#
46e95b10 |
| 29-Dec-2016 |
mpi <mpi@openbsd.org> |
Change NET_LOCK()/NET_UNLOCK() to be simple wrappers around splsoftnet()/splx() until the known issues are fixed.
In other words, stop using a rwlock since it creates a deadlock when chrome is used.
Change NET_LOCK()/NET_UNLOCK() to be simple wrappers around splsoftnet()/splx() until the known issues are fixed.
In other words, stop using a rwlock since it creates a deadlock when chrome is used.
Issue reported by Dimitris Papastamos and kettenis@
ok visa@
show more ...
|
#
2b4720fc |
| 19-Dec-2016 |
mpi <mpi@openbsd.org> |
Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible.
This f
Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This is done to not introduce new sleeping points when trying to acquire ART's write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
show more ...
|
#
d03b3311 |
| 29-Nov-2016 |
jsg <jsg@openbsd.org> |
m_free() and m_freem() test for NULL. Simplify callers which had their own NULL tests.
ok mpi@
|
#
4f32804e |
| 28-Nov-2016 |
mpi <mpi@openbsd.org> |
Remove NULL checks before m_free{m,}().
ok reyk@, rzalamena@
|
#
c0a948f7 |
| 21-Nov-2016 |
mpi <mpi@openbsd.org> |
Enforce that pr_usrreq functions are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@, claudio@
|
#
58eec0a2 |
| 09-Nov-2016 |
mpi <mpi@openbsd.org> |
Do not call splsoftnet() recursively, this won't work with a lock.
closef() on a socket will call soclose() which call splsoftnet(). So make sure we release the IPL level first in error paths.
Fou
Do not call splsoftnet() recursively, this won't work with a lock.
closef() on a socket will call soclose() which call splsoftnet(). So make sure we release the IPL level first in error paths.
Found by Nils Frohberg while testing another diff.
ok mikeb@, bluhm@
show more ...
|
#
bc9cedf8 |
| 23-Oct-2016 |
naddy <naddy@openbsd.org> |
unbreak by fixing obvious pastos
|
#
c3a04e5d |
| 23-Oct-2016 |
deraadt <deraadt@openbsd.org> |
handle non-INET6 kernels in some way
|
#
a647ce3a |
| 23-Oct-2016 |
tedu <tedu@openbsd.org> |
dns hijacking must be af specific. move it into the port check function, and redirect inet6 sockets to the ::1 flavor of localhost.
|
#
ee71c3a5 |
| 08-Oct-2016 |
guenther <guenther@openbsd.org> |
Add ktracing of the fds returned by pipe() and socketpair()
ok deraadt@
|
#
bdeb3b32 |
| 07-Oct-2016 |
tedu <tedu@openbsd.org> |
introduce a sysctl to hijack dns sockets. when set to a port number, all dns socket connections will be redirected to localhost:port. this could be a sockopt on the listening socket, but sysctl is an
introduce a sysctl to hijack dns sockets. when set to a port number, all dns socket connections will be redirected to localhost:port. this could be a sockopt on the listening socket, but sysctl is an easier interface to work with right now. ok deraadt
show more ...
|
#
5e8284b2 |
| 09-Aug-2016 |
guenther <guenther@openbsd.org> |
When interrupted, connect() should leave the socket connecting in the background, similar to a non-blocking socket. Return EALREADY whenever already connecting, not just for non-blocking sockets. F
When interrupted, connect() should leave the socket connecting in the background, similar to a non-blocking socket. Return EALREADY whenever already connecting, not just for non-blocking sockets. Fix from {Free,Net}BSD
Prompted by a report from Michael Reed (m.reed (at) mykolab.com) ok millert@
show more ...
|
#
7fd11d01 |
| 18-May-2016 |
millert <millert@openbsd.org> |
Remove unnecessary cast of buflen to u_int in sockargs(). This was missed when buflen was promoted to size_t. OK tedu@
|
#
8144d7f0 |
| 08-Jan-2016 |
guenther <guenther@openbsd.org> |
On the recvmsg() side, cmsgs are in mbuf chains, not a contiguous buffer. ktrace each cmsg instead of reading beyond the end of the first cmsg.
problem report and testing by abieber@ ok millert@ der
On the recvmsg() side, cmsgs are in mbuf chains, not a contiguous buffer. ktrace each cmsg instead of reading beyond the end of the first cmsg.
problem report and testing by abieber@ ok millert@ deraadt@
show more ...
|
#
52dd740a |
| 05-Dec-2015 |
tedu <tedu@openbsd.org> |
remove stale lint annotations
|
#
b3b95b7f |
| 21-Nov-2015 |
semarie <semarie@openbsd.org> |
remove completely pledge_socket() from listen(2) and accept(2).
with pledge_socket(p, -1, state) we only check for "dns" promise against SS_DNS socket. But it isn't possible to pass a SS_DNS socket
remove completely pledge_socket() from listen(2) and accept(2).
with pledge_socket(p, -1, state) we only check for "dns" promise against SS_DNS socket. But it isn't possible to pass a SS_DNS socket to listen(2) or accept(2) (EINVAL). So this deeper check is a bit useless...
ok deraadt@
show more ...
|
#
9a69d71a |
| 20-Nov-2015 |
deraadt <deraadt@openbsd.org> |
Neuter the pledge domain checking for listen, getpeername, and getsockname also. The idea is much like rpath is with files, you get an fd and then you can play with it somewhat. In the socket space
Neuter the pledge domain checking for listen, getpeername, and getsockname also. The idea is much like rpath is with files, you get an fd and then you can play with it somewhat. In the socket space once you have a fd, you can play with it somewhat. So you cannot bind, but you can accept. You can listen, getpeername, getsockname, and of course set/getsockopt is somewhat available.. yes, this makes pledge the anti-capsicum, kind of like salt from Secovlje.. reasoning due to a conversation with tedu
show more ...
|
#
e956b092 |
| 20-Nov-2015 |
deraadt <deraadt@openbsd.org> |
Exempt accept(2) from the pledge_socket() check part of the "domain" check. You cannot open a socket in a domain unless permitted -- but you need to be able to accept one if the code flow asks for t
Exempt accept(2) from the pledge_socket() check part of the "domain" check. You cannot open a socket in a domain unless permitted -- but you need to be able to accept one if the code flow asks for that to happen. The most recent check is too tight. We may need to iterate the policy here until we hit the right vibe...
show more ...
|
#
fcdddd35 |
| 19-Nov-2015 |
semarie <semarie@openbsd.org> |
corrects leaks refs to files introduced by my previous commit for pledge_socket.
reported by Mateusz Guzik with a diff. this one is a slightly modified version.
ok deraadt@
|
#
39c26ad4 |
| 18-Nov-2015 |
semarie <semarie@openbsd.org> |
check domain and state of socket against pledge promise.
ok deraadt@
|
#
ee2a73c5 |
| 08-Nov-2015 |
tedu <tedu@openbsd.org> |
pull initialization up before poosible goto bad, from Mark Latimer
|
#
a48a073b |
| 01-Nov-2015 |
semarie <semarie@openbsd.org> |
refactor pledge_*_check and pledge_fail functions
- rename _check function without suffix: a "pledge" function called from anywhere is a "check" function.
- makes pledge_fail call the responsabil
refactor pledge_*_check and pledge_fail functions
- rename _check function without suffix: a "pledge" function called from anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
show more ...
|
#
38389daa |
| 28-Oct-2015 |
semarie <semarie@openbsd.org> |
more accurate pledge_fail() error and code for sys_socket
- use the error returned by pledge_socket_check() - make the code to reflect the socket request (set code to PLEDGE_DNS for dns-scoket, an
more accurate pledge_fail() error and code for sys_socket
- use the error returned by pledge_socket_check() - make the code to reflect the socket request (set code to PLEDGE_DNS for dns-scoket, and to PLEDGE_INET else)
show more ...
|
#
f2f57c2a |
| 28-Oct-2015 |
deraadt <deraadt@openbsd.org> |
The short-lived dnssocket/dnsconnect calls are being required because we suspect everyone has upgraded through the approx week-long window since SOCK_DNS became available and the libc resolver starte
The short-lived dnssocket/dnsconnect calls are being required because we suspect everyone has upgraded through the approx week-long window since SOCK_DNS became available and the libc resolver started using them.
show more ...
|
#
5a92441b |
| 26-Oct-2015 |
tedu <tedu@openbsd.org> |
dns check needs to be done on the kernel address after copyin
|