tests/lib/libpthread/Makefile: revision 1.16
lib/libpthread/pthread.c: revision 1.184
distrib/sets/lists/debug/mi: revision 1.424
distrib/sets/lists/tests/mi: revision 1.1297
tests/lib/libpthread/t_stack.c: revision 1.1
tests/lib/libpthread/t_stack.c: revision 1.2
tests/lib/libpthread/t_stack.c: revision 1.3
tests/lib/libpthread/t_stack.c: revision 1.4
tests/lib/libpthread/t_stack.c: revision 1.5
tests/lib/libpthread/t_stack.c: revision 1.6
pthread: Add tests for pthread user stack allocation.
PR lib/57721
libpthread/t_stack: Make this more robust to the guard size bug.
Make sure to allocate enough space for the thread's stack for a guard
even though there shouldn't be one, so that when we run the thread,
it doesn't start with the stack pointer pointing into someone else's
allocation (like malloc) causing stack frames to trash another data
structure -- or causing the user of that data structure to trash the
stack frames.
PR lib/57721
libpthread/t_stack: Omit needless cast in previous.
Arose from an earlier draft of the change.
PR lib/57721
libpthread/t_stack: Appease gcc12 maybe-uninitialized warning.
The jmp_buf is not, in fact, uninitialized at the point of use, but
it doesn't hurt to narrow the scope a bit to between when the jmp_buf
is initialized by setjmp, and when the signal handler might be called
after sigaction.
Noted by prlw1.
PR lib/57721
libpthread/t_stack: Fix format string for size_t.
Tested this on i386 since that had been crashing before, but i386
doesn't see %zu for unsigned int as a problem.
PR lib/57721
pthread: Don't adjust user-allocated stack addresses by guardsize.
PR lib/57721
lib/libc/gen/vis.c: revision 1.75-1.86
tests/lib/libc/gen/t_vis.c: revision 1.10-1.14
PR 56260: fix out-of-bounds stack read.
vis(3): Avoid nonportable MIN in portable code.
vis(3) tests: Add xfail test for encoding overflow.
From Kyle Evans <kevans%FreeBSD.org@localhost>.
PR lib/57573
vis(3) tests: Expand tests and diagnostic outputs on failure.
PR lib/57573
vis(3) tests: Test another overflow edge case.
Related to PR lib/57573.
vis(3): Make maxolen unsigned size_t, not ssize_t.
It is initialized once either to *dlen, which is unsigned size_t, or
to wcslen(start) * MB_MAX_LEN + 1, and wcslen returns unsigned size_t
too. So there appears to have never been any reason for this to be
signed.
Part of PR lib/57573.
vis(3): Make mbslength unsigned.
Sprinkle assertions and comments justifying the proposition that it
would never go negative if signed.
Obviates need to worry about mblength > SSIZE_MAX.
Prompted by PR lib/57573.
vis(3): Avoid arithmetic overflow before calloc(3).
Prompted by PR lib/57573.
vis(3): Call wcslen(start) only once.
It had better not change between these two times!
Prompted by PR lib/57573.
vis(3): Avoid potential arithmetic overflow in maxolen.
Can't easily prove that this overflow is impossible, so let's add a
check.
Prompted by PR lib/57573.
vis(3): Fix main part of PR lib/57573.
From Kyle Evans <kevans%FreeBSD.org@localhost>.
vis(3): Fix one more buffer overrun in an edge case.
PR lib/57573
vis(3): Sort includes. No functional change intended.
Prompted by PR lib/57573.
vis(3): Need <stdint.h> for SIZE_MAX, per C standard.
From Kyle Evans <kevans%FreeBSD.org@localhost>.
Followup to PR lib/57573.
vis(3): Per KNF, sys/param.h comes before sys/types.h.
Which is nice because that's also lexicographic.
tests/lib/libc/sys/t_setrlimit.c: revision 1.8
tests/lib/libc/sys/t_setrlimit.c: revision 1.9
sys/kern/exec_subr.c: revision 1.86
t_setrlimit: Verify changing RLIMIT_STACK affects access to stack.
PR kern/57711
exec: Map noaccess part of stack with prot=NONE, maxprot=READ|WRITE.
This way, setrlimit(RLIMT_STACK) can grant READ|WRITE access when
increasing the stack size.
PR kern/57711
distrib/sets/lists/debug/mi 1.409 (patch)
distrib/sets/lists/tests/mi 1.1280 (patch)
libexec/ld.elf_so/Makefile 1.145-1.147 (patch)
libexec/ld.elf_so/hash.c 1.1
libexec/ld.elf_so/hash.h 1.1
libexec/ld.elf_so/reloc.c 1.118 (patch)
libexec/ld.elf_so/rtld.c 1.215 (patch)
libexec/ld.elf_so/rtld.h 1.145,1.147 (patch)
libexec/ld.elf_so/symbol.c 1.74-1.76 (patch)
tests/libexec/ld.elf_so/Makefile 1.21 (patch)
tests/libexec/ld.elf_so/t_hash.c 1.1
The SysV ABI specifies that the symbol hash function should return only 32
bits of hash. Unfortunately due to an implementation bu and the fact that
the return type is unsigned long which is 64 bits in LP64, this can fail
in some cases: "\xff\x0f\x0f\x0f\x0f\x0f\x12". See:
https://maskray.me/blog/2023-04-12-elf-hash-function
From Ed Maste @ FreeBSD:
https://cgit.freebsd.org/src/commit/?id=29e3a06510823edbb91667d21f530d3ec778116d
Need to write Unit Tests for this.
Oops wrong mask.
ld.elf_so: Split SRCS onto multiple lines.
Makes updates easier.
No functional change intended.
ld.elf_so: Sort SRCS.
No functional change intended.
ld.elf_so: Split hash functions into a separate file.
This way we can test them in isolation.
No functional change intended.
ld.elf_so: Add some known-answer tests for hash functions.
Make sure the testing mechanism detects the traditional overflow bug.
tests/lib/libc/string/t_swab.c: revision 1.3
lib/libc/string/swab.c: revision 1.20
swab(3): Rewrite this to be understandable.
And make the tests work, and exercise all lengths up to 100.
Evidently the previous definition, presumably tightly optimized for
1980s-era compilers and CPUs, was too hard to understand, because it
was incorrectly tested for two decades and broken for years.
PR lib/57141
sys/net/if.c: revision 1.458
tests/net/if/t_ifconfig.sh: revision 1.21
Restore if_ioctl on error of ifc_destroy
Otherwise subsequence ioctls won't work.
Patch from Harold Gutch on PR kern/54434 (tweaked a bit by me)
tests: check if ifconfig (ioctl) works after a failure of ifconfig destroy
This is a test for PR kern/54434.
crypto/dist/ipsec-tools/src/setkey/parse.y: revision 1.23
sys/netipsec/key.c: revision 1.265
crypto/dist/ipsec-tools/src/setkey/token.l: revision 1.23
tests/net/ipsec/t_ipsec_misc.sh: revision 1.23
ipsec: fix a regression of the update API
The update API updates an SA by creating a new SA and removing an existing SA.
The previous change removed a newly added SA wrongly if an existing SA had been
created by the getspi API.
setkey: enable to use the getspi API
If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE. Otherwise, the kernel picks a random SPI.
It enables to mimic racoon.
tests: add tests for getspi and udpate
sys/netinet6/nd6.c: revision 1.255
tests/net/ndp/t_ndp.sh: revision 1.32
nd6: restore a missing reachability confirmation
On sending a packet over a STALE cache, the cache should be tried a reachability
confirmation, which is described in RFC 2461/4861 7.3.3. On the fast path in
nd6_resolve, however, the treatment for STALE caches has been skipped
accidentally. So STALE caches never be back to the REACHABLE state.
To fix the issue, branch to the fast path only when the cache entry is the
REACHABLE state and leave other caches to the slow path that includes the
treatment. To this end we need to allow to return a link-layer address if a
valid address is available on the slow path too, which is the same behavior as
FreeBSD and OpenBSD.
tests: test state transitions of neighbor caches
tests/kernel/kqueue/read/t_ttypty.c: revision 1.3
sys/kern/tty_pty.c: revision 1.145
Fix reporting EOF via kevent and add a test case
Fix the kernel pty driver to report closed slave via master's kevent
EVFILT_READ. This behavior matches the behavior for pipes, is
consistent with how FreeBSD implements it and is relied upon by LLDB's
main loop implementation.
Includes feedback by kre and kamil (from tech-kern), commit approved
by kamil.
tests/lib/libc/gen/posix_spawn/t_spawnattr.c: revision 1.2,1.3
Don't use SCHED_OTHER.
Fix broken test: we can't assume that the current schedule priority range
will overlap with the requested scheduler range, so get the new scheduler
range, and then try to find a different priority. If that fails (to find
a different scheduling range), give up here.
sys/net/if_vlan.c: 1.126
tests/net/if_vlan/t_vlan.sh: 1.9
vlan: call ether_ifdetach without IFNET_LOCK
Fix PR kern/53357
--
Add tests of vlan with bridge
The tests trigger a panic reported in PR kern/53357.
tests/net/if_bridge/t_rtable.sh: revision 1.3
sys/net/if_bridge.c: revision 1.150-1.154
sys/net/if_bridgevar.h: revision 1.32
Remove obsolete NULL checks
Simplify bridge_rtnode_insert (NFC)
bridge: use pslist(9) for rtlist and rthash
The change fixes race conditions on list operations. One example is that a
reader may see invalid pointers on a looking item in a list due to lack of
membar_producer.
Add a test that checks if brconfig flush surely removes all entries
Get rid of a unnecessary semicolon
Pointed out by kamil@
Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY
tests/lib/libc/sys/t_ptrace_wait.c: revision 1.24-1.31
tests/lib/libc/sys/t_ptrace_wait.h: revision 1.2
tests/lib/libc/sys/t_ptrace_x86_wait.h: revision 1.4,1.5
tests/lib/libc/sys/msg.h: revision 1.2
Correct all ATF failures in t_ptrace_x86_wait.h (debug registers)
This code after refactoring stopped calling functions that were designed
to trigger expected behavior and thus, tests were breaking.
Sponsored by <The NetBSD Foundation>
ATF: Correct a race bug in attach2 (t_ptrace_wait*)
At the end of the test we resume a tracer and expect to observe it to
collect the debuggee. We cannot from a parent point of view wait for
collecting it with WNOHANG without a race.
Remove the WNOHANG option from wait*(2) call. This corrects one type of
race.
This test is still racy for some other and unknown reason and this is bei=
ng
investigated.
Sponsored by <The NetBSD Foundation>
ATF: Reenable attach2 in t_ptrace_wait*
The primary race specific to this test has been fixed in previous commit
(wrong WNOHANG).
This test is still racy and breaks like once every 30,000 execution.
This is down like from once from every 100th execution in the past.
The remaning race is not specific to attach2 and I can reproduce it with
at least attach1. It still looks like being specific to NetBSD and it's
not reproducible on Linux and FreeBSD. Perhaps a bug with pipe(2)/write(2=
)/
read(2) or close to these features.
Sponsored by <The NetBSD Foundation>
Add a new function in ATF t_ptrace_wait*: await_zombie_raw()
Add await_zombie_raw() that is the same as await_zombie(), whith an
addition of additional "useconds_t ms" parameter indicating delays betwee=
n
new polling for a zombie process.
This new function will be used for testing a race condition that has been=
observed occassionally crashing a test case -- returning duplicate entrie=
s
for KERN_PROC_PID.
Sponsored by <The NetBSD Foundation>
ATF t_ptrace_wait*: Disable debug messages in msg.h
msg.h is a dummy IPC interface.
Disable additional debugging logging here, especially wanted in race*
tests.
Sponsored by <The NetBSD Foundation>
ATF: Add new test race1 in t_ptrace_wait*
Reuse the attach1's test body for race1.
Add a new test race1:
Assert that await_zombie() in attach1 always finds a single
process and no other error is reported
race1 requires HAVE_PID in wait(2)-like function.
This test is executed in a loop for 5 seconds (16k iterations on Intel i7=
).
A buggy kernel was asserting an error within this timeframe almost always=
=2E
The bug in the kernel is now gone and this test is expected to pass
correctly.
Sponsored by <The NetBSD Foundation>
Add check in ATF tests for security.models.extensions.user_set_dbregs
Introduce a new function can_we_set_dbregs() in the ATF ptrace(2) tests.
It uses lazy-bool evaluation whether a process can call PT_SETDBREGS.
In case of not being able to do so, print a message and mark a test
as skipped:
Either run this test as root or set sysctl(3)
security.models.extensions.user_set_dbregs to 1
No functional change intended to the code flow of the existing tested
scenarios.
Sponsored by <The NetBSD Foundation>
Improve documentation of the ATF test t_ptrace_wait*: traceme2
Set the description to:
Verify that a signal emitted by a tracer to a child is caught by
a signal handler.
Sponsored by <The NetBSD Foundation>
Merge code in tests: fork1 and vfork1 (ATF t_ptrace_wait*)
Marge bodies of two tests into the same function.
Add few checks for regular fork or not (vfork).
Sponsored by <The NetBSD Foundation>
ATF: ptrace: Merge code in fork2 and vfork2 tests with (v)fork1 ones
Reduce code duplication, use the same function body with conditional
switches.
Sponsored by <The NetBSD Foundation>
ATF t_ptrace_wait* refactoring: vforkdone1 and vforkdone2
Merge vforkdone1 and vforkdone2 into other fork tests and reuse the same
function body fork_test().
There is an implicit enhancement in vforkdone2 that it was skipping
PTRACE_VFORK check. This test is now marked as expected failure.
PR kern/51630
Sponsored by <The NetBSD Foundation>
Cover more fork/vfork/vforkdone scenarios in ATF ptrace(2) tests
Use a shared common body for all the tests: fork1..fork8, vfork1..vfork8.=
Merge vforkdone1 and vforkdone2 into vfork* tests.
All the (v?)fork[1-8] tests cover:
- calling either fork(2) or vfork(2)
- tracking either enabled or disabled FORK, VFORK or VFORK_DONE
All the PTRACE_VFORK tests are marked as expected failure.
Sponsored by <The NetBSD Foundation>
tests/net/if_bridge/t_rtable.sh: revision 1.2
sys/net/if_bridge.c: revision 1.149
Fix bridge_rtdelete
It removes a rtable entry that belongs to a specified interface, however,
its original behavior was to delete all belonging entries.
Restore the original behavior.
Add a test case for bridge_rtdelete
tests/usr.bin/shmif_dumpbus/d_pcap.out.bz2.uue: revision 1.3
tests/usr.bin/shmif_dumpbus/t_basic.sh: revision 1.9
Use tcpdump -n to avoid reverse DNS lookup. There is no point in having
different results from running this test in a networked vs. a non-networked
environment.
Adjust golden output accordingly.
Fixes PR 53150.
tests/net/icmp/t_ping.c: revision 1.19
sys/netinet6/raw_ip6.c: revision 1.166
sys/netinet6/ip6_input.c: revision 1.195
sys/net/raw_usrreq.c: revision 1.59
sys/sys/socketvar.h: revision 1.151
sys/kern/uipc_socket2.c: revision 1.128
tests/lib/libc/sys/t_recvmmsg.c: revision 1.2
lib/libc/sys/recv.2: revision 1.38
sys/net/rtsock.c: revision 1.239
sys/netinet/udp_usrreq.c: revision 1.246
sys/netinet6/icmp6.c: revision 1.224
tests/net/icmp/t_ping.c: revision 1.20
sys/netipsec/keysock.c: revision 1.63
sys/netinet/raw_ip.c: revision 1.172
sys/kern/uipc_socket.c: revision 1.260
tests/net/icmp/t_ping.c: revision 1.22
sys/kern/uipc_socket.c: revision 1.261
tests/net/icmp/t_ping.c: revision 1.23
sys/netinet/ip_mroute.c: revision 1.155
sbin/route/route.c: revision 1.159
sys/netinet6/ip6_mroute.c: revision 1.123
sys/netatalk/ddp_input.c: revision 1.31
sys/netcan/can.c: revision 1.3
sys/kern/uipc_usrreq.c: revision 1.184
sys/netinet6/udp6_usrreq.c: revision 1.138
tests/net/icmp/t_ping.c: revision 1.18
socket: report receive buffer overflows
Add soroverflow() which increments the overflow counter, sets so_error
to ENOBUFS and wakes the receive socket up.
Replace all code that manually increments this counter with soroverflow().
Add soroverflow() to raw_input().
This allows userland to detect route(4) overflows so it can re-sync
with the current state.
socket: clear error even when peeking
The error has already been reported and it's pointless requiring another
recv(2) call just to clear it.
socket: remove now incorrect comment that so_error is only udp
As it can be affected by route(4) sockets which are raw.
rtsock: log dropped messages that we cannot report to userland
Handle ENOBUFS when receiving messages.
Don't send messages if the receiver has died.
Sprinkle more soroverflow().
Handle ENOBUFS in recv
Handle ENOBUFS in sendto
Note value received. Harden another sendto for ENOBUFS.
Handle the routing socket overflowing gracefully.
Allow a valid sendto .... duh
Handle errors better.
Fix test for checking we sent all the data we asked to.
sys/netinet/in.c: 1.227
sys/netinet6/in6.c: 1.265
tests/net/arp/t_arp.sh: 1.35-1.36
Make GARP work again when DAD is disabled
The change avoids setting an IP address tentative on initializing it when
the IPv4 DAD is disabled (net.inet.ip.dad_count=0), which allows a GARP packet
to be sent (see arpannounce). This is the same behavior of NetBSD 7, i.e.,
before introducing the IPv4 DAD.
Additionally do the same change to IPv6 DAD for consistency.
The change is suggested by roy@
--
Improve packet checks and error reporting
--
Add tests for GARP without DAD
Additionally make the existing tests for GARP more explicit.
tests/net/ndp/t_ndp.sh: revision 1.31
tests/net/if_tap/t_tap.sh: revision 1.8
Avoid setting IP addresses of the same subnet on different interface
If we do so, there will remain one route that is of a preceding address, but
that behavior is not documented and may be changed in the future. Tests
shouldn't rely on such a unstable behavior.
tests/lib/libc/locale/t_sprintf.c: revision 1.4
tests/lib/libc/locale/t_sprintf.c: revision 1.5
tests/lib/libc/locale/t_sprintf.c: revision 1.6
tests/lib/libc/locale/t_sprintf.c: revision 1.7
Add some diagnostics to the strto test, so I can see why this
fails on i386 (on qemu) - will probably keep them when done.
When comparing doubles (any floating point values) which have been
computed using different methods, don't expect to achieve identical
results (here, one constant is perhaps converted to binary from a string by
a cross compiler, the other is converted at run time). Allow them to
have a small difference (for now, small is < 1e-7 - the constant is ~ 1e5,
so this is 12 orders of magnitude less) before failing (and include the
actual difference in the error message if it does fail.)
Revert 1.4 (perhaps temporarily) and add even more diagnostics to those
added in 1.3 to see if it is possible to determine why the strict equality
test fails on i386, yet succeeds elsewhere.
Since the C standard allows for intermediate floating results to contain
more precision bits than the data type expects, but (kind of obviously)
does not allow such values to be stored in memory, expecting the value
returned from strtod() (an intermediate result) to be identical (that is,
equal) to a stored value is incorrect.
So instead go back to checking that the two numbers are very very close.
See comments added to the test for more explanation.
tests/lib/libc/locale/t_sprintf.c: revision 1.3
tests/lib/libc/locale/t_wctomb.c: revision 1.5
tests/lib/libc/locale/t_io.c: revision 1.5
tests/lib/libc/locale/t_wcstod.c: revision 1.4
tests/lib/libc/locale/t_mbstowcs.c: revision 1.2
tests/lib/libc/locale/t_wctype.c: revision 1.2
tests/lib/libc/locale/t_mbrtowc.c: revision 1.2
tests/lib/libc/locale/t_btowc.c: revision 1.2
tests/lib/libc/locale/t_btowc.c: revision 1.3
Add ISO10646 versions of these tests, conditional on __STDC_ISO_10646__ .
Also make the tests a bit more verbose, to aid debugging when they fail.
Separate the C/POSIX locale test from the rest; make it more thorough
and more correct. This fixes a problem reported by martin@ when the
test is compiled with -funsigned-char.
lib/libc/stdio/vfwprintf.c: revision 1.35
lib/libc/stdio/vfwprintf.c: revision 1.36
tests/lib/libc/locale/t_sprintf.c: revision 1.2
Change t_sprintf to an expected failure, since we don't respect the empty
thousands separator of the C/POSIX locale (PR standards/52282).
Do not use thousands grouping when none is specified by the locale.
Fixes PR standards/52282.
A more correct fix for PR standards/52282.
sys/netipsec/ipsecif.c: revision 1.5
tests/net/if_ipsec/t_ipsec.sh: revision 1.4
sys/net/if_ipsec.c: revision 1.7
Fix IPv6 ipsecif(4) ATF regression, sorry.
There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.
Comment out confusing (and incorrect) code and add comment. Pointed out by maxv@n.o, thanks.
Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.
When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.
doc/CHANGES{,.prev}: revision 1.138
sys/sys/ptrace.h: revision 1.63
lib/libc/sys/ptrace.2: revision 1.68
sys/kern/sys_ptrace_common.c: revision 1.35 (via patch)
tests/lib/libc/sys/t_ptrace_wait.c: revision 1.23
Remove PT_GET_SIGMASK / PT_SET_SIGMASK
These operations cloned Linux's specific PTRACE_GETSIGMASK /
PTRACE_SETSIGMASK.
This feature was useful in applications like rr/criu/reptyr-like, where
the ptrace(2) interface is abused for the purpose of constructing an
arbitrary
process. It's not reliable and not portable. For the NetBSD case it will =
be
better to invent something dedicated for serializing and deserializing a
process with threads.
Noted on tech-toolchain@ and blog entry
"LLDB restoration and return to ptrace(2)"
https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to
tests/lib/Makefile: revision 1.30
share/mk/bsd.test.mk: revision 1.25
PR lib/52007
Provide a mechanism whereby a test sub-directory can be installed,
without the test being scheduled to run by default (ie: keeping
it out of the Atffile, and Kyuafile if Kyua is enabled.).
The mechanism is perhaps a bit kludgey - anyone with a better idea
how to make it happen, feel free to improve this (the one user as
of about the time of this commit is (or will be) src/tests/lib/Makefile)
PR lib/52007
Move libevent from being a test playing sub-directory, to a groupy,
just hanging around, hoping someone will notice it, and throw it
a bone... (mixed metaphors?)
tests/lib/libpthread/t_mutex.c: 1.19
Since there has been no objection (or even comment) in response
to my message on tech-userlevel ...
Subject: tests/lib/libpthread/t_mutex:mutex6
Date: Thu, 23 Nov 2017 17:34:54 +0700
Message-ID: <28385.1511433294%andromeda.noi.kre.to@localhost>
which can be found at:
http://mail-index.netbsd.org/tech-userlevel/2017/11/23/msg011010.html
which analysed the mutex6 test case of this test, and concluded
that it was useless, nonsense, and broken (the whole test is just a
race - not even really using or testing mutexes), let it be henceforth
forever gone.
tests/net/net/t_ping_opts.sh: 1.2-1.3
Now that we don't allow source-routed packets by default, set allowsrcrt=1
and forwsrcrt=1. Should fix the ATF failure.
--
Fix ping_opts_gateway and ping_opts_recordroute
We need to enable the options of source routing on all rump kernels.
sys/arch/aarch64/include/mcontext.h: 1.2
sys/arch/alpha/include/mcontext.h: 1.9
sys/arch/amd64/include/mcontext.h: 1.19
sys/arch/arm/include/mcontext.h: 1.19
sys/arch/hppa/include/mcontext.h: 1.9
sys/arch/i386/include/mcontext.h: 1.14
sys/arch/ia64/include/mcontext.h: 1.6
sys/arch/m68k/include/mcontext.h: 1.10
sys/arch/mips/include/mcontext.h: 1.22
sys/arch/or1k/include/mcontext.h: 1.2
sys/arch/powerpc/include/mcontext.h: 1.18
sys/arch/riscv/include/mcontext.h: 1.5
sys/arch/sh3/include/mcontext.h: 1.11
sys/arch/sparc/include/mcontext.h: 1.14-1.17
sys/arch/sparc64/include/mcontext.h: 1.10
sys/arch/vax/include/mcontext.h: 1.9
tests/lib/libc/sys/Makefile: 1.50
tests/lib/libc/sys/t_ucontext.c: 1.2
Introduce _UC_MACHINE_FP() as a macro
_UC_MACHINE_FP() is a helper macro to extract from mcontext a frame pointer.
Don't rely on this interface as a compiler might strip frame pointer or
optimize it making this interface unreliable.
For hppa assume a small frame context, for larger frames FP might be located
in a different register (4 instead of 3).
For ia64 there is no strict frame pointer, and registers might rotate.
Reuse 79 following:
./gcc/config/ia64/ia64.h:#define HARD_FRAME_POINTER_REGNUM LOC_REG (79)
Once ia64 will mature, this should be revisited.
A macro can encapsulate a real function for extracting Frame Pointer on
more complex CPUs / ABIs.
For the remaining CPUs, reuse standard register as defined in appropriate ABI.
The direct users of this macro are LLVM and GCC with Sanitizers.
Proposed on tech-userlevel@.
Sponsored by <The NetBSD Foundation>
--
Improve _UC_MACHINE_FP() for SPARC/SPARC64
Introduce a static inline function _uc_machine_fp() that contains improved
caluclation of a frame pointer.
Algorithm:
uptr *stk_ptr;
# if defined (__arch64__)
stk_ptr = (uptr *) (*sp + 2047);
# else
stk_ptr = (uptr *) *sp;
# endif
*bp = stk_ptr[15];
Noted by <mrg>
--
Make _UC_MACHINE_FP() compile again and fix it so that it does not add
the offset twice.
--
fix _UC_MACHINE32_FP() -- use 32 bit pointer value so that [15] is
the right offset. do this by using __greg32_t, which is only in
the sparc64 version, and these are only useful there, so move them.
--
Add new tests in lib/libc/sys/t_ucontext
New tests:
- ucontext_sp
- ucontext_fp
- ucontext_pc
- ucontext_intrv
They test respectively:
- _UC_MACHINE_SP
- _UC_MACHINE_FP
- _UC_MACHINE_PC
- _UC_MACHINE_INTRV
These tests attempt to access and print the values from ucontext, without
interpreting the values.
This is a follow up of the _UC_MACHINE_FP() introduction.
These tests use PRIxREGISTER, and require to be built with -D_KERNTYPES.
Sponsored by <The NetBSD Foundation>
tests/lib/libc/sys/t_ptrace_amd64_wait.h: 1.2
tests/lib/libc/sys/t_ptrace_i386_wait.h: 1.2
tests/lib/libc/sys/t_ptrace_wait.c: 1.10-1.20
tests/lib/libc/sys/t_ptrace_x86_wait.h: 1.2-1.3
PR kern/52167 strikes on sparc64 too.
--
Temporarily disable t_ptrace_wait*::resume1 in ATF tests
It hangs forever on releng machines.
Sponsored by <The NetBSD Foundation>
--
Remove expected failure (fixed in kern_sig.c 1.339)
--
sync a bit more with reality; some things still fail, some new failures.
reduce spewage, be more explanatory about syscall errors.
--
Add expected failures.
--
make it fail instead of hang under qemu; XXX: need to investigate.
--
t_ptrace_wait*: Disable suspend* tests
These tests can hang the system. These interfaces will be improved and
temporarily disable them.
--
ptrace atf: Clanup reports of failures
Mark resume* suspend* tests as expected failure and link with PR 51995.
Sponsored by <The NetBSD Foundation>
--
report which errno failed
--
atf: t_ptrace_wait: Mark attach2 as racy
--
atf: ptrace: Temporarily disable signal3 as it breaks now on some ports
This test is marked as failing with: PR kern/51918.
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
tests/rump/rumpkern/Makefile: revision 1.16
tests/rump/kernspace/Makefile: revision 1.6
tests/rump/kernspace/workqueue.c: revision 1.1
tests/rump/kernspace/workqueue.c: revision 1.2
tests/rump/kernspace/workqueue.c: revision 1.3
tests/rump/kernspace/workqueue.c: revision 1.4
tests/rump/kernspace/workqueue.c: revision 1.5
tests/rump/kernspace/workqueue.c: revision 1.6
tests/rump/rumpkern/t_workqueue.c: revision 1.1
sys/sys/workqueue.h: revision 1.10
tests/rump/rumpkern/t_workqueue.c: revision 1.2
tests/rump/kernspace/kernspace.h: revision 1.5
tests/rump/kernspace/kernspace.h: revision 1.6
sys/net/if_bridge.c: revision 1.147
distrib/sets/lists/debug/mi: revision 1.225
sys/kern/subr_workqueue.c: revision 1.34
share/man/man9/workqueue.9: revision 1.12
sys/net/if_spppsubr.c: revision 1.178
distrib/sets/lists/tests/mi: revision 1.763
Add simple test for workqueue(9)
Add declaration. build fix
sorry, I forgot to commit this file.
Tweak use of cv_timedwait
- Handle its return value
- Specify more appropriate time-out periods (2 ticks is too short)
Fix a race condition on taking the mutex
The workqueue worker can take the mutex before the tester tries to take it after
calling workqueue_enqueue. If it happens, the worker calls cv_broadcast before
the tester calls cv_timedwait and the tester will wait until the cv timed out
Take the mutex before calling workqueue_enqueue so that the tester surely calls
cv_timedwait before the worker calls cv_broadcast.
The fix stabilizes the test, t_workqueue/workqueue1.
Add workqueue_wait that waits for a specific work to finish
The caller must ensure that no new work is enqueued before calling
workqueue_wait. Note that Note that if the workqueue is WQ_PERCPU, the caller
can enqueue a new work to another queue other than the waiting queue.
Discussed on tech-kern@
Ensure the timer isn't running by using workqueue_wait
Functionalize some routines to add new tests easily (NFC)
Add a test case for workqueue_wait
Fix build
distrib/sets/lists/debug/mi: revision 1.222
distrib/sets/lists/tests/mi: revision 1.760
share/man/man4/ip.4: revision 1.38
sys/netinet/in.c: revision 1.207
sys/netinet/in.h: revision 1.101
sys/netinet/in_pcb.c: revision 1.179
sys/netinet/in_pcb.h: revision 1.64
sys/netinet/ip_output.c: revision 1.284, 1.286
sys/netinet/ip_var.h: revision 1.120-1.121
sys/netinet/raw_ip.c: revision 1.166-1.167
sys/netinet/udp_usrreq.c: revision 1.235-1.236
sys/netinet/udp_var.h: revision 1.42
tests/net/net/Makefile: revision 1.21
tests/net/net/t_pktinfo_send.c: revision 1.1-1.2
Add support IP_PKTINFO for sendmsg(2).
The source address or output interface can be specified by adding IP_PKTINFO
to the control part of the message on a SOCK_DGRAM or SOCK_RAW socket.
Reviewed by ozaki-r@ and christos@. thanks.
--
As is the case with IPV6_PKTINFO, IP_PKTINFO can be sent without EADDRINUSE
even if the UDP address:port in use is specified.
tests/net/if_vlan/t_vlan.sh: revision 1.2
tests/net/if_vlan/t_vlan.sh: revision 1.3
tests/net/if_vlan/t_vlan.sh: revision 1.4
tests/net/if_vlan/t_vlan.sh: revision 1.5
Add test cases for vlan(4)
From s-yamaguchi@IIJ
Add counter check to vlan(4) ATF. Implemented by s-yamaguchi@IIJ, thanks.
Add a test case for duplicated VLAN ID.
Add test case of vlan(4)'s re-configure without destroy
(see also if_vlan.c rev. 1.104). Written by s-yamaguchi@iij.
tests/net/ipsec/t_ipsec_misc.sh: revision 1.21
tests/net/ipsec/t_ipsec_misc.sh: revision 1.22
sys/netipsec/key.c: revision 1.235
Mark key_timehandler_ch callout as MP-safe (just forgot to do so)
"Mark key_timehandler_ch callout as MP-safe" change needs one more sec to make lifetime tests stable
Dedup some checks
And the change a bit optimizes checks of SA expirations, which
may shorten testing time.
usr.sbin/rtadvd/rtadvd.c: revision 1.54-1.58
usr.sbin/rtadvd/config.c: revision 1.37
usr.sbin/rtadvd/if.c: revision 1.25
usr.sbin/rtadvd/dump.c: revision 1.15
usr.sbin/rtadvd/rrenum.c: revision 1.20
usr.sbin/rtadvd/logit.h: revision 1.1
usr.sbin/rtadvd/rtadvd.8: revision 1.26
tests/net/ndp/t_ra.sh: revision 1.30
usr.sbin/rtadvd/timer.c: revision 1.14
tests/net/ndp/t_ra.sh: revision 1.31
usr.sbin/rtadvd/advcap.c: revision 1.17
KNF, fix time printing formats.
Don't start another copy of rtadvd if one is running.
PR/52618: Shinichi Doyashiki: Don't exit if adding interface to multicast
group fails. This happens with empty vlan interfaces
- make syscalls checks against -1
- fix errors to print %s: instead of <%s>
XXX: if_vlan is the only pseudo interface in net/ that returns such an
error..
Kill rtadvd surely even if the tests fail in the middle
It may help PR bin/52701.
Change the meaning of the D flag to print errors to stderr instead of
syslog(3) and exit if poll(2) fails (intended to be used with unit-tests).
Mark expandm as preserving format strings.
Let rtadvd not use syslog for logging
Thanks to christos@ now rtadvd can log via stderr instead of syslog
by -D option.
Address PR bin/52701
distrib/sets/lists/debug/mi: 1.228
distrib/sets/lists/tests/mi: 1.765-1.766
etc/mtree/NetBSD.dist.tests: 1.149
sys/net/npf/npf_ctl.c: 1.49
tests/net/ipsec/Makefile: 1.10
tests/net/ipsec/algorithms.sh: 1.6
tests/net/ipsec/natt_terminator.c: 1.1
tests/net/ipsec/t_ipsec_natt.sh: 1.1
tests/net/net_common.sh: 1.23-1.24
usr.sbin/npf/npfctl/npfctl.c: 1.54
Handle esp-udp for NAT-T
--
Fix npfclt reload on rump kernels
It fails because npfctl cannot get an errno when it calls ioctl to the (rump)
kernel; npfctl (libnpf) expects that an errno is returned via proplib,
however, the rump library of npf doesn't so. It happens because of mishandlings
of complicate npf kernel options.
PR kern/52643
--
Fix showing translated port (ntohs-ed twice wrongly)
--
Add test cases of NAT-T (transport mode)
A small C program is added to make a special socket (UDP_ENCAP_ESPINUDP)
and keep it to handle UDP-encapsulated ESP packets.
--
Add net/ipsec debug lib directory
--
Add ./usr/libdata/debug/usr/tests/net/ipsec
--
Stop using bpfjit
Because most architectures don't support it and npf still works without it.
distrib/sets/lists/tests/mi: revision 1.762
sys/net/route.c: revision 1.198-1.201
sys/net/route.h: revision 1.114
sys/netatalk/at_proto.c: revision 1.22
sys/netinet/in_proto.c: revision 1.124
sys/netinet6/in6_proto.c: revision 1.118
sys/netmpls/mpls_proto.c: revision 1.31
sys/netnatm/natm_proto.c: revision 1.18
sys/rump/net/lib/libsockin/sockin.c: revision 1.65
sys/sys/domain.h: revision 1.33
tests/net/route/Makefile: revision 1.6
tests/net/route/t_rtcache.sh: revision 1.1
Add tests of rtcache invalidation
Remove unnecessary NULL check of rt_ifp
It's always non-NULL.
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any
routes have been added or deleted. When a rtcache caches a rtentry into itself,
it also stores a snapshot of the generation counter. If the snapshot equals to
the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are
invalidated when any routes of any protocol families are added or deleted.
If that matters, we should have separate generation counters based on
protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of
PR kern/52515.
Remove the global lock for rtcache
Thanks to removal of LIST_ENTRY of struct route, rtcaches are accessed only by
their users. And in existing usages a rtcache is guranteed to be not accessed
simultaneously. So the rtcache framework doesn't need any exclusion controls
in itself.
Synchronize on rtcache_generation with rtlock
It's racy if NET_MPSAFE is enabled.
Pointed out by joerg@
crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19
crypto/dist/ipsec-tools/src/setkey/token.l: 1.20
distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759
doc/TODO.smpnet: 1.12-1.13
sys/net/pfkeyv2.h: 1.32
sys/net/raw_cb.c: 1.23-1.24, 1.28
sys/net/raw_cb.h: 1.28
sys/net/raw_usrreq.c: 1.57-1.58
sys/net/rtsock.c: 1.228-1.229
sys/netinet/in_proto.c: 1.125
sys/netinet/ip_input.c: 1.359-1.361
sys/netinet/tcp_input.c: 1.359-1.360
sys/netinet/tcp_output.c: 1.197
sys/netinet/tcp_var.h: 1.178
sys/netinet6/icmp6.c: 1.213
sys/netinet6/in6_proto.c: 1.119
sys/netinet6/ip6_forward.c: 1.88
sys/netinet6/ip6_input.c: 1.181-1.182
sys/netinet6/ip6_output.c: 1.193
sys/netinet6/ip6protosw.h: 1.26
sys/netipsec/ipsec.c: 1.100-1.122
sys/netipsec/ipsec.h: 1.51-1.61
sys/netipsec/ipsec6.h: 1.18-1.20
sys/netipsec/ipsec_input.c: 1.44-1.51
sys/netipsec/ipsec_netbsd.c: 1.41-1.45
sys/netipsec/ipsec_output.c: 1.49-1.64
sys/netipsec/ipsec_private.h: 1.5
sys/netipsec/key.c: 1.164-1.234
sys/netipsec/key.h: 1.20-1.32
sys/netipsec/key_debug.c: 1.18-1.21
sys/netipsec/key_debug.h: 1.9
sys/netipsec/keydb.h: 1.16-1.20
sys/netipsec/keysock.c: 1.59-1.62
sys/netipsec/keysock.h: 1.10
sys/netipsec/xform.h: 1.9-1.12
sys/netipsec/xform_ah.c: 1.55-1.74
sys/netipsec/xform_esp.c: 1.56-1.72
sys/netipsec/xform_ipcomp.c: 1.39-1.53
sys/netipsec/xform_ipip.c: 1.50-1.54
sys/netipsec/xform_tcp.c: 1.12-1.16
sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170
sys/rump/librump/rumpnet/net_stub.c: 1.27
sys/sys/protosw.h: 1.67-1.68
tests/net/carp/t_basic.sh: 1.7
tests/net/if_gif/t_gif.sh: 1.11
tests/net/if_l2tp/t_l2tp.sh: 1.3
tests/net/ipsec/Makefile: 1.7-1.9
tests/net/ipsec/algorithms.sh: 1.5
tests/net/ipsec/common.sh: 1.4-1.6
tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2
tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2
tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7
tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7
tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18
tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6
tests/net/ipsec/t_ipsec_tunnel.sh: 1.9
tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3
tests/net/mcast/t_mcast.sh: 1.6
tests/net/net/t_ipaddress.sh: 1.11
tests/net/net_common.sh: 1.20
tests/net/npf/t_npf.sh: 1.3
tests/net/route/t_flags.sh: 1.20
tests/net/route/t_flags6.sh: 1.16
usr.bin/netstat/fast_ipsec.c: 1.22
Do m_pullup before mtod
It may fix panicks of some tests on anita/sparc and anita/GuruPlug.
---
KNF
---
Enable DEBUG for babylon5
---
Apply C99-style struct initialization to xformsw
---
Tweak outputs of netstat -s for IPsec
- Get rid of "Fast"
- Use ipsec and ipsec6 for titles to clarify protocol
- Indent outputs of sub protocols
Original outputs were organized like this:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
New outputs are organized like this:
ipsec:
ah:
esp:
ipip:
ipcomp:
ipsec6:
ah:
esp:
ipip:
ipcomp:
---
Add test cases for IPComp
---
Simplify IPSEC_OSTAT macro (NFC)
---
KNF; replace leading whitespaces with hard tabs
---
Introduce and use SADB_SASTATE_USABLE_P
---
KNF
---
Add update command for testing
Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
---
Add test cases for updating SA/SP
The tests require newly-added udpate command of setkey.
---
PR/52346: Frank Kardel: Fix checksumming for NAT-T
See XXX for improvements.
---
Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE
It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.
Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.
---
Fix usages of sadb_msg_errno
---
Avoid updating sav directly
On SADB_UPDATE a target sav was updated directly, which was unsafe.
Instead allocate another sav, copy variables of the old sav to
the new one and replace the old one with the new one.
---
Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid
---
Rename key_alloc* functions (NFC)
We shouldn't use the term "alloc" for functions that just look up
data and actually don't allocate memory.
---
Use explicit_memset to surely zero-clear key_auth and key_enc
---
Make sure to clear keys on error paths of key_setsaval
---
Add missing KEY_FREESAV
---
Make sure a sav is inserted to a sah list after its initialization completes
---
Remove unnecessary zero-clearing codes from key_setsaval
key_setsaval is now used only for a newly-allocated sav. (It was
used to reset variables of an existing sav.)
---
Correct wrong assumption of sav->refcnt in key_delsah
A sav in a list is basically not to be sav->refcnt == 0. And also
KEY_FREESAV assumes sav->refcnt > 0.
---
Let key_getsavbyspi take a reference of a returning sav
---
Use time_mono_to_wall (NFC)
---
Separate sending message routine (NFC)
---
Simplify; remove unnecessary zero-clears
key_freesaval is used only when a target sav is being destroyed.
---
Omit NULL checks for sav->lft_c
sav->lft_c can be NULL only when initializing or destroying sav.
---
Omit unnecessary NULL checks for sav->sah
---
Omit unnecessary check of sav->state
key_allocsa_policy picks a sav of either MATURE or DYING so we
don't need to check its state again.
---
Simplify; omit unnecessary saidx passing
- ipsec_nextisr returns a saidx but no caller uses it
- key_checkrequest is passed a saidx but it can be gotton by
another argument (isr)
---
Fix splx isn't called on some error paths
---
Fix header size calculation of esp where sav is NULL
---
Fix header size calculation of ah in the case sav is NULL
This fix was also needed for esp.
---
Pass sav directly to opencrypto callback
In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
---
Avoid examining freshness of sav on packet processing
If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance,
we don't need to examine each sav and also don't need to delete one
on the fly and send up a message. Fortunately every sav lists are sorted
as we need.
Added key_validate_savlist validates that each sav list is surely sorted
(run only if DEBUG because it's not cheap).
---
Add test cases for SAs with different SPIs
---
Prepare to stop using isr->sav
isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.
However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.
---
Fix wrong argument handling
---
fix printf format.
---
Don't validate sav lists of LARVAL or DEAD states
We don't sort the lists so the validation will always fail.
Fix PR kern/52405
---
Make sure to sort the list when changing the state by key_sa_chgstate
---
Rename key_allocsa_policy to key_lookup_sa_bysaidx
---
Separate test files
---
Calculate ah_max_authsize on initialization as well as esp_max_ivlen
---
Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag
---
Restore a comment removed in previous
The comment is valid for the below code.
---
Make tests more stable
sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
---
Add tests that explicitly delete SAs instead of waiting for expirations
---
Remove invalid M_AUTHIPDGM check on ESP isr->sav
M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can
have AH authentication as sav->tdb_authalgxform. However, in that
case esp_input and esp_input_cb are used to do ESP decryption and
AH authentication and M_AUTHIPDGM never be set to a mbuf. So
checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless.
---
Look up sav instead of relying on unstable sp->req->sav
This code is executed only in an error path so an additional lookup
doesn't matter.
---
Correct a comment
---
Don't release sav if calling crypto_dispatch again
---
Remove extra KEY_FREESAV from ipsec_process_done
It should be done by the caller.
---
Don't bother the case of crp->crp_buf == NULL in callbacks
---
Hold a reference to an SP during opencrypto processing
An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.
We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.
In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.
---
Don't make SAs expired on tests that delete SAs explicitly
---
Fix a debug message
---
Dedup error paths (NFC)
---
Use pool to allocate tdb_crypto
For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
---
Don't use unstable isr->sav for header size calculations
We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).
---
Don't use sp->req->sav when handling NAT-T ESP fragmentation
In order to do this we need to look up a sav however an additional
look-up degrades performance. A sav is later looked up in
ipsec4_process_packet so delay the fragmentation check until then
to avoid an extra look-up.
---
Don't use key_lookup_sp that depends on unstable sp->req->sav
It provided a fast look-up of SP. We will provide an alternative
method in the future (after basic MP-ification finishes).
---
Stop setting isr->sav on looking up sav in key_checkrequest
---
Remove ipsecrequest#sav
---
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore
---
Skip ipsec_spi_*_*_preferred_new_timeout when running on qemu
Probably due to PR 43997
---
Add localcount to rump kernels
---
Remove unused macro
---
Fix key_getcomb_setlifetime
The fix adjusts a soft limit to be 80% of a corresponding hard limit.
I'm not sure the fix is really correct though, at least the original
code is wrong. A passed comb is zero-cleared before calling
key_getcomb_setlifetime, so
comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
is meaningless.
---
Provide and apply key_sp_refcnt (NFC)
It simplifies further changes.
---
Fix indentation
Pointed out by knakahara@
---
Use pslist(9) for sptree
---
Don't acquire global locks for IPsec if NET_MPSAFE
Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
---
Let PF_KEY socks hold their own lock instead of softnet_lock
Operations on SAD and SPD are executed via PF_KEY socks. The operations
include deletions of SAs and SPs that will use synchronization mechanisms
such as pserialize_perform to wait for references to SAs and SPs to be
released. It is known that using such mechanisms with holding softnet_lock
causes a dead lock. We should avoid the situation.
---
Make IPsec SPD MP-safe
We use localcount(9), not psref(9), to make the sptree and secpolicy (SP)
entries MP-safe because SPs need to be referenced over opencrypto
processing that executes a callback in a different context.
SPs on sockets aren't managed by the sptree and can be destroyed in softint.
localcount_drain cannot be used in softint so we delay the destruction of
such SPs to a thread context. To do so, a list to manage such SPs is added
(key_socksplist) and key_timehandler_spd deletes dead SPs in the list.
For more details please read the locking notes in key.c.
Proposed on tech-kern@ and tech-net@
---
Fix updating ipsec_used
- key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush
- key_update_used wasn't called if an SP had been added/deleted but
a reply to userland failed
---
Fix updating ipsec_used; turn on when SPs on sockets are added
---
Add missing IPsec policy checks to icmp6_rip6_input
icmp6_rip6_input is quite similar to rip6_input and the same checks exist
in rip6_input.
---
Add test cases for setsockopt(IP_IPSEC_POLICY)
---
Don't use KEY_NEWSP for dummy SP entries
By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.
---
Comment out unused functions
---
Add test cases that there are SPs but no relevant SAs
---
Don't allow sav->lft_c to be NULL
lft_c of an sav that was created by SADB_GETSPI could be NULL.
---
Clean up clunky eval strings
- Remove unnecessary \ at EOL
- This allows to omit ; too
- Remove unnecessary quotes for arguments of atf_set
- Don't expand $DEBUG in eval
- We expect it's expanded on execution
Suggested by kre@
---
Remove unnecessary KEY_FREESAV in an error path
sav should be freed (unreferenced) by the caller.
---
Use pslist(9) for sahtree
---
Use pslist(9) for sah->savtree
---
Rename local variable newsah to sah
It may not be new.
---
MP-ify SAD slightly
- Introduce key_sa_mtx and use it for some list operations
- Use pserialize for some list iterations
---
Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future
KEY_SA_UNREF is still key_freesav so no functional change for now.
This change reduces diff of further changes.
---
Remove out-of-date log output
Pointed out by riastradh@
---
Use KDASSERT instead of KASSERT for mutex_ownable
Because mutex_ownable is too heavy to run in a fast path
even for DIAGNOSTIC + LOCKDEBUG.
Suggested by riastradh@
---
Assemble global lists and related locks into cache lines (NFCI)
Also rename variable names from *tree to *list because they are
just lists, not trees.
Suggested by riastradh@
---
Move locking notes
---
Update the locking notes
- Add locking order
- Add locking notes for misc lists such as reglist
- Mention pserialize, key_sp_ref and key_sp_unref on SP operations
Requested by riastradh@
---
Describe constraints of key_sp_ref and key_sp_unref
Requested by riastradh@
---
Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL
---
Add __read_mostly to key_psz
Suggested by riastradh@
---
Tweak wording (pserialize critical section => pserialize read section)
Suggested by riastradh@
---
Add missing mutex_exit
---
Fix setkey -D -P outputs
The outputs were tweaked (by me), but I forgot updating libipsec
in my local ATF environment...
---
MP-ify SAD (key_sad.sahlist and sah entries)
localcount(9) is used to protect key_sad.sahlist and sah entries
as well as SPD (and will be used for SAD sav).
Please read the locking notes of SAD for more details.
---
Introduce key_sa_refcnt and replace sav->refcnt with it (NFC)
---
Destroy sav only in the loop for DEAD sav
---
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf
If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.
Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.
Reported by knakahara@
Tested by knakahara@ and ozaki-r@
---
Fix locking notes of SAD
---
Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain
If we call key_sendup_mbuf from key_acquire that is called on packet
processing, a deadlock can happen like this:
- At key_acquire, a reference to an SP (and an SA) is held
- key_sendup_mbuf will try to take key_so_mtx
- Some other thread may try to localcount_drain to the SP with
holding key_so_mtx in say key_api_spdflush
- In this case localcount_drain never return because key_sendup_mbuf
that has stuck on key_so_mtx never release a reference to the SP
Fix the deadlock by deferring key_sendup_mbuf to the timer
(key_timehandler).
---
Fix that prev isn't cleared on retry
---
Limit the number of mbufs queued for deferred key_sendup_mbuf
It's easy to be queued hundreds of mbufs on the list under heavy
network load.
---
MP-ify SAD (savlist)
localcount(9) is used to protect savlist of sah. The basic design is
similar to MP-ifications of SPD and SAD sahlist. Please read the
locking notes of SAD for more details.
---
Simplify ipsec_reinject_ipstack (NFC)
---
Add per-CPU rtcache to ipsec_reinject_ipstack
It reduces route lookups and also reduces rtcache lock contentions
when NET_MPSAFE is enabled.
---
Use pool_cache(9) instead of pool(9) for tdb_crypto objects
The change improves network throughput especially on multi-core systems.
---
Update
ipsec(4), opencrypto(9) and vlan(4) are now MP-safe.
---
Write known issues on scalability
---
Share a global dummy SP between PCBs
It's never be changed so it can be pre-allocated and shared safely between PCBs.
---
Fix race condition on the rawcb list shared by rtsock and keysock
keysock now protects itself by its own mutex, which means that
the rawcb list is protected by two different mutexes (keysock's one
and softnet_lock for rtsock), of course it's useless.
Fix the situation by having a discrete rawcb list for each.
---
Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE
---
fix localcount leak in sav. fixed by ozaki-r@n.o.
I commit on behalf of him.
---
remove unnecessary comment.
---
Fix deadlock between pserialize_perform and localcount_drain
A typical ussage of localcount_drain looks like this:
mutex_enter(&mtx);
item = remove_from_list();
pserialize_perform(psz);
localcount_drain(&item->localcount, &cv, &mtx);
mutex_exit(&mtx);
This sequence can cause a deadlock which happens for example on the following
situation:
- Thread A calls localcount_drain which calls xc_broadcast after releasing
a specified mutex
- Thread B enters the sequence and calls pserialize_perform with holding
the mutex while pserialize_perform also calls xc_broadcast
- Thread C (xc_thread) that calls an xcall callback of localcount_drain tries
to hold the mutex
xc_broadcast of thread B doesn't start until xc_broadcast of thread A
finishes, which is a feature of xcall(9). This means that pserialize_perform
never complete until xc_broadcast of thread A finishes. On the other hand,
thread C that is a callee of xc_broadcast of thread A sticks on the mutex.
Finally the threads block each other (A blocks B, B blocks C and C blocks A).
A possible fix is to serialize executions of the above sequence by another
mutex, but adding another mutex makes the code complex, so fix the deadlock
by another way; the fix is to release the mutex before pserialize_perform
and instead use a condvar to prevent pserialize_perform from being called
simultaneously.
Note that the deadlock has happened only if NET_MPSAFE is enabled.
---
Add missing ifdef NET_MPSAFE
---
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
---
- sanitize key debugging so that we don't print extra newlines or unassociated
debugging messages.
- remove unused functions and make internal ones static
- print information in one line per message
---
humanize printing of ip addresses
---
cast reduction, NFC.
---
Fix typo in comment
---
Pull out ipsec_fill_saidx_bymbuf (NFC)
---
Don't abuse key_checkrequest just for looking up sav
It does more than expected for example key_acquire.
---
Fix SP is broken on transport mode
isr->saidx was modified accidentally in ipsec_nextisr.
Reported by christos@
Helped investigations by christos@ and knakahara@
---
Constify isr at many places (NFC)
---
Include socketvar.h for softnet_lock
---
Fix buffer length for ipsec_logsastr
tests/include/sys/t_list.c: revision 1.1
tests/include/sys/t_list.c: revision 1.2
tests/include/sys/Makefile: revision 1.13
share/man/man3/queue.3: revision 1.59
distrib/sets/lists/debug/mi: revision 1.226
sys/sys/queue.h: revision 1.71
distrib/sets/lists/tests/mi: revision 1.764
Fix the LIST_MOVE macro to properly update the back-pointer of the
first entry in the list.
Note that the signature of LIST_MOVE() macro also changes (it grew an
additional argument). This should not require a kernel version bump
since nothing appears to use LIST_MOVE() other than the recently added
atf test.
Update for new signature for LIST_MOVE()
Add a new minimalistic test for LIST_MOVE to verify that the list's
first entry's prev pointer correctly points to the listhead.
This test will fail until a fix for LIST_MOVE is checked in (soon).
Add new LIST_MOVE test to sets list.
Update recently-added test to adapt to new signature of LIST_MOVE()
add t_list test.
martin