[clang-format] treat continuation as indent for aligned lines (#191217)
This allows to inherit tabbed indent from the lines we break by the
lines we want to align. Thus in the AlignWithSpaces mode aligned lines
do not generate smaller indent than those they are aligned to.
raw ip: move hash table manipulation to inpcb layer
The SOCK_RAW socket is a multiple receiver socket by its definition. An
incoming packet may be copied to multiple sockets. Thus, incoming packet
handling is expensive. Systems with many thousands of raw sockets usually
have them connect(2)-ed to different destinations. This allows for some
improvement of the input handling, which was introduced by 9ed324c9a588
back in 2008. This optimization was made specifically for L2TP/PPTP VPN
concentrators based on ports/net/mpd5.
This change generalizes the idea of 9ed324c9a588, so that it potentially
can be used with IPv6 raw sockets. This also eliminates last use of the
pcbinfo hash lock outside of in_pcb.c.
While here make a speculative design decision: put into the hash table
sockets that did only connect(2). Previously, we were indexing only
sockets that were protocol bound, did bind(2) and did connect(2). My
speculation is that only the remote IP provides some real entropy into the
hash and local address and proto are expected to be the same for majority
[4 lines not shown]
inpcb: move local address assignment out of in_pcbdisconnect()
The logic of clearing local address at the protocol level makes sense. It
is feature of UDP, not of any protocol, that local address is cleared on
disconnect. This code can be tracked down to pre-FreeBSD times.
For example, for TCP we want a disconnected socket to return previously
used local address with getsockname(2). The TCP has successfully evaded
that by not calling in_pcbdisconnect() and calling in_pcbdetach() in the
very old code and in_pcbdrop() later. After D55661 TCP again has this
potential bug masked. Better make it right than rely on such
unintentional evasions.
The raw IP sockets don't use in_pcbdisconnect(), but they are going to in
the near future. If in_pcbdisconnect() clears local address for them,
that would be a larger bug than just getsockname(). A raw socket may be
bound with bind(2) and then connect(2)ed, and then disconnected, e.g.
connect(INADDR_ANY). And when we run raw IP socket through
in_pcbdisconnect() we don't want to lose local address.
[6 lines not shown]
[Clang][diagtool] Fix memory leak in ShowEnabledWarnings (#191711)
Fix 136-byte memory leak introduced in commit 6dc059ac3c7c. Before
that commit, the TextDiagnosticBuffer was passed to DiagnosticsEngine
constructor which took ownership and managed its lifetime. After the
refactoring, the buffer is no longer passed to DiagnosticsEngine, so
it becomes an orphaned allocation that is never freed. Changed to use
std::unique_ptr for automatic cleanup.
[llubi] Fix invalid printf format specifier for %c (#191713)
Fix ASAN warning about unexpected format specifier %llc introduced
in commit f149ab665a4b. The 'c' format specifier should not have the
'll' length modifier. Separated the 'c' case to use the correct format
without the length modifier, casting to int as required by the standard.
inpcb: retire INP_DROPPED and in_pcbdrop()
The inpcb flag INP_DROPPED served two purposes.
It was used by TCP and subsystems running on top of TCP as a flag that
marks a connection that is now in TCPS_CLOSED, but was in some other state
before (not a new-born connection). Create a new TCP flag TF_DISCONNECTED
for this purpose.
The in_pcbdrop() was a TCP's version of in_pcbdisconnect() that also sets
INP_DROPPED. Use in_pcbdisconnect() instead.
Second purpose of INP_DROPPED was a negative lookup mask in
inp_smr_lock(), as SMR-protected lookup may see inpcbs that had been
removed from the hash. We already have had INP_INHASHLIST that marks
inpcb that is in hash. Convert it into INP_UNCONNECTED with the opposite
meaning. This allows to combine it with INP_FREED for the negative lookup
mask.
[7 lines not shown]
netinet6: remove INP_DROPPED checks from setsockopt(2)
The INP_DROPPED is going to become an internal flag for inpcb. As of now
it means a TCP pcb that is in TCPS_CLOSED. There is nothing wrong with
calling setsockopt(2) on such socket, although has no practical use.
This deletes a piece of code from 56713d16a06c5 / D16201. There is no
description of the panic fixed, but I will speculate that the panic was
about in6p->in6p_outputopts being NULL as the inpcb already went through
in_pcbfree_deferred(). This also can be related to compressed TIME-WAIT,
that is also gone now.
With current locking this shouldn't be possible. An inpcb goes through
in_pcbfree() only with pr_detach method, which is called from sofree(),
and the latter is called on losing the very last socket reference. So, at
the point when in_pcbfree() is called, the socket has lost its file
descriptor reference and there can not be any running setsockopt() on it.
Leave the call to ip6_pcbopt() still embraced with INP_WLOCK(), since we
[9 lines not shown]
inpcb: make in_pcbdisconnect() acquire the hash lock internally
Should be no functional change.
Reviewed by: pouria, markj
Differential Revision: https://reviews.freebsd.org/D55968
inpcb: retire the inpcb global list
The iteration over all pcbs is possible without the global list. The
newborn inpcbs are put on a global list of unconnected inpcbs, then after
connect(2) or bind(2) they move to respective hash slot list.
This adds a bit of complexity to inp_next(), but the storage scheme is
actually simplified.
One potential problem before this change was that a couple of pcbs fall
into the same hash slot and are linked A->B there, but they also sit next
to each other in the global list, linked as B->A. This can deadlock of
course. The problem was never observed in the wild, but I was able to
instrument it with lots of effort: just few pcbs in the system, hash size
reduced down to 2 and a lot of repetitive calls into two kinds of
iterators.
However the main motivation is not the above problem, but make a step
towards splitting the big hash lock into per-slot locks.
[2 lines not shown]
inpcb: retire the inpcbinfo list lock
With the SMR locking of inpcbs the use of this lock reduced down to the
global list and generation number. It was used only on an inpcb creation
and destruction. Use the inpcbinfo hash lock for this purpose.
Reviewed by: pouria, rrs, markj
Differential Revision: https://reviews.freebsd.org/D55966
inpcb: apply smr_advance(9)/smr_wait(9) trick only to reusable sockets
The protocols marked with PR_CONNREQUIRED can never go through pr_connect
after being disconnected. This is a tiny improvement of fdb987bebddf0.
While here push clearing of the addresses under the same condition.
Although this clearing originates from pre-FreeBSD times, it actually
makes sense only for protocols that can reconnect.
Reviewed by: pouria, markj
Differential Revision: https://reviews.freebsd.org/D55661
Security update to vaultwarden-1.35.5
This release contains security fixes for the following advisories:
- GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization
Vault
- GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read
And Write Access Into Another Organization
- GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp
rotation
Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.5
Services: Kea DHCP: Kea DHCPv6 - fix "Delegated length must be longer than or equal to prefix length" validation, closes https://github.com/opnsense/core/issues/10146
While here, also fix a prefix validation (when x::/64 is specified for example).
wsp(4): Make evdev interface operational if sysmouse one is not opened
Before this change evdev interface sent only copy of data sent through
the sysmouse interface. It worked as /dev/wsp0 device node was
automatcaly opened by devd(8) with starting of moused(8).
Starting with 15.0 moused(8) does not open sysmouse interface by default
thus making wsp(4) device dysfunctional.
Fix it with adding extra checks of interfaces state.
MFC after: 1 week
wsp(4): Do not handle pressure on non-ForceTouch devices
They always report it value as zero breaking pressure-driven drivers
like moused(8) and xf86-input-synaptics.
MFC after: 1 week
