuZEzqWU3hjCtjvQ0TIre4IP0KK1K353MMLgQaIASlalERfigKhhogSiKzOJIisuVgRTKF +ArBZ44T9SGPjxgVWuaE+1Edrzomy0tW/6Z9vfd1FTOO+KPrH8IxT6pMkI/G0lcjIpes5u xmzTOl6CeCK/o8LIjVQVzVDXqc2tB6gtq/HuO7yUaqzucNRV4Uo8GUMp7cNdc9rErDtAep QzIqu592+KGpJmIhLjteX2ved7DIeBgIqHkm1gZtSSiwFz2By323ousJvnqthY9f7quiz8 bDthor9U7Bwqsd6ytr1wSxecjhpt0KVrPzHUI6frsGJxgDbdTCy5IlsWJfEz1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XwRBikk767Ft7J4wR83mH/3yY+PLbm2q38uq2zmNj1o=; b=RY4DlrT/6quu/G8BOAGv1G6LiTjvkh0kA5CpnYaxuGbwqqagmM8Xh0eyWPRdoBX9M/mqgN RaiBc5+MD9trxHRU5q7TEc+00nnbM/Ksu5xrphjhFGBslH2c+j2ucUO9h2+DX2oEStVk6F NhvREEpx7gFXIOr+JrHRPozIX8pCOIbrePLpMQNJyFu2o+KsLS3hXMr0jFJy3a26lKT7V8 XDzucKIfRW5RpElqFLYXlZIPY1LBjK5GUVY9DZSHUrdUCD93bnei4UINOFkqw3cKy0hKiH R8x77b8ER+CE0U1vWeivYFB4ExgvE6fMX56jpsvnTwE+FeeLae2+OulLzX9Y7Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565743; a=rsa-sha256; cv=none; b=ZhwCBR95hBHQldcl2v5nBCY2H+ObsS+TitJ5kZ+9ZiJVtp0Aals2PFHZC8jC0sqMGI7Wf+ RzZYb9oP3LYTht1+KcQZVGtQqzzOYyNIHW8ZgP17iB1yTzAg9GidCs8090pmyzO6jsUtH6 OShdp5utPVJlRTYS6JDQvhZvK9fjDeeeOV70i16AvsSs+1ilEV5iFAiZazHJxa8fK3u/VC 0rVM7GXbwLxojvLvECTtsmgzIc25bloj5aNJdz5Iru9abYRdxYFwOzuqXfipnGOOVIj1BP BV8F/DEw8GXYZ4JDa51SPetppBksskWG1pN0W1yYQXkelPy1bcKHn/8Ec91Kkw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PW2TqkzT9Y; Wed, 18 Dec 2024 23:49:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINn3nR038307; Wed, 18 Dec 2024 23:49:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINn3VV038304; Wed, 18 Dec 2024 23:49:03 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:49:03 GMT Message-Id: <202412182349.4BINn3VV038304@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 745a85824748 - main - rtwn: update rtwn_get_rates() to separate out the CCK/OFDM and HT rates List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 745a85824748e06b9b2ca4e9639ba13bbf9c08ca Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=745a85824748e06b9b2ca4e9639ba13bbf9c08ca commit 745a85824748e06b9b2ca4e9639ba13bbf9c08ca Author: Adrian Chadd AuthorDate: 2024-12-08 20:22:04 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:48:10 +0000 rtwn: update rtwn_get_rates() to separate out the CCK/OFDM and HT rates The 32 bit bitmap is enough for CCK/OFDM rates and MCS0..15, but won't work for > MCS15, nor VHT rates. So, break out the legacy rates and HT rates. * break the rates and htrates out * document which calls are looking up basic rates and which care about the rates themselves * ensure the rate bitmap passed into the rate control firmware call (which isn't enabled yet!) is capped at 28 bits so they don't set the mode field. Differential Revision: https://reviews.freebsd.org/D47993 Reviewed by: bz, imp --- sys/dev/rtwn/if_rtwn.c | 3 ++- sys/dev/rtwn/if_rtwn_rx.c | 30 ++++++++++++++++++++++-------- sys/dev/rtwn/if_rtwn_rx.h | 3 ++- sys/dev/rtwn/rtl8192c/r92c_fw.c | 15 +++++++++++---- sys/dev/rtwn/rtl8812a/r12a_chan.c | 3 ++- 5 files changed, 39 insertions(+), 15 deletions(-) diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c index fdf44467680b..be01ececf307 100644 --- a/sys/dev/rtwn/if_rtwn.c +++ b/sys/dev/rtwn/if_rtwn.c @@ -1213,7 +1213,8 @@ rtwn_calc_basicrates(struct rtwn_softc *sc) continue; ni = ieee80211_ref_node(vap->iv_bss); - rtwn_get_rates(sc, &ni->ni_rates, NULL, &rates, NULL, 1); + /* Only fetches basic rates; no need to add HT/VHT here */ + rtwn_get_rates(sc, &ni->ni_rates, NULL, &rates, NULL, NULL, 1); basicrates |= rates; ieee80211_free_node(ni); } diff --git a/sys/dev/rtwn/if_rtwn_rx.c b/sys/dev/rtwn/if_rtwn_rx.c index 58cd53b01e63..977c1d17a08a 100644 --- a/sys/dev/rtwn/if_rtwn_rx.c +++ b/sys/dev/rtwn/if_rtwn_rx.c @@ -52,12 +52,24 @@ #include +/* + * Get the driver rate set for the current operating rateset(s). + * + * rates_p is set to a mask of 11abg ridx values (not HW rate values.) + * htrates_p is set to a mask of 11n ridx values (not HW rate values), + * starting at MCS0 == bit 0. + * + * maxrate_p is set to the ridx value. + * + * If basic_rates is 1 then only the 11abg basic rate logic will + * be applied; HT/VHT will be ignored. + */ void rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, const struct ieee80211_htrateset *rs_ht, uint32_t *rates_p, - int *maxrate_p, int basic_rates) + uint32_t *htrates_p, int *maxrate_p, int basic_rates) { - uint32_t rates; + uint32_t rates = 0, htrates = 0; uint8_t ridx; int i, maxrate; @@ -65,7 +77,7 @@ rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, rates = 0; maxrate = 0; - /* This is for 11bg */ + /* This is for 11abg */ for (i = 0; i < rs->rs_nrates; i++) { /* Convert 802.11 rate to HW rate index. */ ridx = rate2ridx(IEEE80211_RV(rs->rs_rates[i])); @@ -82,15 +94,15 @@ rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, /* If we're doing 11n, enable 11n rates */ if (rs_ht != NULL && !basic_rates) { for (i = 0; i < rs_ht->rs_nrates; i++) { + /* Only do up to 2-stream rates for now */ if ((rs_ht->rs_rates[i] & 0x7f) > 0xf) continue; - /* 11n rates start at index 12 */ - ridx = RTWN_RIDX_HT_MCS((rs_ht->rs_rates[i]) & 0xf); - rates |= (1 << ridx); + ridx = rs_ht->rs_rates[i] & 0xf; + htrates |= (1 << ridx); /* Guard against the rate table being oddly ordered */ - if (ridx > maxrate) - maxrate = ridx; + if (RTWN_RIDX_HT_MCS(ridx) > maxrate) + maxrate = RTWN_RIDX_HT_MCS(ridx); } } @@ -99,6 +111,8 @@ rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, if (rates_p != NULL) *rates_p = rates; + if (htrates_p != NULL) + *htrates_p = htrates; if (maxrate_p != NULL) *maxrate_p = maxrate; } diff --git a/sys/dev/rtwn/if_rtwn_rx.h b/sys/dev/rtwn/if_rtwn_rx.h index 73bdf0d7a0de..3108f1d4cde4 100644 --- a/sys/dev/rtwn/if_rtwn_rx.h +++ b/sys/dev/rtwn/if_rtwn_rx.h @@ -20,7 +20,8 @@ #define RTWN_NOISE_FLOOR -95 void rtwn_get_rates(struct rtwn_softc *, const struct ieee80211_rateset *, - const struct ieee80211_htrateset *, uint32_t *, int *, int); + const struct ieee80211_htrateset *, uint32_t *, uint32_t *, + int *, int); void rtwn_set_basicrates(struct rtwn_softc *, uint32_t); struct ieee80211_node * rtwn_rx_common(struct rtwn_softc *, struct mbuf *, void *); diff --git a/sys/dev/rtwn/rtl8192c/r92c_fw.c b/sys/dev/rtwn/rtl8192c/r92c_fw.c index 426dfd0e6d3f..1ca37df7d0f4 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_fw.c +++ b/sys/dev/rtwn/rtl8192c/r92c_fw.c @@ -196,7 +196,7 @@ r92c_init_ra(struct rtwn_softc *sc, int macid) { struct ieee80211_htrateset *rs_ht; struct ieee80211_node *ni; - uint32_t rates; + uint32_t rates, htrates; int maxrate; RTWN_NT_LOCK(sc); @@ -212,13 +212,20 @@ r92c_init_ra(struct rtwn_softc *sc, int macid) rs_ht = &ni->ni_htrates; else rs_ht = NULL; - /* XXX MACID_BC */ - rtwn_get_rates(sc, &ni->ni_rates, rs_ht, &rates, &maxrate, 0); + /* + * Note: this pushes the rate bitmap and maxrate into the + * firmware; and for this chipset 2-stream 11n support is enough. + */ + rtwn_get_rates(sc, &ni->ni_rates, rs_ht, &rates, &htrates, &maxrate, 0); RTWN_NT_UNLOCK(sc); #ifndef RTWN_WITHOUT_UCODE if (sc->sc_ratectl == RTWN_RATECTL_FW) { - r92c_send_ra_cmd(sc, macid, rates, maxrate); + uint32_t fw_rates; + /* Add HT rates after normal rates; limit to MCS0..15 */ + fw_rates = rates | + ((htrates & 0xffff) << RTWN_RIDX_HT_MCS_SHIFT); + r92c_send_ra_cmd(sc, macid, fw_rates, maxrate); } #endif diff --git a/sys/dev/rtwn/rtl8812a/r12a_chan.c b/sys/dev/rtwn/rtl8812a/r12a_chan.c index d71e0a8177fd..f900d1ef7b2d 100644 --- a/sys/dev/rtwn/rtl8812a/r12a_chan.c +++ b/sys/dev/rtwn/rtl8812a/r12a_chan.c @@ -452,8 +452,9 @@ r12a_set_band(struct rtwn_softc *sc, struct ieee80211_channel *c) !(rtwn_read_1(sc, R12A_CCK_CHECK) & R12A_CCK_CHECK_5GHZ)) return; + /* Note: this only fetches the basic rates, not the full rateset */ rtwn_get_rates(sc, ieee80211_get_suprates(ic, c), NULL, &basicrates, - NULL, 1); + NULL, NULL, 1); if (IEEE80211_IS_CHAN_2GHZ(c)) { rtwn_r12a_set_band_2ghz(sc, basicrates); swing = rs->tx_bbswing_2g; From nobody Wed Dec 18 23:49:04 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9PX6gj1z5h7nk; Wed, 18 Dec 2024 23:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9PX3z1Dz44yc; Wed, 18 Dec 2024 23:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7HFLRGZIcD3fHlQ3wkw9JpaL+Hx8PDtJw09JkTW8VGM=; b=g9nBVX0yurx/VBGEZ3VUsYD3zMiOws4Eb1rIffG8KsYe0tEcopXLrC7NEP1Pxkc0Iw7/Sn lKp+ReT9TyaHV4Cw3yo+XLhuOC+qViLcllk3Sg74xvZ1OLJwwIi0zKVBkrXCgKAKKt8gyL lz6tKa3ydE+qJn+l2zYY8sHkHnQ+JUGDCSeVynnI7YfPGoh7I3JYoreFpyWliAbgKrUU8V E9V7Zt2PZ4aFJhyX9VZ1vLtQB9LqMaiFz2emkM6/k/xb+/g1BrLB/WXYn/3mpQlXI9THv7 olgxnVfnSPHXO0cu22kkdqQpyLJ70rFtsbS/JcLgpS47DZwAmSQg8rL0Hva6Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734565744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7HFLRGZIcD3fHlQ3wkw9JpaL+Hx8PDtJw09JkTW8VGM=; b=sDyEmIYbUcOeUuOb1usuj1qbrk1wUFNj/dLzNpbFD2Y2KC3uFlPbETYou7s2B+dZVdbHcD dVnw54Zwg/iy2UVq2nZbXyapDgHgGvN7K7LkV7QbbL55dB+qL0R/uZ1nfF/j9d/S4vadUi tjIxkieRRk4tySkG4dLfNNtYPWUHq/WEhogjgd0KmgT+gMy5BTkM4ArY7XtP6DTGpAU7/p ykFczFETX2aZe03N9mHyym818jdsWKcZeOBz8Rb5Pjrfil3wgTnEBccVFIUPevF7LiOrtO fNSjYLRNizzaAw0sBfvOaZNT4TXW7jZG5vLbkwEaibEyP9CMKxLKJWLj6m00uA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734565744; a=rsa-sha256; cv=none; b=M3dAoSzqaDDCXB1kYw6DWoGj/d9aSLhY/y3AuV2rTReAx9oAJCWxYkto9VCzgFnByvX8uX iJq8RVWktsIYPFRLVGg5LhDav0wVt08mu4O0DPfqx9L46V2a9SnOwsYVSQ0hF4XPy5ikT9 8oK/dwtjGpq9rLm+i7xhxzmHQJEaC0BUQAhfd7j8AVaqdSG/RhdAnckXadoIkNpbXkdO6S SFAodJClVSdg8RQ57XvzTTskAyePky3XrPoEpVld9nNouMSjG/wHhmvGjLuHQpoNOGiavj hrRZ8vk064fa2vSKxOdG6Yxq+iRVejP/cF3kRRwFZJhzXjENckgCizwFNsXRlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9PX3VQJzTLd; Wed, 18 Dec 2024 23:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BINn4wC038367; Wed, 18 Dec 2024 23:49:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BINn4ab038364; Wed, 18 Dec 2024 23:49:04 GMT (envelope-from git) Date: Wed, 18 Dec 2024 23:49:04 GMT Message-Id: <202412182349.4BINn4ab038364@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 371a4ee9a384 - main - rtwn: add SGI flag for the rate control message List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 371a4ee9a384ef2c849c6ba419405f68c5995084 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=371a4ee9a384ef2c849c6ba419405f68c5995084 commit 371a4ee9a384ef2c849c6ba419405f68c5995084 Author: Adrian Chadd AuthorDate: 2024-12-09 19:22:49 +0000 Commit: Adrian Chadd CommitDate: 2024-12-18 23:48:45 +0000 rtwn: add SGI flag for the rate control message This is straight from all the drivers, linux and vendor. Differential Revision: https://reviews.freebsd.org/D48004 Reviewed by: bz, imp --- sys/dev/rtwn/rtl8192c/r92c_fw_cmd.h | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/dev/rtwn/rtl8192c/r92c_fw_cmd.h b/sys/dev/rtwn/rtl8192c/r92c_fw_cmd.h index b16e2819624f..e19c091fa54d 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_fw_cmd.h +++ b/sys/dev/rtwn/rtl8192c/r92c_fw_cmd.h @@ -80,6 +80,7 @@ struct r92c_fw_cmd_macid_cfg { uint32_t mask; uint8_t macid; #define R92C_CMD_MACID_VALID 0x80 +#define R92C_CMD_MACID_SGI 0x20 } __packed; /* From nobody Thu Dec 19 00:08:40 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9rT3Xxgz5h9CN; Thu, 19 Dec 2024 00:08:57 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9rS6zD6z488y; Thu, 19 Dec 2024 00:08:56 +0000 (UTC) (envelope-from kostikbel@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: from tom.home (kib@localhost [127.0.0.1] (may be forged)) by kib.kiev.ua (8.18.1/8.18.1) with ESMTP id 4BJ08eTf068066; Thu, 19 Dec 2024 02:08:43 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 4BJ08eTf068066 Received: (from kostik@localhost) by tom.home (8.18.1/8.18.1/Submit) id 4BJ08epq068065; Thu, 19 Dec 2024 02:08:40 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 19 Dec 2024 02:08:40 +0200 From: Konstantin Belousov To: Juraj Lutter Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: d9ad257a2649 - main - fsck_msdosfs(8): Introduce -B option as no-op Message-ID: References: <202412181434.4BIEYtS2012112@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202412181434.4BIEYtS2012112@gitrepo.freebsd.org> X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on tom.home X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] X-Rspamd-Queue-Id: 4YD9rS6zD6z488y X-Spamd-Bar: ---- On Wed, Dec 18, 2024 at 02:34:55PM +0000, Juraj Lutter wrote: > The branch main has been updated by otis: > > URL: https://cgit.FreeBSD.org/src/commit/?id=d9ad257a2649e83f19e1454898d5bbb76bc7483a > > commit d9ad257a2649e83f19e1454898d5bbb76bc7483a > Author: Juraj Lutter > AuthorDate: 2024-12-18 13:24:04 +0000 > Commit: Juraj Lutter > CommitDate: 2024-12-18 14:34:14 +0000 > > fsck_msdosfs(8): Introduce -B option as no-op > > When performing a background fsck on msdosfs devices, it ends But why? > with the following error: > > fsck_msdosfs: illegal option -- B > usage: fsck_msdosfs -p [-f] filesystem ... > fsck_msdosfs [-ny] filesystem ... > > Introduce -B option as a compatibility with fsck_ffs(8) and > also update the descriptions for -B and -C in fsck_msdosfs(8) > manual page. So now, instead of error, user would assume that msdos filesystems are checked in background? From nobody Thu Dec 19 00:12:25 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YD9wT6Jq1z5h95h; Thu, 19 Dec 2024 00:12:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YD9wT5s2kz49sY; Thu, 19 Dec 2024 00:12:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734567145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ad9nPkSj8qc8WUzK2D8w75yP9t7bvK0NCllkG62B2U4=; b=lDp3iIFSiojVwnyAFuelJfWM+20RjRNzOpwFWhqd6yM2JL6A/vaAgu4niwH8Ibf19/R1BU 34Mc+oL5xgo3p7YM1zEmlZxRCRgqN0oiXpbe0MFchErHpxMYHi/lg4hUWa437y9tUYdYzR ZJRoHZOYsuh96QsKO2FwKJkI3MjTW6gUCtD5/C5aociILBvdscK6Eksr6/PPbwQ5f43xq8 i2YtfI6lssI4a+N5bF5IFhczlCBkl3OwqIt6LYtTjCrZtiiGyM5ME3kb9z35lwGRZR4hAb Xkh2AHQukdm1C4vaeuHnJBeqeAP86zFBnYU9lvQN3q0fq0OoIepsV23RLPoaJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734567145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ad9nPkSj8qc8WUzK2D8w75yP9t7bvK0NCllkG62B2U4=; b=ciU8OpQpf++P00KtIKVeLo2/RY5yA+weIk1ImHYvHzsPlX8hvvnR7LLkU4+fh1Tt5E0xpp dZd7v7gU5bQdHLS+tA1MEWy+U3wQ4Q8m8Wz3r/hnvO4VQ86naHHrMaiqbEA7OodJAIeBGl BE6k9+m8VE49DHeTO7Eqgr0/GUANG0aOXCoBajpQYFhpRN1UD+tZDZVJF4WJxciJLBD5g6 z5P1V+97bla2PVkDlCUiRmFwRpaMvrmQK+o3GVk5GhzXWnTbZsLKq/bbL1aQrHzIbrFZzI xK7y7YitmGXGn/dwZYqfyQjXwmwl1snKQcNsPr6TY2mTCSU6dUbTgOfewN0vjg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734567145; a=rsa-sha256; cv=none; b=H1B9qXxnb84802lhGm4k9iOcx8VEeQBCucyO20IGxQnwFRSecXF0djU3CHwXjS+H7tj+a9 +5BTPIc9s8nQtFmiXyuiPAE78VoSQnGCMV1on2u6mYaoL7iK0F8P235LjSyPSIfynbGypf plh0vmONTaY4t1cECU+jlZod87ABTyjf4IjG3h63tu5qVvYjoP7SB5sH/aIsUqUgo4zuiM tTf0UgV2/SLB9HykUtK/nKITfl/NUAPlOZDX1jBwwH+YqSU2cWfATTw+nxguxQx7ERgRnR XG9SkKOiYLguKGPByIDnFtAbFH8LyFtPsrP9J2NCp/0u4X3GSe9P+puqKlUhaQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YD9wT5NRSzW40; Thu, 19 Dec 2024 00:12:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJ0CPoD092977; Thu, 19 Dec 2024 00:12:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJ0CPnK092974; Thu, 19 Dec 2024 00:12:25 GMT (envelope-from git) Date: Thu, 19 Dec 2024 00:12:25 GMT Message-Id: <202412190012.4BJ0CPnK092974@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: b762b199afc6 - main - mlx5: Eliminate the use of mlx5_rule_fwd_action List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b762b199afc6ed56ac95ca19c7fc29c2927fa85c Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=b762b199afc6ed56ac95ca19c7fc29c2927fa85c commit b762b199afc6ed56ac95ca19c7fc29c2927fa85c Author: Slava Shwartsman AuthorDate: 2024-12-12 15:57:58 +0000 Commit: Konstantin Belousov CommitDate: 2024-12-18 23:59:42 +0000 mlx5: Eliminate the use of mlx5_rule_fwd_action Driver defined all flow context actions in MLX5_FLOW_CONTEXT_ACTION_*, no need to duplicate them with mlx5_rule_fwd_action. Sponsored by: NVidia networking MFC after: 1 week --- sys/dev/mlx5/fs.h | 6 ------ sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c | 4 ++-- sys/dev/mlx5/mlx5_core/mlx5_eswitch.c | 6 +++--- sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c | 4 ++-- sys/dev/mlx5/mlx5_en/mlx5_en_flow_table.c | 10 +++++----- sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c | 2 +- 6 files changed, 13 insertions(+), 19 deletions(-) diff --git a/sys/dev/mlx5/fs.h b/sys/dev/mlx5/fs.h index ee0d28b6758a..6bb05e004479 100644 --- a/sys/dev/mlx5/fs.h +++ b/sys/dev/mlx5/fs.h @@ -69,12 +69,6 @@ enum { MLX5_FS_SNIFFER_FLOW_TAG = 0xFFFFFD, }; -enum mlx5_rule_fwd_action { - MLX5_FLOW_RULE_FWD_ACTION_ALLOW = 0x1, - MLX5_FLOW_RULE_FWD_ACTION_DROP = 0x2, - MLX5_FLOW_RULE_FWD_ACTION_DEST = 0x4, -}; - enum { MLX5_FS_FLOW_TAG_MASK = 0xFFFFFF, }; diff --git a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c index 9523dc8d5e95..f7950bf61269 100644 --- a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c +++ b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c @@ -321,9 +321,9 @@ static int ipsec_miss_create(struct mlx5_core_dev *mdev, } if (dest) - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_DEST; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST; else - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_DROP; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP; /* Create miss rule */ miss->rule = mlx5_add_flow_rules(ft, NULL, &flow_act, dest, 1); if (IS_ERR(miss->rule)) { diff --git a/sys/dev/mlx5/mlx5_core/mlx5_eswitch.c b/sys/dev/mlx5/mlx5_core/mlx5_eswitch.c index 8c96beeb509f..30f04144502b 100644 --- a/sys/dev/mlx5/mlx5_core/mlx5_eswitch.c +++ b/sys/dev/mlx5/mlx5_core/mlx5_eswitch.c @@ -815,7 +815,7 @@ static int esw_vport_ingress_config(struct mlx5_eswitch *esw, MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag); MLX5_SET_TO_ONES(fte_match_param, spec->match_value, outer_headers.cvlan_tag); - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_DROP; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP; spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS; vport->ingress.drop_rule = mlx5_add_flow_rules(vport->ingress.acl, spec, @@ -867,7 +867,7 @@ static int esw_vport_egress_config(struct mlx5_eswitch *esw, MLX5_SET(fte_match_param, spec->match_value, outer_headers.first_vid, vport->vlan); spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS; - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_ALLOW; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_ALLOW; vport->egress.allowed_vlan = mlx5_add_flow_rules(vport->egress.acl, spec, @@ -879,7 +879,7 @@ static int esw_vport_egress_config(struct mlx5_eswitch *esw, goto out; } - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_DROP; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP; vport->egress.drop_rule = mlx5_add_flow_rules(vport->egress.acl, NULL, &flow_act, NULL, 0); diff --git a/sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c b/sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c index f7ec5af81773..f69c36aa72de 100644 --- a/sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c +++ b/sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c @@ -159,7 +159,7 @@ mlx5e_accel_fs_add_inpcb(struct mlx5e_priv *priv, dest.type = MLX5_FLOW_DESTINATION_TYPE_TIR; dest.tir_num = tirn; - flow_act.action = MLX5_FLOW_RULE_FWD_ACTION_DEST; + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST; flow = mlx5_add_flow_rules(ft->t, spec, &flow_act, &dest, 1); out: @@ -175,7 +175,7 @@ accel_fs_tcp_add_default_rule(struct mlx5e_priv *priv, int type) struct mlx5e_accel_fs_tcp *fs_tcp; struct mlx5_flow_handle *rule; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; fs_tcp = &priv->fts.accel_tcp; diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_flow_table.c b/sys/dev/mlx5/mlx5_en/mlx5_en_flow_table.c index ac275b5b145c..f8be5b9e881c 100644 --- a/sys/dev/mlx5/mlx5_en/mlx5_en_flow_table.c +++ b/sys/dev/mlx5/mlx5_en/mlx5_en_flow_table.c @@ -263,7 +263,7 @@ mlx5e_add_eth_addr_rule_sub(struct mlx5e_priv *priv, u32 tt_vec; int err = 0; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; u8 *mc; u8 *mv; @@ -474,7 +474,7 @@ mlx5e_add_main_vxlan_rules_sub(struct mlx5e_priv *priv, struct mlx5_flow_table *ft = priv->fts.main_vxlan.t; u32 *tirn = priv->tirn_inner_vxlan; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; int err = 0; u8 *mc; @@ -670,7 +670,7 @@ mlx5e_add_vlan_rule_sub(struct mlx5e_priv *priv, struct mlx5_flow_handle **rule_p; int err = 0; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; u8 *mv; u8 *mc; @@ -1671,7 +1671,7 @@ mlx5e_add_vxlan_rule_sub(struct mlx5e_priv *priv, struct mlx5_flow_spec *spec, struct mlx5_flow_handle **rule_p; int err = 0; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; u8 *mc; u8 *mv; @@ -1808,7 +1808,7 @@ mlx5e_add_vxlan_catchall_rule_sub(struct mlx5e_priv *priv, struct mlx5_flow_handle **rule_p; int err = 0; struct mlx5_flow_act flow_act = { - .action = MLX5_FLOW_RULE_FWD_ACTION_DEST, + .action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST, }; spec->flow_context.flow_tag = MLX5_FS_ETH_FLOW_TAG; diff --git a/sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c b/sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c index 1b688b70f3dd..5825cee87d9b 100644 --- a/sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c +++ b/sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c @@ -2213,7 +2213,7 @@ static struct mlx5_ib_flow_handler *create_flow_rule(struct mlx5_ib_dev *dev, } spec->match_criteria_enable = get_match_criteria_enable(spec->match_criteria); - action = dst ? MLX5_FLOW_RULE_FWD_ACTION_DEST : 0; + action = dst ? MLX5_FLOW_CONTEXT_ACTION_FWD_DEST : 0; flow_act.action = action; handler->rule = mlx5_add_flow_rules(ft, spec, &flow_act, dst, 1); From nobody Thu Dec 19 03:15:58 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDG0N4zjrz5hQcG; Thu, 19 Dec 2024 03:16:04 +0000 (UTC) (envelope-from zlei@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDG0N4JTTz4YGg; Thu, 19 Dec 2024 03:16:04 +0000 (UTC) (envelope-from zlei@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734578164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JAUplQ9FgS3j6FA5EZ9pE7Y0c4BFbVSVF2pi8wRgwvw=; b=dc2qS2Z6Wm4GjNdEekMyhdwq8nmmjcQn649pp4suNeDL/d8w4CpDX2PewOozMSbzEVZEVN 5qkQz/UMeU7ukPBKL62rCo7SytwQtBBcIUDs2Bdg0q7FkrstHqlpcGmX9SCwPE+y6IJLra hJ0JXUdxE3WT2wnyK1IMBbABW2CxjGB/C1xANcETsRB3cMCqI6woyQsiKixrCAIuJ3I8pl FWmkK+nGgKFMmY0WVERWH3mx2dg6kDMj6viUacaZGYeSNDlN6ZND7bA/oyJy9XDb7+UicZ yzvD6J2t9LGavWn5VsAQQjerGTZf2+Tn8oZzvbBmKoNHlOQcLXZrXYSEcT1qxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734578164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JAUplQ9FgS3j6FA5EZ9pE7Y0c4BFbVSVF2pi8wRgwvw=; b=ebxBS6moXqI8802llpvy+Gd2qlBggFs6Mlg7rWpnTr2KvXRyIxEbYoH8qav90MBPiZUUAz vRz09xqx0IrB168dVyp4Mp0sNgT7GXa89PZrmLRG7xI1C+1PqGb6pgbNQlJqpwZCVIFI4m eGZr7oRQ9rYuOzsnyFybu8poRySBT2ljufVpNVhHUxMfiBLGiCAnUpBZzM2KROVPDbILde l5pVes0S7I6Wjhb5cXJ4rP8jCrpdU911h9XQttnBu91y3h1S/c2JhjHRHu07ZD7v8jv1KW 1BxtMZnOpDkrOgw2J28YURslyL8+XYEsFrlOnSdHk91qRmV8VStn9j+X+0BRKQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734578164; a=rsa-sha256; cv=none; b=Qeqhw1+kZL0F5z+rRiYxbnvR9BJkOSosv7yjp/dXTC0NSdtDLwcwRCuullqU/njWUhUbnk 2YMa1v1H67gQ1nUAilXROBPA9qVD9fvaDgDwyzogsGQypHKcvAFOnby9YdHY/A3avnImFp LpeyaB5ZNTawLUa3oKzoqd81ww42fhLGDnrCU/o3IVe/6ZU7QnfxT6zldTrNoPaDPj1IbT oJXGqMqM3THFGXYkbn9xhFOQOxGePxRbs8f9B5MHxnQPKUIwl0rIFZAG29tC3JG8jMkZh1 BfAakC15Z5xM3jdcpWqSvUpqpGbzYX7VXv0TzvXOq+FROiiubDSxoU3kltKULA== Received: from smtpclient.apple (ns1.oxydns.net [45.32.91.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zlei/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YDG0L2qVnzGrC; Thu, 19 Dec 2024 03:16:02 +0000 (UTC) (envelope-from zlei@FreeBSD.org) Content-Type: text/plain; charset=us-ascii List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.10\)) Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length From: Zhenlei Huang In-Reply-To: Date: Thu, 19 Dec 2024 11:15:58 +0800 Cc: Gleb Smirnoff , John Baldwin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <2FBF4C12-1A98-4404-92A8-4B7AA3520662@FreeBSD.org> References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> To: Ed Maste X-Mailer: Apple Mail (2.3696.120.41.1.10) > On Dec 19, 2024, at 5:21 AM, Ed Maste wrote: >=20 > On Wed, 18 Dec 2024 at 12:12, Gleb Smirnoff = wrote: >>=20 >> E> The status quo of --short=3D12 should be fine for quite some time. >>=20 >> AFAIU John's concern is that you can't guarantee a reproducible build = from a >> "dirty" repository. A repository that has more branches than just = the official >> ones. I just make a quick check on Netflix repo, that has both the = current >> FreeBSD history and the before-the-official-git history together, as = well as >> splitted ports subdirectories and of course our own stuff. For short = hashes >> there are roughly 2x more ambiguities than for a "clean" repo. = Apparently >> chance of collision on a long hash is also doubled. >=20 > I suspect the six or seven character hashes I listed are still unique > in your repository. If not, adding one more character to get to seven > or eight will be enough. Pick a release and give `git rev-parse > --verify --short=3D1 ` a try in your repo -- I'm sure you'll get = a > unique short hash that's still much shorter than 12 characters. Just a reminder, we also have git_cnt, so even a combination of non-uniq short git hash and `git_cnt` is still sufficient to spot which version = was built from. So I do not think we need pay much concern with this, unless we drop = `git_cnt`. Best regards, Zhenlei From nobody Thu Dec 19 04:11:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDHDg18c6z5hVTr; Thu, 19 Dec 2024 04:11:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDHDf5P3Hz4fKT; Thu, 19 Dec 2024 04:11:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734581506; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0B12UZyrRk4OcBbonfF1UG7IoKLAkJZc+m7C4/pYruM=; b=RgUfQuPLX2LH6Ay4kKHVbIT3IDv+EZta5xWt666rXH53iy/Y9ajVcQjUQ999Z7fpLVYEqY 3TVtvrX5e1n6fW62MpyH3aNr/XyiPh5b338sN5z/2Iz9woc8Xi7Lfh1ZiFV0nxXUmuMPb0 +pibotrFDxGfDZrx3aajChz4CUb7p1+Lm1LtK6mtXsIkBJ+qVFgrf4b2yNmKc+3svt2IdJ fuAbLi5942UHftWyfogVfho2Ncr9C5EfqaUoy7gkwjYtdgYN4pyzyaWvbEeCQ+V1NNhTc5 XwErrPwOlBUJ5Z/clMZs436fL00fvRGNId13IW7/lLta40beo3h5fzURdGqB3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734581506; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0B12UZyrRk4OcBbonfF1UG7IoKLAkJZc+m7C4/pYruM=; b=A4sZpsskzRsUjLGSOdUfKFhL4L+yDxk9XoP4JzjTHx1AVzqDbdTdGN83NRsO5ml/cqbECk a7CykRQ48xCxgORwdfzW3dR4RGxMCB9RwbGNuDny+f4VPEpm1t2qHcoDaCzGHylgcIJGs8 qJwI5b43iBdvFMHQKzVYH8EBLgddHO3t2G4SUtuIpnKl8WyZfGzUKJ5OycKM2NBnZ584Ym iKP2jphbXot2QAdA5kz8G4VnIInKFKjcPgYaM54IGViNCMFcnSeWBLy+AkBHkPTfQ8YD31 GDk8cggRW9/em8ednSCYvsNNPU1povI0g+fcx5r6/nHRKTJTwKJqSbB8DU70xQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734581506; a=rsa-sha256; cv=none; b=x+kC10nGTwc6UG/0zUR6pNOdrjTNC8aWbWdd97LvAtfbgKosKgNj8SiYb5pzbzWVY12qWe CgHompXQqrLIjTIy1m4o/1kx7BtbUOmDLeUuyzDiacHZ2pqZBy9ti+yVPB4tcX3Xz64htw MaGdw7cECU3jBJhVGzABgNf6bw6zgcQ6RTz03mjsVIJV9t3XywdT9dttkpjqrc+ABjrk8n r2SH/DSxGTl5t/XaO0ksdOXBpKRwqNbb96s01oXZntrVwnSS+RmhP2G+ypdQx5IrKa67S/ rzPvTpS6ExdCWKZ3tERxywbwvbNRujzUDXFJN5FiV1nA3NV3RYFifoGlH8fX0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDHDf50KPzdZS; Thu, 19 Dec 2024 04:11:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJ4Bkf6040937; Thu, 19 Dec 2024 04:11:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJ4Bkl1040934; Thu, 19 Dec 2024 04:11:46 GMT (envelope-from git) Date: Thu, 19 Dec 2024 04:11:46 GMT Message-Id: <202412190411.4BJ4Bkl1040934@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: c91dd7a054b3 - main - tcp: remove unused variable from tcp_usr_disconnect() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c91dd7a054b3f2bc0325749950816bed3e6397e8 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=c91dd7a054b3f2bc0325749950816bed3e6397e8 commit c91dd7a054b3f2bc0325749950816bed3e6397e8 Author: Gleb Smirnoff AuthorDate: 2024-12-19 04:11:34 +0000 Commit: Gleb Smirnoff CommitDate: 2024-12-19 04:11:34 +0000 tcp: remove unused variable from tcp_usr_disconnect() --- sys/netinet/tcp_usrreq.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index b5725eb1ce86..35578b348c9f 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -685,7 +685,6 @@ tcp_usr_disconnect(struct socket *so) struct inpcb *inp; struct tcpcb *tp = NULL; struct epoch_tracker et; - int error = 0; NET_EPOCH_ENTER(et); inp = sotoinpcb(so); @@ -702,11 +701,11 @@ tcp_usr_disconnect(struct socket *so) goto out; tcp_disconnect(tp); out: - tcp_bblog_pru(tp, PRU_DISCONNECT, error); + tcp_bblog_pru(tp, PRU_DISCONNECT, 0); TCP_PROBE2(debug__user, tp, PRU_DISCONNECT); INP_WUNLOCK(inp); NET_EPOCH_EXIT(et); - return (error); + return (0); } #ifdef INET From nobody Thu Dec 19 13:49:49 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDX3d441Lz5hDxr; Thu, 19 Dec 2024 13:49:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDX3d3b9vz4c2F; Thu, 19 Dec 2024 13:49:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734616189; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dycCJ1bUZczQH7WIeNIdzKkuE7+C82Cu5KhUYAc7hBM=; b=LC1A3+bwEieXxfVvlf9VkB3ITQ1otNZFt7Kbt4mq8HT5TheHPDeqmRLM1BenE/8Uigf80j ZlE/9YobXyyHZIxa2FqfmGVfoSJ1VOSR34Sv1sI1POYJbmJ4XT9eA3HYtPm5cFw6XcRsb6 EAf5o9jaIHPhrlWCgDUPTj6c61YU3DX+SYfUvrjE+7riFW2rTiIT/OLgliZC3qPlozo0g8 qIKhgoNWEcS70MG/8zFjHJtvr4GsddTOd8Ac0GJIVSgPh0q42wsFcRauLBxscYE+oI8RYo i6T7XnKg8oEX9ITMGqQnVtyd/vzCulrp9HvHnWIIT05oWio2UVSjDwHbrC0goQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734616189; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dycCJ1bUZczQH7WIeNIdzKkuE7+C82Cu5KhUYAc7hBM=; b=AdWEuc1HHk0sp/TtHLKtZzPA5OII3+/0AidZimBxc5u2JK9A8byAsXrpnqg+8abCUaF8Uf MEr2E+NosFu3lGaYy4zWXO/ZOpLopCvPiftoWEZSV2T6V4Hs3Ds3ATQP4wtlYhvskTy9w4 oDwleWQElcVuE7lR460nNnLBw722c4DEutqQ3gzJjmxOjf7/7sX0R3YfO7B45JrTvgymcu e46Y+RZPxD+vIWGiz3+31t6e5I4YUoKLykcXMLGtG9X1E4VROMe14TY0UCaFTpWiEk8j3G pRUmglb3IOJn7UhrQrOR0OTT+UwNJZYEXnLEi8MGuP9ZMfWvyISZk2J8nr0FFA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734616189; a=rsa-sha256; cv=none; b=Qqnb/nE7HejJ3O6NzsYZU9x6n7PkB/+j08qr0mrx/PtDx3l6wgFAfJKlaW+seHHuBUZVW1 Hh9KVQaDiYZ5x6jPyWGyobZ7hLdKpGkVpoJ7Va8Di3iG8Su8SElW+obIL56q7hJUIq3jVc +tB8NsCQ8jSSCvFqnZ/igcNuY66Jkpmsm6VQeW32/EI6vD0lZICnmnv0a+5/lnIZ2oKp9E P5GljFIovtqEEzSVUTNWWoV4bziEqKDzFfjjxBA+5719qwBAaavMnF6lFm1WMmv8IKbWzJ KwIfoXHDNBcD6tGLI08VTTVjbaPa2jqnSlr1NPG4PWAy7YV/2mGCh3/Dw7bUsQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDX3d39kmzw1B; Thu, 19 Dec 2024 13:49:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJDnnh0010678; Thu, 19 Dec 2024 13:49:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJDnnV4010675; Thu, 19 Dec 2024 13:49:49 GMT (envelope-from git) Date: Thu, 19 Dec 2024 13:49:49 GMT Message-Id: <202412191349.4BJDnnV4010675@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 38663adb6144 - main - Revert "ixl: fix multicast filters handling" List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 38663adb61440bd659fb457909782b71ba8806fa Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=38663adb61440bd659fb457909782b71ba8806fa commit 38663adb61440bd659fb457909782b71ba8806fa Author: Franco Fichtner AuthorDate: 2024-12-11 14:08:40 +0000 Commit: Mark Johnston CommitDate: 2024-12-19 13:49:30 +0000 Revert "ixl: fix multicast filters handling" This reverts commit 89e73359424a338a7900a4854ad7439f5848ebb8. PR: 281125 Reviewed by: Krzysztof Galazka MFC after: 3 days Pull Request: https://github.com/freebsd/freebsd-src/pull/1545 --- sys/dev/ixl/ixl_pf_main.c | 97 +++++------------------------------------------ 1 file changed, 10 insertions(+), 87 deletions(-) diff --git a/sys/dev/ixl/ixl_pf_main.c b/sys/dev/ixl/ixl_pf_main.c index 9755136df848..1752efc02fff 100644 --- a/sys/dev/ixl/ixl_pf_main.c +++ b/sys/dev/ixl/ixl_pf_main.c @@ -593,15 +593,6 @@ ixl_add_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) * Routines for multicast and vlan filter management. * *********************************************************************/ - -/** - * ixl_add_multi - Add multicast filters to the hardware - * @vsi: The VSI structure - * - * In case number of multicast filters in the IFP exceeds 127 entries, - * multicast promiscuous mode will be enabled and the filters will be removed - * from the hardware - */ void ixl_add_multi(struct ixl_vsi *vsi) { @@ -609,20 +600,14 @@ ixl_add_multi(struct ixl_vsi *vsi) struct i40e_hw *hw = vsi->hw; int mcnt = 0; struct ixl_add_maddr_arg cb_arg; - enum i40e_status_code status; IOCTL_DEBUGOUT("ixl_add_multi: begin"); mcnt = if_llmaddr_count(ifp); if (__predict_false(mcnt >= MAX_MULTICAST_ADDR)) { - status = i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, - TRUE, NULL); - if (status != I40E_SUCCESS) - if_printf(ifp, "Failed to enable multicast promiscuous " - "mode, status: %s\n", i40e_stat_str(hw, status)); - else - if_printf(ifp, "Enabled multicast promiscuous mode\n"); - /* Delete all existing MC filters */ + i40e_aq_set_vsi_multicast_promiscuous(hw, + vsi->seid, TRUE, NULL); + /* delete all existing MC filters */ ixl_del_multi(vsi, true); return; } @@ -648,92 +633,30 @@ ixl_match_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) return (0); } -/** - * ixl_dis_multi_promisc - Disable multicast promiscuous mode - * @vsi: The VSI structure - * @vsi_mcnt: Number of multicast filters in the VSI - * - * Disable multicast promiscuous mode based on number of entries in the IFP - * and the VSI, then re-add multicast filters. - * - */ -static void -ixl_dis_multi_promisc(struct ixl_vsi *vsi, int vsi_mcnt) -{ - struct ifnet *ifp = vsi->ifp; - struct i40e_hw *hw = vsi->hw; - int ifp_mcnt = 0; - enum i40e_status_code status; - - ifp_mcnt = if_llmaddr_count(ifp); - /* - * Equal lists or empty ifp list mean the list has not been changed - * and in such case avoid disabling multicast promiscuous mode as it - * was not previously enabled. Case where multicast promiscuous mode has - * been enabled is when vsi_mcnt == 0 && ifp_mcnt > 0. - */ - if (ifp_mcnt == vsi_mcnt || ifp_mcnt == 0 || - ifp_mcnt >= MAX_MULTICAST_ADDR) - return; - - status = i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, - FALSE, NULL); - if (status != I40E_SUCCESS) { - if_printf(ifp, "Failed to disable multicast promiscuous " - "mode, status: %s\n", i40e_stat_str(hw, status)); - - return; - } - - if_printf(ifp, "Disabled multicast promiscuous mode\n"); - - ixl_add_multi(vsi); -} - -/** - * ixl_del_multi - Delete multicast filters from the hardware - * @vsi: The VSI structure - * @all: Bool to determine if all the multicast filters should be removed - * - * In case number of multicast filters in the IFP drops to 127 entries, - * multicast promiscuous mode will be disabled and the filters will be reapplied - * to the hardware. - */ void ixl_del_multi(struct ixl_vsi *vsi, bool all) { - int to_del_cnt = 0, vsi_mcnt = 0; + struct ixl_ftl_head to_del; if_t ifp = vsi->ifp; struct ixl_mac_filter *f, *fn; - struct ixl_ftl_head to_del; + int mcnt = 0; IOCTL_DEBUGOUT("ixl_del_multi: begin"); LIST_INIT(&to_del); /* Search for removed multicast addresses */ LIST_FOREACH_SAFE(f, &vsi->ftl, ftle, fn) { - if ((f->flags & IXL_FILTER_MC) == 0) - continue; - - /* Count all the multicast filters in the VSI for comparison */ - vsi_mcnt++; - - if (!all && if_foreach_llmaddr(ifp, ixl_match_maddr, f) != 0) + if ((f->flags & IXL_FILTER_MC) == 0 || + (!all && (if_foreach_llmaddr(ifp, ixl_match_maddr, f) == 0))) continue; LIST_REMOVE(f, ftle); LIST_INSERT_HEAD(&to_del, f, ftle); - to_del_cnt++; - } - - if (to_del_cnt > 0) { - ixl_del_hw_filters(vsi, &to_del, to_del_cnt); - return; + mcnt++; } - ixl_dis_multi_promisc(vsi, vsi_mcnt); - - IOCTL_DEBUGOUT("ixl_del_multi: end"); + if (mcnt > 0) + ixl_del_hw_filters(vsi, &to_del, mcnt); } void From nobody Thu Dec 19 15:03:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDYhC00P1z5hKSV; Thu, 19 Dec 2024 15:03:07 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDYhB68Ynz4jdC; Thu, 19 Dec 2024 15:03:06 +0000 (UTC) (envelope-from jhb@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734620586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yofb/PkEJ1Rk8tc1Fr+s2IGTRptS8/zdesTY+pj6YQ8=; b=JH3aTxwKMdOiGuenaO7Ijwdc7mKatBLgm5Nm48veVRicZd3ygj3y0Mg6yWX8YjxjojfrGI jSSHiHMFPHSpK+i1L89r2hxovFt4urr3PHA8rS5PkjzwtcMZl4aXHPYz72CU9ae24SvIyN wgBlZXPz6awJrBEvtu1apzb5AWfRxNqEOvE3BWju9a74eS5Cy58AYvyO6nAiOdLqHOBuLw zLr7dtTz92BWRYI6wiRGJ3TCQtR15uPl7LVG27Uv7M+NGxnvpFAMCTUkFu4lMWaH0d/FOS 9rycxWUl+CPIvwI0H05dewjBu1+f/QqCCBkQDlHYxdFZCYTnb/cGVsyCWsMj8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734620586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yofb/PkEJ1Rk8tc1Fr+s2IGTRptS8/zdesTY+pj6YQ8=; b=ikNWxmL+ZgheA41jK5GMkkCHeYsKeSsiKPDZ6oaKKNWSFqkm6OWpuZKCjn8x1ggZGhbD31 a5Z7nBkaLARjUhxKwZbX3sM+NuQfRP7aE3nzdLdeGiIXnLxAfUpH7H9kxdpL2DgmfhQoUU PJPgI5/3FMgMx3SyDMaMf1ctJPM4AR3xdrFbc7KJWyVPFhA2fekntlI5YsUm1cVFJ3+RHP Mh9/z2H3IeFP1pgFRPGLxoEDUmoOD1hWQGBC0HOs6kLwLATtptiuWjwsy4G7ZvwDfHdpxe 1CdokZS9n9ld5WIzSEAhC5Vc7h5BEug8D336/+yfMPxssQyfQfgCmQ7zG6qLEA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734620586; a=rsa-sha256; cv=none; b=edCxxchZepBpm4sIrjTWp9nmVx6b5bSjkO6ps7q8ID0De0tGBhWg1h4H22iPIYVR5CHkfe nAyi/zXRWBpNwv/ieAvjoGrv/N4+Q5oCmk6auI8qYb6M7I/NVeldMw3lQSI5PyOeXhief3 8dafqSSn7VfrAC5tWpkX9QLpymiGdI1VKkabDLEJunqUuCA9n8reiaBONzWcpliz4dtxTc t4fTb45Awu5xBynj+bnMk4K8jbyWxr5kikDu5061qPzdZKKOfBs/QxEdssC+MUPy/Jxb+g 4V29N2TpQVfIY13jY5vs1lVZPP3guITu07eip76GUy7tE6neNAR99fPuxPS9aw== Received: from [IPV6:2601:5c0:4200:b830:f819:cd88:aeb3:e21d] (unknown [IPv6:2601:5c0:4200:b830:f819:cd88:aeb3:e21d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YDYhB47WJzXDh; Thu, 19 Dec 2024 15:03:06 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Message-ID: <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> Date: Thu, 19 Dec 2024 10:03:05 -0500 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length Content-Language: en-US To: Gleb Smirnoff , Ed Maste Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> From: John Baldwin In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/18/24 12:12, Gleb Smirnoff wrote: > On Wed, Dec 18, 2024 at 10:22:24AM -0500, Ed Maste wrote: > E> That said, it doesn't matter what Git's algorithm chooses as the short > E> hash length; specifying --short bypasses that algorithm. `git > E> rev-parse --verify --short=12 HEAD` will give us a 12-character short > E> hash as long as that hash is unique. The reproducibility concern is > E> thus: what is the probability that the 12-character short hash is > E> unique at the time and in a repo from which an image is built, but is > E> not unique for the attempt to reproduce it, or vice-versa. This > E> probability is rather small. > E> > E> If you look at arbitrary commits 6 or 7 characters are usually > E> sufficient for a unique hash today. For instance, some latest -pX from > E> recent releng/ branches: > E> > E> 13.3: 72aa3d > E> 13.4: 3f40d5 > E> 14.0: f10e32 > E> 14.1: 74b6c98 > E> 14.2: c8918d6 > E> > E> The status quo of --short=12 should be fine for quite some time. > > AFAIU John's concern is that you can't guarantee a reproducible build from a > "dirty" repository. A repository that has more branches than just the official > ones. I just make a quick check on Netflix repo, that has both the current > FreeBSD history and the before-the-official-git history together, as well as > splitted ports subdirectories and of course our own stuff. For short hashes > there are roughly 2x more ambiguities than for a "clean" repo. Apparently > chance of collision on a long hash is also doubled. > > We can of course say that we don't provide reproducible builds from a "dirty" > repo. But would be a real limitation. That would cancel a legitimate > scenario: > > git subtree add FreeBSD && cd FreeBSD && make a reproducible build In particular, the dirty repository scenario I imagine is FreeBSD's official repository at some point in the future. A question though is how far in the future would it have to be to matter. If we would need 100+ years at our current commit rate to matter, then this is probably moot. The other point I guess is that how many other user git settings can affect the build? Should we not require an empty global git config as a prereq for someone who wants a reproducible build (and use the same setup for our official builds) and say that if you adjust your user config to impact the build that's kind of your problem? -- John Baldwin From nobody Thu Dec 19 15:39:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDZVK57plz5hMZH; Thu, 19 Dec 2024 15:39:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDZVK4Pr5z4l5N; Thu, 19 Dec 2024 15:39:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734622777; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sHWJ6lf3FbLHj5XasYG/lgnreLkrbWQC90zX11HXZps=; b=KmrxhoTntN8PYI613tCrHI8GlsIYnjZWzUUdzrhcaLpEp03NmiaZJLaY4u3uedQ6E2/nJh DjmUZajpBUalQ1zu+LA2iiayItDZH3yVuO7CMUQzgGD3cdcbw3HhMc1OzP9NbLWSbrBzAd +mPMpetvcLuaCNJi0X1glSpWtvrAiwaoE25OooJcPxdJNHReJ//CT7w8c/V19hDxaz6sfS Zncb9OLJwTYoW/HgTZ9uGcIJfAGQLOjnKXCA1xA3P87eHi+jFfpkQuvqWuaJp74SyXGeGy S8OyNqZAPfPEJeO/12NzSXpSYG02e3wHtdANZA0XA0/cLMYZejbdLyvAd5ZPxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734622777; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sHWJ6lf3FbLHj5XasYG/lgnreLkrbWQC90zX11HXZps=; b=pTs1Ifn0eE0CQa9jmxaMD+5h4hUFOpsp8DKKSqBzGtThl3iu9HyfI2rWiuyChu5wx8+i+i 3/UtWv35aFrRLJE4TmTSMnk4PlUChRD/iLOAywdQEkkREw01ddkHesAmSfYW/BCNVVvi45 gK5SUPT+H9Xwcu6dsErBOB1KKMxrrvdRiXC6f0RYF6kQDNBtdjpxybqbX0o4LmB8I/wkMt r2zgAMG+kwDmUqBoSK3/pWvZKHu2XTOxqaE4Ef8mJRGZSMJhu/VZbJSWMcx19hET0ghJEb Au4k+N0+B99aZtTQWmh6EdE8glj4uRM/HU6kv3d0cB1U6NanAiC0G/tXjIfcRA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734622777; a=rsa-sha256; cv=none; b=yWWq6QfZ2Xi3BSuYPwSqFDiZt7sC1W/36/KaX3DvH8lEhHOAHMlk7dMnoQ8SZ8Dy1rJUoU IzD99dIimELbNkFfUtDAk7jShFP2arPYvhutlTxWJqKLxaZyIrSWlp4+4KK9RO9cQwf/yn BDqcqNGdn9Y3u2VExuCcaig+h4ORFrIXKYfIQdphCZ41wxM4jZswxZEXNpamDfRaDCxuME miK77aX0B4P6grP0OPY/EZuSwYuOZTd9uunXKcS7RH8K3O3m4kLvoWdFZlTTELoGmC+NqJ VYTt9Onp0H5qMAi4CXhJbLxrIT2QHZVO0zBjk1YPYsHRiFfM5/PXquRKKo6Fwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDZVK3m6xz10Vv; Thu, 19 Dec 2024 15:39:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJFdbFp016396; Thu, 19 Dec 2024 15:39:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJFdbbE016393; Thu, 19 Dec 2024 15:39:37 GMT (envelope-from git) Date: Thu, 19 Dec 2024 15:39:37 GMT Message-Id: <202412191539.4BJFdbbE016393@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Richard Scheffenegger Subject: git: 31034044ff27 - main - tcp: cleanup of nits after use of accessor tcp_get_flags List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rscheff X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 31034044ff27443489cb416ca520c07421712f69 Auto-Submitted: auto-generated The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=31034044ff27443489cb416ca520c07421712f69 commit 31034044ff27443489cb416ca520c07421712f69 Author: Richard Scheffenegger AuthorDate: 2024-12-19 13:47:32 +0000 Commit: Richard Scheffenegger CommitDate: 2024-12-19 15:37:24 +0000 tcp: cleanup of nits after use of accessor tcp_get_flags Remove unneeded th_x2 initalization, use named constants instead of magic numbers (fixing one oversight) and add some line breaks. Expand one man page slightly. No functional change intended. Reviewed By: tuexen, cc Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D48065 --- cddl/lib/libdtrace/tcp.d | 4 ++-- sbin/ipf/iplang/iplang_y.y | 3 ++- sbin/ipf/ipsend/ipsend.1 | 2 +- sbin/ipf/ipsend/ipsend.c | 2 +- sbin/ipf/ipsend/iptests.c | 3 +-- sbin/ipf/ipsend/resend.c | 2 +- sbin/ipf/libipf/ipft_tx.c | 10 ++++++---- sbin/ipf/libipf/printpacket.c | 4 ++-- usr.sbin/ppp/ip.c | 4 +--- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cddl/lib/libdtrace/tcp.d b/cddl/lib/libdtrace/tcp.d index 0df4e16d41d0..8f51675df305 100644 --- a/cddl/lib/libdtrace/tcp.d +++ b/cddl/lib/libdtrace/tcp.d @@ -97,7 +97,7 @@ inline uint16_t TH_ECE = 0x40; #pragma D binding "1.6.3" TH_CWR inline uint16_t TH_CWR = 0x80; #pragma D binding "1.6.3" TH_AE -inline uint16_t TH_AE = 0x100; +inline uint16_t TH_AE = 0x100; /* TCP connection state strings. */ #pragma D binding "1.6.3" tcp_state_string @@ -332,7 +332,7 @@ inline string tcpflag_string[uint16_t flags] = flags & TH_URG ? "URG" : flags & TH_ECE ? "ECE" : flags & TH_CWR ? "CWR" : - flags & TH_AE ? "AE" : + flags & TH_AE ? "AE" : "unknown" ; #pragma D binding "1.12.1" PRU_ATTACH diff --git a/sbin/ipf/iplang/iplang_y.y b/sbin/ipf/iplang/iplang_y.y index ce55ad277c1a..9e8ebf4e4312 100644 --- a/sbin/ipf/iplang/iplang_y.y +++ b/sbin/ipf/iplang/iplang_y.y @@ -1059,7 +1059,8 @@ void set_tcpflags(char **arg) __tcp_set_flags(tcp, strtol(*arg, NULL, 0)); break; } else - __tcp_set_flags(tcp, __tcp_get_flags(tcp) | flagv[t - flags]); + __tcp_set_flags(tcp, __tcp_get_flags(tcp) | + flagv[t - flags]); free(*arg); *arg = NULL; } diff --git a/sbin/ipf/ipsend/ipsend.1 b/sbin/ipf/ipsend/ipsend.1 index 57d29ba8569a..3cbb991694b1 100644 --- a/sbin/ipf/ipsend/ipsend.1 +++ b/sbin/ipf/ipsend/ipsend.1 @@ -39,7 +39,7 @@ ipsend \- sends IP packets packets to a destination host, using command line options to specify various attributes present in the headers. The \fIdestination\fP must be given as the last command line option, except for when TCP flags are specified as -a combination of A, S, F, U, P and R, last. +a combination of A, S, F, U, P, R, E, W and e, last. .PP The other way it may be compiled, with DOSOCKET defined, is to allow an attempt at making a TCP connection using a with ipsend resending the SYN diff --git a/sbin/ipf/ipsend/ipsend.c b/sbin/ipf/ipsend/ipsend.c index 2e2cf8f36fa2..78a8ccaa3f30 100644 --- a/sbin/ipf/ipsend/ipsend.c +++ b/sbin/ipf/ipsend/ipsend.c @@ -399,7 +399,7 @@ main(int argc, char **argv) printf("Source: %s\n", inet_ntoa(ip->ip_src)); printf("Dest: %s\n", inet_ntoa(ip->ip_dst)); printf("Gateway: %s\n", inet_ntoa(gwip)); - if (ip->ip_p == IPPROTO_TCP && __tcp_get_flags(tcp)) + if (ip->ip_p == IPPROTO_TCP && __tcp_get_flags(tcp) != 0) printf("Flags: %#x\n", __tcp_get_flags(tcp)); printf("mtu: %d\n", mtu); diff --git a/sbin/ipf/ipsend/iptests.c b/sbin/ipf/ipsend/iptests.c index eb8001b579d8..6f95970a83aa 100644 --- a/sbin/ipf/ipsend/iptests.c +++ b/sbin/ipf/ipsend/iptests.c @@ -903,7 +903,6 @@ ip_test5(char *dev, int mtu, ip_t *ip, struct in_addr gwip, int ptest) int nfd, i; t = (tcphdr_t *)((char *)ip + (IP_HL(ip) << 2)); - t->th_x2 = 0; TCP_OFF_A(t, 0); t->th_sport = htons(1); t->th_dport = htons(1); @@ -920,7 +919,7 @@ ip_test5(char *dev, int mtu, ip_t *ip, struct in_addr gwip, int ptest) if (!ptest || (ptest == 1)) { /* - * Test 1: flags variations, 0 - 3f + * Test 1: flags variations, 0 - 1ff */ TCP_OFF_A(t, sizeof(*t) >> 2); printf("5.1 Test TCP flag combinations\n"); diff --git a/sbin/ipf/ipsend/resend.c b/sbin/ipf/ipsend/resend.c index bbecf46e51c0..a306edddff19 100644 --- a/sbin/ipf/ipsend/resend.c +++ b/sbin/ipf/ipsend/resend.c @@ -50,7 +50,7 @@ dumppacket(ip_t *ip) if (ip->ip_p == IPPROTO_TCP) { printf(" seq %lu:%lu flags ", (u_long)t->th_seq, (u_long)t->th_ack); - for (j = 0, i = 1; i < 256; i *= 2, j++) + for (j = 0, i = 1; i < TH_FLAGS; i <<= 1, j++) if (__tcp_get_flags(t) & i) printf("%c", "FSRPAUEWe"[j]); } diff --git a/sbin/ipf/libipf/ipft_tx.c b/sbin/ipf/libipf/ipft_tx.c index 87e0fcb449d2..1e23f06be3fd 100644 --- a/sbin/ipf/libipf/ipft_tx.c +++ b/sbin/ipf/libipf/ipft_tx.c @@ -267,8 +267,9 @@ parseline(char *line, ip_t *ip, char **ifn, int *out) __tcp_set_flags(tcp, 0); for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - __tcp_set_flags(tcp, __tcp_get_flags(tcp) | myflags[t-myflagset]); + if ((t = strchr(myflagset, *s))) + __tcp_set_flags(tcp, __tcp_get_flags(tcp) | + myflags[t-myflagset]); if (__tcp_get_flags(tcp)) cpp++; } @@ -438,8 +439,9 @@ parseipv6(char **cpp, ip6_t *ip6, char **ifn, int *out) __tcp_set_flags(tcp, 0); for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - __tcp_set_flags(tcp, __tcp_get_flags(tcp) | myflags[t-myflagset]); + if ((t = strchr(myflagset, *s))) + __tcp_set_flags(tcp, __tcp_get_flags(tcp) | + myflags[t-myflagset]); if (__tcp_get_flags(tcp)) cpp++; } diff --git a/sbin/ipf/libipf/printpacket.c b/sbin/ipf/libipf/printpacket.c index 5d1d79bb4bb9..f8407c3a3102 100644 --- a/sbin/ipf/libipf/printpacket.c +++ b/sbin/ipf/libipf/printpacket.c @@ -13,7 +13,6 @@ # define IP_OFFMASK 0x3fff #endif - void printpacket(int dir, mb_t *m) { @@ -83,7 +82,8 @@ printpacket(int dir, mb_t *m) if (!(off & IP_OFFMASK)) { if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) PRINTF(",%d", ntohs(tcp->th_dport)); - if ((ip->ip_p == IPPROTO_TCP) && ((tcpflags = __tcp_get_flags(tcp)) != 0)) { + if ((ip->ip_p == IPPROTO_TCP) && + ((tcpflags = __tcp_get_flags(tcp)) != 0)) { putchar(' '); if (tcpflags & TH_FIN) putchar('F'); diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c index b4c38f1933e5..aea1a812e2ea 100644 --- a/usr.sbin/ppp/ip.c +++ b/usr.sbin/ppp/ip.c @@ -829,13 +829,11 @@ PacketCheck(struct bundle *bundle, u_int32_t family, snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s:%d", ncpaddr_ntoa(&dstaddr), ntohs(th->th_dport)); loglen += strlen(logbuf + loglen); - n = 0; - for (mask = TH_FIN; mask <= TH_FLAGS; mask <<= 1) { + for (mask = TH_FIN, n = 0; mask <= TH_FLAGS; mask <<= 1, n++) { if (__tcp_get_flags(th) & mask) { snprintf(logbuf + loglen, sizeof logbuf - loglen, " %s", TcpFlags[n]); loglen += strlen(logbuf + loglen); } - n++; } snprintf(logbuf + loglen, sizeof logbuf - loglen, " seq:%lx ack:%lx (%d/%d)", From nobody Thu Dec 19 15:39:38 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDZVL5lZPz5hMbN; Thu, 19 Dec 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDZVL4gdLz4lG5; Thu, 19 Dec 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734622778; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DFIF2UQswIqXRv9RZ+WFodzIXIoo1dVM47uMxI1jl/I=; b=jWzeNJsyGSrbT7o//uSPT2DTGFVH54vmxh78MTwAJGbY40D+TXkp+7Z9Ab0rushHs9eNf8 5gWDESDhgRZr6H2nsqUW38LQ800tnN7bB63AMdkXaNRo5F+CMw49r/qmxgO3IatJ7A+Tn3 jQPCkniPznepe+P9gNWto3Nf2WximBZ0G+3UB0dsatyaN5sJyea6TjSs6odBBrEz4F5WzY ExcIemwlnII/QUsOTjNdH2fwaofB48j5wZSq9N/w6YiGcRaNcc27j8vKTfloCA9QHaG9KE DnwebloToRsvj+i00QHQP+egGy/v9dQvKYsDRDJt3DbGBQpWCtAZWoXzuuXBsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734622778; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DFIF2UQswIqXRv9RZ+WFodzIXIoo1dVM47uMxI1jl/I=; b=h6zoq1kzFVX4/KXe6m/MqsxzN/H6yCmICQmJ4KSpf+jpfYvfX4YN+MgDBAVjp0qEn6WtrL VhC7mJagoddNGS6iZGwKHiPz3fwKPZgqcqhtnXm3u8ILUp8p8n8+89tQ4S+YpLZiBWpmFv eG6rAmKqbdrbRWJOgjAMfoI0ym5G+y774ZUAgigKdtM5303BYGTfCUhZlJhhG2DWh5u8XR aNZj+PJM5BnW6fTbczPWs3zf0TVt3+1SAZlZZA6QGBn08MqIdOnFIHuQrM7tuLSutmxXdx 0P+59pk0jXc3xRgC3962K9GXKftifUqLtPJ9y6hhnqUtPrMIXgpwhvRygFX2QA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734622778; a=rsa-sha256; cv=none; b=OuLwpa9jpbVH2cri5mm8a7CGZD9Xb+80hbnTQqRFPx4YexZvHX5RC0PwQBjKgmqzUIvPDP 0k3zQeRxTObuNboPpTea7UMP+VCoILtUngsI1DmL9keWkzYKz/H7F+bVYKg5W8tuZlI1Xq KM1851K0O1vP2wB8IbuwujnufUXokknbtBtc4X0ajyAq4XYSIh0FW+DFkSBIHdMQH8rG/Q FIca+eQ+uqWxaT3ieVBsChVaa6HotSfeoLPCRq5TU08aYLVyk+ME/SGe6tcDu8NoEyQZkR BIzZzl5u8I5m8qUBktzwtJwv+JN7CYt5zTf3E16qlHZOx1W1kjUBFx5S+OebEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDZVL4Gjlz10Sl; Thu, 19 Dec 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJFdcda016438; Thu, 19 Dec 2024 15:39:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJFdcNd016435; Thu, 19 Dec 2024 15:39:38 GMT (envelope-from git) Date: Thu, 19 Dec 2024 15:39:38 GMT Message-Id: <202412191539.4BJFdcNd016435@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Richard Scheffenegger Subject: git: 8e7802851e6c - main - ip_fw: address lock order reversal List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rscheff X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8e7802851e6c08823efeaf0ca6e65f322662a867 Auto-Submitted: auto-generated The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=8e7802851e6c08823efeaf0ca6e65f322662a867 commit 8e7802851e6c08823efeaf0ca6e65f322662a867 Author: Richard Scheffenegger AuthorDate: 2024-12-19 14:23:41 +0000 Commit: Richard Scheffenegger CommitDate: 2024-12-19 15:37:38 +0000 ip_fw: address lock order reversal Maintain lock ordering in ip_fw2.c by tracking any nested locking using a flag, and then executing the locking in the correct order. Reported by: Jimmy Zhang Obtained from: Jimmy Zhang Sponsored by: NetApp, Inc. Reviewed By: glebius, ae Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D48069 --- sys/netpfil/ipfw/ip_fw2.c | 71 ++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 28 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 697ee145a943..44a29b5689bc 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -884,14 +884,15 @@ map_icmp_unreach(int code) } static void -send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6) +send_reject6(struct ip_fw_args *args, int code, u_int hlen, + const struct ip6_hdr *ip6) { struct mbuf *m; m = args->m; if (code == ICMP6_UNREACH_RST && args->f_id.proto == IPPROTO_TCP) { - struct tcphdr *tcp; - tcp = (struct tcphdr *)((char *)ip6 + hlen); + const struct tcphdr * tcp; + tcp = (const struct tcphdr *)((const char *)ip6 + hlen); if ((tcp_get_flags(tcp) & TH_RST) == 0) { struct mbuf *m0; @@ -906,19 +907,19 @@ send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6) } else if (code == ICMP6_UNREACH_ABORT && args->f_id.proto == IPPROTO_SCTP) { struct mbuf *m0; - struct sctphdr *sctp; + const struct sctphdr *sctp; u_int32_t v_tag; int reflected; - sctp = (struct sctphdr *)((char *)ip6 + hlen); + sctp = (const struct sctphdr *)((const char *)ip6 + hlen); reflected = 1; v_tag = ntohl(sctp->v_tag); /* Investigate the first chunk header if available */ if (m->m_len >= hlen + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)) { - struct sctp_chunkhdr *chunk; + const struct sctp_chunkhdr *chunk; - chunk = (struct sctp_chunkhdr *)(sctp + 1); + chunk = (const struct sctp_chunkhdr *)(sctp + 1); switch (chunk->chunk_type) { case SCTP_INITIATION: /* @@ -939,9 +940,9 @@ send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6) if ((m->m_len >= hlen + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + offsetof(struct sctp_init, a_rwnd))) { - struct sctp_init *init; + const struct sctp_init *init; - init = (struct sctp_init *)(chunk + 1); + init = (const struct sctp_init *)(chunk + 1); v_tag = ntohl(init->initiate_tag); reflected = 0; } @@ -993,18 +994,9 @@ send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6) * sends a reject message, consuming the mbuf passed as an argument. */ static void -send_reject(struct ip_fw_args *args, const ipfw_insn *cmd, int iplen, - struct ip *ip) +send_reject(struct ip_fw_args *args, int code, uint16_t mtu, int iplen, + const struct ip *ip) { - int code, mtu; - - code = cmd->arg1; - if (code == ICMP_UNREACH_NEEDFRAG && - cmd->len == F_INSN_SIZE(ipfw_insn_u16)) - mtu = ((const ipfw_insn_u16 *)cmd)->ports[0]; - else - mtu = 0; - #if 0 /* XXX When ip is not guaranteed to be at mtod() we will * need to account for this */ @@ -1458,6 +1450,9 @@ ipfw_chk(struct ip_fw_args *args) int done = 0; /* flag to exit the outer loop */ IPFW_RLOCK_TRACKER; bool mem; + bool need_send_reject = false; + int reject_code; + uint16_t reject_mtu; if ((mem = (args->flags & IPFW_ARGS_LENMASK))) { if (args->flags & IPFW_ARGS_ETHER) { @@ -3077,8 +3072,16 @@ do { \ is_icmp_query(ICMP(ulp))) && !(m->m_flags & (M_BCAST|M_MCAST)) && !IN_MULTICAST(ntohl(dst_ip.s_addr))) { - send_reject(args, cmd, iplen, ip); - m = args->m; + KASSERT(!need_send_reject, + ("o_reject - need_send_reject was set previously")); + if ((reject_code = cmd->arg1) == ICMP_UNREACH_NEEDFRAG && + cmd->len == F_INSN_SIZE(ipfw_insn_u16)) { + reject_mtu = + ((ipfw_insn_u16 *)cmd)->ports[0]; + } else { + reject_mtu = 0; + } + need_send_reject = true; } /* FALLTHROUGH */ #ifdef INET6 @@ -3090,12 +3093,14 @@ do { \ !(m->m_flags & (M_BCAST|M_MCAST)) && !IN6_IS_ADDR_MULTICAST( &args->f_id.dst_ip6)) { - send_reject6(args, - cmd->opcode == O_REJECT ? - map_icmp_unreach(cmd->arg1): - cmd->arg1, hlen, - (struct ip6_hdr *)ip); - m = args->m; + KASSERT(!need_send_reject, + ("o_unreach6 - need_send_reject was set previously")); + reject_code = cmd->arg1; + if (cmd->opcode == O_REJECT) { + reject_code = + map_icmp_unreach(reject_code); + } + need_send_reject = true; } /* FALLTHROUGH */ #endif @@ -3380,6 +3385,16 @@ do { \ printf("ipfw: ouch!, skip past end of rules, denying packet\n"); } IPFW_PF_RUNLOCK(chain); + if (need_send_reject) { +#ifdef INET6 + if (is_ipv6) + send_reject6(args, reject_code, hlen, + (struct ip6_hdr *)ip); + else +#endif + send_reject(args, reject_code, reject_mtu, + iplen, ip); + } #ifdef __FreeBSD__ if (ucred_cache != NULL) crfree(ucred_cache); From nobody Thu Dec 19 16:08:35 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDb7l6dYtz5hNxR; Thu, 19 Dec 2024 16:08:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDb7l5yNNz4nh5; Thu, 19 Dec 2024 16:08:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624515; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Xw5ml3Teuj/9oUPhIEo9Pr5BUd59AFf0wtD9l7if2w=; b=lOR+6GjSEHXEkwFDltlv+DR6VKv32ABzhm4qyWzY3rVhNAdE2z1SjGUSZmwrCCbuVfJdvF P6paAGyI2XK6qIad5QQEs8uiLKYjQRXx087l6YpKfltTIu4tAU4T8D7e4V6gmkWFIGw/yC 4Y2MXmiPtvPoH11dBfNE1ZA/YXDEWGV1He3q9FQm/FPpX/7GDyF7mXNG1Ai2pTtZBv2/wc /rstBXwCzrru/Vutda3/pCO/XOJsFc4d5o/fCF2vhYVAaj3Dtni3eW3nMhw/tiDhHCjiIH E0e76cy3kbaFzHBrWMp/bpq/m9vgB69lwSY1MSs4iQdWG4kuBTwsWf1lNMXZ3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624515; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Xw5ml3Teuj/9oUPhIEo9Pr5BUd59AFf0wtD9l7if2w=; b=ZsMSntalZUpAx5XkRyVisFfLWLLH1dAi6Cn7zg9ehIYacnJf8ee85jQ5iCk3hdA87i5odE 63OzC+++cjRA9TS22BgvIHbGwhsn8BHb39twT0mX9qbPDGLJ22ujfnYOHMKx4tGFfDNb56 63ia80SY05+0/VWRm71otBIacwcto9QV5GWJZeZuoENqaGV2DxyWjQAtf3IxdX/DAsug9c bqqXCiGi7yKjeIPTSLCODWBNnq0V5s1Pv9kAemfa+7ReHT9atFsKOrSofQG8zMoshogh1v lt1QaihdG3d+bGA7sZhffpLrCNGNuvWKuPGMwlldEC09YO7HAyC+gQb1u7aMKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734624515; a=rsa-sha256; cv=none; b=lYzdrCMlJTPxvM/8xirGqT2z7wd5Pb1skErfhEoNfgCIjXP15nYKUGBjsgr0LIor4mfLQ9 Bmjygu5Mv4yohfAg0ZQfPB/oyYWjpZrG6M5oGEH0yPjk3aERPbJvfn96MxAuz39d09RM9T 9sKZY671ID/j6VCVrLrMMauigR5v2b5+IFsXaF7saYldk7GJo+hntwfMMKIEiC7tj0W3ue pZS9/x1fp9NULwxTYi+xWw0aIalTKh9iirFJwnPsiFy4rUhF8/tgSjs9Br05tdf6jJNMWZ Wdtw/5TcFLwYGee7nuIz4eYdogNP2IwzSpiNZlqB9qPnaRBSHDrf24SIJV248w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDb7l5Vpyz10kW; Thu, 19 Dec 2024 16:08:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJG8ZDN072947; Thu, 19 Dec 2024 16:08:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJG8ZFq072944; Thu, 19 Dec 2024 16:08:35 GMT (envelope-from git) Date: Thu, 19 Dec 2024 16:08:35 GMT Message-Id: <202412191608.4BJG8ZFq072944@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 4e2bd8cf08f4 - main - rtwn: set the shortgi flag in the RTL8192C rate control setup message List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4e2bd8cf08f4c803f93a4d9d5c9479fa72372869 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=4e2bd8cf08f4c803f93a4d9d5c9479fa72372869 commit 4e2bd8cf08f4c803f93a4d9d5c9479fa72372869 Author: Adrian Chadd AuthorDate: 2024-12-10 05:47:07 +0000 Commit: Adrian Chadd CommitDate: 2024-12-19 16:05:26 +0000 rtwn: set the shortgi flag in the RTL8192C rate control setup message Enable the short-GI flag configuring the rate mask. Obtained from: * Realtek vendor driver, rtl8192cu Differential Revision: https://reviews.freebsd.org/D48013 Reviewed by: bz, imp --- sys/dev/rtwn/rtl8192c/r92c_fw.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sys/dev/rtwn/rtl8192c/r92c_fw.c b/sys/dev/rtwn/rtl8192c/r92c_fw.c index 1ca37df7d0f4..939cd942f5e2 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_fw.c +++ b/sys/dev/rtwn/rtl8192c/r92c_fw.c @@ -164,7 +164,7 @@ r92c_fw_download_enable(struct rtwn_softc *sc, int enable) #ifndef RTWN_WITHOUT_UCODE static int r92c_send_ra_cmd(struct rtwn_softc *sc, int macid, uint32_t rates, - int maxrate) + int maxrate, bool shortgi) { struct r92c_fw_cmd_macid_cfg cmd; uint8_t mode; @@ -178,6 +178,8 @@ r92c_send_ra_cmd(struct rtwn_softc *sc, int macid, uint32_t rates, else mode = R92C_RAID_11B; cmd.macid = macid | R92C_CMD_MACID_VALID; + if (shortgi) + cmd.macid |= R92C_CMD_MACID_SGI; cmd.mask = htole32(mode << 28 | rates); error = r92c_fw_cmd(sc, R92C_CMD_MACID_CONFIG, &cmd, sizeof(cmd)); if (error != 0) { @@ -222,10 +224,18 @@ r92c_init_ra(struct rtwn_softc *sc, int macid) #ifndef RTWN_WITHOUT_UCODE if (sc->sc_ratectl == RTWN_RATECTL_FW) { uint32_t fw_rates; + bool shortgi; /* Add HT rates after normal rates; limit to MCS0..15 */ fw_rates = rates | ((htrates & 0xffff) << RTWN_RIDX_HT_MCS_SHIFT); - r92c_send_ra_cmd(sc, macid, fw_rates, maxrate); + /* Re-calculate short-gi based on op mode */ + if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) + shortgi = ieee80211_ht_check_tx_shortgi_40(ni); + else if (IEEE80211_IS_CHAN_HT20(ni->ni_chan)) + shortgi = ieee80211_ht_check_tx_shortgi_20(ni); + else + shortgi = false; + r92c_send_ra_cmd(sc, macid, fw_rates, maxrate, shortgi); } #endif From nobody Thu Dec 19 16:08:36 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDb7n0rV0z5hP8C; Thu, 19 Dec 2024 16:08:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDb7m715qz4p40; Thu, 19 Dec 2024 16:08:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AQ91/tu8+H6dG8xKKXn/jd6llxRxnOMkcP4S5wEufCs=; b=bspfKIwSTFPxR9VTKDiy++LGLmPq+e6yy2W9frqnANN96MHFURpoS2icPY5qB3tKqsPYc4 hw0SvcEvg4mmW1rdvBkIm14Z9ELUlQy9KTZ8fu3CffOoE6kbWToPzM8I0YQiPOIj58NLMK okpCtHFfBbNI4ThVMbA9KA02Tf7vSXG0INd23WFupAvrob7ntvIFfzgFEQtPQYP82TG30E lCMpzikaW7cXXH1oQmQ4lCuBXiJKPK4h+63blth3Za/mmR8H0KoUh7RIS+59GAVHb0K/uN jbP39ChQCtAikjFLFieXX99W6kRJg60y3k7cpeFERWeJMTE1B2jIoEj4yJEjRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AQ91/tu8+H6dG8xKKXn/jd6llxRxnOMkcP4S5wEufCs=; b=SWGajxaxYD22cCrTpc62znAW8C8EXcLN67F7dqdJhI4Af0Ww9zmUEblaLy7OibhdI1Z3eI Lyc36r/aWfBX6FoxcKtjSnfCD3c2/iFg4dSO1h5VR5f6FoeHKIbBWtXPYbj7OWq+83ZoAo 1JeWElPdBo+wzcpFHOM4icCsY11tuTbG4jyb65DV+ZdCX95WhJGwyO3w13C2vJju62qLjG 4gHR0U8MMCBl652yzBsAwB0OcIcUuJQVylK6Yf4skxAmbV1rbX7xePPoqUxPsAt9QmKxPT anLqaNO8u1fBTpu36bOHTmuWQ1HNXlZgWcSa/XGso/cpYlc5dDoTelIGcg5Jdw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734624517; a=rsa-sha256; cv=none; b=RrbBaJD9RSCfF2Cev/gLTkHnv9rNk4qtmYtmaJs3BVtoedqZX5S1Bd564E6vdFI7Uh7Xw4 SCMp6UXiOEjWlULG52jGsqShJ3UfCKcc+GaSVcziWNLJKHNZRcySrkCTQ+hRNQ74UP9PXF vRvmtaZf4lC5BbXKnU+3JHNXKwuts23LWdfFGNhwzpuXg0dsajQixxxA0IXdyd4QwlTTCZ odoLfO8Q5N+W4GuzAJzyCX4Kjz3lYj4odaZwpkJx4AgJkYHmcHs5yVH/aIcRhHq3MCIC7w JPNIUub/7hmHWR7DkWV0o1pN9VkpbmCoLD8J2dLT78CG/cOYOIcPUv093Z5B4Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDb7m6VsJz11G5; Thu, 19 Dec 2024 16:08:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJG8anu073047; Thu, 19 Dec 2024 16:08:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJG8anu073044; Thu, 19 Dec 2024 16:08:36 GMT (envelope-from git) Date: Thu, 19 Dec 2024 16:08:36 GMT Message-Id: <202412191608.4BJG8anu073044@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: aaaca5f288fa - main - rtwn: add a default OFDM / CCK rate for self-generated frames List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: aaaca5f288fa257a745743d03e51eef0517b246f Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=aaaca5f288fa257a745743d03e51eef0517b246f commit aaaca5f288fa257a745743d03e51eef0517b246f Author: Adrian Chadd AuthorDate: 2024-12-10 19:03:34 +0000 Commit: Adrian Chadd CommitDate: 2024-12-19 16:06:29 +0000 rtwn: add a default OFDM / CCK rate for self-generated frames I noticed during testing that the MAC was generating MCS7 ACKs and MCS7 block-ACK frames in response to MCS frames from its peer. This is very suboptimal - it means that unless you're very close to your peer (in this case a 2GHz AP), you'll end up failing a lot of ACKs. Linux faced the opposite problem in rtl8xxxu - the rate set being programmed in here included a lot MORE rates, including MCS 0->7 and OFDM 6M->54M. This meant that they were INTENTIONALLY telling the hardware to transmit at higher rates, and their fix was to mask out the higher rates so self-generated frames don't try the high rates at all. Now, I am not sure why I'm not seeing any OFDM or HT basic rates. We don't mark any OFDM / HT rates as basic in net80211 (in ieee80211_phy.c) so I'm going to need to go and do a review of the standard to see what's up. Additionally, the HT rate set that we populate isn't tagging any of the HT rates as IEEE80211_RATE_BASIC, so the code I added for now is a no-op. So: * Extend rtwn_get_rates() and its consumers to populate the HT rateset with basic rates if they're provided * Add a default 2GHz / 5GHz mask, inspired by linux, applied over the basic rates provided. * Make sure there's at least an OFDM rate (for 2G/5G) rate available if the peer node is HT, which avoids the MAC defaulting to MCS7 when generating ACK/block-ACK. * Add register definitions for INIDATA/INIRTS, which set the default data rate when the driver doesn't specify the initial data / RTS/CTS rates in the TX descriptor. * Leave a comment about why I've modified the mask from Linux. Locally tested: * RTL8192CU, STA mode * RTL8188EU, STA mode * RTL8192EU, STA mode * RTL8812AU, STA mode Differential Revision: https://reviews.freebsd.org/D48019 Reviewed by: bz --- sys/dev/rtwn/if_rtwn.c | 38 ++++++++++++++++++++++++++++++++++---- sys/dev/rtwn/if_rtwn_rx.c | 18 +++++++++++++----- sys/dev/rtwn/rtl8192c/r92c_reg.h | 26 ++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 9 deletions(-) diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c index be01ececf307..3b286d9adba9 100644 --- a/sys/dev/rtwn/if_rtwn.c +++ b/sys/dev/rtwn/if_rtwn.c @@ -1202,7 +1202,8 @@ rtwn_calc_basicrates(struct rtwn_softc *sc) struct rtwn_vap *rvp; struct ieee80211vap *vap; struct ieee80211_node *ni; - uint32_t rates; + struct ieee80211_htrateset *rs_ht; + uint32_t rates = 0, htrates = 0; rvp = sc->vaps[i]; if (rvp == NULL || rvp->curr_mode == R92C_MSR_NOLINK) @@ -1213,16 +1214,45 @@ rtwn_calc_basicrates(struct rtwn_softc *sc) continue; ni = ieee80211_ref_node(vap->iv_bss); - /* Only fetches basic rates; no need to add HT/VHT here */ - rtwn_get_rates(sc, &ni->ni_rates, NULL, &rates, NULL, NULL, 1); + if (ni->ni_flags & IEEE80211_NODE_HT) + rs_ht = &ni->ni_htrates; + else + rs_ht = NULL; + /* + * Only fetches basic rates; fetch 802.11abg and 11n basic + * rates + */ + rtwn_get_rates(sc, &ni->ni_rates, rs_ht, &rates, &htrates, + NULL, 1); + + /* + * We need at least /an/ OFDM and/or MCS rate for HT + * operation, or the MAC will generate MCS7 ACK/Block-ACK + * frames and thus performance will suffer. + */ + if (ni->ni_flags & IEEE80211_NODE_HT) { + htrates |= 0x01; /* MCS0 */ + rates |= (1 << RTWN_RIDX_OFDM6); + } + basicrates |= rates; + basicrates |= (htrates << RTWN_RIDX_HT_MCS_SHIFT); + + /* Filter out undesired high rates */ + if (ni->ni_chan != IEEE80211_CHAN_ANYC && + IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) + basicrates &= R92C_RRSR_RATE_MASK_5GHZ; + else + basicrates &= R92C_RRSR_RATE_MASK_2GHZ; + ieee80211_free_node(ni); } + if (basicrates == 0) return; - /* XXX initial RTS rate? */ + /* XXX also set initial RTS rate? */ rtwn_set_basicrates(sc, basicrates); } diff --git a/sys/dev/rtwn/if_rtwn_rx.c b/sys/dev/rtwn/if_rtwn_rx.c index 977c1d17a08a..b1465dd80ee7 100644 --- a/sys/dev/rtwn/if_rtwn_rx.c +++ b/sys/dev/rtwn/if_rtwn_rx.c @@ -62,7 +62,7 @@ * maxrate_p is set to the ridx value. * * If basic_rates is 1 then only the 11abg basic rate logic will - * be applied; HT/VHT will be ignored. + * be applied; the HT rateset will be applied to 11n rates. */ void rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, @@ -92,12 +92,19 @@ rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, } /* If we're doing 11n, enable 11n rates */ - if (rs_ht != NULL && !basic_rates) { + if (rs_ht != NULL) { for (i = 0; i < rs_ht->rs_nrates; i++) { + uint8_t rate = rs_ht->rs_rates[i] & 0x7f; + bool is_basic = rs_ht->rs_rates[i] & + IEEE80211_RATE_BASIC; /* Only do up to 2-stream rates for now */ - if ((rs_ht->rs_rates[i] & 0x7f) > 0xf) + if ((rate) > 0xf) continue; - ridx = rs_ht->rs_rates[i] & 0xf; + + if (basic_rates && is_basic == false) + continue; + + ridx = rate & 0xf; htrates |= (1 << ridx); /* Guard against the rate table being oddly ordered */ @@ -107,7 +114,8 @@ rtwn_get_rates(struct rtwn_softc *sc, const struct ieee80211_rateset *rs, } RTWN_DPRINTF(sc, RTWN_DEBUG_RA, - "%s: rates 0x%08X, maxrate %d\n", __func__, rates, maxrate); + "%s: rates 0x%08X htrates 0x%08X, maxrate %d\n", + __func__, rates, htrates, maxrate); if (rates_p != NULL) *rates_p = rates; diff --git a/sys/dev/rtwn/rtl8192c/r92c_reg.h b/sys/dev/rtwn/rtl8192c/r92c_reg.h index 6ca4a4eca031..e6d232a88834 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_reg.h +++ b/sys/dev/rtwn/rtl8192c/r92c_reg.h @@ -519,6 +519,23 @@ #define R92C_RRSR_RATE_BITMAP_M 0x000fffff #define R92C_RRSR_RATE_BITMAP_S 0 #define R92C_RRSR_RATE_CCK_ONLY_1M 0xffff1 +/* Suitable low-rate defaults for 2/5GHz CTS/ACK/Block-ACK */ +/* + * Note: the RTL8192CU vendor driver disables 2M CCK as a + * basic rate due to "Low TXEVM" causing issues with other + * vendor devices. Since we want to maximise basic rate + * reliability to prevent retries (due to missing RTS/CTS + * and ACK/Block-ACK), do the same here. + * + * And, unfortunately, enabling MCS rates for self-generated + * and management/control frames can result in the peer AP + * just plainly ignoring you. This happened with older + * D-Link 802.11n era APs. The masks will exclude MCS management + * rates, it's easy to add it to the mask in rtwn_set_basicrates(). + * (Just |= 0x100, bit 12 == MCS 0.) + */ +#define R92C_RRSR_RATE_MASK_2GHZ 0x015d +#define R92C_RRSR_RATE_MASK_5GHZ 0x0150 #define R92C_RRSR_RATE_ALL 0xfffff #define R92C_RRSR_RSC_SUBCHNL_MASK 0x00600000 #define R92C_RRSR_RSC_LOWSUBCHNL 0x00200000 @@ -535,6 +552,15 @@ #define R92C_EDCA_PARAM_TXOP_M 0xffff0000 #define R92C_EDCA_PARAM_TXOP_S 16 +/* Bits for R92C_INIRTS_RATE_SEL. */ +#define R92C_INIRTS_RATE_SEL_RATE_M 0x3f +#define R92C_INIRTS_RATE_SEL_RATE_S 0 + +/* Bits for R92C_INIDATA_RATE_SEL. */ +#define R92C_INIDATA_RATE_SEL_RATE_M 0x3f +#define R92C_INIDATA_RATE_SEL_RATE_S 0 +#define R92C_INIDATA_RATE_SEL_SHORTGI 0x40 + /* Bits for R92C_HWSEQ_CTRL / R92C_TXPAUSE. */ #define R92C_TX_QUEUE_VO 0x01 #define R92C_TX_QUEUE_VI 0x02 From nobody Thu Dec 19 16:08:37 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDb7p4M1Nz5hPSR; Thu, 19 Dec 2024 16:08:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDb7p0sXZz4nt0; Thu, 19 Dec 2024 16:08:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ykz1hRg0ScHrPM9kEn3fyDrbdJhCykwQX0pDOoqe+fE=; b=tXyDVRLZAy7lUdG4GQwqeph7HqUXOOm4FmuByZVTyA7tDiNTLaAFdgruqPh6imgA3lFAXa kWEjIjSCcA3DKJdg9VjQkpd1w1cteJk+azIy57C0dCPVUq+qA/RNMLaIs+OFo5sC90te8P J+p8ocYw0h0SVdzccUE83ewXdXImLlZF2mfDZ3EvMk0UsBZl58+/Qof+uKcWRrieniHKCw g+Ap2xgp/fZY5DyEOBF7WHNBgKhcLKvWDki9DGwy8Z0+wHvqO3f/zHqed0f1srXBIqIP/B VhnARf27hGJp+bWbyoMzLKfN6tDVUemxAxOYjQhxb6ucXars/mVaUgznUlPm1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ykz1hRg0ScHrPM9kEn3fyDrbdJhCykwQX0pDOoqe+fE=; b=DYITPmOwzUESXTHwn+qgyDlL4FdkgvDmjsz90P5XpVz8jW8yr1ImGv7KjPdphOZfY0ikQU ALaD7WJSaMVEeOc9NcLBjB/0g1dUaCqV6avhg7ApFFAmyuwr9GCaDspHXN//99wDuajJhF arGsOXaMJ52SIeuNOtltfQk7FnpSJfNE/dBnkV818rfhNhPsE9ycTncfwAn5dbmrKskXYN KCcrymi5YmaswQ0dEx+FHkAvmmPXEn3aAKqH2vfYJxKf+/ba75WTkhZYAvdzocR+S3tzyq MiETRzGd8C54ZwnBR8jUlHemprtz623MiuFE0Qy3/HjA7lrqnVnDBkQh0/9SOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734624518; a=rsa-sha256; cv=none; b=gePsb0cL4M82+ZRmNH8+5BzJBP4a5NbW2hlSD2oeGaprsXRzuGZHhJWQOnrvY917ikUPI4 HXuniXCfT4T2T6wivQkemzM+ejsWHNwmV/eWkzNINklzSbGahIJpEuHckEI6dxPkLBKGUl wOwEtgXEmZRlJQu6s0oqmxaUwL3XkkRZSa4y1Pnzm1iicgytW5qcCQe6HQ4x1D+yIcJt6M KQ8R8HnQtnLQyXQWnHtl7JxCTzctl/Di1oB8vjDmzOtXWvMeq/XauBJj6lQcqbkpzIGR6f ZMR8QjgTnx7KfxY7Dr7RyfLCGcKCDELnIgqOuzwLSsnVmUVRcUuzS+u31iVy4g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDb7p0Tlbz11G6; Thu, 19 Dec 2024 16:08:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJG8bvC073104; Thu, 19 Dec 2024 16:08:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJG8bUs073101; Thu, 19 Dec 2024 16:08:37 GMT (envelope-from git) Date: Thu, 19 Dec 2024 16:08:37 GMT Message-Id: <202412191608.4BJG8bUs073101@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: eb6314510c88 - main - rtwn: disable a workaround introduced earlier for RTL8192CU TX performance List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: eb6314510c882472628984e6190e39a6ab70687e Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=eb6314510c882472628984e6190e39a6ab70687e commit eb6314510c882472628984e6190e39a6ab70687e Author: Adrian Chadd AuthorDate: 2024-12-11 05:16:54 +0000 Commit: Adrian Chadd CommitDate: 2024-12-19 16:07:28 +0000 rtwn: disable a workaround introduced earlier for RTL8192CU TX performance I'm unable to reproduce the original problem with my RTL8192CU USB devices with the current codebase and I can't find any reference to what this power register is doing - I see it defined in drivers, but it's not described or used anywhere. This reverts 7f740971658d71c1ee95ee68032b4696c1684845 - rtwn_usb(4): fix Tx instability with RTL8192CU chipsets In any case being able to do higher rate RTS/CTS is beneficial. Local testing: * rtl8192cu, STA mode, TX/RX testing PR: 233949 Differential Revision: https://reviews.freebsd.org/D48026 Reviewed by: imp --- sys/dev/rtwn/rtl8192c/r92c_tx.c | 6 ------ sys/dev/rtwn/rtl8192c/usb/r92cu_init.c | 2 -- 2 files changed, 8 deletions(-) diff --git a/sys/dev/rtwn/rtl8192c/r92c_tx.c b/sys/dev/rtwn/rtl8192c/r92c_tx.c index 9583a7e1119e..313f79e216e6 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_tx.c +++ b/sys/dev/rtwn/rtl8192c/r92c_tx.c @@ -212,12 +212,6 @@ r92c_tx_setup_macid(void *buf, int id) struct r92c_tx_desc *txd = (struct r92c_tx_desc *)buf; txd->txdw1 |= htole32(SM(R92C_TXDW1_MACID, id)); - - /* XXX does not belong here */ - /* XXX temporary (I hope) */ - /* Force CCK1 for RTS / CTS frames (driver bug) */ - txd->txdw4 &= ~htole32(SM(R92C_TXDW4_RTSRATE, R92C_TXDW4_RTSRATE_M)); - txd->txdw4 &= ~htole32(R92C_TXDW4_RTS_SHORT); } static int diff --git a/sys/dev/rtwn/rtl8192c/usb/r92cu_init.c b/sys/dev/rtwn/rtl8192c/usb/r92cu_init.c index 42e50ff9f8bd..10d812dd7a80 100644 --- a/sys/dev/rtwn/rtl8192c/usb/r92cu_init.c +++ b/sys/dev/rtwn/rtl8192c/usb/r92cu_init.c @@ -354,8 +354,6 @@ void r92cu_post_init(struct rtwn_softc *sc) { - rtwn_write_4(sc, R92C_POWER_STATUS, 0x5); - /* Perform LO and IQ calibrations. */ r92c_iq_calib(sc); /* Perform LC calibration. */ From nobody Thu Dec 19 16:08:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDb7q5gfsz5hPW5; Thu, 19 Dec 2024 16:08:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDb7q3Qhbz4ntN; Thu, 19 Dec 2024 16:08:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FZgxr+rpVjobO+j2a/IFGgoKFdoxcIRtLoHj9f66E6I=; b=jIkvSdobKEiDgFjVV119Tvy/aNPrneD7E0LwJDXS87MeWhhmU5ThK2xMcTgdrlLsMU+l/M mmsxid1dYZ5BLqQ//3zK/rh2JNFb6qmm7cEH2LHjaAf4zhqGdg794kv/KnyBni4gbeihIu trUK6k0kQubw8fPDjQnbmkKIRKLiBB8w61/GDyNysHuC2bKv47f5oiuhnOs6+IasnQeM4f BpwdQGyWuS1iHtW8bKh7TvHb/u31TX/x5hDblSAsmludGnoxqyry5EIuBm/z+85w2Jzl8v KaOZqEjtwUZw6+k48nlCEFCFtf9pnDWBqRfmJjWJtGNUmXZMFlvxIafkpkccBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734624519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FZgxr+rpVjobO+j2a/IFGgoKFdoxcIRtLoHj9f66E6I=; b=EXzNnaCOTDPLIEWdphmQdwiYuI4EVvFWrl1OfTZiUJHZzy8E2ilskF6O23KCra6UNrpzLP TYQvUMyEi6jd7YZW8AYJgU3NxRH18dnkSLAzJwkOB0lQ1ROAF+Jb+PxyYDoUdmBJEYRKex IjiKEfbWTJc9txbNtOcyg7Mb1Cm9WTx2XCzlmZ99pFvpkl5h8EQifGN6S3pR3jg3GIRNsa zPNJHI6rkvsuCaS/ajIRNUYnb7QddgcV94YhFnSewQjChp8suujuJ+2ejaLBK+N0ALCl2Y 3J6Y02jVqmV4kqaFWi5iRH/Sb+Kc8hJbLtCX5pI/Tm1WtVxaQ0a6gd+G89gp2g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734624519; a=rsa-sha256; cv=none; b=MFhwuNjitljr/K/UipY0kBk+lBwjGLy46NSoE/vzEfY0e1na7w0vQxSY0x30k4V5ICPeN2 /7HgFg1guxlnaNPmw9PXJLbQFsnuKNhh+y1N1EEFKzBZvIqyV7bcWuWWztwdLcP9uJYvNe Wz+Ainl0JUOAHqaYmjkhBqm3H9v84TpODGBCzLIQy1C38Ot2I1nwchXNuiXOHgPpNLuSl3 Az5Jc9s4XoaDHWBaMHioePriQxGGAsvhVCag6/ERTueE/BY7Jqtv49py5uQXkEeuh9ydd4 FH59o7zbqyWGZCpIPrqHgq/pWVtwLVKFT53zBRMIpw3oN/5aexKo2fHbmX66GQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDb7q1YFjz11Hv; Thu, 19 Dec 2024 16:08:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJG8d3E073172; Thu, 19 Dec 2024 16:08:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJG8dHb073169; Thu, 19 Dec 2024 16:08:39 GMT (envelope-from git) Date: Thu, 19 Dec 2024 16:08:39 GMT Message-Id: <202412191608.4BJG8dHb073169@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 300c843b075c - main - rtwn: bring the r92c rate control setup selection in line with tx descriptors List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 300c843b075c4f8467cc433d6f92e6fefc7ebbb4 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=300c843b075c4f8467cc433d6f92e6fefc7ebbb4 commit 300c843b075c4f8467cc433d6f92e6fefc7ebbb4 Author: Adrian Chadd AuthorDate: 2024-12-14 19:01:37 +0000 Commit: Adrian Chadd CommitDate: 2024-12-19 16:08:24 +0000 rtwn: bring the r92c rate control setup selection in line with tx descriptors The rate control message was doing 11g+11n without 11b rates, but the TX descriptor setup supports also falling back on 11b rates when doing multi-rate retry / per-descriptor rate control. So, line them up. They're not exactly the same as the TX path supports pure-N and pure-G modes which the rate control configuration does not, but there'll need to be a lot more work on supporting those operating modes anyway (around things like self-generated frame rate control/masks, beacon config, RTS/CTS selection, etc.) Locally tested: * RTL8192CU, STA mode Differential Revision: https://reviews.freebsd.org/D48081 Reviewed by: bz --- sys/dev/rtwn/rtl8192c/r92c_fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/rtwn/rtl8192c/r92c_fw.c b/sys/dev/rtwn/rtl8192c/r92c_fw.c index 939cd942f5e2..384cd50e901a 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_fw.c +++ b/sys/dev/rtwn/rtl8192c/r92c_fw.c @@ -172,7 +172,7 @@ r92c_send_ra_cmd(struct rtwn_softc *sc, int macid, uint32_t rates, /* Set rates mask for unicast frames. */ if (RTWN_RATE_IS_HT(maxrate)) - mode = R92C_RAID_11GN; + mode = R92C_RAID_11BGN; else if (RTWN_RATE_IS_OFDM(maxrate)) mode = R92C_RAID_11BG; else From nobody Thu Dec 19 17:08:26 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDcSv2r8Bz5hT2S; Thu, 19 Dec 2024 17:08:31 +0000 (UTC) (envelope-from rpokala@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDcSv14mlz41WW; Thu, 19 Dec 2024 17:08:31 +0000 (UTC) (envelope-from rpokala@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734628111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Wmj3XDVdLHoiu2r5Ekxn+mm+QRVQ4YXHLhioJ102rRs=; b=IUEAnZhN3uUaaJ4FDVKlj90oGv13cn7GDrSUnWVcohUmgVZ8q6paT2BWT1CvqIhD1+0UUm cweGeDW6H4Bm6qHJ9hEARAKw171/o6CIM7nvhaiaKQ/2jxhAfSfzy5Gn/3hbQMYMoafuk2 18iGCo1oEVCbsWoRHicjNPg1dtbiPXGLD2z+Ko/oirFMnVPwDkZn3SHhUUU+H0X6n3fNRJ hnJc9U2wn6Un6O4nOd8xWMXeCoQnkW4n+3TX2pK6cV1gWpO9rmIUN51Lj7Fbe3JpDtY91e 5OCK+Mvi2KcLxpihDicENSHhA4WrTHovC6zt72/VrvyORxtxvyWnA0cgNakngA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734628111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Wmj3XDVdLHoiu2r5Ekxn+mm+QRVQ4YXHLhioJ102rRs=; b=XkZgS2gr0x+X4g7IVItY9RQ2P3Xd9+ecwvMbx5b4Bdl+UuOvQBb46PkRBh2LWuQTi/jYo6 OhlyPkpD1L2PyN1HAGym4H0qR8Xn8ZookBiBsNHqk/HFJ+yo9JndoCX0xzQt1QDzCbhcdp AJccJ/UpxCbjeVBeluxNvAbuuzyw/479zm1Tpso9ixiZnIqPW5GaqK+oGXociKQB6MMVsJ CKaAxqjUftiBjgQSCACCDgy9bf3gx8leWC5tC7n5accEqOOEx9oIi8mUzgvm6UlIAT/9tv 52bQiPEYUjt7WwEOtOBJCQbSm5NhQLD2W1CvdSGVWXLvkZE39jS8K6wUqQSTHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734628111; a=rsa-sha256; cv=none; b=sOdoZXk2WVDffuP0hnD9C74Sj4shoSYSVGnmwqKtBZZVFB1fHHtVnzjYy87emL0oR7Mcy6 w6G/6Z//jUY5Y54jhLFm+fSS9/KREzjZQZb6ie1dlHBxvOJgJYtOJxnJo3ewt91OOX9YZh OlmQg7lrT47pBWjaTd+ig1ZnBQ/EDL/thU0guiMlyM1SiQ2v/h6Tk76pqNuLpmL1Hk7XTk XkT5s7+le7BTD8Lj4wW5SqAvZpeL78uLrUGz5liWv1bP1H3t43awb3lBhIQ2vHaGXxZpbx xXmdoHCx1Q//QRgx9Mwh21hbIRavdW72EGOxsLVE/TdSKztcqjIosAwhXTKmrA== Received: from [192.168.1.54] (c-73-231-46-254.hsd1.ca.comcast.net [73.231.46.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: rpokala) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YDcSt2rb0zY5X; Thu, 19 Dec 2024 17:08:30 +0000 (UTC) (envelope-from rpokala@freebsd.org) User-Agent: Microsoft-MacOutlook/16.92.24120731 Date: Thu, 19 Dec 2024 09:08:26 -0800 Subject: Re: 38663adb6144 - main - Revert "ixl: fix multicast filters handling" From: Ravi Pokala To: Mark Johnston , , , Message-ID: Thread-Topic: 38663adb6144 - main - Revert "ixl: fix multicast filters handling" References: <202412191349.4BJDnnV4010675@gitrepo.freebsd.org> In-Reply-To: <202412191349.4BJDnnV4010675@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable > Revert "ixl: fix multicast filters handling" Yes, but *why*? -Ravi (rpokala@) =EF=BB=BF-----Original Message----- From: > on behalf of Mark Johnston > Date: Thursday, December 19, 2024 at 05:49 To: >, >, > Subject: git: 38663adb6144 - main - Revert "ixl: fix multicast filters hand= ling" The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3D38663adb61440bd659fb457909782b= 71ba8806fa commit 38663adb61440bd659fb457909782b71ba8806fa Author: Franco Fichtner > AuthorDate: 2024-12-11 14:08:40 +0000 Commit: Mark Johnston > CommitDate: 2024-12-19 13:49:30 +0000 Revert "ixl: fix multicast filters handling" This reverts commit 89e73359424a338a7900a4854ad7439f5848ebb8. PR: 281125 Reviewed by: Krzysztof Galazka > MFC after: 3 days Pull Request: https://github.com/freebsd/freebsd-src/pull/1545 --- sys/dev/ixl/ixl_pf_main.c | 97 +++++---------------------------------------= --- 1 file changed, 10 insertions(+), 87 deletions(-) diff --git a/sys/dev/ixl/ixl_pf_main.c b/sys/dev/ixl/ixl_pf_main.c index 9755136df848..1752efc02fff 100644 --- a/sys/dev/ixl/ixl_pf_main.c +++ b/sys/dev/ixl/ixl_pf_main.c @@ -593,15 +593,6 @@ ixl_add_maddr(void *arg, struct sockaddr_dl *sdl, u_in= t cnt) * Routines for multicast and vlan filter management. * *********************************************************************/ - -/** - * ixl_add_multi - Add multicast filters to the hardware - * @vsi: The VSI structure - * - * In case number of multicast filters in the IFP exceeds 127 entries, - * multicast promiscuous mode will be enabled and the filters will be remo= ved - * from the hardware - */ void ixl_add_multi(struct ixl_vsi *vsi) { @@ -609,20 +600,14 @@ ixl_add_multi(struct ixl_vsi *vsi) struct i40e_hw *hw =3D vsi->hw; int mcnt =3D 0; struct ixl_add_maddr_arg cb_arg; - enum i40e_status_code status; IOCTL_DEBUGOUT("ixl_add_multi: begin"); mcnt =3D if_llmaddr_count(ifp); if (__predict_false(mcnt >=3D MAX_MULTICAST_ADDR)) { - status =3D i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, - TRUE, NULL); - if (status !=3D I40E_SUCCESS) - if_printf(ifp, "Failed to enable multicast promiscuous " - "mode, status: %s\n", i40e_stat_str(hw, status)); - else - if_printf(ifp, "Enabled multicast promiscuous mode\n"); - /* Delete all existing MC filters */ + i40e_aq_set_vsi_multicast_promiscuous(hw, + vsi->seid, TRUE, NULL); + /* delete all existing MC filters */ ixl_del_multi(vsi, true); return; } @@ -648,92 +633,30 @@ ixl_match_maddr(void *arg, struct sockaddr_dl *sdl, u= _int cnt) return (0); } -/** - * ixl_dis_multi_promisc - Disable multicast promiscuous mode - * @vsi: The VSI structure - * @vsi_mcnt: Number of multicast filters in the VSI - * - * Disable multicast promiscuous mode based on number of entries in the IF= P - * and the VSI, then re-add multicast filters. - * - */ -static void -ixl_dis_multi_promisc(struct ixl_vsi *vsi, int vsi_mcnt) -{ - struct ifnet *ifp =3D vsi->ifp; - struct i40e_hw *hw =3D vsi->hw; - int ifp_mcnt =3D 0; - enum i40e_status_code status; - - ifp_mcnt =3D if_llmaddr_count(ifp); - /* - * Equal lists or empty ifp list mean the list has not been changed - * and in such case avoid disabling multicast promiscuous mode as it - * was not previously enabled. Case where multicast promiscuous mode has - * been enabled is when vsi_mcnt =3D=3D 0 && ifp_mcnt > 0. - */ - if (ifp_mcnt =3D=3D vsi_mcnt || ifp_mcnt =3D=3D 0 || - ifp_mcnt >=3D MAX_MULTICAST_ADDR) - return; - - status =3D i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, - FALSE, NULL); - if (status !=3D I40E_SUCCESS) { - if_printf(ifp, "Failed to disable multicast promiscuous " - "mode, status: %s\n", i40e_stat_str(hw, status)); - - return; - } - - if_printf(ifp, "Disabled multicast promiscuous mode\n"); - - ixl_add_multi(vsi); -} - -/** - * ixl_del_multi - Delete multicast filters from the hardware - * @vsi: The VSI structure - * @all: Bool to determine if all the multicast filters should be removed - * - * In case number of multicast filters in the IFP drops to 127 entries, - * multicast promiscuous mode will be disabled and the filters will be rea= pplied - * to the hardware. - */ void ixl_del_multi(struct ixl_vsi *vsi, bool all) { - int to_del_cnt =3D 0, vsi_mcnt =3D 0; + struct ixl_ftl_head to_del; if_t ifp =3D vsi->ifp; struct ixl_mac_filter *f, *fn; - struct ixl_ftl_head to_del; + int mcnt =3D 0; IOCTL_DEBUGOUT("ixl_del_multi: begin"); LIST_INIT(&to_del); /* Search for removed multicast addresses */ LIST_FOREACH_SAFE(f, &vsi->ftl, ftle, fn) { - if ((f->flags & IXL_FILTER_MC) =3D=3D 0) - continue; - - /* Count all the multicast filters in the VSI for comparison */ - vsi_mcnt++; - - if (!all && if_foreach_llmaddr(ifp, ixl_match_maddr, f) !=3D 0) + if ((f->flags & IXL_FILTER_MC) =3D=3D 0 || + (!all && (if_foreach_llmaddr(ifp, ixl_match_maddr, f) =3D=3D 0))) continue; LIST_REMOVE(f, ftle); LIST_INSERT_HEAD(&to_del, f, ftle); - to_del_cnt++; - } - - if (to_del_cnt > 0) { - ixl_del_hw_filters(vsi, &to_del, to_del_cnt); - return; + mcnt++; } - ixl_dis_multi_promisc(vsi, vsi_mcnt); - - IOCTL_DEBUGOUT("ixl_del_multi: end"); + if (mcnt > 0) + ixl_del_hw_filters(vsi, &to_del, mcnt); } void From nobody Thu Dec 19 17:31:11 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDczB677wz5hVCX; Thu, 19 Dec 2024 17:31:18 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDczB2mMtz462B; Thu, 19 Dec 2024 17:31:18 +0000 (UTC) (envelope-from markjdb@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2c.google.com with SMTP id ca18e2360f4ac-844d67eb693so78231539f.3; Thu, 19 Dec 2024 09:31:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734629476; x=1735234276; darn=freebsd.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :from:to:cc:subject:date:message-id:reply-to; bh=TJLUuVtcW/LYTAfY7TGzO0itJtkzJ10UOINpysQ/gCc=; b=MEOejgh0g1/Xfq66ib+VjNV+ahmEuVwHcgjKPTKjEticMN/i0xK15KIanM0hHh0sCr PiFwQ3TmtkfGZQZ4/pLVBLyGq7lgEhlXPnBTdVQszIHjZFuIdxMWjBx5yDURaI1jc3Yb e6QD4hkawP3qYp8wtNkldzV9DTuieyeiKLU4drk2F6Nv1x3DOyyO27//gErDlvqZSAH5 X6k6ScDQrxgoIaCdRckAR2Li57tyQqxTs30NGLOc6tLFuTK/ghkfGCZUi7c89nXvieGC M0st7H6YxC4dmNMWWwusE7kGad9UNHEdo/3jAPazP565hU/Rylh2qy+g+PF3TBsLm7Xa q/TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734629476; x=1735234276; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TJLUuVtcW/LYTAfY7TGzO0itJtkzJ10UOINpysQ/gCc=; b=w3Rf0IRZx4Wz3LxVthA0d/1wnN2fYjROZyeb1t9Vj2GlsYw2FkaU4swGaO2b0JTXS3 tDJ1/eI65mmA+RblXIKF0M44SXMEfU+uct1unjR2JgejcoN2iXtp5b2Ag0bZ63N7jUc6 NQ0BSBLXiiYzZF0VURj8xthaZEkaoZH+Do+hCTBRDUEpnepIx5o0lst+oFmjPujl974+ VjYoD7MOPE+aEJkP1EpOJzPOKrL6isAMcRIDvUjE+D1CynFnH799BRqM0slefnSU8oOQ y3B5xfk0NvK5xOmpIlXKmDJxJqZuyRhdAsz8DJ+m4OrsqK0H4ciX12CLxzfo6976UhcU qEaQ== X-Forwarded-Encrypted: i=1; AJvYcCUNaD3SrDyH2FhhGfsJU/atCO+7I0G7esc67ZfEoP8d7xKWv5ujNuzqsDGoAKCfFdz1VtuY3uD/RlP13ffVbvA/PQnd@freebsd.org, AJvYcCXQmn4xN1XlD4SBmMREijbnN90h9MRGV/shS1+RpqfeRTsXK5LTdWC90HfHXyy8io8eiB6VO1gh6f4NgzxzsKSISUK6u8g=@freebsd.org X-Gm-Message-State: AOJu0YxzgVG/ImNCVvuEGT95rDeAsToUFTEggMOQr8xtKhzzm0rHBPSv nY+e2YEXD7N1Ie0/+4pwq7Imyz7v2nwm3TOP66Dwl7QutOm5v66bCl1U3A== X-Gm-Gg: ASbGncvgHY4tvxGVziXygcTke6V14kPleO8SJ9tJ041b3pspSm5XKSaQ0eY6miVudTp UjR4wTpqCJS8YA3tElPkQQuS2Res+g8vbljIsBo6DyLfGRQM18GB6zssKO7nCrBOmasKM9hedCe tgpeB/N4lV6yKE59UnGgYfLpzQtZk0nUe46OBlaiJmr4OUaSt5dloYlSQp4QmrIFg7IYVJ450Vp Y4a2zD+SZqQlh0VdBjpizukJOvu0cJUmqw7GvVidoi/fDJAzJB2+cENxVykLQmCdPs8nOA= X-Google-Smtp-Source: AGHT+IEUW4Dm9+3/sX3ytZnA06G5yDB4ysEE68FOaOXNdtgfK00euel5CAs3tdBHaqLPK1dDTtpkcA== X-Received: by 2002:a05:6e02:188e:b0:3a7:e147:812f with SMTP id e9e14a558f8ab-3c011b4944cmr43412485ab.12.1734629476460; Thu, 19 Dec 2024 09:31:16 -0800 (PST) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-3c0df949b76sm4164165ab.35.2024.12.19.09.31.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Dec 2024 09:31:14 -0800 (PST) Date: Thu, 19 Dec 2024 12:31:11 -0500 From: Mark Johnston To: Ravi Pokala Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: 38663adb6144 - main - Revert "ixl: fix multicast filters handling" Message-ID: References: <202412191349.4BJDnnV4010675@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4YDczB2mMtz462B X-Spamd-Bar: ---- On Thu, Dec 19, 2024 at 09:08:26AM -0800, Ravi Pokala wrote: > > Revert "ixl: fix multicast filters handling" > > Yes, but *why*? Per the linked pull request and bug report, it breaks igmp-proxy for an unknown reason. > -Ravi (rpokala@) > > -----Original Message----- > From: > on behalf of Mark Johnston > > Date: Thursday, December 19, 2024 at 05:49 > To: >, >, > > Subject: git: 38663adb6144 - main - Revert "ixl: fix multicast filters handling" > > > The branch main has been updated by markj: > > > URL: https://cgit.FreeBSD.org/src/commit/?id=38663adb61440bd659fb457909782b71ba8806fa > > > commit 38663adb61440bd659fb457909782b71ba8806fa > Author: Franco Fichtner > > AuthorDate: 2024-12-11 14:08:40 +0000 > Commit: Mark Johnston > > CommitDate: 2024-12-19 13:49:30 +0000 > > > Revert "ixl: fix multicast filters handling" > > > This reverts commit 89e73359424a338a7900a4854ad7439f5848ebb8. > > > PR: 281125 > Reviewed by: Krzysztof Galazka > > MFC after: 3 days > Pull Request: https://github.com/freebsd/freebsd-src/pull/1545 > --- > sys/dev/ixl/ixl_pf_main.c | 97 +++++------------------------------------------ > 1 file changed, 10 insertions(+), 87 deletions(-) > > > diff --git a/sys/dev/ixl/ixl_pf_main.c b/sys/dev/ixl/ixl_pf_main.c > index 9755136df848..1752efc02fff 100644 > --- a/sys/dev/ixl/ixl_pf_main.c > +++ b/sys/dev/ixl/ixl_pf_main.c > @@ -593,15 +593,6 @@ ixl_add_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) > * Routines for multicast and vlan filter management. > * > *********************************************************************/ > - > -/** > - * ixl_add_multi - Add multicast filters to the hardware > - * @vsi: The VSI structure > - * > - * In case number of multicast filters in the IFP exceeds 127 entries, > - * multicast promiscuous mode will be enabled and the filters will be removed > - * from the hardware > - */ > void > ixl_add_multi(struct ixl_vsi *vsi) > { > @@ -609,20 +600,14 @@ ixl_add_multi(struct ixl_vsi *vsi) > struct i40e_hw *hw = vsi->hw; > int mcnt = 0; > struct ixl_add_maddr_arg cb_arg; > - enum i40e_status_code status; > > > IOCTL_DEBUGOUT("ixl_add_multi: begin"); > > > mcnt = if_llmaddr_count(ifp); > if (__predict_false(mcnt >= MAX_MULTICAST_ADDR)) { > - status = i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, > - TRUE, NULL); > - if (status != I40E_SUCCESS) > - if_printf(ifp, "Failed to enable multicast promiscuous " > - "mode, status: %s\n", i40e_stat_str(hw, status)); > - else > - if_printf(ifp, "Enabled multicast promiscuous mode\n"); > - /* Delete all existing MC filters */ > + i40e_aq_set_vsi_multicast_promiscuous(hw, > + vsi->seid, TRUE, NULL); > + /* delete all existing MC filters */ > ixl_del_multi(vsi, true); > return; > } > @@ -648,92 +633,30 @@ ixl_match_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) > return (0); > } > > > -/** > - * ixl_dis_multi_promisc - Disable multicast promiscuous mode > - * @vsi: The VSI structure > - * @vsi_mcnt: Number of multicast filters in the VSI > - * > - * Disable multicast promiscuous mode based on number of entries in the IFP > - * and the VSI, then re-add multicast filters. > - * > - */ > -static void > -ixl_dis_multi_promisc(struct ixl_vsi *vsi, int vsi_mcnt) > -{ > - struct ifnet *ifp = vsi->ifp; > - struct i40e_hw *hw = vsi->hw; > - int ifp_mcnt = 0; > - enum i40e_status_code status; > - > - ifp_mcnt = if_llmaddr_count(ifp); > - /* > - * Equal lists or empty ifp list mean the list has not been changed > - * and in such case avoid disabling multicast promiscuous mode as it > - * was not previously enabled. Case where multicast promiscuous mode has > - * been enabled is when vsi_mcnt == 0 && ifp_mcnt > 0. > - */ > - if (ifp_mcnt == vsi_mcnt || ifp_mcnt == 0 || > - ifp_mcnt >= MAX_MULTICAST_ADDR) > - return; > - > - status = i40e_aq_set_vsi_multicast_promiscuous(hw, vsi->seid, > - FALSE, NULL); > - if (status != I40E_SUCCESS) { > - if_printf(ifp, "Failed to disable multicast promiscuous " > - "mode, status: %s\n", i40e_stat_str(hw, status)); > - > - return; > - } > - > - if_printf(ifp, "Disabled multicast promiscuous mode\n"); > - > - ixl_add_multi(vsi); > -} > - > -/** > - * ixl_del_multi - Delete multicast filters from the hardware > - * @vsi: The VSI structure > - * @all: Bool to determine if all the multicast filters should be removed > - * > - * In case number of multicast filters in the IFP drops to 127 entries, > - * multicast promiscuous mode will be disabled and the filters will be reapplied > - * to the hardware. > - */ > void > ixl_del_multi(struct ixl_vsi *vsi, bool all) > { > - int to_del_cnt = 0, vsi_mcnt = 0; > + struct ixl_ftl_head to_del; > if_t ifp = vsi->ifp; > struct ixl_mac_filter *f, *fn; > - struct ixl_ftl_head to_del; > + int mcnt = 0; > > > IOCTL_DEBUGOUT("ixl_del_multi: begin"); > > > LIST_INIT(&to_del); > /* Search for removed multicast addresses */ > LIST_FOREACH_SAFE(f, &vsi->ftl, ftle, fn) { > - if ((f->flags & IXL_FILTER_MC) == 0) > - continue; > - > - /* Count all the multicast filters in the VSI for comparison */ > - vsi_mcnt++; > - > - if (!all && if_foreach_llmaddr(ifp, ixl_match_maddr, f) != 0) > + if ((f->flags & IXL_FILTER_MC) == 0 || > + (!all && (if_foreach_llmaddr(ifp, ixl_match_maddr, f) == 0))) > continue; > > > LIST_REMOVE(f, ftle); > LIST_INSERT_HEAD(&to_del, f, ftle); > - to_del_cnt++; > - } > - > - if (to_del_cnt > 0) { > - ixl_del_hw_filters(vsi, &to_del, to_del_cnt); > - return; > + mcnt++; > } > > > - ixl_dis_multi_promisc(vsi, vsi_mcnt); > - > - IOCTL_DEBUGOUT("ixl_del_multi: end"); > + if (mcnt > 0) > + ixl_del_hw_filters(vsi, &to_del, mcnt); > } > > > void > > > > From nobody Thu Dec 19 17:37:13 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDd661Cf5z5hVrS; Thu, 19 Dec 2024 17:37:18 +0000 (UTC) (envelope-from rpokala@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDd656J9Lz46rp; Thu, 19 Dec 2024 17:37:17 +0000 (UTC) (envelope-from rpokala@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734629837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kbxqxTXKz9f2kgnQ/r0fq6glLa0gDQl6bagCOa3E4hc=; b=gOlTK0XQ2hyHJwZ+PTqhw9bKDZA8vaOS2YrTCfBay6cfhw3FSyeYlS1FaWWzKa3+uj6TEk GC2HXO44jv+/81iplQqJyfTvcQxDgFY5BABOUEfBTRur9GlZeayiXur2DpBi5ONfTiXAbR zS9dcyTQuF90QNmV5DFE579eu0L/QCyb2icJXBmlYKQJOTMuHRu4xpoBXGQJeca3Jf3Knj 4nBEevTbEWW/b0iS+0k+TMIN790+zPz+TnnN8FV36H9sYeuLQUZ5aBt54Ty7ly9o0gyfkJ NmSMgaey+WWfx4RTfzNShMra8FsN+0wiUe8G+qh68Xn94LQ9nfnUmbvkyZeFCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734629837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kbxqxTXKz9f2kgnQ/r0fq6glLa0gDQl6bagCOa3E4hc=; b=vteBHKJd747kQm9vQT2o3Mh2RMcw2y5aFzY2wU1k5E8lUDAyoWYyG3a1XkTYJbDD1FlUH6 ftfN05oFPknaHnrY3DBUkbt7OALaL+18qJ5wn1YxV4xfPlTu9nQ3QxoTaUN2qNuhSrFue9 GZRXpKPGGwF6pzvrmwQrob3Ydn3u8Q6YCxvFb9Ck7vojOC3yZpalwRXmjKzeqSl/4wUtcE JagDv9wFigR4Y4fGLtDP33/V0AXdmOIsZjeaNEh0hEaWzKtK1QSzyapZX7aEP3kXqJp2GT iJT2FY1w2PkkVSto6OnpSmAZ+d8P/KJDRgYjJC4CA3IlgjBMkTf9fuOvpOtp9w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734629837; a=rsa-sha256; cv=none; b=hxwlhrr20B2ViJ6oD7VzSP19+90/7muy07xqQjmwVhNI0XopVbaSV0eT3u7JyJfcSpHdbL z/OSDIhiUkznrAT9q8fvFsOljGOF0XjgIYWQhkWxou+zg0Ax2WVa5NHrZHWXRnjHq3LCOF GAZ+A0P94a/8UzeHfyvFN9Ia9pLxRRoCaQYLzLNnP3CrjIEhk1eHxZ/zqICFwTv/fHcYrI XKhVfYg79Kx5AMRRLTl5oPW3BaXdfNDYrmJClwUk5X76+6icNfBM1IPqviP6iyHPljZzTF ftbspEYq6zeI1QUpOsr0iEJ12yFXJtGnA2tUHKzVq549pgo9ZKm2tFyDNmAgUQ== Received: from [192.168.1.54] (c-73-231-46-254.hsd1.ca.comcast.net [73.231.46.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: rpokala) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YDd645tlNzYcn; Thu, 19 Dec 2024 17:37:16 +0000 (UTC) (envelope-from rpokala@freebsd.org) User-Agent: Microsoft-MacOutlook/16.92.24120731 Date: Thu, 19 Dec 2024 09:37:13 -0800 Subject: Re: a1097094c4c5 - main - newvers: Set explicit git revision length From: Ravi Pokala To: John Baldwin , Gleb Smirnoff , Ed Maste CC: , , Message-ID: <58382B1B-DE05-4C46-997E-175F74B5A018@panasas.com> Thread-Topic: a1097094c4c5 - main - newvers: Set explicit git revision length References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> In-Reply-To: <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable It occurred to me to see what Linux distros do. I spot-checked several dist= ros that we have in our lab (several versions of Debian, RHEL, Rocky, SLES, = OpenSuSE, Ubuntu), and it looks like only SLES and OpenSuSE embed a Git hash= in their 'uname -a' output. For both those distros, it uses just seven char= acters. -Ravi (rpokala@) =EF=BB=BF-----Original Message----- From: > on behalf of John Baldwin > Date: Thursday, December 19, 2024 at 07:03 To: Gleb Smirnoff >, Ed Ma= ste > Cc: >, >, > Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision = length On 12/18/24 12:12, Gleb Smirnoff wrote: > On Wed, Dec 18, 2024 at 10:22:24AM -0500, Ed Maste wrote: > E> That said, it doesn't matter what Git's algorithm chooses as the short > E> hash length; specifying --short bypasses that algorithm. `git > E> rev-parse --verify --short=3D12 HEAD` will give us a 12-character short > E> hash as long as that hash is unique. The reproducibility concern is > E> thus: what is the probability that the 12-character short hash is > E> unique at the time and in a repo from which an image is built, but is > E> not unique for the attempt to reproduce it, or vice-versa. This > E> probability is rather small. > E> > E> If you look at arbitrary commits 6 or 7 characters are usually > E> sufficient for a unique hash today. For instance, some latest -pX from > E> recent releng/ branches: > E> > E> 13.3: 72aa3d > E> 13.4: 3f40d5 > E> 14.0: f10e32 > E> 14.1: 74b6c98 > E> 14.2: c8918d6 > E> > E> The status quo of --short=3D12 should be fine for quite some time. >=20 > AFAIU John's concern is that you can't guarantee a reproducible build fro= m a > "dirty" repository. A repository that has more branches than just the off= icial > ones. I just make a quick check on Netflix repo, that has both the curren= t > FreeBSD history and the before-the-official-git history together, as well= as > splitted ports subdirectories and of course our own stuff. For short hash= es > there are roughly 2x more ambiguities than for a "clean" repo. Apparently > chance of collision on a long hash is also doubled. >=20 > We can of course say that we don't provide reproducible builds from a "di= rty" > repo. But would be a real limitation. That would cancel a legitimate > scenario: >=20 > git subtree add FreeBSD && cd FreeBSD && make a reproducible build In particular, the dirty repository scenario I imagine is FreeBSD's officia= l repository at some point in the future. A question though is how far in the future would it have to be to matter. If we would need 100+ years at our current commit rate to matter, then this is probably moot. The other point I guess is that how many other user git settings can affect the build? Shou= ld we not require an empty global git config as a prereq for someone who wants= a reproducible build (and use the same setup for our official builds) and say that if you adjust your user config to impact the build that's kind of your problem? --=20 John Baldwin From nobody Thu Dec 19 18:45:41 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDfd21V5zz5hbds; Thu, 19 Dec 2024 18:45:42 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDfd20sQ7z4HvS; Thu, 19 Dec 2024 18:45:42 +0000 (UTC) (envelope-from brooks@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734633942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=act7yAbktDLPkX5rXFTcri6glNq18dBXhTkcepuAYKs=; b=jQQmEKZSQ21V1BZ7StjyEIkcoSI6T9VL/EeQq3QVpzl3PnLA49FPM4kHiBLhNLTO3t7+Mp JGVbfr4s99HPOOf+i9SseQX4Rf4ntgXNhx/oSefe0auO58dPSHIG0SewTW3uySqnCycPoF +NTggTHfQeFAH3opQxdFHbs9rt6GfIfRIWNp7xttYOgpkAUzouhGUBrbYF7xyVGuTNA5V5 hHTCdEPo9omMwAHoHcmx97E9u7xo67pBFsdcZCMsXPnVXAB738RpDM+21loKbqSgDOWPpN R12eOwVLQbcC5uGK+G/PZj2edAmf+nPzdxSsiJH/LO6MBCEkzdDLs/9OsUGtiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734633942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=act7yAbktDLPkX5rXFTcri6glNq18dBXhTkcepuAYKs=; b=c6WDSEjZfsvJeE+z5Gl/l5Tfu9rdLjCqEQqhx6IvCIw2V++2HgXwZSUfxtvVaLYIENp+v0 09f9fk5k0xLqDTnz3iKwoUo5a/n67PF8uODUCesH/r73DpaLkRebBaBSDu+MidjAf/rirA 2QFnOc3eOo3jmvKrbV6jL+eLpBQsDM0qoR+MPzIL1zNxXKhaFRVEIpyPNYHB8MOQw9IQPy XMc6e98yjAHLkCPSqG4uahbDcQHKGecB/6zO+TBEXeEM1yhmAnUUyVF6A2+1Q+/9FFM7xZ ATs95SzN6LtgThHLx8IQnvDGgV3toxLd3Je3YK7NC8fmlpa9TRpDatnkn30b7g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734633942; a=rsa-sha256; cv=none; b=aiJDFsV5N+9I4kEZg5C+t1OMtaXpqc46NcONABVPxBNLqQakMSpbDs5rT2ILpyPSCOoGAV p/Jj7Mtrt//x6PY0vkzdrdLeplQEdKClrHOuS1wejuGIyExK/yu2b4ozjnjzMRm2nrAlM0 yEEkKhLjOGoeKH8HRgzmOS/QYslQ1KsuWn2CxFWvZYkRRGk4cYLG/d6cdkP3qVwpE0BYaq /C/qKiRMH40hE2Rg5CDmdlQxFh6DXA2YG0WnXVMZL+or4pP7Tayot49r1euEgkK9eeyx1s PJxcshTvOnOY8oTFtFZk+3Lg7wNQnPTxpHJU7WWLk9dDajUauIa2bJIg2EcTKg== Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: brooks/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YDfd20DbLzbSs; Thu, 19 Dec 2024 18:45:42 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id 6AE713C019B; Thu, 19 Dec 2024 18:45:41 +0000 (UTC) Date: Thu, 19 Dec 2024 18:45:41 +0000 From: Brooks Davis To: John Baldwin Cc: Gleb Smirnoff , Ed Maste , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length Message-ID: References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> On Thu, Dec 19, 2024 at 10:03:05AM -0500, John Baldwin wrote: > On 12/18/24 12:12, Gleb Smirnoff wrote: > > On Wed, Dec 18, 2024 at 10:22:24AM -0500, Ed Maste wrote: > > E> That said, it doesn't matter what Git's algorithm chooses as the short > > E> hash length; specifying --short bypasses that algorithm. `git > > E> rev-parse --verify --short=12 HEAD` will give us a 12-character short > > E> hash as long as that hash is unique. The reproducibility concern is > > E> thus: what is the probability that the 12-character short hash is > > E> unique at the time and in a repo from which an image is built, but is > > E> not unique for the attempt to reproduce it, or vice-versa. This > > E> probability is rather small. > > E> > > E> If you look at arbitrary commits 6 or 7 characters are usually > > E> sufficient for a unique hash today. For instance, some latest -pX from > > E> recent releng/ branches: > > E> > > E> 13.3: 72aa3d > > E> 13.4: 3f40d5 > > E> 14.0: f10e32 > > E> 14.1: 74b6c98 > > E> 14.2: c8918d6 > > E> > > E> The status quo of --short=12 should be fine for quite some time. > > > > AFAIU John's concern is that you can't guarantee a reproducible build from a > > "dirty" repository. A repository that has more branches than just the official > > ones. I just make a quick check on Netflix repo, that has both the current > > FreeBSD history and the before-the-official-git history together, as well as > > splitted ports subdirectories and of course our own stuff. For short hashes > > there are roughly 2x more ambiguities than for a "clean" repo. Apparently > > chance of collision on a long hash is also doubled. > > > > We can of course say that we don't provide reproducible builds from a "dirty" > > repo. But would be a real limitation. That would cancel a legitimate > > scenario: > > > > git subtree add FreeBSD && cd FreeBSD && make a reproducible build > > In particular, the dirty repository scenario I imagine is FreeBSD's official > repository at some point in the future. A question though is how far in the > future would it have to be to matter. If we would need 100+ years at our > current commit rate to matter, then this is probably moot. The other point > I guess is that how many other user git settings can affect the build? Should > we not require an empty global git config as a prereq for someone who wants a > reproducible build (and use the same setup for our official builds) and say > that if you adjust your user config to impact the build that's kind of your > problem? I'm not super concerned about rollover here. If it becomes an issue, and someone wants to reproduce the build in the future (e.g., a decade from now) they can always produce a custom repo with future history removed to avoid having git add extra digits. IMO that's going to be the least of their problems given they will need to bootstrap the correct LLVM in order to make sure binaries are the same. For FreeBSD itself, I think we're a very long way away. FreeBSD main from about a week ago has 296268 commits per `git rev-list --count HEAD` and CheriBSD has more than twice as many at 662027[0] (more than LLVM's 521761). All default to 12 digits for short. If we wanted to add some margin going to 13 should last until SHA1 is completely untenable as a hash. -- Brooks [0] For those following along, this has two causes: 1) we have both the current history and uqs's git export history in our history, 2) We merge each upstream commit individually so we've added a merge commit for each first-parent commit to src/main since 2015. From nobody Thu Dec 19 18:57:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDftK308Lz5hbk3; Thu, 19 Dec 2024 18:57:13 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-il1-f169.google.com (mail-il1-f169.google.com [209.85.166.169]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDftK0y8mz4JZ0; Thu, 19 Dec 2024 18:57:13 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-f169.google.com with SMTP id e9e14a558f8ab-3a78b39034dso3332575ab.3; Thu, 19 Dec 2024 10:57:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734634631; x=1735239431; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L+UBL7KC+vNDw8LG1NHWr+R4yXlRaukXnZSVNMgR8QQ=; b=TG2mgIF2NrlMuzycYspM2ylBs4VvVuL7nmeCNr8C28ABDjRtFAuW3Z9713wEG8TVS3 6cmog6lvg3XAG4seIrn5v6vjBKTYGSFgNNzqTfjjFYAvUorqMRXYb73iRSdP730sOeZJ rgwoGiOs1OfgM+5T/HAxfkqQArpBY2hB2gsdEzi/vjF3ymg4DjMq1AplquC0whznnLjR D1+OCA7KLtXOUWnfityvmYGWgPxY6Y7JE58MMQdsWRj2t0ztl7HPQoJi3/rP5KDQ4BNR JG3tpzhmHMlYfaG2LhrIRQfFxrV/pEo226655aobcdzmropzC+/OGLiZc5uLigyEIAgF XkGw== X-Forwarded-Encrypted: i=1; AJvYcCVISm/3fd5vHfT3b9WpUq1pRkhf+HNuC40sAJj81BDaA3ATVQ9oXP1vSj8co/+hxeaQq3NoW1WwXg==@freebsd.org, AJvYcCVJCZKF0RVaS99AZjWmX8eO19a2Qg0HwLn5fB59PuVAo9J9KyPNADwJxc3szj2mrTgR9nvRrwzOLx8VS217Z9s=@freebsd.org, AJvYcCWEaHnPWiE0xBZVXZW2b69UPdRBfl8EWSHOk0gJuyRABeRdoW96VRVEy9SgOXkKEjZWs50AXB5xQJayDabAhJTBo79l@freebsd.org, AJvYcCXjc1e1h9mRm39iy/hL1/rLWNtlzD2JGPSTCM/Zg+zXGbBh0Emm0b8yMk7YvCCPtG3hXrSuAzTN0l/Dl2k6rklDL7p3UDM=@freebsd.org X-Gm-Message-State: AOJu0YyYjClPo1Jdy/oRPcWYZXyF+p+1qHpl3MTEvvOfmxpJvTeY4rHF vUX/+QHq0MzNo6yh5Kec9NqrnGhPbUnLSsaeGvE9z041WYxxbTTqtYUVfsKLGTmqiofTOwaUHq0 fyTUlBxTxkZLS/OJq0I4ZcAUqG2a/Cg== X-Gm-Gg: ASbGncvN9FyS6hIiRiWdGMj8XBaz/WB8NNrb+yOXF8zWR2mKmdTG53FapgKi16xBtu1 AkgYDubI7drSm0knbggRDe08uP+3JUK/FgEaf+/SY0nKHjCiv/k2ii+SUbjFXv55PYaJisEj0 X-Google-Smtp-Source: AGHT+IEL1BD9+Du9D+743p6TnPjZK4dZjQkt17WH2n1saN0b30s+UjZMBKK0XpYKO1CmHHf6QiQR3hatMZAqiw07DhE= X-Received: by 2002:a05:6e02:20eb:b0:3a7:81dd:d0ad with SMTP id e9e14a558f8ab-3c2d2568d69mr1810065ab.7.1734634631583; Thu, 19 Dec 2024 10:57:11 -0800 (PST) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202412131306.4BDD6bxu011253@gitrepo.freebsd.org> <9afbf270-0cc0-4fd0-8975-6b88aadd3903@FreeBSD.org> In-Reply-To: From: Ed Maste Date: Thu, 19 Dec 2024 13:57:00 -0500 Message-ID: Subject: Re: git: a1097094c4c5 - main - newvers: Set explicit git revision length To: Brooks Davis Cc: John Baldwin , Gleb Smirnoff , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4YDftK0y8mz4JZ0 X-Spamd-Bar: ---- Addressing John's other point: > > I guess is that how many other user git settings can affect the build? Should > > we not require an empty global git config as a prereq for someone who wants a > > reproducible build (and use the same setup for our official builds) and say > > that if you adjust your user config to impact the build that's kind of your > > problem? I think if the user adjusts their git config in a way that changes file content (e.g. scripted $FreeBSD$ expansion as was discussed early on in the git migration) that's their problem. Config that affects the output format of the command does need to be addressed. This is really no different to our build's use of things like `env -i LC_COLLATE=C sort` which we already do. Usage in newvers is the only Git usage I'm aware of that we need to address. From nobody Thu Dec 19 20:12:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDhXj58tJz5hhPv; Thu, 19 Dec 2024 20:12:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDhXj4bmlz4P16; Thu, 19 Dec 2024 20:12:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734639125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wG74q+j4QN9dCCHBq0/9nM1AK8fVmGM42PKCuE1ECmU=; b=cpeXaJT3MGXKfapt1qBbNJbIEMEamQY4ZNzYRrAJwItGDYaaZ82mH5McSULMKmLC4B+Vl0 ZAekzwZvWnnvZkCY2yFFtRGxFwrdkZ9DQ8gWvDdCu2FqgdNh2SdAUd9671yBGDdvHe57rX v0ymjSi2cb/aux7FtGO6zbxLPFIqVRt7PAj2ir7fVJS/+KMlPEhSTyuztM7xSErEscsxh0 w7inyJu4V2+SDnUCoGUv8TwGj5xmjszoqDfwoJFeg2tvX5ab1Iol6hlG9c20EqY3Nd4dT4 uzuL+TcpdM2SSKS/7qg7dIMxp7p1s2XuFL6JRllVE1ROEy7Bf9/sOhvTVmYHiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734639125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wG74q+j4QN9dCCHBq0/9nM1AK8fVmGM42PKCuE1ECmU=; b=DuGTfFsnNqVgs5fezc1b7MRmrWcFfNgkavEzDdTdPOsSN9qzLWC4CQPqEMFN4leaSHTVcK 1giV2zksgKYdFIn+55vW+SV6whltUCXCRT32ubp94f9NAhnQVMVgAyF5aVsp1fSe1VDBHg vYRtJqfrdamMeUTQ2l5VKNbdz/xBuBBnixLRcBmgROxvWyVaLb9RArMkQXNyANSDiUdfT1 Ecd1da5aYyJeNF5qrjMm/9uOD7tTrXLB3IIsaUSl3LlPRz2al9sScP59993Q6IfKw2YFa1 /lr6HVjIQHG/pBgYN+CZptBHL9y2hijvykJgYl815rOegPx/cfnLHzwqBI8OWw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734639125; a=rsa-sha256; cv=none; b=O0jZfnrUqQneMwEOg/usfV89G7KWu5w4fpTqc1dCvYQvs9c3QbHSpZClgdm36ctp/1AJYv P5zeZsxhaOB9j6ww/W+XAx7quNiCqIAVxJTUBwVwdKmAP7KssTxat5TauWcLsTUglrj3On DAUzt+f7zBQjeqfmRFYtqlnzZzbjur7PQft78KbYR8zOr5D2IQ9UjqQPLEdwi/M/kVG+ff bvFFev2dSmtjafTdEowWde4lQOxBM2ffl5aB944+Hu5sXR9Mk5lnTvh6mGi0cIySd7rhXF of5A1dMeiCvW2/pl6OsgOnmHDWECDuYD0CET0tAVV81lQD2c8H5ylFYgFfqB6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDhXj4C0Wz17l0; Thu, 19 Dec 2024 20:12:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJKC5YM037038; Thu, 19 Dec 2024 20:12:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJKC5GD037035; Thu, 19 Dec 2024 20:12:05 GMT (envelope-from git) Date: Thu, 19 Dec 2024 20:12:05 GMT Message-Id: <202412192012.4BJKC5GD037035@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: d052fcbd8668 - main - rpc: svc_tli_create() is always called with NULL socket List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d052fcbd86680c60bfddb2f74d7bc05f43c57a8f Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=d052fcbd86680c60bfddb2f74d7bc05f43c57a8f commit d052fcbd86680c60bfddb2f74d7bc05f43c57a8f Author: Gleb Smirnoff AuthorDate: 2024-12-19 20:11:51 +0000 Commit: Gleb Smirnoff CommitDate: 2024-12-19 20:11:51 +0000 rpc: svc_tli_create() is always called with NULL socket Axe dead code that allows to provide a created socket. --- sys/rpc/svc.h | 5 ++- sys/rpc/svc_generic.c | 88 +++++++++++++++++++-------------------------------- 2 files changed, 35 insertions(+), 58 deletions(-) diff --git a/sys/rpc/svc.h b/sys/rpc/svc.h index cfeb2a92c54e..43a388984c00 100644 --- a/sys/rpc/svc.h +++ b/sys/rpc/svc.h @@ -804,10 +804,9 @@ extern void *clnt_bck_create(struct socket *, const rpcprog_t, const rpcvers_t); /* * Generic TLI create routine */ -extern SVCXPRT *svc_tli_create(SVCPOOL *, struct socket *, - const struct netconfig *, const struct t_bind *, const size_t, const size_t); +extern SVCXPRT *svc_tli_create(SVCPOOL *, const struct netconfig *, + const struct t_bind *, const size_t, const size_t); /* - * struct socket * so; -- connection end point * const struct netconfig *nconf; -- netconfig structure for network * const struct t_bind *bindaddr; -- local bind address * const size_t sendsz; -- max sendsize diff --git a/sys/rpc/svc_generic.c b/sys/rpc/svc_generic.c index b2626d66490d..6fb43dc5c940 100644 --- a/sys/rpc/svc_generic.c +++ b/sys/rpc/svc_generic.c @@ -164,10 +164,10 @@ svc_tp_create( bind.addr = *taddr; free(taddr, M_RPC); bind.qlen = -1; - xprt = svc_tli_create(pool, NULL, nconf, &bind, 0, 0); + xprt = svc_tli_create(pool, nconf, &bind, 0, 0); free(bind.addr.buf, M_RPC); } else { - xprt = svc_tli_create(pool, NULL, nconf, NULL, 0, 0); + xprt = svc_tli_create(pool, nconf, NULL, 0, 0); } if (xprt == NULL) { return (NULL); @@ -199,70 +199,52 @@ svc_tp_create( SVCXPRT * svc_tli_create( SVCPOOL *pool, - struct socket *so, /* Connection end point */ const struct netconfig *nconf, /* Netconfig struct for nettoken */ const struct t_bind *bindaddr, /* Local bind address */ size_t sendsz, /* Max sendsize */ size_t recvsz) /* Max recvsize */ { + struct socket *so; SVCXPRT *xprt = NULL; /* service handle */ - bool_t madeso = FALSE; /* whether so opened here */ struct __rpc_sockinfo si; struct sockaddr_storage ss; + if (nconf == NULL) { + printf("svc_tli_create: invalid netconfig\n"); + return (NULL); + } + so = __rpc_nconf2socket(nconf); if (!so) { - if (nconf == NULL) { - printf("svc_tli_create: invalid netconfig\n"); - return (NULL); - } - so = __rpc_nconf2socket(nconf); - if (!so) { - printf( - "svc_tli_create: could not open connection for %s\n", - nconf->nc_netid); - return (NULL); - } - __rpc_nconf2sockinfo(nconf, &si); - madeso = TRUE; - } else { - /* - * It is an open socket. Get the transport info. - */ - if (!__rpc_socket2sockinfo(so, &si)) { - printf( - "svc_tli_create: could not get transport information\n"); - return (NULL); - } + printf( + "svc_tli_create: could not open connection for %s\n", + nconf->nc_netid); + return (NULL); } + __rpc_nconf2sockinfo(nconf, &si); - /* - * If the socket is unbound, try to bind it. - */ - if (madeso || !__rpc_sockisbound(so)) { - if (bindaddr == NULL) { - if (bindresvport(so, NULL)) { - memset(&ss, 0, sizeof ss); - ss.ss_family = si.si_af; - ss.ss_len = si.si_alen; - if (sobind(so, (struct sockaddr *)&ss, - curthread)) { - printf( - "svc_tli_create: could not bind to anonymous port\n"); - goto freedata; - } - } - solisten(so, -1, curthread); - } else { - if (bindresvport(so, - (struct sockaddr *)bindaddr->addr.buf)) { + if (bindaddr == NULL) { + if (bindresvport(so, NULL)) { + memset(&ss, 0, sizeof ss); + ss.ss_family = si.si_af; + ss.ss_len = si.si_alen; + if (sobind(so, (struct sockaddr *)&ss, + curthread)) { printf( - "svc_tli_create: could not bind to requested address\n"); + "svc_tli_create: could not bind to anonymous port\n"); goto freedata; } - solisten(so, (int)bindaddr->qlen, curthread); } - + solisten(so, -1, curthread); + } else { + if (bindresvport(so, + (struct sockaddr *)bindaddr->addr.buf)) { + printf( + "svc_tli_create: could not bind to requested address\n"); + goto freedata; + } + solisten(so, (int)bindaddr->qlen, curthread); } + /* * call transport specific function. */ @@ -310,12 +292,8 @@ svc_tli_create( return (xprt); freedata: - if (madeso) - (void)soclose(so); - if (xprt) { - if (!madeso) /* so that svc_destroy doesnt close fd */ - xprt->xp_socket = NULL; + (void)soclose(so); + if (xprt) xprt_unregister(xprt); - } return (NULL); } From nobody Thu Dec 19 22:36:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDllq6ZKCz5hqsM; Thu, 19 Dec 2024 22:36:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDllq4tz6z4fnW; Thu, 19 Dec 2024 22:36:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734647815; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4sOCSuRL7dciGLHqD5glbqjVFkq+Z+lf5CZmlMSz6sQ=; b=QdbHjQOMGlBRDbvvDFis6FXmWP/+h/mYYXuDKku9jy1AgjobDvYRTPxoFjzci2F1z7Aj19 GnDeeAZ4k5s7+AZNsSmxMTtMMrDygNE3SIXfWV5QtRKmkOx75Hu53xziANPBvDD5V9bp9F Ft70dWlIp23R66E5KRPpDgMsx9iEJQGziOC3IuJGzNnCBeUFhSwETYGP8hrhRvwUn4SsK7 uoRH9eQbAgfuZ1IVmPsVGacCStUD5vIJnI9rllDOyqrdvnbPrCrpabESUmxjXVnddHCnXZ NJQH3cX0HWtxPYN+NbvSyJj7YAqlHZDDbPadhsXliVsVnq9r7xqRFElZK9bIcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734647815; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4sOCSuRL7dciGLHqD5glbqjVFkq+Z+lf5CZmlMSz6sQ=; b=o/wFzQnQQFdSYSM3aJw3JhQz4G3P++35qULfgn9oL+ZrqeM2ILtwtDZ6OgDKl06cIkxj6Y mfQySwpGSbFFhjGzel/DZ3wEnDL1Mysgd4zoIV2SlVqQjXGeDScSF0fqgFOxJp2Y4j4Lcc aINmNsGNTXpAGBSBNtc43j/h02lMPJ24bOzb6jR2Udg7/CIpSa5Uf/Kw+lnG7qVNgm7bMc X1plN03d863y1k7wvEDicrN0h/wGxfZrVPz65UtdsV6senaoiWQQOTT3xF7ubhb0yQwvoa jO5V+ihR1nA90tWXy5SgUJWxlCqk4enXRiGta3+X9Pn4Qbm0ng5V3swTYxpV6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734647815; a=rsa-sha256; cv=none; b=kpH4mZZ7Za3V99XIDFR9NVRNps+MXg0ZcYdeqIfLxdj8lZ5MxZdU38o0eu1cJGHTsP6e/H paUoSwFS9RcZWboiMtAJxjUKyr4xVmAlvPGcyQLtOb/4Xyoj5o5LLnhzgB2mmZX/pOPh0F i8WryEQdZ8Llat1CAEBfJHIkTFWIosHd0lTHyi7wugyEl/arsHZ34xGPHttleKwMfd4f7N bP4TQ37ixzzOTjnq4hbcwRaqXcbTCjSjkNuyw3cFuJqWANvVYPWEmfS1OnCbQ7UFGpBB+x qv/hwK7SAOQpW3MuTbUqYkmDhfVhMy/ARyKVOIc3sLophFYoMYjrBJ73pWyyBw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDllq4Mr6z1Bxy; Thu, 19 Dec 2024 22:36:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJMatwp098635; Thu, 19 Dec 2024 22:36:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJMatnZ098632; Thu, 19 Dec 2024 22:36:55 GMT (envelope-from git) Date: Thu, 19 Dec 2024 22:36:55 GMT Message-Id: <202412192236.4BJMatnZ098632@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: b6f4027ad9a2 - main - setcred(2): Add manual page List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b6f4027ad9a2ede69a7ec11137cc4ea69ec2f0a0 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=b6f4027ad9a2ede69a7ec11137cc4ea69ec2f0a0 commit b6f4027ad9a2ede69a7ec11137cc4ea69ec2f0a0 Author: Olivier Certner AuthorDate: 2024-12-12 08:38:00 +0000 Commit: Olivier Certner CommitDate: 2024-12-19 22:36:00 +0000 setcred(2): Add manual page Reviewed by: Alexander Ziaee Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48063 --- lib/libsys/Makefile.sys | 1 + lib/libsys/setcred.2 | 290 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 291 insertions(+) diff --git a/lib/libsys/Makefile.sys b/lib/libsys/Makefile.sys index 04e767d50f86..29c40eb334ba 100644 --- a/lib/libsys/Makefile.sys +++ b/lib/libsys/Makefile.sys @@ -311,6 +311,7 @@ MAN+= abort2.2 \ semget.2 \ semop.2 \ send.2 \ + setcred.2 \ setfib.2 \ sendfile.2 \ setgroups.2 \ diff --git a/lib/libsys/setcred.2 b/lib/libsys/setcred.2 new file mode 100644 index 000000000000..a1b819d24c52 --- /dev/null +++ b/lib/libsys/setcred.2 @@ -0,0 +1,290 @@ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright © 2024 The FreeBSD Foundation +.\" +.\" This documentation was written by Olivier Certner +.\" at Kumacom SARL under sponsorship from the FreeBSD Foundation. +.\" +.Dd December 19, 2024 +.Dt SETCRED 2 +.Os +.Sh NAME +.Nm setcred +.Nd set current process credentials atomically +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/ucred.h +.Ft int +.Fn setcred "u_int flags" "const struct setcred *wcred" "size_t size" +.Sh DESCRIPTION +The +.Fn setcred +system call can set any combination of user-accessible credentials of the +current process in an atomic manner. +.Pp +This system call is normally permitted only for processes having the ID of the +super-user (0) as their effective user ID, or not at all if the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is zero or some active MAC policy specifically denies these processes. +.Pp +Some MAC policies, such as +.Xr mac_do 4 , +may also allow unprivileged users to call it successfully, possibly depending on +the exact credentials transition requested, once again unless any active MAC +policy specifically denies that. +.Pp +The +.Fa flags +argument serves to indicate which process credentials should be changed by the +call. +Allowed flags are: +.Pp +.Bl -tag -width "SETCREDF_SUPP_GROUPS " -compact +.It Fa SETCREDF_UID +Set the effective user ID. +.It Fa SETCREDF_RUID +Set the real user ID. +.It Fa SETCREDF_SVUID +Set the saved user ID. +.It Fa SETCREDF_GID +Set the effective group ID. +.It Fa SETCREDF_RGID +Set the real group ID. +.It Fa SETCREDF_SVGID +Set the saved group ID. +.It Fa SETCREDF_SUPP_GROUPS +Set the supplementary group list. +.It Fa SETCREDF_MAC_LABEL +Set the MAC label. +.El +.Pp +The +.Vt struct setcred +structure is currently defined as: +.Bd -literal +struct setcred { + uid_t sc_uid; /* effective user id */ + uid_t sc_ruid; /* real user id */ + uid_t sc_svuid; /* saved user id */ + gid_t sc_gid; /* effective group id */ + gid_t sc_rgid; /* real group id */ + gid_t sc_svgid; /* saved group id */ + u_int sc_pad; /* padding, unused */ + u_int sc_supp_groups_nb; /* supplementary groups number */ + gid_t *sc_supp_groups; /* supplementary groups */ + struct mac *sc_label; /* MAC label */ +}; +.Ed +.Pp +Its fields are: +.Pp +.Bl -tag -width "sc_supp_groups_nb " -compact +.It Fa sc_uid +The ID to set the effective user to, if flag +.Dv SETCREDF_UID +is specified. +.It Fa sc_ruid +The ID to set the real user to, if flag +.Dv SETCREDF_RUID +is specified. +.It Fa sc_svuid +The ID to set the saved user to, if flag +.Dv SETCREDF_SVUID +is specified. +.It Fa sc_gid +The ID to set the effective group to, if flag +.Dv SETCREDF_GID +is specified. +.It Fa sc_rgid +The ID to set the real group to, if flag +.Dv SETCREDF_RGID +is specified. +.It Fa sc_svgid +The ID to set the saved group to, if flag +.Dv SETCREDF_SVGID +is specified. +.It Fa sc_supp_groups_nb +The size of array +.Fa sc_supp_groups , +if flag +.Dv SETCREDF_SUPP_GROUPS +is specified. +It must be less than or equal to +.Dv {NGROUPS_MAX} . +.It Fa sc_supp_groups +An array of IDs to set the supplementary groups to, if flag +.Dv SETCREDF_SUPP_GROUPS +is specified. +Note that all groups in this array will be set as supplementary groups only, in +contrast to +.Xr setgroups 2 +which treats the first element specially as the new effective group, not adding +it to supplementary groups. +.It Fa sc_label +A pointer to a valid MAC label structure, e.g., built with the +.Xr mac_from_text 3 +function, if flag +.Dv SETCREDF_MAC_LABEL +is specified. +.El +.Pp +For forward compatibility and security reasons, it is recommended that users +always initialize objects of type +.Vt struct setcred +with the provided initializer: +.Dv SETCRED_INITIALIZER . +.Pp +The +.Fa size +argument must be the size of the passed +.Fa wcred +structure. +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +The +.Fn setcred +system call will fail if: +.Bl -tag -width Er +.It Bq Er EINVAL +Unrecognized flags were passed in +.Fa flags , +or the +.Fa size +parameter does not match the size of +.Vt struct setcred , +or the field +.Fa sc_supp_group_nb +has a value strictly greater than +.Dv {NGROUPS_MAX} +.Po if flag +.Dv SETCREDF_SUPP_GROUPS +was supplied +.Pc , +or the MAC label pointed to by field +.Fa sc_label +is invalid +.Po if flag +.Dv SETCREDF_MAC_LABEL +was supplied +.Pc . +.It Bq Er EFAULT +The +.Fa wcred +pointer, or pointers in fields +.Fa sc_supp_groups +.Po if flag +.Dv SETCREDF_SUPP_GROUPS +was supplied +.Pc +or +.Fa sc_label +.Po if flag +.Dv SETCREDF_MAC_LABEL +was supplied +.Pc +point to invalid locations. +.It Bq Er EPERM +The user is not the super-user and/or the requested credentials transition is +not allowed by the system or MAC modules. +.It Bq Er EOPNOTSUPP +Some of the requested credentials have a type that the system does not support. +This currently can occur only if the kernel has been compiled without MAC and +.Dv SETCREDF_MAC_LABEL +has been passed. +.El +.Sh SEE ALSO +.Xr issetugid 2 , +.Xr setregid 2 , +.Xr setreuid 2 , +.Xr setuid 2 , +.Xr mac_text 3 , +.Xr mac 4 , +.Xr mac_do 4 , +.Xr maclabel 7 +.Sh STANDARDS +The +.Fn setcred +system call is specific to +.Fx . +.Pp +A call to +.Fn setcred +usually changes process credentials that are listed by POSIX/SUS standards. +The changed values then produce the effects with respect to the rest of the +system that are described in these standards, as if these changes had resulted +from calling standard or traditional credentials-setting functions. +Currently, all flags but +.Dv SETCREDF_MAC_LABEL +lead to modifying standard credentials. +.Pp +The only differences in using +.Fn setcred +to change standard credentials instead of standard or traditional functions are: +.Pp +.Bl -bullet -compact +.It +All requested changes are performed atomically. +.It +Only the super-user or an unprivileged user authorized by some MAC module can +successfully call +.Fn setcred , +even if the standard system calls would have authorized any unprivileged user to +effect the same changes. +For example, +.Fn seteuid +allows any unprivileged user to change the effective user ID to either the real +or saved ones, while +.Fn setcred +called with flag +.Dv SETCREDF_UID +does not. +.El +.Sh HISTORY +The +.Fn setcred +system call appeared in +.Fx 15.0 . +.Pp +Traditionally in UNIX, all credential changes beyond shuffles of effective, real +and saved IDs have been done by setuid binaries that successively call multiple +credentials-setting system calls and in a specific order. +For example, to change all user IDs to that of some unprivileged user, +.Fn setuid +must be called last so that all other credentials-changing calls can be +performed successfully beforehand, as they require super-user privileges. +.Pp +This piecewise approach causes such a process to transiently hold high privilege +credentials that are neither the original nor necessarily the desired final +ones. +Besides opening a transition window where possible vulnerabilities could have +catastrophic consequences, it makes it impossible for the kernel to enforce that +only certain transitions of credentials are allowed. +.Pp +The necessity of an atomic, global approach to changing credentials clearly +appeared while working on extending +.Xr mac_do 4 +to allow rules to authorize only specific changes of primary or supplementary +groups, which prompted the addition of +.Fn setcred . +.Sh AUTHORS +The +.Fn setcred +system call and this manual page were written by +.An Olivier Certner Aq Mt olce.freebsd@certner.fr . +.Sh SECURITY CONSIDERATIONS +The same considerations as those of standard or traditional credentials-setting +system calls apply to +.Fn setcred , +except for the lack of atomicity of successive such calls. +.Pp +In particular, please consult section +.Sy SECURITY CONSIDERATIONS +of the +.Xr setuid 2 +manual page about the absence of effect of changing standard credentials on +already open files. From nobody Thu Dec 19 22:36:56 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDllr6HDgz5hrHW; Thu, 19 Dec 2024 22:36:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDllr5TWDz4fqh; Thu, 19 Dec 2024 22:36:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734647816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sugfyJaaWq2U1Hjqo7r0KrBbFFHwHskvEanzn35e5gA=; b=wCR1vMy5lIuzj8gxO2SysC6Nlp9aq3ESBvIRFm+xGj6CRU4pLHfwzfQubNxO7yxichOtsY LfRcq0SHVQ2Xdv8YKCyfUMubGFrkyjL2xLh3IuJo3Wtk6qc9Y43iGPR6AwBC5bPpPCFwja H1LezPYvxAbHJq6+bZ+NaPFjSYe9TcnEaghPSX6ppsiDqcD4Qi9kaxIT1WW3DKHI0Z3BrN cCY9sDzsIYYKnXl7ygc6ahi5T4OSszvMH1gugidK7WOdBR6lCGwSer+fni/3rBJLwMaHz5 HY16/KAMZWK79epFfPTkUpZUyscz2Mf8tL+bmzXhYFLxq8d3nPXkA1OqTaKzGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734647816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sugfyJaaWq2U1Hjqo7r0KrBbFFHwHskvEanzn35e5gA=; b=aM+zGc1H7M5Cc/nnUmJIrr219TI4rUzVLBHpGWX6kGfnHipeI2M63bv5Guw+M2C2cVM1VD dsbINIWeTtuspEeCGzpZVl/bMRV8TztsMb4F0FKVNwkt2Pz9v1ccqWgffJ00SNJr2+ax92 aLR4S04kcv0YgTGQmdOjNsy4QxjOBA3KW7N+l+/piZjSgE/pLJYZMYtxIB+V1zZEH3zyiW hl1n78kvxwfpCpVlNNKylSOTUPL4f1jxL4FFpXWaA35XDbKa3x05RI/Rlb3w6Bj0C5eFB+ FmeVEgeB2W20W95rGmrMDjZkCc3X1ESyuwSKHUNYnJyiN64WLZwY/Oge3LZNGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734647816; a=rsa-sha256; cv=none; b=HhDlkSHNwIggTWPvQhWdejZGAzQiQTrOYTvia433uTzk4uWOEodpjFYBnTvN41U2DrQdXw G7J6Q3fzh75qNl24qqwmZKxn2ltR076IQakKRjoHAt4bxWgkh28Y5JMmrO+6uUKDWDCHUd DqpPn3A50nL7fIU91gzsM3QhG0Lg/OPvbtSOsQxDGUbAfYIyf83p0J43mDHnX+2FbKYuQv 9O6u9L52a7bilVwvHP2371awMpCHwQ83t8oj46yKGxo8lJfZpDSUAlDTNonRnYoGKuRrTQ btdGJ59ul1u7vcMr2egRP7vXMEmvPHoj1BOn6TLQ4AnCk3bANct9dpBgOOYHSw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDllr557pz1BQd; Thu, 19 Dec 2024 22:36:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BJMaudG098698; Thu, 19 Dec 2024 22:36:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BJMaulJ098695; Thu, 19 Dec 2024 22:36:56 GMT (envelope-from git) Date: Thu, 19 Dec 2024 22:36:56 GMT Message-Id: <202412192236.4BJMaulJ098695@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 618c97b87b71 - main - libprocstat: ZFS support: Makefile: Tidy up a bit List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 618c97b87b7124cdfb10d2f33a213c3302c8a98b Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=618c97b87b7124cdfb10d2f33a213c3302c8a98b commit 618c97b87b7124cdfb10d2f33a213c3302c8a98b Author: Olivier Certner AuthorDate: 2024-12-12 21:37:14 +0000 Commit: Olivier Certner CommitDate: 2024-12-19 22:36:06 +0000 libprocstat: ZFS support: Makefile: Tidy up a bit Regroup assignments tweaking preprocessor defines/undefs, and separately those about include directories. Re-order include directories a bit more logically, and remove redundant ones. Separate logical groups by blank lines. Build artifacts have been verified to stay the same when produced with an external LLVM 18 toolchain. MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48070 --- lib/libprocstat/zfs/Makefile | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/libprocstat/zfs/Makefile b/lib/libprocstat/zfs/Makefile index 9efe8918492c..5e1ebd44d1d3 100644 --- a/lib/libprocstat/zfs/Makefile +++ b/lib/libprocstat/zfs/Makefile @@ -6,19 +6,23 @@ WARNS?= 1 FORTIFY_SOURCE= 0 -CFLAGS+= -DIN_BASE -D__KERNEL__ -D_KERNEL -I. -I${.CURDIR} +# We fake a kernel compilation environment in order to get the definition for +# 'zpool_t'. +CFLAGS+= -DIN_BASE -D__KERNEL__ -D_KERNEL -UKLD_TIED -DKLD_MODULE +CFLAGS+= -DHAVE_ISSETUGID -D_SYS_VMEM_H_ + +CFLAGS+= -fno-builtin -nostdlib + +CFLAGS+= -I${.CURDIR} CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/include CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/include/os/freebsd/spl -CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/include/os/freebsd/ CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/include/os/freebsd/zfs +CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/include/os/freebsd CFLAGS+= -I${SRCTOP}/sys/contrib/ck/include - -CFLAGS+= -I${SRCTOP}/sys -I. -I.. CFLAGS+= -I${SRCTOP}/sys/contrib/openzfs/module/icp/include -CFLAGS+= -include ${SRCTOP}/sys/contrib/openzfs/include/os/freebsd/spl/sys/ccompile.h -CFLAGS+= -DHAVE_ISSETUGID -D_SYS_VMEM_H_ -UKLD_TIED -DKLD_MODULE +CFLAGS+= -I${SRCTOP}/sys -I. -I.. -CFLAGS+= -fno-builtin -nostdlib +CFLAGS+= -include ${SRCTOP}/sys/contrib/openzfs/include/os/freebsd/spl/sys/ccompile.h all: ${OBJS} CLEANFILES= ${OBJS} From nobody Fri Dec 20 00:10:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDnqz3jX5z5hx2N; Fri, 20 Dec 2024 00:10:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDnqz39jTz4p4L; Fri, 20 Dec 2024 00:10:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734653439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0JYNJ0aNayRXUzBIhC4QxggVLiF1lwU/MLMNrzDXvBY=; b=POnorKUGcz7mGJkLvNZibEqp8EAPLhdCYUxXkJmFFVpQu1OFAzKvn59F5Y+KmmONqKHRdK c62OfWiEX8FVW2UJv418FIHpxACVNrJUYiz4CCH4M6B+Y4MOpf1JTC9XRvwXMXNZGwCA9u HSJH7EK57WWiFN2pXN4YG0IeI4LfiDeJpoSUfklp4vsIECCB1xz+vsmJYlyUGk2t+MlcfR U4rfymRmBQzf0P8Cnznv1j0sQQFaCwXqCF4AZt/8Q7hD/+lwM06J4YbYDOLk1fsbEt5NHC YL7HAcfQIVoJ41DaiRjQKPqLR3NVBN8j5zwh/ot34mL8XzG6SGWcmu+EsVsmzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734653439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0JYNJ0aNayRXUzBIhC4QxggVLiF1lwU/MLMNrzDXvBY=; b=Ug1YCvsbAegAMScsUPO3DSCvsoJon45NoUWNVnkMJleF5VU7USii9N2JraY8XhlYV0xFPq alPm772uB3TIGmLeWA/Xd/CAYmVb0t4MzxQC6sTakcz0xs6N9B9/NjseeXVaG66DIatG2S Dmp0aoTVeyDBRFzoMCKiorc/VBlR1JW7cxePapz2eg/Jc4gnVy9To6SWObwKg5pra/AAdS imjOMKzGJfa4ifVKU7VIALBQ9BrKH95N+8gKon3qc2MRM+k4FaFYUaUp/fEkKCVaYapCs4 E0gr8BVJIZv1o3xdB8E1XNgWmzkwu57gS7io47T4jJ/SRgr/dksbXUwzfopiiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734653439; a=rsa-sha256; cv=none; b=vM9sBCR2gIPpWKxwRg1teIqGLcllnEs1EVPUR47Ut7iZLO7f3xq29utGrxIxoarYVdqCjI 1NrJzYA3HBszjSAjP8ShTOsy6tTHmvdT7ttqetZX+w5wyhef0EvCuVAn/tszuE2g2vAyev RoZ4OwyESZu3x5KkC8wheQ7e/MWm53iirVayiVa44CX/hl1KHT+qOcU3zIShoa/jiCXWyM 0MJMlBdW35jNpih4h4JkJyu7g5xNqxH+Pea3OzdWKvhK0t+JQiNrWLS7eWKz5/ZzOTYO0M J+Q94VaeoevnRb6mj/h4i+CVue8R+a14jGCHmgevXXuIkmzV1tjqgGvu0xxBwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDnqz2g98zFsj; Fri, 20 Dec 2024 00:10:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BK0Ad1u076746; Fri, 20 Dec 2024 00:10:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BK0AdHo076743; Fri, 20 Dec 2024 00:10:39 GMT (envelope-from git) Date: Fri, 20 Dec 2024 00:10:39 GMT Message-Id: <202412200010.4BK0AdHo076743@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alan Somers Subject: git: f0f596bd955e - main - fusefs: ignore FUSE_NO_OPEN(DIR)_SUPPORT flags List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f0f596bd955e5b48c55db502e79fc652ac8970d3 Auto-Submitted: auto-generated The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=f0f596bd955e5b48c55db502e79fc652ac8970d3 commit f0f596bd955e5b48c55db502e79fc652ac8970d3 Author: CismonX AuthorDate: 2024-11-02 20:19:15 +0000 Commit: Alan Somers CommitDate: 2024-12-20 00:09:49 +0000 fusefs: ignore FUSE_NO_OPEN(DIR)_SUPPORT flags The FUSE_NO_OPEN_SUPPORT and FUSE_NO_OPENDIR_SUPPORT flags are only meant to indicate kernel features, and should be ignored if they appear in the FUSE_INIT reply flags. Also fix the corresponding test cases. MFC after: 2 weeks Reviewed by: Alan Somers Signed-off-by: CismonX Pull Request: https://github.com/freebsd/freebsd-src/pull/1509 --- sys/fs/fuse/fuse_file.c | 9 +++------ sys/fs/fuse/fuse_internal.c | 4 ---- sys/fs/fuse/fuse_ipc.h | 2 -- sys/fs/fuse/fuse_vnops.c | 17 ++++++++--------- tests/sys/fs/fusefs/open.cc | 38 ++------------------------------------ tests/sys/fs/fusefs/opendir.cc | 27 ++------------------------- 6 files changed, 15 insertions(+), 82 deletions(-) diff --git a/sys/fs/fuse/fuse_file.c b/sys/fs/fuse/fuse_file.c index 88de12d59425..5f5819c2ccae 100644 --- a/sys/fs/fuse/fuse_file.c +++ b/sys/fs/fuse/fuse_file.c @@ -122,7 +122,6 @@ fuse_filehandle_open(struct vnode *vp, int a_mode, struct fuse_filehandle **fufhp, struct thread *td, struct ucred *cred) { struct mount *mp = vnode_mount(vp); - struct fuse_data *data = fuse_get_mpdata(mp); struct fuse_dispatcher fdi; const struct fuse_open_out default_foo = { .fh = 0, @@ -132,12 +131,10 @@ fuse_filehandle_open(struct vnode *vp, int a_mode, struct fuse_open_in *foi = NULL; const struct fuse_open_out *foo; fufh_type_t fufh_type; - int dataflags = data->dataflags; int err = 0; int oflags = 0; int op = FUSE_OPEN; int relop = FUSE_RELEASE; - int fsess_no_op_support = FSESS_NO_OPEN_SUPPORT; fufh_type = fflags_2_fufh_type(a_mode); oflags = fufh_type_2_fflags(fufh_type); @@ -145,12 +142,11 @@ fuse_filehandle_open(struct vnode *vp, int a_mode, if (vnode_isdir(vp)) { op = FUSE_OPENDIR; relop = FUSE_RELEASEDIR; - fsess_no_op_support = FSESS_NO_OPENDIR_SUPPORT; /* vn_open_vnode already rejects FWRITE on directories */ MPASS(fufh_type == FUFH_RDONLY || fufh_type == FUFH_EXEC); } fdisp_init(&fdi, sizeof(*foi)); - if (fsess_not_impl(mp, op) && dataflags & fsess_no_op_support) { + if (fsess_not_impl(mp, op)) { /* The operation implicitly succeeds */ foo = &default_foo; } else { @@ -160,7 +156,7 @@ fuse_filehandle_open(struct vnode *vp, int a_mode, foi->flags = oflags; err = fdisp_wait_answ(&fdi); - if (err == ENOSYS && dataflags & fsess_no_op_support) { + if (err == ENOSYS) { /* The operation implicitly succeeds */ foo = &default_foo; fsess_set_notimpl(mp, op); @@ -174,6 +170,7 @@ fuse_filehandle_open(struct vnode *vp, int a_mode, goto out; } else { foo = fdi.answ; + fsess_set_impl(mp, op); } } diff --git a/sys/fs/fuse/fuse_internal.c b/sys/fs/fuse/fuse_internal.c index 11d7b2d3e9bb..c6354ae7150f 100644 --- a/sys/fs/fuse/fuse_internal.c +++ b/sys/fs/fuse/fuse_internal.c @@ -1010,10 +1010,6 @@ fuse_internal_init_callback(struct fuse_ticket *tick, struct uio *uio) data->dataflags |= FSESS_POSIX_LOCKS; if (fiio->flags & FUSE_EXPORT_SUPPORT) data->dataflags |= FSESS_EXPORT_SUPPORT; - if (fiio->flags & FUSE_NO_OPEN_SUPPORT) - data->dataflags |= FSESS_NO_OPEN_SUPPORT; - if (fiio->flags & FUSE_NO_OPENDIR_SUPPORT) - data->dataflags |= FSESS_NO_OPENDIR_SUPPORT; /* * Don't bother to check FUSE_BIG_WRITES, because it's * redundant with max_write diff --git a/sys/fs/fuse/fuse_ipc.h b/sys/fs/fuse/fuse_ipc.h index 0ec556138be0..5648624f4c63 100644 --- a/sys/fs/fuse/fuse_ipc.h +++ b/sys/fs/fuse/fuse_ipc.h @@ -227,8 +227,6 @@ struct fuse_data { /* (and being observed by the daemon) */ #define FSESS_PUSH_SYMLINKS_IN 0x0020 /* prefix absolute symlinks with mp */ #define FSESS_DEFAULT_PERMISSIONS 0x0040 /* kernel does permission checking */ -#define FSESS_NO_OPEN_SUPPORT 0x0080 /* can elide FUSE_OPEN ops */ -#define FSESS_NO_OPENDIR_SUPPORT 0x0100 /* can elide FUSE_OPENDIR ops */ #define FSESS_ASYNC_READ 0x1000 /* allow multiple reads of some file */ #define FSESS_POSIX_LOCKS 0x2000 /* daemon supports POSIX locks */ #define FSESS_EXPORT_SUPPORT 0x10000 /* daemon supports NFS-style lookups */ diff --git a/sys/fs/fuse/fuse_vnops.c b/sys/fs/fuse/fuse_vnops.c index 30993441bd72..9c858d6c467d 100644 --- a/sys/fs/fuse/fuse_vnops.c +++ b/sys/fs/fuse/fuse_vnops.c @@ -1945,10 +1945,9 @@ fuse_vnop_readdir(struct vop_readdir_args *ap) tresid = uio->uio_resid; err = fuse_filehandle_get_dir(vp, &fufh, cred, pid); if (err == EBADF && mp->mnt_flag & MNT_EXPORTED) { - KASSERT(fuse_get_mpdata(mp)->dataflags - & FSESS_NO_OPENDIR_SUPPORT, - ("FUSE file systems that don't set " - "FUSE_NO_OPENDIR_SUPPORT should not be exported")); + KASSERT(!fsess_is_impl(mp, FUSE_OPENDIR), + ("FUSE file systems that implement " + "FUSE_OPENDIR should not be exported")); /* * nfsd will do VOP_READDIR without first doing VOP_OPEN. We * must implicitly open the directory here. @@ -3202,21 +3201,21 @@ fuse_vnop_vptofh(struct vop_vptofh_args *ap) return EOPNOTSUPP; } if ((mp->mnt_flag & MNT_EXPORTED) && - !(data->dataflags & FSESS_NO_OPENDIR_SUPPORT)) + fsess_is_impl(mp, FUSE_OPENDIR)) { /* * NFS is stateless, so nfsd must reopen a directory on every * call to VOP_READDIR, passing in the d_off field from the - * final dirent of the previous invocation. But without - * FUSE_NO_OPENDIR_SUPPORT, the FUSE protocol does not + * final dirent of the previous invocation. But if the server + * implements FUSE_OPENDIR, the FUSE protocol does not * guarantee that d_off will be valid after a directory is * closed and reopened. So prohibit exporting FUSE file - * systems that don't set that flag. + * systems that implement FUSE_OPENDIR. * * But userspace NFS servers don't have this problem. */ SDT_PROBE2(fusefs, , vnops, trace, 1, - "VOP_VPTOFH without FUSE_NO_OPENDIR_SUPPORT"); + "VOP_VPTOFH with FUSE_OPENDIR"); return EOPNOTSUPP; } diff --git a/tests/sys/fs/fusefs/open.cc b/tests/sys/fs/fusefs/open.cc index ff736e6c3a94..1212a7047f26 100644 --- a/tests/sys/fs/fusefs/open.cc +++ b/tests/sys/fs/fusefs/open.cc @@ -70,14 +70,6 @@ void test_ok(int os_flags, int fuse_flags) { } }; - -class OpenNoOpenSupport: public FuseTest { - virtual void SetUp() { - m_init_flags = FUSE_NO_OPEN_SUPPORT; - FuseTest::SetUp(); - } -}; - /* * fusefs(4) does not support I/O on device nodes (neither does UFS). But it * shouldn't crash @@ -281,37 +273,11 @@ TEST_F(Open, o_rdwr) } /* - * Without FUSE_NO_OPEN_SUPPORT, returning ENOSYS is an error - */ -TEST_F(Open, enosys) -{ - const char FULLPATH[] = "mountpoint/some_file.txt"; - const char RELPATH[] = "some_file.txt"; - uint64_t ino = 42; - int fd; - - FuseTest::expect_lookup(RELPATH, ino, S_IFREG | 0644, 0, 1); - EXPECT_CALL(*m_mock, process( - ResultOf([=](auto in) { - return (in.header.opcode == FUSE_OPEN && - in.body.open.flags == (uint32_t)O_RDONLY && - in.header.nodeid == ino); - }, Eq(true)), - _) - ).Times(1) - .WillOnce(Invoke(ReturnErrno(ENOSYS))); - - fd = open(FULLPATH, O_RDONLY); - ASSERT_EQ(-1, fd) << strerror(errno); - EXPECT_EQ(ENOSYS, errno); -} - -/* - * If a fuse server sets FUSE_NO_OPEN_SUPPORT and returns ENOSYS to a + * If a fuse server returns ENOSYS to a * FUSE_OPEN, then it and subsequent FUSE_OPEN and FUSE_RELEASE operations will * also succeed automatically without being sent to the server. */ -TEST_F(OpenNoOpenSupport, enosys) +TEST_F(Open, enosys) { const char FULLPATH[] = "mountpoint/some_file.txt"; const char RELPATH[] = "some_file.txt"; diff --git a/tests/sys/fs/fusefs/opendir.cc b/tests/sys/fs/fusefs/opendir.cc index dd837a8d43c1..e1fed59635fc 100644 --- a/tests/sys/fs/fusefs/opendir.cc +++ b/tests/sys/fs/fusefs/opendir.cc @@ -71,13 +71,6 @@ void expect_opendir(uint64_t ino, uint32_t flags, ProcessMockerT r) }; -class OpendirNoOpendirSupport: public Opendir { - virtual void SetUp() { - m_init_flags = FUSE_NO_OPENDIR_SUPPORT; - FuseTest::SetUp(); - } -}; - /* * The fuse daemon fails the request with enoent. This usually indicates a @@ -179,27 +172,11 @@ TEST_F(Opendir, opendir) } /* - * Without FUSE_NO_OPENDIR_SUPPORT, returning ENOSYS is an error - */ -TEST_F(Opendir, enosys) -{ - const char FULLPATH[] = "mountpoint/some_file.txt"; - const char RELPATH[] = "some_file.txt"; - uint64_t ino = 42; - - expect_lookup(RELPATH, ino); - expect_opendir(ino, O_RDONLY, ReturnErrno(ENOSYS)); - - EXPECT_EQ(-1, open(FULLPATH, O_DIRECTORY)); - EXPECT_EQ(ENOSYS, errno); -} - -/* - * If a fuse server sets FUSE_NO_OPENDIR_SUPPORT and returns ENOSYS to a + * If a fuse server returns ENOSYS to a * FUSE_OPENDIR, then it and subsequent FUSE_OPENDIR and FUSE_RELEASEDIR * operations will also succeed automatically without being sent to the server. */ -TEST_F(OpendirNoOpendirSupport, enosys) +TEST_F(Opendir, enosys) { const char FULLPATH[] = "mountpoint/some_file.txt"; const char RELPATH[] = "some_file.txt"; From nobody Fri Dec 20 02:12:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDrXG58njz5h6kW; Fri, 20 Dec 2024 02:12:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDrXG4k8cz51HH; Fri, 20 Dec 2024 02:12:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734660734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t1sk3VcprkT//1oWMRaB3OGZbk9MzZ6bfNkALCQNViY=; b=HHZjOKM6ERBZPEcd94Zjg21Z9Uqp4SV5pqtLoLaT66qYGQoA3dccOlQKT3x0beVlMvprpL Mcut8LRpKrxgCDh9HOwRtrPS/XjV8frtXQsxAd92YRnqAS9dWU+OsK05LrAsNghzni4CY/ OmwUHTB9HXucGWDtVmMC/AjGBAFajAtxzRKWqe5ONN9whyR1h8+7dquIKH07GgQt2syJ0H i7s0Y0y2Y5HaC2U1WjDbYmRKzLA/gcahYYJhrVhbsb09xWbsU8ncvqQIOBDxpQjTbenWHo zbpp90cFFKX2NFVOUTQkhkV1ahyI/nWPqfrduXidoWljFJvwc8cxEH6k41uUNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734660734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t1sk3VcprkT//1oWMRaB3OGZbk9MzZ6bfNkALCQNViY=; b=DKxZqYNq/xiXZ8TkN4+hF2At5vNV20tO6vFJLvVEn+pFwwkfS7UMx5NFLRS9cjWOl5V6uP Cz3jP09Hw4mULJLAaxe3P+to1z9km3nSi6FZ/lqiGD587e6cxkG6RxT3cES2hFLpqmk8tv 9Gm2cr5enkd5yIrJVH5ln+ZF3bhGuPXKl7/N0k6HWMPkmxBycECp2tlbLQ4ijEuhZ7ymL9 QIT429ZPoOjUdD2c+F3an9uElSOsRCBLV8X+qiwKf9pDBQEBNOguv2UdRX+UrcggmXw0cy vDMk/XohXOM/oYBSvhlLd0va9426B2JfzOlNRi+M20pXfWLLFM0HslVbYwNr6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734660734; a=rsa-sha256; cv=none; b=Yq9aNvgoNwDzLd5lYXd5zzFAr5YPs+jh5lIpy4gGgSXa8pQGzi1Re6UL/OzdDros/o5fpB fn3DpH6uDzt16v1+4n50J1+DnXWIAkiMCrNmiTv0AYMe2aagh1BXoRdj1FS06SSRJmuu3O jAysZq9F6IJFJIt4FWmBkR1j7omI1CDBPzmUylzdkQtiO4EyYEHLful5FQFnZ/pejpxLtT RUbmsV+OZ36rSUnfAO7Ar3/h4DSRsUGCzyNbNnIshr2N3lPqMc/3C4yKylcuX00AYjLBwb gac9jEZrFsoY0YdvrHOQHhzsaCNTBEWRRHnaGkbSrf7SinhRePKsvHCSAOLAJQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDrXG4KtbzK6k; Fri, 20 Dec 2024 02:12:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BK2CEpC009106; Fri, 20 Dec 2024 02:12:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BK2CEMj009103; Fri, 20 Dec 2024 02:12:14 GMT (envelope-from git) Date: Fri, 20 Dec 2024 02:12:14 GMT Message-Id: <202412200212.4BK2CEMj009103@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Sergey A. Osokin" Subject: git: c4ca1d214f9a - main - bsd-family-tree: add NetBSD 10.1 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c4ca1d214f9a3d20e9381233314a57526ac9b515 Auto-Submitted: auto-generated The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=c4ca1d214f9a3d20e9381233314a57526ac9b515 commit c4ca1d214f9a3d20e9381233314a57526ac9b515 Author: Sergey A. Osokin AuthorDate: 2024-12-20 02:10:59 +0000 Commit: Sergey A. Osokin CommitDate: 2024-12-20 02:10:59 +0000 bsd-family-tree: add NetBSD 10.1 MFC after: 3 days --- share/misc/bsd-family-tree | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index dab6d5a1f77d..63a5b6eb1069 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -459,18 +459,20 @@ FreeBSD 5.2 | | | | | | | | | | | | | | | | *--NetBSD | | | | | | | | 10.0 | | | - | | | | | | | | - | | | | | | OpenBSD 7.5 | - | | | | | NetBSD | | - | | | | | 8.3 | | - | FreeBSD | | | | | - | 14.1 | | | | | - | | | macOS | | | - | | | 15 | | | - | | FreeBSD | | | | - | | 13.4 | | OpenBSD 7.6 | - | FreeBSD | | | | - | 14.2 | | | | + | | | | | | | | | + | | | | | | | OpenBSD 7.5 | + | | | | | | NetBSD | | + | | | | | | 8.3 | | + | FreeBSD | | | | | | + | 14.1 | | | | | | + | | | macOS | | | | + | | | 15 | | | | + | | FreeBSD | | | | | + | | 13.4 | | | OpenBSD 7.6 | + | FreeBSD | | | | | + | 14.2 | | | | | + | | | NetBSD | | + | | | 10.1 | | | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -910,6 +912,7 @@ macOS 15 2024-09-16 [APL] FreeBSD 13.4 2024-09-17 [FBD] OpenBSD 7.6 2024-10-08 [OBD] FreeBSD 14.2 2024-12-03 [FBD] +NetBSD 10.1 2024-12-16 [NBD] Bibliography ------------------------ From nobody Fri Dec 20 07:10:49 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDz8n4Xv7z5hVSG; Fri, 20 Dec 2024 07:10:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDz8n2cP2z4Cx0; Fri, 20 Dec 2024 07:10:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734678649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=m6GIPNI4/cRL/JWPo+oPILawnTelPNe2wfcjhexTDhs=; b=GnPEGQwSVMrx1lcLxKf8Mq4DmsJt8HgncmCe4gLMg3Sz+upv6isYauMVvWowo77r0iGCvf gz1RV9teAFOZtNX6g1ZMH5Ov+AEkickJMN4tv8cV4Bx+UWxJywRGD9DriLUqWzQsZdiRu4 q7yo/2wqK0v9PrdwpwgdlYBJoSMM6duqHJjwcUc8G7q6x2qjSmHJ+cx1C7BJZjJ2f8fvCG dVGMO62Kh/QvMYFxqQjbW5LcQt9uVLqukdhFPOWkVOSRgIhN6t502E92f8wDLumHVD9qDi 5M0W56uZpPpD4bq9GCOV+nYNUqKadrLe1qCS4txXg5PveRKsEDPgBqX6pRus0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734678649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=m6GIPNI4/cRL/JWPo+oPILawnTelPNe2wfcjhexTDhs=; b=qEVebeN9Ow9aMgpDkp7UGXtsCpCkpfCkKSgZ6xNcXTtA/nNwk+vyvuf0B7ARwxv+Wzb4cg QhKMGo8WjUfXANLnIqQY9lBWq5dQJlXYrKHT+qOALag/hxkOUAh0MB9w3RQDTA4dGBUYEJ ibBw1AORaUp1AoSeLpljym+9vcbQ4LvB8qg+k7OqA8zOiTWVadSXTedAOtiz2hUf77Q/BT 7QVzCF9zW+WalPfX7Hy675aZgO6RfQ8iCzumXeubDADTHw/D+t288AQT9ZSC1SWcLRvGfS JWsIOwy8ZZsiMIqeZLz/lI2zH0aohjxIpFz1xZI+MTSJ1IHyq531jcWLAAYFcw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734678649; a=rsa-sha256; cv=none; b=pdfOEYEpMVDs0go4PxMak5ksSUMAkfwc2jaStlKx4npjMi13UJFKT0mK+yfXOxpBCHoVA9 ZHGrkFXAk4Xg6GkW9DbzC5/vCCZCvn+S8FQzR+koCYfeoiRzu15MZ95K78yPWJ8PCMirNE jdyB3ZPOXHNiATmR3KnL2/fuXtX7SMVZA2RIoueWc2epN4EG8Wm+u2FOGsqkj27hJsUzkI 5rWDJDsR2e4ti1iD2sOd1/pyh7Xct3dW4iDC1byBeHhm+nw0NLuB3SXKnr2APHApb9VlIS WLjyjNGpxbQ+Bl5P0buWgNf1aDuRpcJOwfQO7INLzKZPwmjaQJgrroH84mEtLg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDz8n2D44zS7l; Fri, 20 Dec 2024 07:10:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BK7AntX064785; Fri, 20 Dec 2024 07:10:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BK7AnVF064782; Fri, 20 Dec 2024 07:10:49 GMT (envelope-from git) Date: Fri, 20 Dec 2024 07:10:49 GMT Message-Id: <202412200710.4BK7AnVF064782@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: 5d09d1070737 - main - iwlwifi: add missing blank, unwrap line List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5d09d1070737c43738e433b547af1a90c0f10bf1 Auto-Submitted: auto-generated The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=5d09d1070737c43738e433b547af1a90c0f10bf1 commit 5d09d1070737c43738e433b547af1a90c0f10bf1 Author: Bjoern A. Zeeb AuthorDate: 2024-12-19 23:08:32 +0000 Commit: Bjoern A. Zeeb CommitDate: 2024-12-20 07:09:24 +0000 iwlwifi: add missing blank, unwrap line The original commit was missing a space between two words due to uncareful string line wrapping; let the string run beyond the 80 char limit in order to also make it grep-able [1]. Reported by: jrtc27, Chris Torek (chris.torek gmail.com) Suggested by: emaste, imp [1] Sponsored by: The FreeBSD Foundation Fixes: 87e140a5c6f89 avoid (hard) hang on loading module MFC after: 3 days X-MFC with: 87e140a5c6f89eea7ea6320d1ae34566492abfc0 Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D48155 --- sys/contrib/dev/iwlwifi/iwl-drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/contrib/dev/iwlwifi/iwl-drv.c b/sys/contrib/dev/iwlwifi/iwl-drv.c index 61e5c064de80..b99204d87283 100644 --- a/sys/contrib/dev/iwlwifi/iwl-drv.c +++ b/sys/contrib/dev/iwlwifi/iwl-drv.c @@ -1760,8 +1760,8 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context) * Given this is request_module_nowait() we can simply skip it. */ if (bootverbose) - printf("%s: module '%s' not yet available; will be" - "initialized in a moment\n", __func__, op->name); + printf("%s: module '%s' not yet available; will be initialized in a moment\n", + __func__, op->name); #endif } mutex_unlock(&iwlwifi_opmode_table_mtx); From nobody Fri Dec 20 07:18:09 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDzKF5JMzz5hW5Z; Fri, 20 Dec 2024 07:18:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDzKF4WZwz4DXC; Fri, 20 Dec 2024 07:18:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734679089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ciaBsfs8xjADtUYIUDGebnjJiFCChYvCJSCFn0OUIas=; b=o02DiKNSPOKQM4Dt/CJjM7jsPJSLwec2BDxg55yXhqb+oFzsvZaMeImwKSZFEBhtW/iTeb 66ZXypB9fub7Wv6gCeVN82GE4w5SA/seQCnTMPkIB1iPCFFV/ZfrmCl2jk+bhGw1MCMEdH GN2lBRplBp88HNI6Q6k/BJDypO7fbMDtPKmjgdVYNQbodA6my9v4saog5YIiKsFndOnquH sEO2x9TLTA5ha/v9lmB/t/oxZd7YAT6Fzd3C/mT9Ly8RN8/JckNsESpigiOnzIASubxJti //eSELwYOB3TTBXYRX++n1uxDIrYTrE0Gk/n6T6wtG2+CGetusGIXlOr8RSmYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734679089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ciaBsfs8xjADtUYIUDGebnjJiFCChYvCJSCFn0OUIas=; b=S4oFaZBpdYyOOJtG3v/9+gxdODSh2Jb/ePtFVUFPF/PZguxBox+8a1F8Zi3lh5/TQw1efb HxMUT9ieprG9R/QeC0czlxt4UOo3HRz0o5M4HECt9hMXpkzKoRTieKAojTYa2HkIszHUec PfvL2IZ01pMCDV2yZDztklGy2k49FQw2c8nbMf27Q4KWUVQy9zkcLo57K1EGsq1aLPXaw4 Thr56H+u7vODJgbkqSGmSwpIC/uERufVq8lTAAbenDHtrS6u48lQE3Mq80ACE2wnA1vZVJ yn7/nOo5L/0qq/xtkZBqhjdQMdoqlnJZRdO7mkut0z0ZbEEeYuPPgRD41kMQhQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734679089; a=rsa-sha256; cv=none; b=hpUUO2XWB5rzLVb/L5O6O5tuOCzRxHv/AOOYsNn/lmWjMxL7T9+aYLFkzjgKxgrP9Ji/L+ QM6XqGPbNhbHn7fYgDQj2vwqK7XlzYCiChh2RSgMC4rQG5Zxruqa5kYqmPIORqojCgUbl2 cd79uDRZppDIN79C/QWbc4dZOgyrotW+G78yWl5VeVpdvnNOQ3IynNmJ/yz3kmnwxN6iX1 zQcUh0dWZp0q2oXKS4JinmW+i9ojEUgVPKRpf+Le9K5yggNpQaB8cLxQTeur3fShOHBykL C/nc0SLlWHpOmFjdxWWcEPA/oK7lixo0E86jUT/3Z3OghLnrghuv8DYbUh/vwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDzKF3vSPzTB4; Fri, 20 Dec 2024 07:18:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BK7I9Aj073657; Fri, 20 Dec 2024 07:18:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BK7I99K073654; Fri, 20 Dec 2024 07:18:09 GMT (envelope-from git) Date: Fri, 20 Dec 2024 07:18:09 GMT Message-Id: <202412200718.4BK7I99K073654@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: 7030980bc9aa - main - bus: improve null_add_child() panic message List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7030980bc9aa62aaf25ffab44e24af854c57a9b1 Auto-Submitted: auto-generated The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=7030980bc9aa62aaf25ffab44e24af854c57a9b1 commit 7030980bc9aa62aaf25ffab44e24af854c57a9b1 Author: Bjoern A. Zeeb AuthorDate: 2024-12-18 21:29:10 +0000 Commit: Bjoern A. Zeeb CommitDate: 2024-12-20 07:16:04 +0000 bus: improve null_add_child() panic message When null_add_child() panics add the bus device name/unit and the new unit as this will immediately reveal the parent missing the DEVMETHOD(bus_add_child, ...) entry. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D48151 --- sys/kern/bus_if.m | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/kern/bus_if.m b/sys/kern/bus_if.m index e42dc6d31441..74114ff7baee 100644 --- a/sys/kern/bus_if.m +++ b/sys/kern/bus_if.m @@ -63,7 +63,8 @@ CODE { int unit) { - panic("bus_add_child is not implemented"); + panic("%s: bus_add_child is not implemented, name '%s', " + "unit %d", device_get_nameunit(bus), name, unit); } static int From nobody Fri Dec 20 07:19:35 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YDzLv4DzWz5hWDG; Fri, 20 Dec 2024 07:19:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YDzLv3hcVz4Dj1; Fri, 20 Dec 2024 07:19:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734679175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PJvD+kLxb2wsWEJRLJLqTXDCUUazgWN2ExgslXkKSUs=; b=CSSc2xKyoZ7LrxQt8PDHnc4jhAoZ010ZqELIjwrbkvtKnjKX3Cfex0+bFB5vhl1TWBiPZG L/PZ4u2EeHJjzCDuDiVKWHeqpzhFoZvKvyZ748gsyXOkcvqg9NEolVXoQJJGTubXS76UR8 6cURIqgWeG/lv4AbUl8YRarmkknniB/lnd4zYT16l/zngj1ulDzqkrJen5Qgd8W9HTbvie 0TeXAsUGAUSsH1lTOx7YE7hwrS4ks4iwaseDV6mjANqQTntdxjybYXARb6tYY0TjFZE2q4 NscqHKnBtnXB3HE+xl4UmAONOqzHvOsVroftsG+WTQLb5TGl7qsa2978lzJe1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734679175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PJvD+kLxb2wsWEJRLJLqTXDCUUazgWN2ExgslXkKSUs=; b=Ij/7I2KIcnvIFUUGwn8klLILhorI+oQgMGyaPLjDGgGBLQYp7WKsavRWFPlDY3hoApMz5K 8UO6wme4BmSKyBTkG27wti6bxN2yyS7MdcZsolI19Fnf2bu2wxwReDtpyog5uOOhnK0Wba JdulMl62LMoThXmeG/c/EDnyoSNUXHBzDcnCyw76Cyp8INqVrMr/qdo2xJ9XjNKICfA1bb QmZIN/dHI6GIs3wAmOwPU9CFlS91Khha6z1/3r6JE2g6IcoSWWi8FPy1jWNtPzFYWtsOzZ 9Wt5w//VgmqBFMmpf0MSbALuFNgr9GdwDFLpeo9TmUBjC1QCmR0OK4ydRGGehw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734679175; a=rsa-sha256; cv=none; b=l7we2CAn0TdV18ZpyYzdSYfPKu/rshanOig4EFiBgStxACzeCTQrq/i8Ze/Zlk7xrKYumI FHeKgoumeUnHH+b80NGs/6q/jyqSorDNLW0mFkaC4RCtx57kNXBxhZ9wHf/LAKk2YQvnEJ z04txKAMU+YO569KdhWWeqVYni2RSn91gXX/q/3/Zx+SFDgX/fHXlmwmZlt6WYLdyeZcJN UtPSv0VbsEiSg3WwnVg4kjTLn+fckFQnzoJxaxiJPjoDyw6x73EMWm8Yc1BRIZqJ2w39ZV tq7bm+Xzy3qjcNl038vZQc91TPVfNAbv92JlqqNLVs7DRbdWNUohLHL49Ey4KA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YDzLv3HpVzSx5; Fri, 20 Dec 2024 07:19:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BK7JZRZ074166; Fri, 20 Dec 2024 07:19:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BK7JZ3c074163; Fri, 20 Dec 2024 07:19:35 GMT (envelope-from git) Date: Fri, 20 Dec 2024 07:19:35 GMT Message-Id: <202412200719.4BK7JZ3c074163@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: d7c69a344864 - main - sdhci: add missing bus_add_child DEVMETHOD. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d7c69a344864be6dd0ed46bf64732c7062e874e9 Auto-Submitted: auto-generated The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=d7c69a344864be6dd0ed46bf64732c7062e874e9 commit d7c69a344864be6dd0ed46bf64732c7062e874e9 Author: Bjoern A. Zeeb AuthorDate: 2024-12-18 21:31:52 +0000 Commit: Bjoern A. Zeeb CommitDate: 2024-12-20 07:18:54 +0000 sdhci: add missing bus_add_child DEVMETHOD. Add the missing bus_add_child DEVMETHOD. This is needed for the RPi5 running with a MMCCAM kernel and the worproject/rpi5-uefi to avoid a kernel panic on boot when SDIO tries to attach to a 'Intel Bay Trail' controller. Reviewed by: imp MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D48152 --- sys/dev/sdhci/sdhci_acpi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/dev/sdhci/sdhci_acpi.c b/sys/dev/sdhci/sdhci_acpi.c index 7ec85a5a4839..75b7e98ea970 100644 --- a/sys/dev/sdhci/sdhci_acpi.c +++ b/sys/dev/sdhci/sdhci_acpi.c @@ -420,6 +420,7 @@ static device_method_t sdhci_methods[] = { /* Bus interface */ DEVMETHOD(bus_read_ivar, sdhci_generic_read_ivar), DEVMETHOD(bus_write_ivar, sdhci_generic_write_ivar), + DEVMETHOD(bus_add_child, bus_generic_add_child), /* mmcbr_if */ DEVMETHOD(mmcbr_update_ios, sdhci_generic_update_ios), From nobody Fri Dec 20 16:11:31 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFC8g4ZT2z5Ww73; Fri, 20 Dec 2024 16:11:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFC8g3fJYz41d4; Fri, 20 Dec 2024 16:11:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734711091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b8Dn6N/jNVmqqEM18qu53aTWzvlwHXNsSncqGmcOk9U=; b=DVt/g3PAS60ghAtO8CDhhsU7pemdzH1d3W6RBJ5BC+ExjKMqMDr2rVatv1bCR4Oko3DHjq GWIHWWcYosauvObsE36gNhoXr+C6E7NkVj3GMFcn37XOgB/LfolpYZ73/H/o7Xbudwg3BJ 1jU+ZDOKOgBRWvux++CHzQ/0Kcz0kCwp7yIMBh0zVO+nlueDQzZ0V62GIb0sbQpOl3AuaB IZQzwgl1s9pcGEjL5H9KD4VexzeO3/l0H11sHDO+fSE6i1ZfPGIQv4jS2ubaeesQcJHCU0 hwMFBPLU2UW0bP9BtYnzPkkwBCG9OohZTwCJ5NvkofUmVNLPhB8gwrnoGS7SCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734711091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b8Dn6N/jNVmqqEM18qu53aTWzvlwHXNsSncqGmcOk9U=; b=Ci9SETqbs2yjCYdVaJ/PNtjgWzoD40orhEOikXKBWTvPO5vGTjGGvPVpNFQJdNPxJnkG9Q fnSEuWtUiwLTJ2msh59ixYkeGccgp5V5qxNINxlcLfkE5rAHSBrdRDQWFv6chRi3L/Rf7/ ioTpcgzZbY8cG5QDwS2DZRMoxX1voY5u4bYL0mE3ccLpVmvL1wtlmgIu66E+GQC8yMrRKO qB1EYDlXpBQE8WAT4JWCQcKEq0MGJ2GU7KZXbMZP6xbIo6DKBxjCDVjA0amIZT8HAT7yiK L8hsCINoWnrRBwORBvpa2qlxCrSOcpXp540324wqqN9NUL1ejmpWS5yE0otwfw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734711091; a=rsa-sha256; cv=none; b=o4Lj8lTTg/ByMGnyNTRM0GXpQSJfpQu3dPLOgBuwHwUVUt7VhBBPwwuyVT26z81ZPgYi3c 0Do1M39WJLP/6cnKZZLOzV2ujcgIC/Rs3KHSrUBrgh3OThoNkcvzu4Y+VfglHf+R9Geoa0 B0P01OW7dKvNnjrOI0eblM7307gXpgOrSG0Ys7dEILfRXqRTAPfa5BUJ3WmVDXwqlY6Uku J/+ORGGI9yPqbVJnzIDdUsUUFrrd0d9wZFGGq1O858gZ0v7mDgwvewAKl7ePiuVNeCGg0X jS+kju4WZt4MQHdp/TQeLIKGeQQrfnaKAF+/RKWkG59W7zLhjzjfrxGGmf58mg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFC8g3G92zljP; Fri, 20 Dec 2024 16:11:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BKGBVq8078410; Fri, 20 Dec 2024 16:11:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BKGBVZd078407; Fri, 20 Dec 2024 16:11:31 GMT (envelope-from git) Date: Fri, 20 Dec 2024 16:11:31 GMT Message-Id: <202412201611.4BKGBVZd078407@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 709989bab5d0 - main - nullfs: stop lying about mount flags in statfs(2) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 709989bab5d060763bb8fd8e75d33f8bd1d454ad Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=709989bab5d060763bb8fd8e75d33f8bd1d454ad commit 709989bab5d060763bb8fd8e75d33f8bd1d454ad Author: Konstantin Belousov AuthorDate: 2024-12-19 22:14:20 +0000 Commit: Konstantin Belousov CommitDate: 2024-12-20 15:58:29 +0000 nullfs: stop lying about mount flags in statfs(2) Flags should not propagate from the lower fs. Behavior for the upper fs is determined by flags from its mount point structure. When lower fs acts according to its mount configuration, it is reported up as VOP errors. PR: 283425 Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D48150 --- sys/fs/nullfs/null_vfsops.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sys/fs/nullfs/null_vfsops.c b/sys/fs/nullfs/null_vfsops.c index 7ab1fb6c1a25..4cddf24a5745 100644 --- a/sys/fs/nullfs/null_vfsops.c +++ b/sys/fs/nullfs/null_vfsops.c @@ -365,12 +365,7 @@ nullfs_statfs(struct mount *mp, struct statfs *sbp) return (error); } - /* now copy across the "interesting" information and fake the rest */ sbp->f_type = mstat->f_type; - sbp->f_flags &= MNT_RDONLY | MNT_NOEXEC | MNT_NOSUID | MNT_UNION | - MNT_NOSYMFOLLOW | MNT_AUTOMOUNTED | MNT_EXPORTED | MNT_IGNORE; - mstat->f_flags &= ~(MNT_ROOTFS | MNT_AUTOMOUNTED | MNT_EXPORTED); - sbp->f_flags |= mstat->f_flags; sbp->f_bsize = mstat->f_bsize; sbp->f_iosize = mstat->f_iosize; sbp->f_blocks = mstat->f_blocks; From nobody Fri Dec 20 17:42:39 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFF9q1pFQz5X2gh; Fri, 20 Dec 2024 17:42:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFF9q1GXbz4DPL; Fri, 20 Dec 2024 17:42:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734716559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tctJjgnN9OTWkPuYlt55irW+pa4KbqXUusaGa21+IjQ=; b=hU5k+IBjEOpsMuLDhXc9PvGUdbZq2C8JrZVwKBUIG1GSWrs9sXNHb6b3Nn5q8HNmYWgVzn f+toejk2Z/cOYGEmpaw8pschMD97PVMorjepKPWniLeq4IqyNtbmDei22onzpLghrcKZON zBG35dBYigE8gw/fNGdH4NLfw+i9eY1ubk6FKQPtrZ6dWPULWKxW0BFS5ggSIaOLaPFT8b zmaWZLrwT6m8aqnYS6hg8xC194UobCf98tYBm7ZD39r+qiMz2dBEkCiPWOBSMFdENyFj7P PmNPd4Pfw6UWo2wzWBolGvo1+TbHJ6x1V8I3uvL7lp0TMb3oAoNwHK6WkNfmkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734716559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tctJjgnN9OTWkPuYlt55irW+pa4KbqXUusaGa21+IjQ=; b=Kksq1VOzADvVm54X7HZwRh1wITOPVKD/X6FMf2xyGv91enT4dJxOKuomdafTHdtrVwSS2X 2D8GdXKtSWr5N6xgTlUgDF40mRfW4m++hX+RuL5A6B2rlOPLxouFoKQuaQLoThWDfSI/IM gSdkKccQAPGwMNxxS2gu0Vq5thBOWXyruKM2rWRS1iF6ro7z4NeDncB8Rxw9QHNrhHw4Ok km/HORdDj5P/TaM/duXc5dzHLmfmo82hjbuujXniOG6x+36Fpx86SZqCLAamnKIPOfjW6+ w7b8cSxPWI/CESCIZg99DEQmDw5ajDFB1PLd9eZ4uKZCdrUIsUSwRru2d0AdNw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734716559; a=rsa-sha256; cv=none; b=ealE8AgKzhQft2eXlrjLA3zeIZWRslI3w5uuaez8yoL6kvn+msfpAVxwfYhiXS/Xg6t/S9 n/er/KYSZwo9ZEvPM3s6U9THjiI3vfYVjCqjjc5ux3bTdtVxrFvavACEmjyczW9SaCHBGp 1iPhu2Y2XRupZyiDdG7Xvj9X4a0sULFXFK05iChRnVX1+29ub9D9OEvqlYtf+Uc+Er5WBn nreSo/deBXv1brSgImx2pk7GarYo3by3er8/PUFn2nCK/qL1wt1GmFtmXXFyoHvCSFoVsp zvrT8orDCA5Q1FN0gKdjvzHyEXbbsCn/cgy3dOQoQendbAn2Bszcd5QcfWrZ3g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFF9q0sNfznyR; Fri, 20 Dec 2024 17:42:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BKHgduQ050734; Fri, 20 Dec 2024 17:42:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BKHgdCS050731; Fri, 20 Dec 2024 17:42:39 GMT (envelope-from git) Date: Fri, 20 Dec 2024 17:42:39 GMT Message-Id: <202412201742.4BKHgdCS050731@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 725003da5302 - main - pf.conf.5: Fix endpoint-independent description List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 725003da53021c15b1d2274d5c4440c7c6e6602a Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=725003da53021c15b1d2274d5c4440c7c6e6602a commit 725003da53021c15b1d2274d5c4440c7c6e6602a Author: Ed Maste AuthorDate: 2024-12-20 01:33:53 +0000 Commit: Ed Maste CommitDate: 2024-12-20 17:39:55 +0000 pf.conf.5: Fix endpoint-independent description The description of the endpoint-independent option accidentally ended up in the middle of map-e-portset's text. Fixes: 390dc369efaa ("pf: Add support for endpoint independent NAT bindings for UDP") Reviewed by: kp Sponsored by: Tailscale Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48158 --- share/man/man5/pf.conf.5 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 2bedceed6fe7..138fb5e7f82b 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -2341,16 +2341,6 @@ from modifying the source port on TCP and UDP packets. With .Ar nat rules, the -.It Ar endpoint-independent -With -.Ar nat -rules, the -.Ar endpoint-independent -option caues -.Xr pf 4 -to always map connections from a UDP source address and port to the same -NAT address and port. -This feature implements "full-cone" NAT behavior. .Ar map-e-portset option enables the source port translation of MAP-E (RFC 7597) Customer Edge. In order to make the host act as a MAP-E Customer Edge, setting up a tunneling @@ -2364,6 +2354,16 @@ nat on $gif_mape_if from $int_if:network to any \e .Ed .Pp sets PSID offset 6, PSID length 8, PSID 0x34. +.It Ar endpoint-independent +With +.Ar nat +rules, the +.Ar endpoint-independent +option caues +.Xr pf 4 +to always map connections from a UDP source address and port to the same +NAT address and port. +This feature implements "full-cone" NAT behavior. .El .Pp Additionally, the From nobody Fri Dec 20 20:21:00 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFJhY0D0Nz5Yyh2; Fri, 20 Dec 2024 20:21:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFJhX6qZKz4RnB; Fri, 20 Dec 2024 20:21:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734726061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7cly4Zx0Gu/WUfwd2wDcrr72Odm3LRpGJtyy0NOg8EU=; b=EoFpHEktrSobrAbSeoA55CysuWY36qyuJSGUnBglJaRT5AdzaLfUvXLO4CE8WFRpki0i1d +ApSMuXYmOFxhbUzDILZxfzD7GtgIY3Vvt5FdeVc8x+AFm8fsa50eHQ91sgnJiLqweityv rEFTW6wkOnIfb4ntSRj5pbv5ySvGfJoGzNc68xIr+q+OesS4m0peP5fIl6HzNFDzzYpKan dymFYTQ6kwqBP/RtgkHwIEbxiqMphUtD5u2jLyGtloyqdNY1/iSMkrLqbgrV0S4/s8tUgQ pmopCr91waJQePA+yyhMzm5C1lqHxSfZhHcVDSefn+yyi4S/cDFBUt6gJAhMPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734726061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7cly4Zx0Gu/WUfwd2wDcrr72Odm3LRpGJtyy0NOg8EU=; b=YZtl8k0rAUmxSMdD5DwO4O5IeFVtWC57Sn/HrlqVjQ60gUime213dnBfd3DgT+1nnzKRKu wKi5biim19k/L5ApTCvkq89fHY5RLe4oPgypOj7KFr7N2cs2WZNKkd/Ia/EFNKpKr+VD4T Y0FCEC4Q4zrpMwshGOpGPlScJgjWRzQpbMlS1amcs6PAbH8n/nf8ocFTX4sDfnKCYFn87H mtSvXvSgRP/RgTS3MfICnNDUFecum+APQtcbhmVK5A2uEJ8Vcsch5i7wFfkEuM3WzR3EZY MrwzRU+eI1xf9DQpdXBlMldDDq29n/yyJeuh8qZYN59F/o7JiO5SSkzVcF+iwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734726061; a=rsa-sha256; cv=none; b=tEg7r5t263eLJfvudXVk1XcoyVgpgvBcGGiXYtRK+Apu9Vs/zFImqmZgx7I8BZWr8YR1SY fBxZVMz5bPU+OxZxG5TzTHaYXQdVvH2ayctouKQkN51LlPV5K6DYZOlGNkqY27Vj5vULoF b1cxEGelg5zQzwHW4In4WcsHRE/NaAS+fenFhE5yYN3lf/pUKzrEUrzaDJCfZkdolp2pD4 23eFyzP8YLkc+fHseOyBzaH11MuQrmnLRagWnja1f1/00isqcjvs+55CIVNKrqQpl2s5Wy lY1prgtYM3S1h1y2gJgxk3k4h7x6JQ0MJQhv3SUMSU2AXNugPgYJv8vVEgaMcQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFJhX6H0bzswt; Fri, 20 Dec 2024 20:21:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BKKL0PO041784; Fri, 20 Dec 2024 20:21:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BKKL03E041781; Fri, 20 Dec 2024 20:21:00 GMT (envelope-from git) Date: Fri, 20 Dec 2024 20:21:00 GMT Message-Id: <202412202021.4BKKL03E041781@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Joerg Wunsch Subject: git: 1fc7922f9f90 - main - devd.conf(5): explain difference between internal and shell variables List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: joerg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1fc7922f9f905b62ef9a6c03be498c282e7b382e Auto-Submitted: auto-generated The branch main has been updated by joerg: URL: https://cgit.FreeBSD.org/src/commit/?id=1fc7922f9f905b62ef9a6c03be498c282e7b382e commit 1fc7922f9f905b62ef9a6c03be498c282e7b382e Author: Joerg Wunsch AuthorDate: 2024-12-20 20:16:52 +0000 Commit: Joerg Wunsch CommitDate: 2024-12-20 20:20:50 +0000 devd.conf(5): explain difference between internal and shell variables devd.conf by default considers many variables as internal, possibly expanding them to an empty string. Shell variables thus need to be wrapped into braces. Reviewed by: imp, Andre Albsmeier MFC after: 1 week Differential Revision: --- sbin/devd/devd.conf.5 | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/sbin/devd/devd.conf.5 b/sbin/devd/devd.conf.5 index ceff27e8be60..5027ce78eae0 100644 --- a/sbin/devd/devd.conf.5 +++ b/sbin/devd/devd.conf.5 @@ -38,7 +38,7 @@ .\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS .\" SOFTWARE. .\" -.Dd March 6, 2024 +.Dd December 20, 2024 .Dt DEVD.CONF 5 .Os .Sh NAME @@ -694,6 +694,26 @@ For example: // part of the previous comment. .Ed .Ss Notes on Variable Expansion +Variables are expanded by preceding them by a +.Dq $ +sign. +Any text immediately following that sign, starting with a letter, a minus sign +.Dq - , +an underscore +.Dq _ , +or an asterisk +.Dq * +is considered an internal variable, and expanded accordingly. +If that variable does not exist, it silently expands to an empty string. +Consequently, if the intention is to pass a +.Xr sh 1 +variable, it must be surrounded by braces to prevent it from being +considered an internal variable. +.Pp +See +.Sx EXAMPLES +for a detailed example. +.Pp To prevent issues with special shell characters, the following happens for each variable .Ic $foo . @@ -711,6 +731,10 @@ The value of the .Ic foo variable is inserted into the buffer with all single quote characters prefixed by a backslash. +.It +A final +.Dq ' +is inserted. .El .Pp See @@ -822,6 +846,37 @@ detach 0 { }; .Ed .Pp +The following example illustrates the difference betwen internal and shell variables: +.Bd -literal +attach 20 { + device-name "umodem[0-9]+"; + match "vendor" "0x2047"; + match "product" "0x001(0|3|4)"; + match "interface" "0"; + action "cd /dev; p=$product; dn=$device-name; \\ + un=$(sysctl -n dev.umodem.${dn#umodem}.ttyname); \\ + chmod 666 cua${un}; ln -sf cua${un} mspfet${p#0x}"; +}; +.Ed +.Pp +.Dq product , +and +.Dq device-name +are internal variables. +Their contents are initially assigned to shell variables +.Dq p , +and +.Dq dn , +respectively. +Then, variable +.Dq dn +is used inside a shell command substitution, assigning to shell variable +.Dq un . +Finally, this shell variable is used in two other shell statements, where +it needs to be wrapped in braces in order to prevent it from being +considered in internal variable to +.Nm devd . +.Pp The installed .Pa /etc/devd.conf has many additional examples. From nobody Fri Dec 20 20:41:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFK7g4X33z5Z1BQ; Fri, 20 Dec 2024 20:41:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFK7g42bqz4TkD; Fri, 20 Dec 2024 20:41:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734727263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OlLzPZNRbgh6Xi9TqvQj4zlnBG529IioD89V2kIUY8k=; b=OYkDQCzT6Vc9uI/nfl306kIBSHkqA5mA/jUfFtc/SQzeT7aK1URP+A1yhvolAfcFGEOb3I j4SALnr+LzjUOsNhDY7sTLo9p09Yy2RO0aeLbMrw0Q8QB314EXWcuBu9Ct0Oyoalz5v/I3 +fsdNLb7fav9PnSjT+Gvquu+L6+SFy0rGpHKgXyGs21HgcZIsYwJfc+O7cXZy2DWLjjn1i QW7REt3MOAFNI3UDI7eGtT6yQZKwnbhmUMZ5O03GyQvJV1SCgts1MLg55hX/o3L+OYLuNH CKpVw7TC4VSnyLUh/WrsEj8ViU6Fcrrr8DZh5CwgxmZcY1YInBVIkJml6MZniQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734727263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OlLzPZNRbgh6Xi9TqvQj4zlnBG529IioD89V2kIUY8k=; b=c0UmjNXH1A0g5RDoa3HZxS09raEbVLczad7MnAnqFc1NeFcp0cno5Jk5KKhJ6u4PESE3S1 7FXYnVsG47Qx8Z6xawNt4exeIJ34p9Rh0NA5+1KrNNE/CAo/jcPr6h0wHSTtG6Fa9eh8Hz UnyU/ZaZuzVrtXZHw/Bxf99yamWzm89dJRjoF8+z+cbVyU0ui98XHkp91Xpi2DvMUzkzj7 rhBPcPc14kiw5rRmWnOLo2j1TJrFq06+Ev6u5O50ai4vEtHYxYEUGNVirUcWTRhBFfF8Va DnM1d0YmGaC2sw4NYItw28zOdwt9kg5Yyt/uNSawMall3fztut9dDXU4iYzvyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734727263; a=rsa-sha256; cv=none; b=L95D4TZbvI+jQQquqOHxyu3UtqeT3vRt4ri/CZjVgYGFwfFwTYBmzvqd9X11Kdh0E9srJf 0sFDTOAtVyor7EOrrgqhD5ZRj+r/W9yf36Zo2GwaggsW6ZZ+YDbkbIGy1XdkO8nyFR7o3C LTD9NJZxhe2zoKNYhYBY1ho5B/vmv0rOgO9OdNTOZx0SIi9BBB5VG/LXz6W6Gz7NuO18Id z+zeHvu15iI1pHYlzDdkLmCZTKib2riWWWKUsBPzIkO7zFHCQ7YZslx2xn/ld1YUV4/8kW qYVulZf69bKykfymdBYdcBtlHoFfPKRTVkE6/PcBMeJD4zKNf7mg4UtXlCD9rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFK7g3drqztGq; Fri, 20 Dec 2024 20:41:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BKKf3fT080706; Fri, 20 Dec 2024 20:41:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BKKf3eR080703; Fri, 20 Dec 2024 20:41:03 GMT (envelope-from git) Date: Fri, 20 Dec 2024 20:41:03 GMT Message-Id: <202412202041.4BKKf3eR080703@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 9efd215411bb - main - rtwn: create a new HAL routine for enabling STA mode beacon processing List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9efd215411bb5ead2bc0ab208b4c19e46da0d2c9 Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=9efd215411bb5ead2bc0ab208b4c19e46da0d2c9 commit 9efd215411bb5ead2bc0ab208b4c19e46da0d2c9 Author: Adrian Chadd AuthorDate: 2024-12-13 03:26:31 +0000 Commit: Adrian Chadd CommitDate: 2024-12-20 20:40:19 +0000 rtwn: create a new HAL routine for enabling STA mode beacon processing For some NICs (notably the rtl8192cu that I'm working on) the firmware rate adaptation requires beacon processing to be enabled. Instead of making assumptions in the if_rtwn beacon routines (and honestly all of that should be in the HAL too), create a HAL method for enabling/disabling beacon processing specifically in STA mode. Since this isn't necessarily required for all NICs (notably the RTL8188E NICs, where some will do firmware rate control and some will require driver rate control), only enable it for the RTL8192CU and RT8192EU. The RTL8188E and RTL8812/RTL8821 just have no-op routines for now. Locally tested: * RTL8192CU, STA mode Differential Revision: https://reviews.freebsd.org/D48066 Reviewed by: bz --- sys/dev/rtwn/if_rtwn.c | 3 +++ sys/dev/rtwn/if_rtwnvar.h | 4 ++++ sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c | 1 + sys/dev/rtwn/rtl8188e/r88e.h | 1 + sys/dev/rtwn/rtl8188e/r88e_beacon.c | 12 ++++++++++++ sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c | 1 + sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c | 1 + sys/dev/rtwn/rtl8192c/r92c.h | 1 + sys/dev/rtwn/rtl8192c/r92c_beacon.c | 20 ++++++++++++++++++++ sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c | 1 + sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c | 1 + sys/dev/rtwn/rtl8812a/r12a.h | 1 + sys/dev/rtwn/rtl8812a/r12a_beacon.c | 9 +++++++++ sys/dev/rtwn/rtl8812a/usb/r12au_attach.c | 1 + sys/dev/rtwn/rtl8821a/usb/r21au_attach.c | 1 + 15 files changed, 58 insertions(+) diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c index 3b286d9adba9..46fa8e2de840 100644 --- a/sys/dev/rtwn/if_rtwn.c +++ b/sys/dev/rtwn/if_rtwn.c @@ -968,6 +968,8 @@ rtwn_tsf_sync_enable(struct rtwn_softc *sc, struct ieee80211vap *vap) /* Enable TSF synchronization. */ rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id), R92C_BCN_CTRL_DIS_TSF_UDT0, 0); + /* Enable TSF beacon handling, needed for RA */ + rtwn_sta_beacon_enable(sc, uvp->id, true); break; case IEEE80211_M_IBSS: ieee80211_runtask(ic, &uvp->tsf_sync_adhoc_task); @@ -1109,6 +1111,7 @@ rtwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) /* Disable TSF synchronization / beaconing. */ rtwn_beacon_enable(sc, uvp->id, 0); + rtwn_sta_beacon_enable(sc, uvp->id, false); rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id), 0, R92C_BCN_CTRL_DIS_TSF_UDT0); diff --git a/sys/dev/rtwn/if_rtwnvar.h b/sys/dev/rtwn/if_rtwnvar.h index 3f14c05eb79d..8c52ad7ff482 100644 --- a/sys/dev/rtwn/if_rtwnvar.h +++ b/sys/dev/rtwn/if_rtwnvar.h @@ -329,6 +329,8 @@ struct rtwn_softc { uint8_t (*sc_rx_radiotap_flags)(const void *); void (*sc_beacon_init)(struct rtwn_softc *, void *, int); void (*sc_beacon_enable)(struct rtwn_softc *, int, int); + void (*sc_sta_beacon_enable)(struct rtwn_softc *, int, + bool); void (*sc_beacon_set_rate)(void *, int); void (*sc_beacon_select)(struct rtwn_softc *, int); void (*sc_set_chan)(struct rtwn_softc *, @@ -564,6 +566,8 @@ void rtwn_suspend(struct rtwn_softc *); (((_sc)->sc_beacon_init)((_sc), (_buf), (_id))) #define rtwn_beacon_enable(_sc, _id, _enable) \ (((_sc)->sc_beacon_enable)((_sc), (_id), (_enable))) +#define rtwn_sta_beacon_enable(_sc, _id, _enable) \ + (((_sc)->sc_sta_beacon_enable)((_sc), (_id), (_enable))) #define rtwn_beacon_set_rate(_sc, _buf, _is5ghz) \ (((_sc)->sc_beacon_set_rate)((_buf), (_is5ghz))) #define rtwn_beacon_select(_sc, _id) \ diff --git a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c index d8c0a98e43a3..5bcd4a81b50d 100644 --- a/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c +++ b/sys/dev/rtwn/rtl8188e/pci/r88ee_attach.c @@ -177,6 +177,7 @@ r88ee_attach(struct rtwn_pci_softc *pc) #endif sc->sc_beacon_init = r92c_beacon_init; sc->sc_beacon_enable = r88e_beacon_enable; + sc->sc_sta_beacon_enable = r88e_sta_beacon_enable; sc->sc_beacon_set_rate = rtwn_nop_void_int; sc->sc_beacon_select = rtwn_nop_softc_int; sc->sc_temp_measure = r88e_temp_measure; diff --git a/sys/dev/rtwn/rtl8188e/r88e.h b/sys/dev/rtwn/rtl8188e/r88e.h index 33c6fa3432f5..488e6ea79d3f 100644 --- a/sys/dev/rtwn/rtl8188e/r88e.h +++ b/sys/dev/rtwn/rtl8188e/r88e.h @@ -39,6 +39,7 @@ */ /* r88e_beacon.c */ void r88e_beacon_enable(struct rtwn_softc *, int, int); +void r88e_sta_beacon_enable(struct rtwn_softc *, int, bool); /* r88e_calib.c */ void r88e_iq_calib(struct rtwn_softc *); diff --git a/sys/dev/rtwn/rtl8188e/r88e_beacon.c b/sys/dev/rtwn/rtl8188e/r88e_beacon.c index 941e41151b59..74b23359e1a3 100644 --- a/sys/dev/rtwn/rtl8188e/r88e_beacon.c +++ b/sys/dev/rtwn/rtl8188e/r88e_beacon.c @@ -43,6 +43,9 @@ #include #include +/* + * Enable/disable beaconing in AP/IBSS/Mesh modes. + */ void r88e_beacon_enable(struct rtwn_softc *sc, int id, int enable) { @@ -57,3 +60,12 @@ r88e_beacon_enable(struct rtwn_softc *sc, int id, int enable) R92C_BCN_CTRL_EN_BCN, 0); } } + +/* + * There's no firmware rate control, beacon processing isn't + * needed in STA mode. + */ +void +r88e_sta_beacon_enable(struct rtwn_softc *sc, int id, bool enable) +{ +} diff --git a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c index 752761415bce..2d4713e92bd2 100644 --- a/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c +++ b/sys/dev/rtwn/rtl8188e/usb/r88eu_attach.c @@ -170,6 +170,7 @@ r88eu_attach(struct rtwn_usb_softc *uc) #endif sc->sc_beacon_init = r92c_beacon_init; sc->sc_beacon_enable = r88e_beacon_enable; + sc->sc_sta_beacon_enable = r88e_sta_beacon_enable; sc->sc_beacon_set_rate = rtwn_nop_void_int; sc->sc_beacon_select = rtwn_nop_softc_int; sc->sc_temp_measure = r88e_temp_measure; diff --git a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c index ddb9fa9ae8c1..ef18edceabc2 100644 --- a/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c +++ b/sys/dev/rtwn/rtl8192c/pci/r92ce_attach.c @@ -207,6 +207,7 @@ r92ce_attach(struct rtwn_pci_softc *pc) #endif sc->sc_beacon_init = r92c_beacon_init; sc->sc_beacon_enable = r92c_beacon_enable; + sc->sc_sta_beacon_enable = r92c_sta_beacon_enable; sc->sc_beacon_set_rate = rtwn_nop_void_int; sc->sc_beacon_select = rtwn_nop_softc_int; sc->sc_temp_measure = r92c_temp_measure; diff --git a/sys/dev/rtwn/rtl8192c/r92c.h b/sys/dev/rtwn/rtl8192c/r92c.h index c602f314825a..a7091be66f64 100644 --- a/sys/dev/rtwn/rtl8192c/r92c.h +++ b/sys/dev/rtwn/rtl8192c/r92c.h @@ -46,6 +46,7 @@ void r92c_read_chipid_vendor(struct rtwn_softc *, uint32_t); /* r92c_beacon.c */ void r92c_beacon_init(struct rtwn_softc *, void *, int); void r92c_beacon_enable(struct rtwn_softc *, int, int); +void r92c_sta_beacon_enable(struct rtwn_softc *, int, bool); /* r92c_calib.c */ void r92c_iq_calib(struct rtwn_softc *); diff --git a/sys/dev/rtwn/rtl8192c/r92c_beacon.c b/sys/dev/rtwn/rtl8192c/r92c_beacon.c index 9e4cdb5f1399..8084d5b69438 100644 --- a/sys/dev/rtwn/rtl8192c/r92c_beacon.c +++ b/sys/dev/rtwn/rtl8192c/r92c_beacon.c @@ -69,6 +69,9 @@ r92c_beacon_init(struct rtwn_softc *sc, void *buf, int id) txd->txdw5 |= htole32(SM(R92C_TXDW5_DATARATE, RTWN_RIDX_CCK1)); } +/* + * Enable/disable beacon generation in AP/IBSS/mesh modes. + */ void r92c_beacon_enable(struct rtwn_softc *sc, int id, int enable) { @@ -81,3 +84,20 @@ r92c_beacon_enable(struct rtwn_softc *sc, int id, int enable) R92C_BCN_CTRL_EN_BCN, 0); } } + +/* + * Enable/disable beacon processing in STA mode. + * + * This is required for firmware rate control. + */ +void +r92c_sta_beacon_enable(struct rtwn_softc *sc, int id, bool enable) +{ + if (enable) { + rtwn_setbits_1(sc, R92C_BCN_CTRL(id), + 0, R92C_BCN_CTRL_EN_BCN); + } else { + rtwn_setbits_1(sc, R92C_BCN_CTRL(id), + R92C_BCN_CTRL_EN_BCN, 0); + } +} diff --git a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c index 8e9c4987a359..cd350c7fcd8a 100644 --- a/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c +++ b/sys/dev/rtwn/rtl8192c/usb/r92cu_attach.c @@ -199,6 +199,7 @@ r92cu_attach(struct rtwn_usb_softc *uc) #endif sc->sc_beacon_init = r92c_beacon_init; sc->sc_beacon_enable = r92c_beacon_enable; + sc->sc_sta_beacon_enable = r92c_sta_beacon_enable; sc->sc_beacon_set_rate = rtwn_nop_void_int; sc->sc_beacon_select = rtwn_nop_softc_int; sc->sc_temp_measure = r92c_temp_measure; diff --git a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c index 35ff5cb65853..a11a6bb79c5d 100644 --- a/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c +++ b/sys/dev/rtwn/rtl8192e/usb/r92eu_attach.c @@ -150,6 +150,7 @@ r92eu_attach(struct rtwn_usb_softc *uc) #endif sc->sc_beacon_init = r12a_beacon_init; sc->sc_beacon_enable = r92c_beacon_enable; + sc->sc_sta_beacon_enable = r92c_sta_beacon_enable; sc->sc_beacon_set_rate = rtwn_nop_void_int; sc->sc_beacon_select = r21a_beacon_select; sc->sc_temp_measure = r88e_temp_measure; diff --git a/sys/dev/rtwn/rtl8812a/r12a.h b/sys/dev/rtwn/rtl8812a/r12a.h index 19dbd1569e6d..8bf1464b9525 100644 --- a/sys/dev/rtwn/rtl8812a/r12a.h +++ b/sys/dev/rtwn/rtl8812a/r12a.h @@ -60,6 +60,7 @@ void r12a_detach_private(struct rtwn_softc *); /* r12a_beacon.c */ void r12a_beacon_init(struct rtwn_softc *, void *, int); void r12a_beacon_set_rate(void *, int); +void r12a_sta_beacon_enable(struct rtwn_softc *, int, bool); /* r12a_calib.c */ void r12a_save_bb_afe_vals(struct rtwn_softc *, uint32_t[], diff --git a/sys/dev/rtwn/rtl8812a/r12a_beacon.c b/sys/dev/rtwn/rtl8812a/r12a_beacon.c index b4458d60a0fa..93b4e25a50ed 100644 --- a/sys/dev/rtwn/rtl8812a/r12a_beacon.c +++ b/sys/dev/rtwn/rtl8812a/r12a_beacon.c @@ -91,3 +91,12 @@ r12a_beacon_set_rate(void *buf, int is5ghz) } else txd->txdw4 = htole32(SM(R12A_TXDW4_DATARATE, RTWN_RIDX_CCK1)); } + +/* + * For now (no rate control) don't change the beacon configuration + * in STA mode. + */ +void +r12a_sta_beacon_enable(struct rtwn_softc *sc, int id, bool enable) +{ +} diff --git a/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c b/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c index 4b86461b2f25..84bfcfbda0e8 100644 --- a/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c +++ b/sys/dev/rtwn/rtl8812a/usb/r12au_attach.c @@ -237,6 +237,7 @@ r12au_attach(struct rtwn_usb_softc *uc) #endif sc->sc_beacon_init = r12a_beacon_init; sc->sc_beacon_enable = r92c_beacon_enable; + sc->sc_sta_beacon_enable = r12a_sta_beacon_enable; sc->sc_beacon_set_rate = r12a_beacon_set_rate; sc->sc_beacon_select = rtwn_nop_softc_int; sc->sc_temp_measure = r88e_temp_measure; diff --git a/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c b/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c index 75d8f3669c12..9f0e2c950a1e 100644 --- a/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c +++ b/sys/dev/rtwn/rtl8821a/usb/r21au_attach.c @@ -223,6 +223,7 @@ r21au_attach(struct rtwn_usb_softc *uc) #endif sc->sc_beacon_init = r21a_beacon_init; sc->sc_beacon_enable = r92c_beacon_enable; + sc->sc_sta_beacon_enable = r12a_sta_beacon_enable; sc->sc_beacon_set_rate = r12a_beacon_set_rate; sc->sc_beacon_select = r21a_beacon_select; sc->sc_temp_measure = r88e_temp_measure; From nobody Sat Dec 21 19:24:19 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFvNg3Q52z5Wy3w; Sat, 21 Dec 2024 19:24:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFvNg2fXdz4jJp; Sat, 21 Dec 2024 19:24:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Oz6dKQDtIs41SFv+52cNPHgV2yknDSk6SxCt70cTHXk=; b=a1Ocu1G0SsSyLRDls+oqoNTNbG8FeD7kUMlT/5OhY+BHFz+Kntq8LZxQNPEO352t7GYjTO DcViRuXJ182YYQeP1fRjE6wIWt7f2BUqGe6/72alqRBja5qLjkT9ax0qZV9HatXwitp/mh jrmiNYSR3CHvhhYhjEBIfuRsLOY1ET7WK1iWIcbB6j70jOo4fbUPxoNQqHUKCfAuP93H7Y D3rPTbEfKImmkgioDxFfCRqpwTNXoU94GM8cblovU47+77cFDENWJl+jcdLJo/Iv/SnAIB KFwaYuoh/Bjb7G0XVmMWEEUCVZE9AHMsDbrP0cPyhsRa8Tl0PaMeMyKvRueLbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Oz6dKQDtIs41SFv+52cNPHgV2yknDSk6SxCt70cTHXk=; b=vO+rcOg70GKiwhfhdLGzs6iBh1Ao8WP+P/i1gUHOso0zjiKzRT5l+MfcBU9lRTIlyiNTkk IFeVKFePZUGcOarsBWpaHnQpteL9HBe6gVQC16tfbkPu9ulLmu4KVDM115lgXvNTwJZQZT NKDbldM81ADMkr6Jbrccqeu2HhdVuRrcrZFooyXO5kORvDplq6esLVjr1OXdndpEaQa+4W UmCfVC/orKQU2TWKRyJMUpO4WAZ9Nf7s3QDxFSV1mitjokzFpNhJqfMO5lp3GdKXx/E0hj mtNs59FpcGocKu6ts64HaGrJ1+nHPBrqT3alT3Qt9ykvQTNHr4t9ln8IX7LS3Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734809059; a=rsa-sha256; cv=none; b=T62BpvlXMub6jjimKw3DcIj5vsGeTyh7EeqwGmbAXzYReM8b1fRn20Uut9S8Noqlyuh6bg OxLxTMMzPAKOijxccCiZloWNUJz1Docqggf7t0yn+k3mn8ycErMUovdd3ds1XQq64bAPmy bDN9e+q8OnfOLS1ozX8y7VYUwbgNbqUkspqPH7mA9aurYGw+RE9DulRBQPHKUGyd82zkKX NpxkXHNhs+qL5MhQk6vVVgU2oENiVvmpYhXq44DDTSC6oYZ6Q2w8INcBaJpBcOWj3s0sCX HA1lapp0w20+pQRnVo2YwEPvKMqddq8S1PV24YGuF9C4G0z2xMYWPKU96y0r3Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFvNg1VQnzcdh; Sat, 21 Dec 2024 19:24:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BLJOJKI032306; Sat, 21 Dec 2024 19:24:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BLJOJm7032303; Sat, 21 Dec 2024 19:24:19 GMT (envelope-from git) Date: Sat, 21 Dec 2024 19:24:19 GMT Message-Id: <202412211924.4BLJOJm7032303@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 8cf955f3f48a - main - jail: Handle jail removal in a dedicated thread List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8cf955f3f48a45db22a3cc3ad89a22b543fa38ce Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8cf955f3f48a45db22a3cc3ad89a22b543fa38ce commit 8cf955f3f48a45db22a3cc3ad89a22b543fa38ce Author: Mark Johnston AuthorDate: 2024-12-21 19:23:51 +0000 Commit: Mark Johnston CommitDate: 2024-12-21 19:23:51 +0000 jail: Handle jail removal in a dedicated thread Otherwise a deadlock is possible: the system taskqueue thread removes a prison and calls vnet_destroy(), vnet_vlan_uninit() destroys the if_vlan cloner, the vlan_clone_destroy() callback calls taskqueue_drain() on the thread taskqueue. Fix the problem by introducing a new thread for jail removals. Ideally, the taskqueue interface would let consumers define queues without having to map them to threads, as that'd make it possible to avoid such deadlocks without extra threads; for now, this is the only solution. Reviewed by: jamie MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47991 --- sys/kern/kern_jail.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index d5651f671110..ad6483ed374d 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -130,6 +130,12 @@ struct jailsys_flags { unsigned new; }; +/* + * Handle jail teardown in a dedicated thread to avoid deadlocks from + * vnet_destroy(). + */ +TASKQUEUE_DEFINE_THREAD(jail_remove); + /* allprison, allprison_racct and lastprid are protected by allprison_lock. */ struct sx allprison_lock; SX_SYSINIT(allprison_lock, &allprison_lock, "allprison"); @@ -2902,7 +2908,7 @@ prison_free(struct prison *pr) * Don't remove the last reference in this context, * in case there are locks held. */ - taskqueue_enqueue(taskqueue_thread, &pr->pr_task); + taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); } } @@ -2976,7 +2982,7 @@ prison_proc_free(struct prison *pr) pr->pr_id)); pr->pr_flags |= PR_COMPLETE_PROC; mtx_unlock(&pr->pr_mtx); - taskqueue_enqueue(taskqueue_thread, &pr->pr_task); + taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); } } From nobody Sat Dec 21 19:26:57 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFvRk22MVz5WyCs; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFvRk0nzYz4jwP; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2xV99gcERb0zwi0gMCwDOj7ArMpUqd2Lc3dYf9V4ffE=; b=AMAEwglP/6e30fKeGfznP2yfVFmZPySVWI8NlqSeAAGdL/JRq8ZCmWwudQW/yUKGiVujnz GEGPvWlEnaZkEiqcHCOQOeKW3dpiW1Rn1f+Wq+x+tif6v94slCpR4sHVb1Qr2OzILjVhna 13KsSB1jg6etsq7BMJgXHSSu8kctvhU8e7J3Tpa/JioVW950TK9AslKY1N9VcghyF1JJrd sr0Rp/I7VemYEfcub28TG3NbA55CSNt0ZdwejKyGxzI4RyE3J7dJsRWmEhIk+g82iFjkFt mrUz/emwWs9GfHgAzXATBzCL0BHKceij2j5WPCSQDaVFzNbyERkdB7gx1+wcsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2xV99gcERb0zwi0gMCwDOj7ArMpUqd2Lc3dYf9V4ffE=; b=shCZQA/Li1N/yqEVUetD3pVCbHr3phrKEJcQugXLfBKpyZpqwp85zN5Fo4a5QxU8Ut6+Rm /lax8eijBujckYueOeWftm2BlziajAkifMzxtp/sgf3voZXfxi7+BENjY6IWRmZIdnl2P9 m3sBdXqYiGT6ac2Rw/3f18K6RhNUuj8i4imduuLEjmA6idkQFLVetx9Ux+cCvR8X4jkBr6 NhZQDPXRP9LFA1NNLp+8fwdV2+NOBNjDfbxLwrwDxZpM04UrG7e2BXNMj3p28aKAVJ0p7c tMK1fbx5ueBtPpRmhM5Dg6wp/7Z7OOkoDGxV5r+/f17ggomkug2S2LbxzMUTSw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734809218; a=rsa-sha256; cv=none; b=Y6TEjYKioSG05BnUCzpQYQjQ6q7/ErHzHLVftZ1Gq2wi10N5SSJq3KFRMNb58D1MauKXc9 UV3Gh+yDzchD01evWDdIYmYMVTvpcl/ME6KJQgmiCvowdrtCsrq6EgDi3oDWPEh7bmduZ+ lk1jUpqoBO9JwEYmcwMwGU3pgXOVTiTVT3X0PQgWHXuGVdqkmkskAxFqUKTvr5SsCFXUZj iG3ZJOcBZuPhY2IfYJ8loKRuNIBJxotv5UPu77rInHMczSXB+vnyTFkwnV+RGloB5sI8gc 96OYbl5ddbDXq4o5rhueylxf/UcWTfYUXStT2nSnJo26pxyc1Bd/2ZCHEctETA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFvRk03Qvzd3x; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BLJQvcm033200; Sat, 21 Dec 2024 19:26:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BLJQvgQ033197; Sat, 21 Dec 2024 19:26:57 GMT (envelope-from git) Date: Sat, 21 Dec 2024 19:26:57 GMT Message-Id: <202412211926.4BLJQvgQ033197@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 7d1d9cc440f8 - main - sysctl: Do not serialize requests when running as root List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d commit 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d Author: Mark Johnston AuthorDate: 2024-12-21 19:25:32 +0000 Commit: Mark Johnston CommitDate: 2024-12-21 19:25:32 +0000 sysctl: Do not serialize requests when running as root Bugs or unexpected behaviour can cause a user thread to block in a sysctl handler for a long time. "procstat -kka" is the most useful tool to see why this might happen, but it can block on sysctlmemlock too. Since the purpose of this lock is merely to ensure userspace can't wire too much memory, don't require it for requests from privileged threads. PR: 282994 Reviewed by: kib, jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47842 --- sys/kern/kern_sysctl.c | 10 ++++++---- sys/sys/priv.h | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index e139d9c39181..9d824fbd3cbd 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -2516,8 +2516,9 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, const void *new, size_t newlen, size_t *retval, int flags) { - int error = 0, memlocked; struct sysctl_req req; + int error = 0; + bool memlocked; bzero(&req, sizeof req); @@ -2549,9 +2550,10 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, if (KTRPOINT(curthread, KTR_SYSCTL)) ktrsysctl(name, namelen); #endif - memlocked = 0; - if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) { - memlocked = 1; + memlocked = false; + if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 && + req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) { + memlocked = true; sx_xlock(&sysctlmemlock); } CURVNET_SET(TD_TO_VNET(td)); diff --git a/sys/sys/priv.h b/sys/sys/priv.h index b570e4d7884a..9a1886454d86 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -211,6 +211,7 @@ #define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */ #define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */ #define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */ +#define PRIV_SYSCTL_MEMLOCK 243 /* Large requests are not serialized. */ /* * TTY privileges. From nobody Sun Dec 22 03:17:53 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YG5v5312Lz5hvkr; Sun, 22 Dec 2024 03:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YG5v51pGmz4BGB; Sun, 22 Dec 2024 03:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734837473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7hVhombS8Ld1b3Bk/PQBUVp8vwd8k54LYkYVsb7vNU8=; b=RAQ2uYvXDFMWTYYC/UkF5XT1SvNN/Ijm6KPitQjOiWfOXtP9cLcqSV13WaHgTygqq3oW4F 9XS8vdUwEh8SBDArvKQ9DtOU3Nx0Vq1f9iWQDSI9zJwjTy1D5JsE9duEkpnmtSaXRnEPdW FpafaGTJsotZdmbRVA4+Y43b7yWZpxXzmxReYvOqHm30xVjrBd5AMICYtpjDyZw5WLQOEO TcBdxTvQrhKAFRgxxDkkfzbRV63qOd9i8mznvCSxqK+2bKmFa8AFgl687js01IZCws91up q5//uBG0gqv3z72Ze4WCvxgFCkW9QrVm1FTAOrnuyptSwOvFxX+Sd/fD5Cazsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734837473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7hVhombS8Ld1b3Bk/PQBUVp8vwd8k54LYkYVsb7vNU8=; b=a7otNMxLFUpypyQoUEa1ztVllKOPz2NUT3pGCPWbiSzcyTZCpnO2ociO1nP5Rr9waRVmFe egPEwrkfQGxZuqsUucGE8M1VqfTaeNBfmF4585ehvmHIltbCUdsQoMRjRbmycebDZE/zhh qo4tq6POii0sLw17YjZHS+vmJCuRBjNFpr/u0enqB9LPwyKefNAUb7SUIeCOUtpbaZloo1 ywmZ8rH526czf3Zb4PVeDh6LnV9gPhl+elEKzDt2YhJj824zC0NDe/ohRjAgGcbMkPyVgE tG4ZRACZFAMY51QzsIdhZgNI1Lcg2E/WGCZIeSsUag6Lj9JkIUagTbdjiUqm6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734837473; a=rsa-sha256; cv=none; b=WCcHk5JGe9LN5nE0Nq1DbeUKyPSl0ORhNOmyb4UxSMpdfGlJ1ny0F1k7LfJpiOWnQXO42Z dvCkkwJa/YYVNhGHu9a12lNVYxTSE7c9vtI9XYU6G4DWMH6cWfOkqBfwI4lOqbNZ2KcHPu Whb8/atR8l0b8QO1bf7jyPw4rNUPeL/jMJVaejCn6WEd/w9ObRz5ETus5y3eV24bh7BLJl uFaigUPh/bhRaws8uwT6K85gf9WMHE6uYpMRe+B+maO1qYkzOU0WEoAbr2XVl2Tj75J3MR x9eTCbchytLUh+V79CcfZBA3fSoqTqGSTjtpTEUNm0kjCLnI2MaJ+0xJgBP0ZA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YG5v51PlLzr9h; Sun, 22 Dec 2024 03:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BM3HrhA015201; Sun, 22 Dec 2024 03:17:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BM3HrMM015198; Sun, 22 Dec 2024 03:17:53 GMT (envelope-from git) Date: Sun, 22 Dec 2024 03:17:53 GMT Message-Id: <202412220317.4BM3HrMM015198@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Vladimir Kondratyev Subject: git: 38b67578fb4b - main - hid: Correctly handle signed/unsigned quantities in kernel HID parser. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wulf X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 38b67578fb4bbf568f7012ca3921a4d15cfe7c5d Auto-Submitted: auto-generated The branch main has been updated by wulf: URL: https://cgit.FreeBSD.org/src/commit/?id=38b67578fb4bbf568f7012ca3921a4d15cfe7c5d commit 38b67578fb4bbf568f7012ca3921a4d15cfe7c5d Author: Vladimir Kondratyev AuthorDate: 2024-12-22 03:16:11 +0000 Commit: Vladimir Kondratyev CommitDate: 2024-12-22 03:16:11 +0000 hid: Correctly handle signed/unsigned quantities in kernel HID parser. Wrong signedness of usage value results in inverted range check in hmt(4) driver that allows out of bound array access leading to panic. Reported by: many Sponsored by: Future Crew, LLC Obtained from: NetBSD NetBSD PR: kern/53605 PR: 274014, 282592 --- sys/dev/hid/hid.c | 91 +++++++++++++++++++++++++++++-------------------------- sys/dev/hid/hid.h | 32 +++++++++---------- 2 files changed, 64 insertions(+), 59 deletions(-) diff --git a/sys/dev/hid/hid.c b/sys/dev/hid/hid.c index 4b5d4a81b51e..453c37d806fc 100644 --- a/sys/dev/hid/hid.c +++ b/sys/dev/hid/hid.c @@ -69,7 +69,7 @@ hid_test_quirk_t *hid_test_quirk_p = &hid_test_quirk_w; #define MAXLOCCNT 2048 struct hid_pos_data { - int32_t rid; + uint32_t rid; uint32_t pos; }; @@ -79,9 +79,9 @@ struct hid_data { const uint8_t *p; struct hid_item cur[MAXPUSH]; struct hid_pos_data last_pos[MAXID]; - int32_t usages_min[MAXUSAGE]; - int32_t usages_max[MAXUSAGE]; - int32_t usage_last; /* last seen usage */ + uint32_t usages_min[MAXUSAGE]; + uint32_t usages_max[MAXUSAGE]; + uint32_t usage_last; /* last seen usage */ uint32_t loc_size; /* last seen size */ uint32_t loc_count; /* last seen count */ uint32_t ncount; /* end usage item count */ @@ -117,7 +117,7 @@ hid_clear_local(struct hid_item *c) } static void -hid_switch_rid(struct hid_data *s, struct hid_item *c, int32_t next_rID) +hid_switch_rid(struct hid_data *s, struct hid_item *c, uint32_t next_rID) { uint8_t i; @@ -242,6 +242,7 @@ hid_get_item(struct hid_data *s, struct hid_item *h) uint32_t oldpos; int32_t mask; int32_t dval; + uint32_t uval; if (s == NULL) return (0); @@ -253,10 +254,10 @@ hid_get_item(struct hid_data *s, struct hid_item *h) if (s->icount < s->ncount) { /* get current usage */ if (s->iusage < s->nusage) { - dval = s->usages_min[s->iusage] + s->ousage; - c->usage = dval; - s->usage_last = dval; - if (dval == s->usages_max[s->iusage]) { + uval = s->usages_min[s->iusage] + s->ousage; + c->usage = uval; + s->usage_last = uval; + if (uval == s->usages_max[s->iusage]) { s->iusage ++; s->ousage = 0; } else { @@ -264,7 +265,7 @@ hid_get_item(struct hid_data *s, struct hid_item *h) } } else { DPRINTFN(1, "Using last usage\n"); - dval = s->usage_last; + uval = s->usage_last; } c->nusages = 1; /* array type HID item may have multiple usages */ @@ -318,28 +319,32 @@ hid_get_item(struct hid_data *s, struct hid_item *h) } switch (bSize) { case 0: - dval = 0; + uval = 0; + dval = uval; mask = 0; break; case 1: - dval = (int8_t)hid_get_byte(s, 1); + uval = hid_get_byte(s, 1); + dval = (int8_t)uval; mask = 0xFF; break; case 2: - dval = hid_get_byte(s, 1); - dval |= hid_get_byte(s, 1) << 8; - dval = (int16_t)dval; + uval = hid_get_byte(s, 1); + uval |= hid_get_byte(s, 1) << 8; + dval = (int16_t)uval; mask = 0xFFFF; break; case 4: - dval = hid_get_byte(s, 1); - dval |= hid_get_byte(s, 1) << 8; - dval |= hid_get_byte(s, 1) << 16; - dval |= hid_get_byte(s, 1) << 24; + uval = hid_get_byte(s, 1); + uval |= hid_get_byte(s, 1) << 8; + uval |= hid_get_byte(s, 1) << 16; + uval |= hid_get_byte(s, 1) << 24; + dval = uval; mask = 0xFFFFFFFF; break; default: - dval = hid_get_byte(s, bSize); + uval = hid_get_byte(s, bSize); + dval = uval; DPRINTFN(0, "bad length %u (data=0x%02x)\n", bSize, dval); continue; @@ -351,7 +356,7 @@ hid_get_item(struct hid_data *s, struct hid_item *h) case 8: /* Input */ c->kind = hid_input; ret: - c->flags = dval; + c->flags = uval; c->loc.count = s->loc_count; c->loc.size = s->loc_size; @@ -381,7 +386,7 @@ hid_get_item(struct hid_data *s, struct hid_item *h) goto ret; case 10: /* Collection */ c->kind = hid_collection; - c->collection = dval; + c->collection = uval; c->collevel++; c->usage = s->usage_last; c->nusages = 1; @@ -407,7 +412,7 @@ hid_get_item(struct hid_data *s, struct hid_item *h) case 1: /* Global */ switch (bTag) { case 0: - c->_usage_page = dval << 16; + c->_usage_page = uval << 16; break; case 1: c->logical_minimum = dval; @@ -422,21 +427,21 @@ hid_get_item(struct hid_data *s, struct hid_item *h) c->physical_maximum = dval; break; case 5: - c->unit_exponent = dval; + c->unit_exponent = uval; break; case 6: - c->unit = dval; + c->unit = uval; break; case 7: /* mask because value is unsigned */ - s->loc_size = dval & mask; + s->loc_size = uval & mask; break; case 8: - hid_switch_rid(s, c, dval & mask); + hid_switch_rid(s, c, uval & mask); break; case 9: /* mask because value is unsigned */ - s->loc_count = dval & mask; + s->loc_count = uval & mask; break; case 10: /* Push */ /* stop parsing, if invalid push level */ @@ -479,14 +484,14 @@ hid_get_item(struct hid_data *s, struct hid_item *h) switch (bTag) { case 0: if (bSize != 4) - dval = (dval & mask) | c->_usage_page; + uval = (uval & mask) | c->_usage_page; /* set last usage, in case of a collection */ - s->usage_last = dval; + s->usage_last = uval; if (s->nusage < MAXUSAGE) { - s->usages_min[s->nusage] = dval; - s->usages_max[s->nusage] = dval; + s->usages_min[s->nusage] = uval; + s->usages_max[s->nusage] = uval; s->nusage ++; } else { DPRINTFN(0, "max usage reached\n"); @@ -499,16 +504,16 @@ hid_get_item(struct hid_data *s, struct hid_item *h) s->susage |= 1; if (bSize != 4) - dval = (dval & mask) | c->_usage_page; - c->usage_minimum = dval; + uval = (uval & mask) | c->_usage_page; + c->usage_minimum = uval; goto check_set; case 2: s->susage |= 2; if (bSize != 4) - dval = (dval & mask) | c->_usage_page; - c->usage_maximum = dval; + uval = (uval & mask) | c->_usage_page; + c->usage_maximum = uval; check_set: if (s->susage != 3) @@ -529,25 +534,25 @@ hid_get_item(struct hid_data *s, struct hid_item *h) s->susage = 0; break; case 3: - c->designator_index = dval; + c->designator_index = uval; break; case 4: - c->designator_minimum = dval; + c->designator_minimum = uval; break; case 5: - c->designator_maximum = dval; + c->designator_maximum = uval; break; case 7: - c->string_index = dval; + c->string_index = uval; break; case 8: - c->string_minimum = dval; + c->string_minimum = uval; break; case 9: - c->string_maximum = dval; + c->string_maximum = uval; break; case 10: - c->set_delimiter = dval; + c->set_delimiter = uval; break; default: DPRINTFN(0, "Local bTag=%d\n", bTag); diff --git a/sys/dev/hid/hid.h b/sys/dev/hid/hid.h index 09fad96c9559..aeb0da98b181 100644 --- a/sys/dev/hid/hid.h +++ b/sys/dev/hid/hid.h @@ -233,31 +233,31 @@ struct hid_location { struct hid_item { /* Global */ - int32_t _usage_page; + uint32_t _usage_page; int32_t logical_minimum; int32_t logical_maximum; int32_t physical_minimum; int32_t physical_maximum; - int32_t unit_exponent; - int32_t unit; - int32_t report_ID; + uint32_t unit_exponent; + uint32_t unit; + uint32_t report_ID; /* Local */ int nusages; union { - int32_t usage; - int32_t usages[HID_ITEM_MAXUSAGE]; + uint32_t usage; + uint32_t usages[HID_ITEM_MAXUSAGE]; }; - int32_t usage_minimum; - int32_t usage_maximum; - int32_t designator_index; - int32_t designator_minimum; - int32_t designator_maximum; - int32_t string_index; - int32_t string_minimum; - int32_t string_maximum; - int32_t set_delimiter; + uint32_t usage_minimum; + uint32_t usage_maximum; + uint32_t designator_index; + uint32_t designator_minimum; + uint32_t designator_maximum; + uint32_t string_index; + uint32_t string_minimum; + uint32_t string_maximum; + uint32_t set_delimiter; /* Misc */ - int32_t collection; + uint32_t collection; int collevel; enum hid_kind kind; uint32_t flags;