svn commit: r358285 - in head/sys: netinet netinet/libalias netinet6
Pawel Biernacki
kaktus at FreeBSD.org
Mon Feb 24 10:47:20 UTC 2020
Author: kaktus
Date: Mon Feb 24 10:47:18 2020
New Revision: 358285
URL: https://svnweb.freebsd.org/changeset/base/358285
Log:
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (14 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
Approved by: kib (mentor, blanket)
Differential Revision: https://reviews.freebsd.org/D23639
Modified:
head/sys/netinet/libalias/alias_sctp.c
head/sys/netinet/sctp_sysctl.c
head/sys/netinet/sctp_usrreq.c
head/sys/netinet6/sctp6_usrreq.c
Modified: head/sys/netinet/libalias/alias_sctp.c
==============================================================================
--- head/sys/netinet/libalias/alias_sctp.c Mon Feb 24 10:45:22 2020 (r358284)
+++ head/sys/netinet/libalias/alias_sctp.c Mon Feb 24 10:47:18 2020 (r358285)
@@ -367,44 +367,68 @@ SYSCTL_DECL(_net_inet);
SYSCTL_DECL(_net_inet_ip);
SYSCTL_DECL(_net_inet_ip_alias);
-static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp, CTLFLAG_RW, NULL,
+static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp,
+ CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
"SCTP NAT");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_log_level, 0, sysctl_chg_loglevel, "IU",
"Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_init_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_up_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) to keep an association up with no traffic");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for SHUTDOWN-COMPLETE");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_holddown_timer, 0, sysctl_chg_timer, "IU",
"Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU",
"Size of hash tables used for NAT lookups (100 < prime_number > 1000001)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb, CTLTYPE_UINT | CTLFLAG_RW,
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU",
- "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n\t1 - to local only,\n\t2 - to local and global if a partial association match,\n\t3 - to local and global (DoS risk)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip, CTLTYPE_UINT | CTLFLAG_RW,
+ "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n"
+ "\t1 - to local only,\n"
+ "\t2 - to local and global if a partial association match,\n"
+ "\t3 - to local and global (DoS risk)");
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU",
- "NAT response to receipt of global OOTB AddIP:\n\t0 - No response,\n\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
- &sysctl_initialising_chunk_proc_limit, 0, sysctl_chg_initialising_chunk_proc_limit, "IU",
- "Number of chunks that should be processed if there is no current association found:\n\t > 0 (A high value is a DoS risk)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
+ "NAT response to receipt of global OOTB AddIP:\n"
+ "\t0 - No response,\n"
+ "\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ &sysctl_initialising_chunk_proc_limit, 0,
+ sysctl_chg_initialising_chunk_proc_limit, "IU",
+ "Number of chunks that should be processed if there is no current "
+ "association found:\n\t > 0 (A high value is a DoS risk)");
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU",
- "Number of chunks that should be processed to find key chunk:\n\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
+ "Number of chunks that should be processed to find key chunk:\n"
+ "\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU",
- "Number of parameters (in a chunk) that should be processed to find key parameters:\n\t> 1 (A high value is a DoS risk)");
-SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses, CTLTYPE_UINT | CTLFLAG_RW,
+ "Number of parameters (in a chunk) that should be processed to find key "
+ "parameters:\n\t> 1 (A high value is a DoS risk)");
+SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses,
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
&sysctl_track_global_addresses, 0, sysctl_chg_track_global_addresses, "IU",
- "Configures the global address tracking option within the NAT:\n\t0 - Global tracking is disabled,\n\t> 0 - enables tracking but limits the number of global IP addresses to this value");
+ "Configures the global address tracking option within the NAT:\n"
+ "\t0 - Global tracking is disabled,\n"
+ "\t> 0 - enables tracking but limits the number of global IP addresses to this value");
#endif /* SYSCTL_NODE */
Modified: head/sys/netinet/sctp_sysctl.c
==============================================================================
--- head/sys/netinet/sctp_sysctl.c Mon Feb 24 10:45:22 2020 (r358284)
+++ head/sys/netinet/sctp_sysctl.c Mon Feb 24 10:47:18 2020 (r358285)
@@ -861,8 +861,8 @@ sctp_sysctl_handle_trace_log_clear(SYSCTL_HANDLER_ARGS
return (error); \
} \
SYSCTL_PROC(_net_inet_sctp, OID_AUTO, mib_name, \
- CTLFLAG_VNET|CTLTYPE_UINT|CTLFLAG_RW, NULL, 0, \
- sctp_sysctl_handle_##mib_name, "UI", prefix##_DESC);
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, \
+ NULL, 0, sctp_sysctl_handle_##mib_name, "UI", prefix##_DESC);
/*
* sysctl definitions
@@ -873,10 +873,14 @@ SCTP_UINT_SYSCTL(recvspace, sctp_recvspace, SCTPCTL_RE
SCTP_UINT_SYSCTL(auto_asconf, sctp_auto_asconf, SCTPCTL_AUTOASCONF)
SCTP_UINT_SYSCTL(ecn_enable, sctp_ecn_enable, SCTPCTL_ECN_ENABLE)
SCTP_UINT_SYSCTL(pr_enable, sctp_pr_enable, SCTPCTL_PR_ENABLE)
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, auth_enable, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
- NULL, 0, sctp_sysctl_handle_auth, "IU", SCTPCTL_AUTH_ENABLE_DESC);
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, asconf_enable, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
- NULL, 0, sctp_sysctl_handle_asconf, "IU", SCTPCTL_ASCONF_ENABLE_DESC);
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, auth_enable,
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_auth, "IU",
+ SCTPCTL_AUTH_ENABLE_DESC);
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, asconf_enable,
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_asconf, "IU",
+ SCTPCTL_ASCONF_ENABLE_DESC);
SCTP_UINT_SYSCTL(reconfig_enable, sctp_reconfig_enable, SCTPCTL_RECONFIG_ENABLE)
SCTP_UINT_SYSCTL(nrsack_enable, sctp_nrsack_enable, SCTPCTL_NRSACK_ENABLE)
SCTP_UINT_SYSCTL(pktdrop_enable, sctp_pktdrop_enable, SCTPCTL_PKTDROP_ENABLE)
@@ -926,13 +930,19 @@ SCTP_UINT_SYSCTL(default_frag_interleave, sctp_default
SCTP_UINT_SYSCTL(mobility_base, sctp_mobility_base, SCTPCTL_MOBILITY_BASE)
SCTP_UINT_SYSCTL(mobility_fasthandoff, sctp_mobility_fasthandoff, SCTPCTL_MOBILITY_FASTHANDOFF)
#if defined(SCTP_LOCAL_TRACE_BUF)
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, log, CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RD,
- NULL, 0, sctp_sysctl_handle_trace_log, "S,sctplog", "SCTP logging (struct sctp_log)");
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, clear_trace, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
- NULL, 0, sctp_sysctl_handle_trace_log_clear, "IU", "Clear SCTP Logging buffer");
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, log,
+ CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_trace_log, "S,sctplog"a
+ , "SCTP logging (struct sctp_log)");
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, clear_trace,
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_trace_log_clear, "IU",
+ "Clear SCTP Logging buffer");
#endif
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, udp_tunneling_port, CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
- NULL, 0, sctp_sysctl_handle_udp_tunneling, "IU", SCTPCTL_UDP_TUNNELING_PORT_DESC);
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, udp_tunneling_port,
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_udp_tunneling, "IU",
+ SCTPCTL_UDP_TUNNELING_PORT_DESC);
SCTP_UINT_SYSCTL(enable_sack_immediately, sctp_enable_sack_immediately, SCTPCTL_SACK_IMMEDIATELY_ENABLE)
SCTP_UINT_SYSCTL(nat_friendly_init, sctp_inits_include_nat_friendly, SCTPCTL_NAT_FRIENDLY_INITS)
SCTP_UINT_SYSCTL(vtag_time_wait, sctp_vtag_time_wait, SCTPCTL_TIME_WAIT)
@@ -952,7 +962,11 @@ SCTP_UINT_SYSCTL(debug, sctp_debug_on, SCTPCTL_DEBUG)
#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
SCTP_UINT_SYSCTL(output_unlocked, sctp_output_unlocked, SCTPCTL_OUTPUT_UNLOCKED)
#endif
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, stats, CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RW,
- NULL, 0, sctp_sysctl_handle_stats, "S,sctpstat", "SCTP statistics (struct sctp_stat)");
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, assoclist, CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_RD,
- NULL, 0, sctp_sysctl_handle_assoclist, "S,xassoc", "List of active SCTP associations");
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, stats,
+ CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_stats, "S,sctpstat",
+ "SCTP statistics (struct sctp_stat)");
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, assoclist,
+ CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
+ NULL, 0, sctp_sysctl_handle_assoclist, "S,xassoc",
+ "List of active SCTP associations");
Modified: head/sys/netinet/sctp_usrreq.c
==============================================================================
--- head/sys/netinet/sctp_usrreq.c Mon Feb 24 10:45:22 2020 (r358284)
+++ head/sys/netinet/sctp_usrreq.c Mon Feb 24 10:47:18 2020 (r358285)
@@ -421,8 +421,10 @@ out:
return (error);
}
-SYSCTL_PROC(_net_inet_sctp, OID_AUTO, getcred, CTLTYPE_OPAQUE | CTLFLAG_RW,
- 0, 0, sctp_getcred, "S,ucred", "Get the ucred of a SCTP connection");
+SYSCTL_PROC(_net_inet_sctp, OID_AUTO, getcred,
+ CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ 0, 0, sctp_getcred, "S,ucred",
+ "Get the ucred of a SCTP connection");
#ifdef INET
Modified: head/sys/netinet6/sctp6_usrreq.c
==============================================================================
--- head/sys/netinet6/sctp6_usrreq.c Mon Feb 24 10:45:22 2020 (r358284)
+++ head/sys/netinet6/sctp6_usrreq.c Mon Feb 24 10:47:18 2020 (r358285)
@@ -472,9 +472,10 @@ out:
return (error);
}
-SYSCTL_PROC(_net_inet6_sctp6, OID_AUTO, getcred, CTLTYPE_OPAQUE | CTLFLAG_RW,
- 0, 0,
- sctp6_getcred, "S,ucred", "Get the ucred of a SCTP6 connection");
+SYSCTL_PROC(_net_inet6_sctp6, OID_AUTO, getcred,
+ CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
+ 0, 0, sctp6_getcred, "S,ucred",
+ "Get the ucred of a SCTP6 connection");
/* This is the same as the sctp_abort() could be made common */
More information about the svn-src-all
mailing list