From owner-dev-commits-src-all@freebsd.org Mon Aug 16 06:08:18 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC81366D165; Mon, 16 Aug 2021 06:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gp3cf4xQ1z3GTW; Mon, 16 Aug 2021 06:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 82E6524050; Mon, 16 Aug 2021 06:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 17G68IfS029084; Mon, 16 Aug 2021 06:08:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 17G68IJk029083; Mon, 16 Aug 2021 06:08:18 GMT (envelope-from git) Date: Mon, 16 Aug 2021 06:08:18 GMT Message-Id: <202108160608.17G68IJk029083@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 239aebee61b8 - main - domain: give domains a chance to probe for availability MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 239aebee61b85d9a050d09a37fce2c2df8f36fc1 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2021 06:08:18 -0000 The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=239aebee61b85d9a050d09a37fce2c2df8f36fc1 commit 239aebee61b85d9a050d09a37fce2c2df8f36fc1 Author: Kyle Evans AuthorDate: 2020-06-26 02:17:47 +0000 Commit: Kyle Evans CommitDate: 2021-08-16 05:59:56 +0000 domain: give domains a chance to probe for availability This gives any given domain a chance to indicate that it's not actually supported on the current system. If dom_probe isn't supplied, we assume the domain is universally applicable as most of them are. Keeping fully-initialized and registered domains around that physically can't work on a large majority of FreeBSD deployments is sub-optimal and leads to errors that aren't consistent with the reality of why the socket can't be created (e.g. ESOCKTNOSUPPORT) because such scenario has to be caught upon pru_attach, at which point kicking back the more-appropriate EAFNOSUPPORT would seem weird. The initial consumer of this will be hvsock, which is only available on HyperV guests. Reviewed by: cem (earlier version), bcr (manpages) Differential Revision: https://reviews.freebsd.org/D25062 --- share/man/man9/Makefile | 1 + share/man/man9/domain.9 | 32 +++++++++++++++++++++++++++++--- sys/kern/uipc_domain.c | 9 +++++++++ sys/sys/domain.h | 5 +++++ 4 files changed, 44 insertions(+), 3 deletions(-) diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 47c642319049..d7d26419b042 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -1011,6 +1011,7 @@ MLINKS+=dnv.9 dnvlist.9 \ dnv.9 dnvlist_take_string.9 MLINKS+=domain.9 DOMAIN_SET.9 \ domain.9 domain_add.9 \ + domain.9 domain_init.9 \ domain.9 pfctlinput.9 \ domain.9 pffinddomain.9 \ domain.9 pffindproto.9 \ diff --git a/share/man/man9/domain.9 b/share/man/man9/domain.9 index e8f97253a1d4..03e83edfc14b 100644 --- a/share/man/man9/domain.9 +++ b/share/man/man9/domain.9 @@ -31,6 +31,7 @@ .Os .Sh NAME .Nm domain_add , +.Nm domain_init , .Nm pfctlinput , .Nm pffinddomain , .Nm pffindproto , @@ -45,6 +46,8 @@ .Ft void .Fn domain_add "void *data" .Ft void +.Fn domain_init "void *data" +.Ft void .Fn pfctlinput "int cmd" "struct sockaddr *sa" .Ft struct domain * .Fn pffinddomain "int family" @@ -65,8 +68,10 @@ and struct domain { int dom_family; /* AF_xxx */ char *dom_name; + int dom_flags; void (*dom_init) /* initialize domain data structures */ (void); + int (*dom_probe)(void); /* check for support (optional) */ void (*dom_destroy) /* cleanup structures / state */ (void); int (*dom_externalize) /* externalize access rights */ @@ -143,15 +148,36 @@ is not called directly, instead .Fn DOMAIN_SET is used. .Pp -If the new domain has defined an initialization routine, it is called by -.Fn domain_add ; +If the new domain has defined a probe routine, it is called first in +.Fn domain_add +to determine if the domain should be supported on the current system. +If the probe routine returns a non-0 value, then the domain will not be +marked as supported. +Unsupported domains do not proceed with the initialization process and are not +discoverable by +.Fn pffinddomain , +.Fn pffindtype , +or +.Fn pffindproto . +.Pp +.Fn domain_init +is called after +.Fn domain_add +during boot and for each +.Xr vnet 9 . +If the new domain has defined an initialization routine, it is called during +.Fn domain_init ; as well, each of the protocols within the domain that have defined an initialization routine will have theirs called. +Note that domain initialization cannot fail at this time. .Pp -Once a domain is added it cannot be unloaded. +Once a domain is added it cannot be completely unloaded. This is because there is no reference counting system in place to determine if there are any active references from sockets within that domain. +If the domain defines a +.Fn dom_destroy +routine, then it will be invoked during vnet teardown. .Pp .Fn pffinddomain finds a domain by family. diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c index 60e30eb1ae00..50d6c0a9d9f8 100644 --- a/sys/kern/uipc_domain.c +++ b/sys/kern/uipc_domain.c @@ -172,7 +172,11 @@ domain_init(void *arg) { struct domain *dp = arg; struct protosw *pr; + int flags; + flags = atomic_load_acq_int(&dp->dom_flags); + if ((flags & DOMF_SUPPORTED) == 0) + return; if (dp->dom_init) (*dp->dom_init)(); for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++) @@ -200,6 +204,8 @@ vnet_domain_uninit(void *arg) { struct domain *dp = arg; + if ((atomic_load_acq_int(&dp->dom_flags) & DOMF_SUPPORTED) == 0) + return; if (dp->dom_destroy) (*dp->dom_destroy)(); } @@ -216,6 +222,9 @@ domain_add(void *data) struct domain *dp; dp = (struct domain *)data; + if (dp->dom_probe != NULL && (*dp->dom_probe)() != 0) + return; + atomic_set_rel_int(&dp->dom_flags, DOMF_SUPPORTED); mtx_lock(&dom_mtx); dp->dom_next = domains; domains = dp; diff --git a/sys/sys/domain.h b/sys/sys/domain.h index 3d17879f1ccd..a59f4e230a1d 100644 --- a/sys/sys/domain.h +++ b/sys/sys/domain.h @@ -50,8 +50,10 @@ struct rib_head; struct domain { int dom_family; /* AF_xxx */ char *dom_name; + int dom_flags; void (*dom_init) /* initialize domain data structures */ (void); + int (*dom_probe)(void); /* check for support (optional) */ void (*dom_destroy) /* cleanup structures / state */ (void); int (*dom_externalize) /* externalize access rights */ @@ -70,6 +72,9 @@ struct domain { /* af-dependent data on ifnet */ }; +/* dom_flags */ +#define DOMF_SUPPORTED 0x0001 /* System supports this domain. */ + #ifdef _KERNEL extern int domain_init_status; extern struct domain *domains;