svn commit: r53171 - in head/share: security/advisories security/patches/EN-19:11 security/patches/SA-19:08 xml
Gordon Tetlow
gordon at FreeBSD.org
Wed Jun 19 16:54:14 UTC 2019
Author: gordon (src committer)
Date: Wed Jun 19 16:54:06 2019
New Revision: 53171
URL: https://svnweb.freebsd.org/changeset/doc/53171
Log:
Add SA-19:08 and EN-19:11.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:11.net.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:08.rack.asc (contents, props changed)
head/share/security/patches/EN-19:11/
head/share/security/patches/EN-19:11/net.patch (contents, props changed)
head/share/security/patches/EN-19:11/net.patch.asc (contents, props changed)
head/share/security/patches/SA-19:08/
head/share/security/patches/SA-19:08/rack.patch (contents, props changed)
head/share/security/patches/SA-19:08/rack.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:11.net.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:11.net.asc Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:11.net Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect locking in networking stack
+
+Category: core
+Module: net
+Announced: 2019-06-19
+Affects: FreeBSD 12.x
+Corrected: 2019-04-01 14:19:09 UTC (stable/12, 12.0-STABLE)
+ 2019-06-19 16:41:18 UTC (releng/12.0, 12.0-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Some parts of the network stack use a synchronization primitive, epoch(9),
+that is new in FreeBSD 12.0. In some places where reader-writer locks were
+previously used, existing KPIs were preserved and their implementations
+replaced with epoch(9).
+
+II. Problem Description
+
+A pair of KPIs that were converted to epoch(9) were modified incorrectly, and
+thus failed to provide the synchronization guarantees expected by their
+consumers.
+
+III. Impact
+
+The bug can cause kernel memory corruption or kernel assertion failures,
+depending on whether the INVARIANTS option is configured. The bug is more
+likely to impact heavily loaded systems.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) Update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterwards, reboot the system.
+
+2) Update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:11/net.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:11/net.patch.asc
+# gpg --verify net.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r345764
+releng/12.0/ r349198
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236846>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:11.net.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0KZzxfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLg/RAAmE7CV+NRWEu3RxLjrXbxCUC6+e0McoRAeS8mKBfeWAIbyHJKN83i0G5b
+1vefBZ6rsBFZWxk2MNMSFRcV3WsE+9GoUfl0Yz0xhWN9Uu9BLDAWIBtdYt1/P+YC
+8Q6yteM6VEBKyYsm/4pqOviyv4HjlQTR+Skqk9kjBXJXXdEUqoS/iGQmBD8UYY6g
++bFxrHX3BiJ1X5xgqEIU6UdLyGl6N2fc0bbhj9DiEi1t7OsY0XbKR32itHtCExut
+G2iYYeCYIuCLlumQbyCVU1p+vi1CnVyC4UQbZKTN3xIaALopMWG/dQqv99bZwFUR
+wGHLWjQo5avzaWF0mIGk8XHgkVQndc1OfPxZ/MDi4POQlFyt+tjykrGumlMUGqJh
+4GK9n7M/0u/bbDo3P5t1GkHbekFGc5aOvFHR+LjyLPY75n7mbFPKBdyAa4UnuM2w
+EeQTsZhzOxHnDS752JBfiw5dVKXzmyjmbKJvhkBLdFO/tQ33lBtmMvrO1AIaPMcB
+pdok94KvxbaH7Y+SzspcWBu63NLZTWOcHu75PVM8dR7CWUP55dGKLS4He24vmPNv
+PBNHRbtbN0tGbaQQPaYExnryncolgi+5jK/B1AJGnDONIn3ODQkcEn7roFQoZBJT
+1G3KvUCdvbESZ+1Gxif3BNop6y9fg7WLMaJSyoElHr56W4lG8u0=
+=nqeJ
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:08.rack.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:08.rack.asc Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:08.rack Security Advisory
+ The FreeBSD Project
+
+Topic: Resource exhaustion in non-default RACK TCP stack
+
+Category: core
+Module: inet
+Announced: 2019-06-19
+Credits: Jonathan Looney (Netflix)
+ Peter Lei (Netflix)
+Affects: FreeBSD 12.0 and later
+Corrected: 2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE)
+ 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)
+CVE Name: CVE-2019-5599
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides
+a connection-oriented, reliable, sequence-preserving data stream service.
+
+A TCP loss detection algorithm called RACK ("Recent ACKnowledgment") uses the
+notion of time, in addition to packet or sequence counts, to detect losses
+for modern TCP implementations that support per-packet timestamps and the
+selective acknowledgment (SACK) option.
+
+FreeBSD ships an optional implementation of RACK. Please note this is not
+included by default. If RACK was not specifically compiled, installed, and
+loaded, the system is not vulnerable.
+
+II. Problem Description
+
+While processing acknowledgements, the RACK code uses several linked lists to
+maintain state entries. A malicious attacker can cause the lists to grow
+unbounded. This can cause an expensive list traversal on every packet being
+processed, leading to resource exhaustion and a denial of service.
+
+III. Impact
+
+An attacker with the ability to send specially crafted TCP traffic to a
+victim system can degrade network performance and/or consume excessive CPU by
+exploiting the inefficiency of traversing the potentially very large RACK
+linked lists with relatively small bandwidth cost.
+
+IV. Workaround
+
+By default RACK is not compiled or loaded into the TCP stack. To determine
+if you are using RACK, check the net.inet.tcp.functions_available sysctl.
+If it includes a line with "rack", the RACK stack is loaded.
+
+To disable RACK, unload the kernel module with:
+
+# kldunload tcp_rack
+
+Note: it may be required to use the force flag (-f) with the kldunload.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Since the tcp_rack kernel module is not built by default, recompile,
+reinstall, and reload the kernel module.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:08/rack.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:08/rack.patch.asc
+# gpg --verify rack.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile, reinstall, and reload the tcp_rack kernel module.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349197
+releng/12.0/ r349199
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0KZy1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK8ZxAAjT8bPjh+U0DGQEjnWvmzkMl7sDd2ISMTzKXh+WVGZ0wdwLuHqCHbBhHw
+POAyJ4VprY9bGFK1EkoDuA5x0MPRXV4Zbk9I9eNKmzjbvj1JW92fubr/t6ITqiNp
+2BAGK6iZ61saZyZNmQvTcZZzEao1ZRqylI3OEJWUwt9nomW6RJhRbRoJvbhl9oJE
+Dz+ZjtZmf5oKccfkgoom8i7s4sHM1wFu+S00gYM7X/Nznv2S3B66pBYVhID30MGE
+TKUqDYKdX7UbO/+WsWYVVBOA8Sp7FbdWLMGXXmk7jA9cVW+YUpir7yMYzIU5Ps6R
+rLMQv4Rc593aznEDdvZkElW6AGMfLh4dpzqBKHbidKSZTv7q0KNQ52XJb18wD8n3
+1vr4L54HKai1xfl52MvLvUP7hPjLR1jW1W6QJ5Hk3qGU4aViifStY5VfJ/8J6uuT
+FUi5J9szYDraT8mWlIRfZNTRnbrQX2FoLjjsouL8v9kCj+83NB92wh+vylplVzKF
+vlw18g6yC6USuE90OfdY9gXFRxiUWE+/Y0R0+/aEvuqSa9mMLQfolznl3zf1RaK8
+GWX892iYmYYiTjN/HKttkdvfrQMYWLoW4COO+6h09VyNApQSpLikclERLnysi72M
+EHRUquiZdZyV7nFmQGAeW779sdSE0d6gUTvS6Ak/PTzfAhy/Vj8=
+=ggzB
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:11/net.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:11/net.patch Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,114 @@
+--- sys/net/if.c.orig
++++ sys/net/if.c
+@@ -62,6 +62,8 @@
+ #include <sys/domain.h>
+ #include <sys/jail.h>
+ #include <sys/priv.h>
++#include <sys/sched.h>
++#include <sys/smp.h>
+
+ #include <machine/stdarg.h>
+ #include <vm/uma.h>
+@@ -1755,6 +1757,30 @@
+ ifd->ifi_noproto = ifp->if_get_counter(ifp, IFCOUNTER_NOPROTO);
+ }
+
++struct ifnet_read_lock {
++ struct mtx mtx; /* lock protecting tracker below */
++ struct epoch_tracker et;
++};
++
++DPCPU_DEFINE_STATIC(struct ifnet_read_lock, ifnet_addr_read_lock);
++DPCPU_DEFINE_STATIC(struct ifnet_read_lock, ifnet_maddr_read_lock);
++
++static void
++ifnet_read_lock_init(void __unused *arg)
++{
++ struct ifnet_read_lock *pifrl;
++ int cpu;
++
++ CPU_FOREACH(cpu) {
++ pifrl = DPCPU_ID_PTR(cpu, ifnet_addr_read_lock);
++ mtx_init(&pifrl->mtx, "ifnet_addr_read_lock", NULL, MTX_DEF);
++
++ pifrl = DPCPU_ID_PTR(cpu, ifnet_maddr_read_lock);
++ mtx_init(&pifrl->mtx, "ifnet_maddr_read_lock", NULL, MTX_DEF);
++ }
++}
++SYSINIT(ifnet_read_lock_init, SI_SUB_CPU + 1, SI_ORDER_FIRST, &ifnet_read_lock_init, NULL);
++
+ /*
+ * Wrapper functions for struct ifnet address list locking macros. These are
+ * used by kernel modules to avoid encoding programming interface or binary
+@@ -1764,35 +1790,47 @@
+ void
+ if_addr_rlock(struct ifnet *ifp)
+ {
+- MPASS(*(uint64_t *)&ifp->if_addr_et == 0);
+- epoch_enter_preempt(net_epoch_preempt, &ifp->if_addr_et);
++ struct ifnet_read_lock *pifrl;
++
++ sched_pin();
++ pifrl = DPCPU_PTR(ifnet_addr_read_lock);
++ mtx_lock(&pifrl->mtx);
++ epoch_enter_preempt(net_epoch_preempt, &pifrl->et);
+ }
+
+ void
+ if_addr_runlock(struct ifnet *ifp)
+ {
+- epoch_exit_preempt(net_epoch_preempt, &ifp->if_addr_et);
+-#ifdef INVARIANTS
+- bzero(&ifp->if_addr_et, sizeof(struct epoch_tracker));
+-#endif
++ struct ifnet_read_lock *pifrl;
++
++ pifrl = DPCPU_PTR(ifnet_addr_read_lock);
++
++ epoch_exit_preempt(net_epoch_preempt, &pifrl->et);
++ mtx_unlock(&pifrl->mtx);
++ sched_unpin();
+ }
+
+ void
+ if_maddr_rlock(if_t ifp)
+ {
++ struct ifnet_read_lock *pifrl;
+
+- MPASS(*(uint64_t *)&ifp->if_maddr_et == 0);
+- epoch_enter_preempt(net_epoch_preempt, &ifp->if_maddr_et);
++ sched_pin();
++ pifrl = DPCPU_PTR(ifnet_maddr_read_lock);
++ mtx_lock(&pifrl->mtx);
++ epoch_enter_preempt(net_epoch_preempt, &pifrl->et);
+ }
+
+ void
+ if_maddr_runlock(if_t ifp)
+ {
++ struct ifnet_read_lock *pifrl;
+
+- epoch_exit_preempt(net_epoch_preempt, &ifp->if_maddr_et);
+-#ifdef INVARIANTS
+- bzero(&ifp->if_maddr_et, sizeof(struct epoch_tracker));
+-#endif
++ pifrl = DPCPU_PTR(ifnet_maddr_read_lock);
++
++ epoch_exit_preempt(net_epoch_preempt, &pifrl->et);
++ mtx_unlock(&pifrl->mtx);
++ sched_unpin();
+ }
+
+ /*
+--- sys/net/if_var.h.orig
++++ sys/net/if_var.h
+@@ -381,8 +381,7 @@
+ */
+ struct netdump_methods *if_netdump_methods;
+ struct epoch_context if_epoch_ctx;
+- struct epoch_tracker if_addr_et;
+- struct epoch_tracker if_maddr_et;
++ void *if_unused[4];
+
+ /*
+ * Spare fields to be added before branching a stable branch, so
Added: head/share/security/patches/EN-19:11/net.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:11/net.patch.asc Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0KZ0lfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK+MQ//UXhOeoBsuv5BC6tRlXO3685gNeVBrv3AUW4P11eDNoRRKJ5zzUx4NoIs
+PdGLuhJzqPHx3rBEWldhORfdNGl7207CS9LHMmf/zGLnx5h0Sveuef70QIzjBWT/
+GjIRQ/wkbsWRXH9CgLw/OgnBRvtO2EYL2+evsxpir471ehF+5/zQ2a/5jczhDYnR
+v0wX9AV5gINm3RSwWBTX7vNaQfCvR1pfD4lZUu/o8fYEP8YQeCZUplf2BE1APoNc
+zmKqn21aGXWLhP1+lGR0yBNRGYEZVvNLf3URhfJOQqMWf3LXIsR6XOGbYPZcUg22
+EY3oKYtLzUZINPW/hDEzKKw8mx+KXwN7fIe4r/m7IY5093QdQLKRanl8AwWhEcuE
+aDxe6lv4Kg9staT5Jmy4z06dl/DOGlCvi/k1Wmiuk6svxS2BQ6SWJpoGbZDgUeLO
+0mYnWRrSLr/rfy7YfYUW4UAY7I2GoGzXnWSXq54BiSQd4saB+1NYvSV+GzRmdpgU
+OtD3o59rjleWtS/FboqWrL7ViVbzvJRjoKGHFPh/olc/OW0vwTleFo0xG7iXOJJK
+kfAw1KVC79PF7PFec1pDEEmhSlkaBSto+QNKE2cKC7pBbSAysHHnZDwMRcZFWm48
+3zmq/jjwYNnjfmWBhRIMgqPjZdGzOiv2+KN8X53TWwiy4iio4GQ=
+=kUNo
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-19:08/rack.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:08/rack.patch Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,190 @@
+--- sys/netinet/tcp_stacks/rack.c.orig
++++ sys/netinet/tcp_stacks/rack.c
+@@ -1,5 +1,5 @@
+ /*-
+- * Copyright (c) 2016-2018
++ * Copyright (c) 2016-2019
+ * Netflix Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+@@ -203,6 +203,7 @@
+ static int32_t rack_sack_block_limit = 128;
+ static int32_t rack_use_sack_filter = 1;
+ static int32_t rack_tlp_threshold_use = TLP_USE_TWO_ONE;
++static uint32_t rack_map_split_limit = 0; /* unlimited by default */
+
+ /* Rack specific counters */
+ counter_u64_t rack_badfr;
+@@ -228,6 +229,8 @@
+ counter_u64_t rack_to_alloc;
+ counter_u64_t rack_to_alloc_hard;
+ counter_u64_t rack_to_alloc_emerg;
++counter_u64_t rack_alloc_limited_conns;
++counter_u64_t rack_split_limited;
+
+ counter_u64_t rack_sack_proc_all;
+ counter_u64_t rack_sack_proc_short;
+@@ -261,6 +264,8 @@
+ rack_ack_received(struct tcpcb *tp, struct tcp_rack *rack,
+ struct tcphdr *th, uint16_t nsegs, uint16_t type, int32_t recovery);
+ static struct rack_sendmap *rack_alloc(struct tcp_rack *rack);
++static struct rack_sendmap *rack_alloc_limit(struct tcp_rack *rack,
++ uint8_t limit_type);
+ static struct rack_sendmap *
+ rack_check_recovery_mode(struct tcpcb *tp,
+ uint32_t tsused);
+@@ -445,6 +450,8 @@
+ counter_u64_zero(rack_sack_proc_short);
+ counter_u64_zero(rack_sack_proc_restart);
+ counter_u64_zero(rack_to_alloc);
++ counter_u64_zero(rack_alloc_limited_conns);
++ counter_u64_zero(rack_split_limited);
+ counter_u64_zero(rack_find_high);
+ counter_u64_zero(rack_runt_sacks);
+ counter_u64_zero(rack_used_tlpmethod);
+@@ -622,6 +629,11 @@
+ OID_AUTO, "pktdelay", CTLFLAG_RW,
+ &rack_pkt_delay, 1,
+ "Extra RACK time (in ms) besides reordering thresh");
++ SYSCTL_ADD_U32(&rack_sysctl_ctx,
++ SYSCTL_CHILDREN(rack_sysctl_root),
++ OID_AUTO, "split_limit", CTLFLAG_RW,
++ &rack_map_split_limit, 0,
++ "Is there a limit on the number of map split entries (0=unlimited)");
+ SYSCTL_ADD_S32(&rack_sysctl_ctx,
+ SYSCTL_CHILDREN(rack_sysctl_root),
+ OID_AUTO, "inc_var", CTLFLAG_RW,
+@@ -757,7 +769,19 @@
+ SYSCTL_CHILDREN(rack_sysctl_root),
+ OID_AUTO, "allocemerg", CTLFLAG_RD,
+ &rack_to_alloc_emerg,
+- "Total alocations done from emergency cache");
++ "Total allocations done from emergency cache");
++ rack_alloc_limited_conns = counter_u64_alloc(M_WAITOK);
++ SYSCTL_ADD_COUNTER_U64(&rack_sysctl_ctx,
++ SYSCTL_CHILDREN(rack_sysctl_root),
++ OID_AUTO, "alloc_limited_conns", CTLFLAG_RD,
++ &rack_alloc_limited_conns,
++ "Connections with allocations dropped due to limit");
++ rack_split_limited = counter_u64_alloc(M_WAITOK);
++ SYSCTL_ADD_COUNTER_U64(&rack_sysctl_ctx,
++ SYSCTL_CHILDREN(rack_sysctl_root),
++ OID_AUTO, "split_limited", CTLFLAG_RD,
++ &rack_split_limited,
++ "Split allocations dropped due to limit");
+ rack_sack_proc_all = counter_u64_alloc(M_WAITOK);
+ SYSCTL_ADD_COUNTER_U64(&rack_sysctl_ctx,
+ SYSCTL_CHILDREN(rack_sysctl_root),
+@@ -1121,10 +1145,11 @@
+ {
+ struct rack_sendmap *rsm;
+
+- counter_u64_add(rack_to_alloc, 1);
+- rack->r_ctl.rc_num_maps_alloced++;
+ rsm = uma_zalloc(rack_zone, M_NOWAIT);
+ if (rsm) {
++alloc_done:
++ counter_u64_add(rack_to_alloc, 1);
++ rack->r_ctl.rc_num_maps_alloced++;
+ return (rsm);
+ }
+ if (rack->rc_free_cnt) {
+@@ -1132,14 +1157,46 @@
+ rsm = TAILQ_FIRST(&rack->r_ctl.rc_free);
+ TAILQ_REMOVE(&rack->r_ctl.rc_free, rsm, r_next);
+ rack->rc_free_cnt--;
+- return (rsm);
++ goto alloc_done;
+ }
+ return (NULL);
+ }
+
++/* wrapper to allocate a sendmap entry, subject to a specific limit */
++static struct rack_sendmap *
++rack_alloc_limit(struct tcp_rack *rack, uint8_t limit_type)
++{
++ struct rack_sendmap *rsm;
++
++ if (limit_type) {
++ /* currently there is only one limit type */
++ if (rack_map_split_limit > 0 &&
++ rack->r_ctl.rc_num_split_allocs >= rack_map_split_limit) {
++ counter_u64_add(rack_split_limited, 1);
++ if (!rack->alloc_limit_reported) {
++ rack->alloc_limit_reported = 1;
++ counter_u64_add(rack_alloc_limited_conns, 1);
++ }
++ return (NULL);
++ }
++ }
++
++ /* allocate and mark in the limit type, if set */
++ rsm = rack_alloc(rack);
++ if (rsm != NULL && limit_type) {
++ rsm->r_limit_type = limit_type;
++ rack->r_ctl.rc_num_split_allocs++;
++ }
++ return (rsm);
++}
++
+ static void
+ rack_free(struct tcp_rack *rack, struct rack_sendmap *rsm)
+ {
++ if (rsm->r_limit_type) {
++ /* currently there is only one limit type */
++ rack->r_ctl.rc_num_split_allocs--;
++ }
+ rack->r_ctl.rc_num_maps_alloced--;
+ if (rack->r_ctl.rc_tlpsend == rsm)
+ rack->r_ctl.rc_tlpsend = NULL;
+@@ -3955,7 +4012,7 @@
+ /*
+ * Need to split this in two pieces the before and after.
+ */
+- nrsm = rack_alloc(rack);
++ nrsm = rack_alloc_limit(rack, RACK_LIMIT_TYPE_SPLIT);
+ if (nrsm == NULL) {
+ /*
+ * failed XXXrrs what can we do but loose the sack
+@@ -4016,7 +4073,7 @@
+ goto do_rest_ofb;
+ }
+ /* Ok we need to split off this one at the tail */
+- nrsm = rack_alloc(rack);
++ nrsm = rack_alloc_limit(rack, RACK_LIMIT_TYPE_SPLIT);
+ if (nrsm == NULL) {
+ /* failed rrs what can we do but loose the sack info? */
+ goto out;
+--- sys/netinet/tcp_stacks/tcp_rack.h.orig
++++ sys/netinet/tcp_stacks/tcp_rack.h
+@@ -55,8 +55,10 @@
+ uint8_t r_sndcnt; /* Retran count, not limited by
+ * RACK_NUM_OF_RETRANS */
+ uint8_t r_in_tmap; /* Flag to see if its in the r_tnext array */
+- uint8_t r_resv[3];
++ uint8_t r_limit_type; /* is this entry counted against a limit? */
++ uint8_t r_resv[2];
+ };
++#define RACK_LIMIT_TYPE_SPLIT 1
+
+ TAILQ_HEAD(rack_head, rack_sendmap);
+
+@@ -242,7 +244,7 @@
+ uint32_t rc_num_maps_alloced; /* Number of map blocks (sacks) we
+ * have allocated */
+ uint32_t rc_rcvtime; /* When we last received data */
+- uint32_t rc_notused;
++ uint32_t rc_num_split_allocs; /* num split map entries allocated */
+ uint32_t rc_last_output_to;
+ uint32_t rc_went_idle_time;
+
+@@ -311,7 +313,8 @@
+ uint8_t rack_tlp_threshold_use;
+ uint8_t rc_allow_data_af_clo: 1,
+ delayed_ack : 1,
+- rc_avail : 6;
++ alloc_limit_reported : 1,
++ rc_avail : 5;
+ uint8_t r_resv[2]; /* Fill to cache line boundary */
+ /* Cache line 2 0x40 */
+ struct rack_control r_ctl;
Added: head/share/security/patches/SA-19:08/rack.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:08/rack.patch.asc Wed Jun 19 16:54:06 2019 (r53171)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0KZ0ZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJOQg/+Jd8CDSaVJ+s6mB6ZWEfwPlLOn2t8eRr0Wm1+JgcWvLZyXfDKkyBmO998
+SAV8eIKveF+hvA9CRy8/ZHU+NLLERqS6PdzTtFhITMbS1Jnn7foPNzr3B45hZMmC
+g08fMvQB8gbOMrBJc0KZWgQywyMmNcr9Mudo6rj+D75tYTSnimxevOny7cSfixL/
+MtASHue0cU3OcPC/Z9tDptDnsFNKpXIrK4iHKN6jO5lrn+kZnWVHAPHlB2fxC9ny
+nuwfoXxABdYAhpG5Bh9IV5wfd9TEyg4WWUtR/t2LvxDRJaovlz6IT0buI4j/Ulqs
+UlXQ8FHBt36b8TGzx1pZYUAYK4dZlil6UTGERs7Bxoi8+OR7kaYHCCmAq4ql0d5/
+8gPAJqb/wbsM48jCV9nvl0j8QuDrLObmEVWgXON9ZxpXwzL3RdyuI58rklIOTXoh
+5Du1rkBL3CD1gXUynroTWLjCBabT4nLT97wd1xbg9OyxRclW/N1/v+PALARG4o6A
+zG6YlSpTqZp/bdiAweEqTiuTCGdSJMkbJOox1jZD6MK570vojoqS2xhlWZzGPEk2
+cKlpiTZowIEVQEeWvOj3doLD9bfkShWpnjYLUnh0dAY+l9cD27JlJwHqoumMZMv4
+CHZ9CO5crPhi0TKBP+uHaLpk6QRCHETH9mZ7n5OLtjVbncFBmsk=
+=5bec
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Wed Jun 19 14:50:39 2019 (r53170)
+++ head/share/xml/advisories.xml Wed Jun 19 16:54:06 2019 (r53171)
@@ -8,6 +8,20 @@
<name>2019</name>
<month>
+ <name>6</name>
+
+ <day>
+ <name>19</name>
+
+ <advisory>
+ <name>FreeBSD-SA-19:08.rack</name>
+ </advisory>
+
+ </day>
+
+ </month>
+
+ <month>
<name>5</name>
<day>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Wed Jun 19 14:50:39 2019 (r53170)
+++ head/share/xml/notices.xml Wed Jun 19 16:54:06 2019 (r53171)
@@ -8,6 +8,19 @@
<name>2019</name>
<month>
+ <name>6</name>
+
+ <day>
+ <name>19</name>
+
+ <notice>
+ <name>FreeBSD-EN-19:11.net</name>
+ </notice>
+
+ </day>
+ </month>
+
+ <month>
<name>5</name>
<day>
More information about the svn-doc-all
mailing list