frag6: fix calculation of fragment length

Because of the miscalculation, 32 bytes fragmented IPv6 packets
have been wrongly dropped.

See https://mail-index.netbsd.org/tech-net/2024/04/14/msg008741.html
for more details.

Patch from Yasuyuki KOZAKAI (with minor tweaks)

(ozaki-r)

mbuf: avoid assertion failure when splitting mbuf cluster

>From OpenBSD:

commit 7b4d35e0a60ba1dd4daf4b1c2932020a22463a89
Author: bluhm <bluhm@openbsd.org>
Date:  Fri Oct 20 16:25:15 2023 +0000

    Avoid assertion failure when splitting mbuf cluster.

    m_split() calls m_align() to initialize the data pointer of newly
    allocated mbuf.  If the new mbuf will be converted to a cluster,
    this is not necessary.  If additionally the new mbuf is larger than
    MLEN, this can lead to a panic.
    Only call m_align() when a valid m_data is needed.  This is the
    case if we do not refecence the existing cluster, but memcpy() the
    data into the new mbuf.

    Reported-by: syzbot+0e6817f5877926f0e96a@syzkaller.appspotmail.com
    OK claudio@ deraadt@

The issue is harmless if DIAGNOSTIC is not enabled.

XXX pullup-10
XXX pullup-9

(ozaki-r)

in6: don't send any IPv6 packets over a disabled interface

(ozaki-r)

in6: clear ND6_IFF_IFDISABLED to allow DAD again on link-up

(ozaki-r)

in6: add missing rtcache_unref to in6_selectroute

By default, this issue is harmless.  However, if NET_MPSAFE
is enabled, it could eventually lead to a kernel panic.

(ozaki-r)

route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE

Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.

(ozaki-r)

Revert "Fix panic on packet sending via a route with rt_ifa of AF_LINK."

The fix is mistakenly upstreamed.

(ozaki-r)

in6: make sure a user-specified checksum field is within a packet

From OpenBSD

(ozaki-r)

in6: reject setting negative values but -1 via setsockopt(IPV6_CHECKSUM)

Same as OpenBSD.

(ozaki-r)

ipsec: remove unnecessary splsoftnet

Because the code of IPsec itself is already MP-safe.

(ozaki-r)

Sprinkle __predict_{true,false} for panicstr checks

(ozaki-r)

tap: link up an interface cloned from /dev/tap

Fix PR 57155 (partially)

(ozaki-r)

tests: fix Makefile and lists for MKRUMP=no

Pointed out by Michael Scholz, thanks.

(ozaki-r)

tests: restore a line removed accidentally

(ozaki-r)

tests: build and install t_ip_reass.c

(ozaki-r)

tests: tweak t_ip_reass.c for NetBSD

The test is modified to run on rump kernels.

(ozaki-r)

tests: import ip_reass_test.c from FreeBSD as t_ip_reass.c

As of:
commit 9ed1e4ecd4e9eb3bde16f52a937a6fa86a971638
Author: Mark Johnston <markj@FreeBSD.org>
Date:  Tue Nov 20 18:13:18 2018 +0000

    Plug a trivial memory leak.

    CID:            1396911
    MFC with:      r340485

(ozaki-r)

man, bpf: support loopback interfaces for send

(ozaki-r)

bpf: support sending packets on loopback interfaces

Previously sending packets on a loopback interface via bpf failed
because the packets are treated as AF_UNSPEC by bpf and the loopback
interface couldn't handle such packets.

This fix enables user programs to prepend a protocol family (AF_INET or
AF_INET6) to a payload.  bpf interprets it and treats a packet as so,
not just AF_UNSPEC.  The protocol family is encoded as 4 bytes, host byte
order as per DLT_NULL in the specification(*).

(*) https://www.tcpdump.org/linktypes.html

Proposed on tech-net and tech-kern

(ozaki-r)

distrib: add missing ./usr/libdata/debug/usr/tests/net/inpcb

(ozaki-r)

tests: build and install added test files

(ozaki-r)

tests: add t_broadcast_bind.sh

(ozaki-r)

tests: tweak broadcast_bind.c for NetBSD

(ozaki-r)

tests: import broadcast_bind.c from OpenBSD

As of $OpenBSD: broadcast_bind.c,v 1.2 2015/12/02 20:45:00 mpi Exp $

(ozaki-r)

tests: add t_inpcb_bind.sh

(ozaki-r)

tests: make inpcb_bind.c buildable

(ozaki-r)

tests: import in_pcbbind/runtest.c from OpenBSD as inpcb_bind.c

As of $OpenBSD: runtest.c,v 1.7 2022/04/10 14:08:35 claudio Exp $

(ozaki-r)

tests: make t_tcp_connect_port.c run on rump kernel

(ozaki-r)

tests: import tcp_connect_port_test.c from FreeBSD as t_tcp_connect_port.c

As of:
commit 36c52a52eecf1ed0232f9e138564009a85de76c2
Author: Jonathan T. Looney <jtl@FreeBSD.org>
Date:  Sat Nov 14 15:44:28 2020 +0000

    Add a regression test for the port-selection behavior fixed in r367680.

(ozaki-r)

tests: make t_socket_afinet.c run on rump kernel

(ozaki-r)

tests: import socket_afinet.c from FreeBSD as t_socket_afinet.c

As of:
commit 3aaaa2efde896e19d229ee2cf09fe7e6ab0fbf6e
Author: Thomas Munro <tmunro@FreeBSD.org>
Date:  Wed Apr 28 21:31:38 2021 +1200

    poll(2): Add POLLRDHUP.

(ozaki-r)

Bump the version for function renames of inpcb

Welcome to 9.99.105

(ozaki-r)

ipcb: add/update the description of functions

From rmind-smpnet patches

(ozaki-r)

inpcb: replace leading white spaces with tabs

(ozaki-r)

inpcb: get rid of parentheses for return value

(ozaki-r)

inpcb: use NULL

(ozaki-r)

inpcb: use in_port_t for port numbers

(ozaki-r)

inpcb: use pool_cache instead of pool

(ozaki-r)

inpcb: rename functions to in6pcb_*

(ozaki-r)

inpcb: rename functions to inpcb_*

Inspired by rmind-smpnet patches.

(ozaki-r)

tests: add tests for invalid extra operations on a shutdown socket

The tests cover some error paths that normally happen.

(ozaki-r)

sets: fix wrong keywords for tests/net/tcp

(ozaki-r)

tests: add tests for TCP with nc

(ozaki-r)

tests: enable start_nc_server to have extra options for nc

(ozaki-r)

rump: don't touch p_nlwps without holding p_lock

There was a race condition on p_nlwps.  Heavy thread switching could
cause a kernel panic like:
  panic: kernel diagnostic assertion "LIST_EMPTY(&p->p_lwps)" failed:
  file "(hidden)/src/lib/librump/../../sys/rump/librump/rumpkern/lwproc.c", line 177

(ozaki-r)

tcp: fix wrong logic in tcp_drop

Pointed out by mlelstv@

(ozaki-r)

tcp: restore NULL check for inp in tcp_ctloutput

(ozaki-r)

tcp: restore NULL checks for inp

(ozaki-r)

inpcb: fix for kernels without INET6

(ozaki-r)

Bump the version for inpcb changes

Welcome to 9.99.104

(ozaki-r)

Adjust userland commands for struct inpcb separation

Only kvm users are affected.

(ozaki-r)

Adjust dccp and sctp for struct inpcb separation

(ozaki-r)

inpcb: separate inpcb again to reduce the size of PCB for IPv4

The data size of PCB for IPv4 increased because of the merge of
struct in6pcb.  The change decreases the size to the original size by
separating struct inpcb (again).  struct in4pcb and in6pcb that embed
struct inpcb are introduced.

Even after the separation, users don't need to realize the separation
and only have to use some macros to access dedicated data.  For example,
inp->inp_laddr is now accessed through in4p_laddr(inp).

(ozaki-r)

Adjust userland commands for struct inpcb integration

Only kvm users are affected.

(ozaki-r)

Remove in_pcb_hdr.h

(ozaki-r)

Adjust pf, wg, dccp and sctp for struct inpcb integration

(ozaki-r)

inpcb: integrate data structures of PCB into one

Data structures of network protocol control blocks (PCBs), i.e.,
struct inpcb, in6pcb and inpcb_hdr, are not organized well.  Users of
the data structures have to handle them separately and thus the code
is cluttered and duplicated.

The commit integrates the data structures into one, struct inpcb.  As a
result, users of PCBs only have to handle just one data structure, so
the code becomes simple.

One drawback is that the data size of PCB for IPv4 increases by 40 bytes
(from 248 bytes to 288 bytes).

(ozaki-r)

frag6: don't use spin mutex for frag6_lock

frag6_lock is held during sending a packet (icmp6_error), so we must
not use a spin mutex because we can acquire sleep locks on sending
a packet.

Also we don't need to use spin mutex for frag6_lock anymore because
frag6_lock is now not used from hardware interrupt context.

(ozaki-r)

syncache: make some functions static

(ozaki-r)

tcp: separate syn cache stuffs into tcp_syncache.[ch] files

No functional change.

(ozaki-r)

ipsec: don't assert for the format of incoming packets

(ozaki-r)

mount_9p: check returned type for Tread

(ozaki-r)

mount_9p: fix writing to a file opened with write-only mode

With the page cache, writing data to a file may demand to read contents
from a storage to fill a page in the page cache first.

Opening a file with write-only mode by a user lets a mount_9p process
open a file with write-only mode too at a 9p server.  Thus, a read
request to the file from the page cache fails.

So we need to open a file always with read mode (internally) even if it
is opened with write-only mode by a user.

Note that the change doesn't mean that mount_9p allows users to read
contents from a file that is opened with write-only mode.

(ozaki-r)

mount_9p: don't cache path names by default

Caching path names doesn't handle file changes by host, which is
not expected for normal usages.  So turn it off by default.

Instead, -C option is added to turn it on.

Patch from k-goda@IIJ with my tweaks

(ozaki-r)

tests: skip ndp_cache_state on qemu

(ozaki-r)

nd6: prevent ln from being freed while releasing held packets

(ozaki-r)

Bump the version for ALTQ/CBQ changes

Welcome to 9.99.87

(ozaki-r)

altq: fix CBQ with RED and/or pf

(ozaki-r)

altq, cbq: apply tweaks for PPP to only PPP interfaces

(ozaki-r)

altqstat, cbq: follow uint64_t changes

PR kern/56319

(ozaki-r)

altq, cbq: change long to uint64_t for ILP32 archs

PR kern/56319

(ozaki-r)

altqstat: follow changes of types of variables

PR kern/56319

(ozaki-r)

altqstat: show raw values of avgidle, maxidle and minidle

The values are sometimes small and cooked values of them can be less
informative such as 0 or -1.

(ozaki-r)

altq, cbq: treat time in nanoseconds

Time granularity in microseconds is sometimes not enough to provide
accurate bandwidth control; actual bandwidth on a capped class
can exceed its limit considerably in some cases.

Treating time in nanoseconds requires the following changes:
- Use timespec instead of timeval
- Use nanotime(9) instead of microtime(9)
- Change the type of some variables, especially *idle, to long

(ozaki-r)

altqstat: adopt ps_per_byte

PR kern/56319

(ozaki-r)

libaltq, cbq: convert ns_per_byte to ps_per_byte

PR kern/56319

(ozaki-r)

altq, cbq: convert ns_per_byte to ps_per_byte

Also the type of variables of it is changed to u_long from int.

This change provides fine-grain resolution of bandwidth.  For example
750 Mbps was treated as 800 Mbps internally because bandwidth was
represented as nanoseconds per byte.  Converting the representation
to picoseconds per byte enables to treat 750 Mbps as-is.

PR kern/56319

(ozaki-r)

tests, altq: fix checks of altqd startup

Hopefully the fix stabilizes test results on qemu/anita.

(ozaki-r)

tests, altq: test new options

(ozaki-r)

libaltq: allow longer config lines

(ozaki-r)

libaltq, cbq: add two options to interface

- no-control: don't create a control class automatically
- no-tbr: don't install TBR

(ozaki-r)

altq, cbq: allow the root class to be default

(ozaki-r)

altq, cbq: allow no control class

(ozaki-r)

tests: add tests for ALTQ CBQ

(ozaki-r)

Rump-ify ALTQ (librumpnet_altq.so)

(ozaki-r)

shmif: support ALTQ

(ozaki-r)

lagg: fix typo for ALTQ

(ozaki-r)

altq, cbq: calculate a delay period based on a borrowed class

A delay period was calculated based on a suspended class even if the
class can borrow bandwidth from another class.  In that case a delay
period should be calculated based on a borrowed class.  Otherwise
a borrowing class can't borrow bandwidth correctly.

(ozaki-r)

altq, cbq: apply the do-while idiom to TV_* macros

(ozaki-r)

altq, cbq: don't increment the xmit counter of the root class twice wrongly

(ozaki-r)

Bump the version for entry additions to IP_STAT and IP6_STAT

Welcome to 9.99.72

(ozaki-r)

netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer.  netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short.  So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.

(ozaki-r)

netstat: support new packet counters

(ozaki-r)

inet6: reduce silent packet discards

(ozaki-r)

inet: reduce silent packet discards

(ozaki-r)

inet: pull m_get_rcvif_psref out of ip_input for simplicity

Same as ip6_input.

(ozaki-r)

inet6: pass rcvif to ip6_forward to avoid extra psref_acquire

(ozaki-r)

ether: count dropped packets on output

(ozaki-r)

ether: count dropped packets on input

(ozaki-r)

ether: separate handling of LLC frames as ether_input_llc (NFCI)

(ozaki-r)

net: introduce IFQ_ENQUEUE_ISR to assemble packet queuing routines (NFCI)

(ozaki-r)

inet: reduce indents of a normal path to improve readability (NFCI)

(ozaki-r)

ipsec: rename ipsec_ip_input to ipsec_ip_input_checkpolicy

Because it just checks if a packet passes security policies.

(ozaki-r)

inet, inet6: count packets dropped by IPsec

The counters count packets dropped due to security policy checks.

(ozaki-r)

shmif: reduce the number of calls of cprng(9)

(ozaki-r)

shmif: s/sc_uuid/sc_uid/

It's not UUID :-/

(ozaki-r)

shmif: use cprng_strong64 instead of cprng_fast64 to generate a unique ID

shmif uses random bytes generated by cprng(9) as a unique device ID
between rump kernels to identify packets fed by itself and not receive
them.  So if generated bytes are identical between shmif interfaces on
different rump kernels, shmif may drop incoming packets unintentionally.
This is one cause of recent ATF test failures of IPsec.

Fix it by using cprng_strong64 instead of cprng_fast64.  This is a
workaround and we should also investigate why cprng_fast64 starts
failing on rump kernels, although using cprng_strong64 in initialization
itself is feasible.

Fix PR kern/54897

(ozaki-r)

shmif: use cprng_strong32 to generate random bytes for a MAC address

cprng_fast32 sometimes returns indentical bytes, which look
"20:0e:11:33" in a MAC address, on different rump_server instances.
That leads MAC address duplications resulting in a test failure.

Fix it by using cprng_strong32 instead of cprng_fast32.  However
we should rather fix cprng_fast32 (or rump itself) somehow.

The fix mitigates PR kern/54897 but test failures due to other
causes still remain.

(ozaki-r)

tests: abort if MAC address duplication found

(ozaki-r)

tests: dump stats of an interface before destroying it

(ozaki-r)

tests: add missing ifconfig -w

This change mitigates PR kern/54897.

(ozaki-r)

Get rid of unnecessary NULL checks for rt_ifa and ifa_ifp

They are always non-NULL nowadays.

(ozaki-r)

MAKEDEV: add entry for vio9p(4)

(ozaki-r)

Note vio9p(4) addition and mount_9p(8) update

(ozaki-r)

Add vio9p to some kernel configs

(ozaki-r)

mount_9p: enable to communicate with vio9p via its character device file

With this feature, we can mount an exported filesystem by a VM host via
virtio-9p.

(ozaki-r)

Implement a front-end driver of virtio-9p called vio9p

In conjunction with mount_9p, it enables a NetBSD system running as a VM guest
to mount an exported filesystem by the host via virtio-9p.  It exports a 9p
end-point of virtio-9p via a character device file for mount_9p.

Reviewed by yamaguchi@

(ozaki-r)

Allow including numbers in %XXX_chr% parameter (for upcoming vio9p driver)

(ozaki-r)

vlan: get rid of unnecessary if_ipackets++ in vlan_input

It's done by if_input() below now.

Pointed out by msaitoh@

(ozaki-r)

in6: reset the temporary address timer on a change of the interval period

(ozaki-r)

tests: add tests for the validateion of net.inet6.ip6.temppltime

(ozaki-r)

Validate ip6_temp_preferred_lifetime (net.inet6.ip6.temppltime) on a change

ip6_temp_preferred_lifetime is used to calculate an interval period to
regenerate temporary addresse by
  TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE - DESYNC_FACTOR
as per RFC 3041 3.5.  So it must be greater than (REGEN_ADVANCE +
DESYNC_FACTOR), otherwise it will be negative and go wrong, for example
KASSERT(to_ticks >= 0) in callout_schedule_locked fails.

(ozaki-r)

Reorganize in6_tmpaddrtimer stuffs

- Move the related functions to where in6_tmpaddrtimer_ch exists
- Hide global variable in6_tmpaddrtimer_ch
- Rename ip6_init2 to in6_tmpaddrtimer_init
- Reduce callers of callout_reset
- Use callout_schedule

(ozaki-r)

Make panic messages more informative

(ozaki-r)

Initialize DAD components properly

The original code initialized each component in non-init functions such as
arp_dad_start and nd6_dad_find, conditionally based on a global flag for each.
However, it was racy because the flag and the code around it were not
protected by a lock and could cause a kernel panic at worst.

Fix the issue by initializing the components in bootup as usual.

(ozaki-r)

Apply some missing changes lost on the previous commit

(ozaki-r)

Add missing #include <sys/kmem.h>

(ozaki-r)

wqinput: avoid having struct wqinput_worklist directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

(ozaki-r)

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

(ozaki-r)

nd6: remove extra pserialize_read_exit

(ozaki-r)

tests: add tests for IPv6 link-local addresses with a scope ID

Setting an address with a scope ID doesn't work for rump.ifconfig for some
reasons and needs $HIJACKING for now.  The bug should be fixed someday.

(ozaki-r)

tests: explain how rump_server_check_memleaks works

(ozaki-r)

tests: restore rump_server_check_poolleaks for llentpl

It didn't work correctly because rumphijack for vmstat didn't work expectedly;
vmstat has the sgid bit for kvm(3) and that prevents rumphijack from working.

Address the issue by cloning a vmstat binary without the sgid bit temporarily
and using it for rumphijack.  Note that it's a workaround.  vmstat should stop
using kvm(3) for /dev/kmem and drop the sgid bit eventually.

(ozaki-r)

Disable rump_server_check_memleaks for now

It doesn't work in some cases.

(ozaki-r)

Add MBUFTRACE to ALL configs

(ozaki-r)

can: add missing mowner variables for MBUFTRACE

(ozaki-r)

l2tp: initialize mowner variables for MBUFTRACE

(ozaki-r)

Initialize dom_mowner for MBUFTRACE

(ozaki-r)

tests: check pool object leaks

Currently only llentpl leaks can be detected.

(ozaki-r)

tests: use rump_server_add_iface to create interfaces

(ozaki-r)

tests: enable to create interfaces other than shmif with rump_server_add_iface

For this change interfaces are destroyed in the reverse order of their
creations in case there are dependencies between interfaces.

(ozaki-r)

tests: fix test header name

(ozaki-r)

tests: check if ifconfig (ioctl) works after a failure of ifconfig destroy

This is a test for PR kern/54434.

(ozaki-r)

Restore if_ioctl on error of ifc_destroy

Otherwise subsequence ioctls won't work.

Patch from Harold Gutch on PR kern/54434 (tweaked a bit by me)

(ozaki-r)

Add missing IFNET_LOCK for regen_tmpaddr

Reported by ryo@

(ozaki-r)

Make a permanet neighbor cache to avoid sending an NS packet disturbing the test

A receiver of an ICMPv6 request packet creates a stale cache entry and it turns
into the delay state on replying the packet.  After 5 second, the receiver sends
an NS packet as a reachability confirmation, which disturbs the test and causes
a unexpected result.

Should fix PR misc/54451

(ozaki-r)

Fix typo (s/m_free/m_freem/) (one more)

(ozaki-r)

Fix typo (s/m_free/m_freem/)

This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying.

(ozaki-r)

setkey: document getspi and update

(ozaki-r)

tests: add tests for getspi and udpate

(ozaki-r)

setkey: enable to use the getspi API

If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE.  Otherwise, the kernel picks a random SPI.

It enables to mimic racoon.

(ozaki-r)

ipsec: fix a regression of the update API

The update API updates an SA by creating a new SA and removing an existing SA.
The previous change removed a newly added SA wrongly if an existing SA had been
created by the getspi API.

(ozaki-r)

Show pointers of llentries on trace logs of LLE_REF_TRACE

(ozaki-r)

tests: extract all kernel logs, not just a panic message, from rump_server.core

(ozaki-r)

tests: shorten the expire time of neighbor caches to reduce the runtime of the tests

(ozaki-r)

Avoid a race condition between SA (sav) manipulations

An sav can be removed from belonging list(s) twice resulting in an assertion
failure of pslist.  It can occur if the following two operations interleave:
(i) a deletion or a update of an SA via the API, and
(ii) a state change (key_sa_chgstate) of the same SA by the timer.
Note that even (ii) removes an sav once from its list(s) on a update.

The cause of the race condition is that the two operations are not serialized
and (i) doesn't get and remove an sav from belonging list(s) atomically.  So
(ii) can be inserted between an acquisition and a removal of (i).

Avoid the race condition by making (i) atomic.

(ozaki-r)

tests: check that a new cache is not created over the limit

(ozaki-r)

Bump the version for if_description

Welcome to 8.99.50

(ozaki-r)

Add ATF test for a description.

From t-kusaba@IIJ

(ozaki-r)

Add descr,description/-descr,-description commands to ifconfig(8) to handle a description.

From t-kusaba@IIJ

(ozaki-r)

Add support for a network interface description.

ioctl(2):
- Add SIOCGIFDESCR/SIOCSIFDESCR commands to get/set the description.

This enables to make a memo for interface, like "Home network" or "Remote VPN".

From t-kusaba@IIJ

(ozaki-r)

tests: test state transitions of neighbor caches

(ozaki-r)

nd6: restore a missing reachability confirmation

On sending a packet over a STALE cache, the cache should be tried a reachability
confirmation, which is described in RFC 2461/4861 7.3.3.  On the fast path in
nd6_resolve, however, the treatment for STALE caches has been skipped
accidentally.  So STALE caches never be back to the REACHABLE state.

To fix the issue, branch to the fast path only when the cache entry is the
REACHABLE state and leave other caches to the slow path that includes the
treatment.  To this end we need to allow to return a link-layer address if a
valid address is available on the slow path too, which is the same behavior as
FreeBSD and OpenBSD.

(ozaki-r)

Handle Rerror and return errno correctly (only for 9P2000.u for now)

(ozaki-r)

Don't take softnet_lock in sysctl_rtable

Taking softnet_lock there can cause a deadlock with nfs sosend, so we don't.
Having only KERNEL_LOCK is enough because now the routing table is protected by
KERNEL_LOCK that was introduced by the fix for PR 53043.

PR kern/54227 from Paul Ripke

(ozaki-r)

Note initial 9P2000.u support

(ozaki-r)

mount_9p: add missing -u option to the help message

(ozaki-r)

mount_9p: add initial support for 9P2000.u

The implementation enables to work with a server talking 9P2000.u.  However, it
doesn't use the extended fields yet; it just ignores those of received messages
and sets "please ignore" values to those of sending messages such as zero-length
strings and maximum unsigned values.

The feature is enabled by the -u option.

(ozaki-r)

Refer the current official page

(ozaki-r)

Document the -s option

(ozaki-r)

Implement an aggressive psref leak detector

It is yet another psref leak detector that enables to tell where a leak occurs
while a simpler version that is already committed just tells an occurrence of a
leak.

Investigating of psref leaks is hard because once a leak occurs a percpu list of
psref that tracks references can be corrupted.  A reference to a tracking object
is memorized in the list via an intermediate object (struct psref) that is
normally allocated on a stack of a thread.  Thus, the intermediate object can be
overwritten on a leak resulting in corruption of the list.

The tracker makes a shadow entry to an intermediate object and stores some hints
into it (currently it's a caller address of psref_acquire).  We can detect a
leak by checking the entries on certain points where any references should be
released such as the return point of syscalls and the end of each softint
handler.

The feature is expensive and enabled only if the kernel is built with
PSREF_DEBUG.

Proposed on tech-kern

(ozaki-r)

Get rid of IFNET_LOCK for if_mcast_op to avoid a deadlock

The IFNET_LOCK was added to avoid data races on if_flags for IFF_ALLMULTI.
Unfortunatetly it caused a deadlock instead.  A known scenario causing a
deadlock is to occur the following two operations concurrently: (a) a removal of
an IP adddres assigned to an interface and (b) a manipulation of multicast
groups to the interface.  The resource dependency graph is like this:
  softnet_lock => IFNET_LOCK => psref_target_destroy => softint => softnet_lock

Thanks to the previous commit that avoids data races on if_flags for
IFF_ALLMULTI by another approach, we can remove IFNET_LOCK and defuse the
deadlock.

PR kern/54189

(ozaki-r)

Store IFF_ALLMULTI in ec_flags instead of if_flags to avoid data races

IFF_ALLMULTI is set/unset to if_flags via if_mcast_op.  To avoid data races on
if_flags, IFNET_LOCK was added for if_mcast_op.  Unfortunately it produces
a deadlock so we want to remove added IFNET_LOCK by avoiding the data races by
another approach.

This fix introduces ec_flags to struct ethercom and stores IFF_ALLMULTI to it.
ec_flags is protected by ETHER_LOCK and thus IFNET_LOCK is no longer necessary
for if_mcast_op.  Note that the fix is applied only to MP-safe drivers that
the data races matter.

In the kernel, IFF_ALLMULTI is set by a driver and used by the driver itself.
So changing the storing place doesn't break anything.  One exception is
ioctl(SIOCGIFFLAGS); we have to include IFF_ALLMULTI in a result if needed to
export the flag as well as before.

A upcoming commit will remove IFNET_LOCK.

PR kern/54189

(ozaki-r)

Remove unnecessary checks of IFF_ALLMULTI

IFF_ALLMULTI is changed by only driver itself, so we don't need to check its
change on ec_ifflags_cb.

This is part of PR kern/54189. NFCI.

(ozaki-r)

Bump the version for entry additions to IP_STAT and IP6_STAT

Welcome to 8.99.40

(ozaki-r)

Show the number of packets dropped by pfil

(ozaki-r)

Count packets dropped by pfil

(ozaki-r)

Avoid prepending a timestamp to lock debug outputs on ddb

Lock printer functions (lockops_t#lo_dump) use printf_nolog to print, but
printf_nolog now prepends a timestamp which is unnecessary for ddb:

    db{0}> show all locks/t
    [Locks tracked through LWPs]
    Locks held by an LWP (iperf):
    Lock 0 (initialized at soinit)
    lock address : 0xffffedeb84b06080 type    :    sleep/adaptive
    initialized  : 0xffffffff806d8c3f
    shared holds :                  0 exclusive:                  1
    shares wanted:                  0 exclusive:                11
    current cpu  :                  0 last held:                  1
    current lwp  : 0xffffedeb849ff040 last held: 0xffffedeb7dfdb240
    last locked* : 0xffffffff806d8335 unlocked : 0xffffffff806d8385
    [ 79103.0868574] owner field  : 0xffffedeb7dfdb240 wait/spin:                1/0

Fix it by passing a printer function to lo_dump functions, i.e., make the
functions use db_printf on ddb.

(ozaki-r)

Make _kernel_lock_dump static

(ozaki-r)

Add missing "static" declaration

(ozaki-r)

Protect ether_multi list

The list can be racy if NET_MPSAFE is enabled and the driver is executed without
KERNEL_LOCK.

Fix PR 54153

(ozaki-r)

Protect ether_multi list

PR 54153

(ozaki-r)

Implement a simple psref leak detector

It detects leaks by counting up the number of held psref by an LWP and checking
its zeroness at the end of syscalls and softint handlers.  For the counter, a
unused field of struct lwp is reused.

The detector runs only if DIAGNOSTIC is turned on.

(ozaki-r)

rump: add missing sanity checks at the end of syscalls

(ozaki-r)

tests: dump kernel stats on cleanup

(ozaki-r)

tests: make utility funtions easy to use for tests that don't use the framework

(ozaki-r)

Don't check pserialize_not_in_read_section after panic

It can cause a false positive assertion failure.

(ozaki-r)

Protect ether_multi list

Fix this driver because it can set IFEF_MPSAFE.

(ozaki-r)

Add another known issue (if_flags)

(ozaki-r)

Add another known issue

(ozaki-r)

carp: don't skip pserialize_read_enter and ifa_release

(ozaki-r)

Add missing ifa_release on error paths

(ozaki-r)

Protect sysctl_rtable with KERNEL_LOCK and softnet_lock

In the function the routing table could be accessed without any locks, which was
unsafe.  Actually, on netbsd-7, a kernel panic happened(*).  The situation of
locking hasn't changed since netbsd-7 so we still need to hold the big locks on
-current (and netbsd-8) too.

Note that if NET_MPSAFE is enabled, the routing table is protected by its own
lock and we don't need the locks.

Reported and tested on netbsd-7 by sborrill@

(*) http://mail-index.netbsd.org/tech-net/2018/11/08/msg007153.html

(ozaki-r)

tests: add missing $af

(ozaki-r)

tests: check error messages strictly

(ozaki-r)

tests: reduce repeated phrases... (NFC)

(ozaki-r)

Don't validate the source address of forwarding IPv6 packets (same as IPv4)

(ozaki-r)

Don't run DAD on link-up if it's explicitly disabled

(ozaki-r)

Introduce and use ip_dad_enabled() and ip6_dad_enabled() functions

(ozaki-r)

Use Cm instead of Li or Ar for fixed command strings

(ozaki-r)