11.1/releng-p12.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(版本 335465)
 +++ UPDATING	(版本 337395)
 @@ -16,6 +16,10 @@
  the tip of head, and then rebuild without this option. The bootstrap process
  from older version of current across the gcc/clang cutover is a bit fragile.

 +20180806	p12	FreeBSD-SA-18:08.tcp
 +
 +	Fix resource exhaustion in TCP reassembly.
 +
  20180621	p11	FreeBSD-SA-18:07.lazyfpu
  			FreeBSD-EN-18:07.pmap

 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(版本 335465)
 +++ sys/conf/newvers.sh	(版本 337395)
 @@ -44,7 +44,7 @@

  TYPE="FreeBSD"
  REVISION="11.1"
 -BRANCH="RELEASE-p11"
 +BRANCH="RELEASE-p12"
  if [ -n "${BRANCH_OVERRIDE}" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
 Index: sys/netinet/tcp_reass.c
 ===================================================================
 --- sys/netinet/tcp_reass.c	(版本 335465)
 +++ sys/netinet/tcp_reass.c	(版本 337395)
 @@ -89,6 +89,11 @@
      &tcp_reass_zone,
      "Global number of TCP Segments currently in Reassembly Queue");

 +static u_int tcp_reass_maxqueuelen = 100;
 +SYSCTL_UINT(_net_inet_tcp_reass, OID_AUTO, maxqueuelen, CTLFLAG_RWTUN,
 +    &tcp_reass_maxqueuelen, 0,
 +    "Maximum number of TCP Segments per Reassembly Queue");
 +
  /* Initialize TCP reassembly queue */
  static void
  tcp_reass_zone_change(void *tag)
 @@ -168,6 +173,10 @@
  	 * socket receive buffer determines our advertised window and grows
  	 * automatically when socket buffer autotuning is enabled. Use it as the
  	 * basis for our queue limit.
 +	 *
 +	 * However, allow the user to specify a ceiling for the number of
 +	 * segments in each queue.
 +	 *
  	 * Always let the missing segment through which caused this queue.
  	 * NB: Access to the socket buffer is left intentionally unlocked as we
  	 * can tolerate stale information here.
 @@ -178,7 +187,8 @@
  	 * is understood.
  	 */
  	if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
 -	    tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) {
 +	    tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
 +	    tcp_reass_maxqueuelen)) {
  		TCPSTAT_INC(tcps_rcvreassfull);
  		*tlenp = 0;
  		if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) {
 Index: sys/x86/xen/xen_apic.c
 ===================================================================
 --- sys/x86/xen/xen_apic.c	(版本 335465)
 +++ sys/x86/xen/xen_apic.c	(版本 337395)
 @@ -41,6 +41,7 @@
  #include <machine/cpufunc.h>
  #include <machine/cpu.h>
  #include <machine/intr_machdep.h>
 +#include <machine/md_var.h>
  #include <machine/smp.h>

  #include <x86/apicreg.h>
 @@ -439,6 +440,46 @@
  	invltlb_pcid_handler();
  	return (FILTER_HANDLED);
  }
 +
 +static int
 +xen_invltlb_invpcid_pti(void *arg)
 +{
 +
 +	invltlb_invpcid_pti_handler();
 +	return (FILTER_HANDLED);
 +}
 +
 +static int
 +xen_invlpg_invpcid_handler(void *arg)
 +{
 +
 +	invlpg_invpcid_handler();
 +	return (FILTER_HANDLED);
 +}
 +
 +static int
 +xen_invlpg_pcid_handler(void *arg)
 +{
 +
 +	invlpg_pcid_handler();
 +	return (FILTER_HANDLED);
 +}
 +
 +static int
 +xen_invlrng_invpcid_handler(void *arg)
 +{
 +
 +	invlrng_invpcid_handler();
 +	return (FILTER_HANDLED);
 +}
 +
 +static int
 +xen_invlrng_pcid_handler(void *arg)
 +{
 +
 +	invlrng_pcid_handler();
 +	return (FILTER_HANDLED);
 +}
  #endif

  static int
 @@ -529,8 +570,18 @@

  #ifdef __amd64__
  	if (pmap_pcid_enabled) {
 -		xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter = invpcid_works ?
 -		    xen_invltlb_invpcid : xen_invltlb_pcid;
 +		if (pti)
 +			xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter =
 +			    invpcid_works ? xen_invltlb_invpcid_pti :
 +			    xen_invltlb_pcid;
 +		else
 +			xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter =
 +			    invpcid_works ? xen_invltlb_invpcid :
 +			    xen_invltlb_pcid;
 +		xen_ipis[IPI_TO_IDX(IPI_INVLPG)].filter = invpcid_works ?
 +		    xen_invlpg_invpcid_handler : xen_invlpg_pcid_handler;
 +		xen_ipis[IPI_TO_IDX(IPI_INVLRNG)].filter = invpcid_works ?
 +		    xen_invlrng_invpcid_handler : xen_invlrng_pcid_handler;
  	}
  #endif
  	CPU_FOREACH(i)
 Index: share/man/man4/tcp.4
 ===================================================================
 --- share/man/man4/tcp.4	(版本 335465)
 +++ share/man/man4/tcp.4	(版本 337395)
 @@ -445,6 +445,20 @@
  Reseeding should not be necessary, and will break
  .Dv TIME_WAIT
  recycling for a few minutes.
 +.It Va reass.cursegments
 +The current total number of segments present in all reassembly queues.
 +.It Va reass.maxsegments
 +The maximum limit on the total number of segments across all reassembly
 +queues.
 +The limit can be adjusted as a tunable.
 +.It Va reass.maxqueuelen
 +The maximum number of segments allowed in each reassembly queue.
 +By default, the system chooses a limit based on each TCP connection's
 +receive buffer size and maximum segment size (MSS).
 +The actual limit applied to a session's reassembly queue will be the lower of
 +the system-calculated automatic limit and the user-specified
 +.Va reass.maxqueuelen
 +limit.
  .It Va rexmit_min , rexmit_slop
  Adjust the retransmit timer calculation for
  .Tn TCP .
	Index: UPDATING
	===================================================================
	--- UPDATING (版本 335465)
	+++ UPDATING (版本 337395)
	@@ -16,6 +16,10 @@
	the tip of head, and then rebuild without this option. The bootstrap process
	from older version of current across the gcc/clang cutover is a bit fragile.

	+20180806 p12 FreeBSD-SA-18:08.tcp
	+
	+ Fix resource exhaustion in TCP reassembly.
	+
	20180621 p11 FreeBSD-SA-18:07.lazyfpu
	FreeBSD-EN-18:07.pmap

	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (版本 335465)
	+++ sys/conf/newvers.sh (版本 337395)
	@@ -44,7 +44,7 @@

	TYPE="FreeBSD"
	REVISION="11.1"
	-BRANCH="RELEASE-p11"
	+BRANCH="RELEASE-p12"
	if [ -n "${BRANCH_OVERRIDE}" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi
	Index: sys/netinet/tcp_reass.c
	===================================================================
	--- sys/netinet/tcp_reass.c (版本 335465)
	+++ sys/netinet/tcp_reass.c (版本 337395)
	@@ -89,6 +89,11 @@
	&tcp_reass_zone,
	"Global number of TCP Segments currently in Reassembly Queue");

	+static u_int tcp_reass_maxqueuelen = 100;
	+SYSCTL_UINT(_net_inet_tcp_reass, OID_AUTO, maxqueuelen, CTLFLAG_RWTUN,
	+ &tcp_reass_maxqueuelen, 0,
	+ "Maximum number of TCP Segments per Reassembly Queue");
	+
	/* Initialize TCP reassembly queue */
	static void
	tcp_reass_zone_change(void *tag)
	@@ -168,6 +173,10 @@
	* socket receive buffer determines our advertised window and grows
	* automatically when socket buffer autotuning is enabled. Use it as the
	* basis for our queue limit.
	+ *
	+ * However, allow the user to specify a ceiling for the number of
	+ * segments in each queue.
	+ *
	* Always let the missing segment through which caused this queue.
	* NB: Access to the socket buffer is left intentionally unlocked as we
	* can tolerate stale information here.
	@@ -178,7 +187,8 @@
	* is understood.
	*/
	if ((th->th_seq != tp->rcv_nxt \|\| !TCPS_HAVEESTABLISHED(tp->t_state)) &&
	- tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) {
	+ tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
	+ tcp_reass_maxqueuelen)) {
	TCPSTAT_INC(tcps_rcvreassfull);
	*tlenp = 0;
	if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) {
	Index: sys/x86/xen/xen_apic.c
	===================================================================
	--- sys/x86/xen/xen_apic.c (版本 335465)
	+++ sys/x86/xen/xen_apic.c (版本 337395)
	@@ -41,6 +41,7 @@
	#include <machine/cpufunc.h>
	#include <machine/cpu.h>
	#include <machine/intr_machdep.h>
	+#include <machine/md_var.h>
	#include <machine/smp.h>

	#include <x86/apicreg.h>
	@@ -439,6 +440,46 @@
	invltlb_pcid_handler();
	return (FILTER_HANDLED);
	}
	+
	+static int
	+xen_invltlb_invpcid_pti(void *arg)
	+{
	+
	+ invltlb_invpcid_pti_handler();
	+ return (FILTER_HANDLED);
	+}
	+
	+static int
	+xen_invlpg_invpcid_handler(void *arg)
	+{
	+
	+ invlpg_invpcid_handler();
	+ return (FILTER_HANDLED);
	+}
	+
	+static int
	+xen_invlpg_pcid_handler(void *arg)
	+{
	+
	+ invlpg_pcid_handler();
	+ return (FILTER_HANDLED);
	+}
	+
	+static int
	+xen_invlrng_invpcid_handler(void *arg)
	+{
	+
	+ invlrng_invpcid_handler();
	+ return (FILTER_HANDLED);
	+}
	+
	+static int
	+xen_invlrng_pcid_handler(void *arg)
	+{
	+
	+ invlrng_pcid_handler();
	+ return (FILTER_HANDLED);
	+}
	#endif

	static int
	@@ -529,8 +570,18 @@

	#ifdef __amd64__
	if (pmap_pcid_enabled) {
	- xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter = invpcid_works ?
	- xen_invltlb_invpcid : xen_invltlb_pcid;
	+ if (pti)
	+ xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter =
	+ invpcid_works ? xen_invltlb_invpcid_pti :
	+ xen_invltlb_pcid;
	+ else
	+ xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter =
	+ invpcid_works ? xen_invltlb_invpcid :
	+ xen_invltlb_pcid;
	+ xen_ipis[IPI_TO_IDX(IPI_INVLPG)].filter = invpcid_works ?
	+ xen_invlpg_invpcid_handler : xen_invlpg_pcid_handler;
	+ xen_ipis[IPI_TO_IDX(IPI_INVLRNG)].filter = invpcid_works ?
	+ xen_invlrng_invpcid_handler : xen_invlrng_pcid_handler;
	}
	#endif
	CPU_FOREACH(i)
	Index: share/man/man4/tcp.4
	===================================================================
	--- share/man/man4/tcp.4 (版本 335465)
	+++ share/man/man4/tcp.4 (版本 337395)
	@@ -445,6 +445,20 @@
	Reseeding should not be necessary, and will break
	.Dv TIME_WAIT
	recycling for a few minutes.
	+.It Va reass.cursegments
	+The current total number of segments present in all reassembly queues.
	+.It Va reass.maxsegments
	+The maximum limit on the total number of segments across all reassembly
	+queues.
	+The limit can be adjusted as a tunable.
	+.It Va reass.maxqueuelen
	+The maximum number of segments allowed in each reassembly queue.
	+By default, the system chooses a limit based on each TCP connection's
	+receive buffer size and maximum segment size (MSS).
	+The actual limit applied to a session's reassembly queue will be the lower of
	+the system-calculated automatic limit and the user-specified
	+.Va reass.maxqueuelen
	+limit.
	.It Va rexmit_min , rexmit_slop
	Adjust the retransmit timer calculation for
	.Tn TCP .