netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and esca

netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.

Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days

(cherry picked from commit 393729916564ed13f966e09129a24e6931898d12)
(cherry picked from commit 9f600a260a738d87015b2e9722b7b4f228cbd47d)

Approved by: so, re (implicit)

show more ...

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/c

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
(cherry picked from commit 9df8dd3ea36c8b3abe8fc182647472ca9cd83efd)

Approved by: so, re (implicit)

show more ...

netmap: fix memory leak in NETMAP_REQ_PORT_INFO_GET

The netmap_ioctl() function has a reference counting bug in case of
NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`,
the function

netmap: fix memory leak in NETMAP_REQ_PORT_INFO_GET

The netmap_ioctl() function has a reference counting bug in case of
NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`,
the function does not decrease the refcount of "nmd", which is
increased by netmap_mem_find(), causing a refcount leak.

Reported by: Xiyu Yang <[email protected]>
Submitted by: Carl Smith <[email protected]>
MFC after: 3 days
PR: 254311

(cherry picked from commit 0ab5902e8ad93d0a9341dcce386b6c571ee02173)

show more ...

netmap: Stop printing a line to the dmesg in netmap_init()

netmap is compiled into the kernel by default so initialization was
always reported, and netmap uses a formatting convention not used in th

netmap: Stop printing a line to the dmesg in netmap_init()

netmap is compiled into the kernel by default so initialization was
always reported, and netmap uses a formatting convention not used in the
rest of the kernel.

Reviewed by: vmaffione
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29099

(cherry picked from commit fef845097190f0ecb783d6c75a9398c4e4a4c0e1)

show more ...

netmap: simplify parameter passing

Changes imported from the netmap github.

(cherry picked from commit ee0005f11f2b38a714bc66b7d79832108f6fee77)

netmap: restore hwofs and support it in iflib

Restore the hwofs functionality temporarily disabled by
7ba6ecf216fb15e8b147db2 to prevent issues with iflib.
This patch brings the necessary changes to

netmap: restore hwofs and support it in iflib

Restore the hwofs functionality temporarily disabled by
7ba6ecf216fb15e8b147db2 to prevent issues with iflib.
This patch brings the necessary changes to iflib to
enable howfs to allow interface restarts without
disrupting netmap applications actively using its
rings.
After this change, it becomes possible for multiple
non-cooperating netmap applications to use non-overlapping
subsets of the available netmap rings without clashing
with each other.

PR: 252453
MFC after: 1 week

show more ...

netmap: vtnet: enable/disable krings on any interface reinit

See 3d65fd97e85ab807f3b for a detailed explanation.

PR: 252453
MFC after: 1 week

netmap: refactor netmap_reset

The netmap_reset() function is meant to be called by the driver
when they initialize (or re-initialize) a hardware ring.
However, since the introduction of support for

netmap: refactor netmap_reset

The netmap_reset() function is meant to be called by the driver
when they initialize (or re-initialize) a hardware ring.
However, since the introduction of support for opening (in
netmap mode) a subset of the available rings, netmap_reset()
may be called multiple times on actively used rings, causing
both kring and netmap ring to transition to an inconsistent
state.
This changes improves the situation by resetting all the
indices fields of the kring to 0, as expected after the
reinitialization of a hardware ring.

PR: 252518
MFC after: 1 week

show more ...

netmap: iflib: stop krings during interface reset

When different processes open separate subsets of the
available rings of a same netmap interface, a device
reset may be performed while one of the p

netmap: iflib: stop krings during interface reset

When different processes open separate subsets of the
available rings of a same netmap interface, a device
reset may be performed while one of the processes
is actively using some rings (e.g., caused by another
process executing a nmport_open()).
With this patch, such situation will cause the
active process to get a POLLERR, so that it can
have a chance to detect the situation.
We also guarantee that no process is running a txsync
or rxsync (ioctl or poll) while an iflib device reset
is in progress.

PR: 252453
MFC after: 1 week

show more ...

netmap: use FreeBSD guards for epoch calls

EPOCH calls are FreeBSD specific. Use guards to protect these, so
that the code can compile under Linux.

MFC after: 1 week

Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly mark

Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.

This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Mark all obvious cases as MPSAFE. All entries that haven't been marked
as MPSAFE before are by default marked as NEEDGIANT

Approved by: kib (mentor, blanket)
Commented by: kib, gallatin, melifaro
Differential Revision: https://reviews.freebsd.org/D23718

show more ...

In netmap() call ether_input() within the network epoch.

netmap: minor misc improvements

- use ring->head rather than ring->cur in lb(8)
- use strlcat() rather than strncat()
- fix bandwidth computation in pkt-gen(8)

MFC after: 1 week

netmap: import changes from upstream (SHA 137f537eae513)

- Rework option processing.
- Use larger integers for memory size values in the
memory management code.

MFC after: 2 weeks

netmap: add support for multiple host rings

Some applications forward from/to host rings most or all the
traffic received or sent on a physical interface. In this
cases it is desirable to have more

netmap: add support for multiple host rings

Some applications forward from/to host rings most or all the
traffic received or sent on a physical interface. In this
cases it is desirable to have more than a pair of RX/TX host
rings, and use multiple threads to speed up forwarding.
This change adds support for multiple host rings. On registering
a netmap port, the user can specify the number of desired receive
and transmit host rings in the nr_host_tx_rings and nr_host_rx_rings
fields of the nmreq_register structure.

MFC after: 2 weeks

show more ...

netmap: revert netmap_attach_ext() to pre-r343772

Reported by: marius
MFC after: 1 week

netmap: refactor logging macros and pipes

Changelist:
- Replace ND, D and RD macros with nm_prdis, nm_prinf, nm_prerr
and nm_prlim, to avoid possible naming conflicts.
- Add netmap_kri

netmap: refactor logging macros and pipes

Changelist:
- Replace ND, D and RD macros with nm_prdis, nm_prinf, nm_prerr
and nm_prlim, to avoid possible naming conflicts.
- Add netmap_krings_mode_commit() helper function and use that
to reduce code duplication.
- Refactor pipes control code to export some functions that
can be reused by the veth driver (on Linux) and epair(4).
- Add check to reject API requests with version less than 11.
- Small code refactoring for the null adapter.

MFC after: 1 week

show more ...

netmap: upgrade sync-kloop support

Add SYNC_KLOOP_MODE option, and add support for direct mode, where application
executes the TXSYNC and RXSYNC in the context of the ioeventfd wake up callback.

MF

netmap: upgrade sync-kloop support

Add SYNC_KLOOP_MODE option, and add support for direct mode, where application
executes the TXSYNC and RXSYNC in the context of the ioeventfd wake up callback.

MFC after: 5 days

show more ...

netmap: fix lock order reversal related to kqueue usage

When using poll(), select() or kevent() on netmap file descriptors,
netmap executes the equivalent of NIOCTXSYNC and NIOCRXSYNC commands,
befo

netmap: fix lock order reversal related to kqueue usage

When using poll(), select() or kevent() on netmap file descriptors,
netmap executes the equivalent of NIOCTXSYNC and NIOCRXSYNC commands,
before collecting the events that are ready. In other words, the
poll/kevent callback has side effects. This is done to avoid the
overhead of two system call per iteration (e.g., poll() + ioctl(NIOC*XSYNC)).

When the kqueue subsystem invokes the kqueue(9) f_event callback
(netmap_knrw), it holds the lock of the struct knlist object associated
to the netmap port (the lock is provided at initialization, by calling
knlist_init_mtx).
However, netmap_knrw() may need to wake up another netmap port (or even
the same one), which means that it may need to call knote().
Since knote() needs the lock of the struct knlist object associated to
the to-be-wake-up netmap port, it is possible to have a lock order reversal
problem (AB/BA deadlock).

This change prevents the deadlock by executing the knote() call in a
per-selinfo taskqueue, where it is possible to hold a mutex.

Reviewed by: aleksandr.fedorov_itglobal.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D18956

show more ...

netmap: fix knote() argument to match the mutex state

The nm_os_selwakeup function needs to call knote() to wake up kqueue(9)
users. However, this function can be called from different code paths,
w

netmap: fix knote() argument to match the mutex state

The nm_os_selwakeup function needs to call knote() to wake up kqueue(9)
users. However, this function can be called from different code paths,
with different lock requirements.
This patch fixes the knote() call argument to match the relavant lock state.
Also, comments have been updated to reflect current code.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219846
Reported by: Aleksandr Fedorov <[email protected]>
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D18876

show more ...

netmap: fix txsync check in netmap poll

To check if txsync can be skipped, it is necessary to look for
unseen TX space. However, this means comparing ring->cur
against ring->tail, rather than ring->

netmap: fix txsync check in netmap poll

To check if txsync can be skipped, it is necessary to look for
unseen TX space. However, this means comparing ring->cur
against ring->tail, rather than ring->head against ring->tail
(like nm_ring_empty() does).
This change also adds some more comments to explain the optimization
performed at the beginning of netmap_poll().

MFC after: 3 days
Sponsored by: Sunny Valley Networks

show more ...

netmap: fix bug in netmap_poll() optimization

The bug was introduced by r339639, although it is present in the upstream
netmap code since 2015. It is due to resetting the want_rx variable to
POLLIN,

netmap: fix bug in netmap_poll() optimization

The bug was introduced by r339639, although it is present in the upstream
netmap code since 2015. It is due to resetting the want_rx variable to
POLLIN, rather than resetting it to POLLIN|POLLRDNORM.
It only affects select(), which uses POLLRDNORM. poll() is not affected,
because it uses POLLIN.
Also, it only affects FreeBSD, because Linux skips the optimization
implemented by the piece of code where the bug occurs.

MFC after: 3 days
Sponsored by: Sunny Valley Networks

show more ...

netmap: move buf_size validation code to its own function

This code validates the netmap buf_size against the interface MTU
and maximum descriptor size, to make sure the values are consistent.
Movin

netmap: move buf_size validation code to its own function

This code validates the netmap buf_size against the interface MTU
and maximum descriptor size, to make sure the values are consistent.
Moving this functionality to its own function is needed because this
function is also called by Linux-specific code.

MFC after: 3 days

show more ...

netmap: netmap_transmit should honor bpf packet tap hook

This allows tcpdump to capture outbound kernel packets while
in netmap mode

Submitted by: Marc de la Gueronniere <mdelagueronniere@verisign.

netmap: netmap_transmit should honor bpf packet tap hook

This allows tcpdump to capture outbound kernel packets while
in netmap mode

Submitted by: Marc de la Gueronniere <[email protected]>
Reviewed by: vmaffione
MFC after: 1 week
Sponsored by: Verisign, Inc.
Differential Revision: https://reviews.freebsd.org/D17896

show more ...

netmap: align codebase to the current upstream (760279cfb2730a585)

Changelist:
- Replace netmap passthrough host support with a more general
mechanism to call TXSYNC/RXSYNC from an in-kernel e

netmap: align codebase to the current upstream (760279cfb2730a585)

Changelist:
- Replace netmap passthrough host support with a more general
mechanism to call TXSYNC/RXSYNC from an in-kernel event-loop.
No kernel threads are used to use this feature: the application
is required to spawn a thread (or a process) and issue a
SYNC_KLOOP_START (NIOCCTRL) command in the thread body. The
kernel loop is executed by the ioctl implementation, which returns
to userspace only when a different thread calls SYNC_KLOOP_STOP
or the netmap file descriptor is closed.
- Update the if_ptnet driver to cope with the new data structures,
and prune all the obsolete ptnetmap code.
- Add support for "null" netmap ports, useful to allocate netmap_if,
netmap_ring and netmap buffers to be used by specialized applications
(e.g. hypervisors). TXSYNC/RXSYNC on these ports have no effect.
- Various fixes and code refactoring.

Sponsored by: Sunny Valley Networks
Differential Revision: https://reviews.freebsd.org/D18015

show more ...