From 1ff726c645951cb3b2370e00567a937c2eaf6496 Mon Sep 17 00:00:00 2001 From: mvs Date: Tue, 27 Jul 2021 17:13:03 +0000 Subject: [PATCH] Revert "Use per-CPU counters for tunnel descriptor block" diff. Panic reported by Hrvoje Popovski. --- sys/net/pfkeyv2_convert.c | 21 +++++++-------- sys/netinet/ip_ah.c | 4 +-- sys/netinet/ip_esp.c | 4 +-- sys/netinet/ip_ipcomp.c | 4 +-- sys/netinet/ip_ipsp.c | 7 +---- sys/netinet/ip_ipsp.h | 54 +++++++++++++++----------------------- sys/netinet/ip_output.c | 4 +-- sys/netinet/ipsec_input.c | 15 ++++++----- sys/netinet/ipsec_output.c | 11 ++++---- sys/netinet6/ip6_output.c | 4 +-- 10 files changed, 55 insertions(+), 73 deletions(-) diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index d0faf91f6e6..893a4a146bc 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.73 2021/07/26 23:17:06 mvs Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.74 2021/07/27 17:13:03 mvs Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -960,21 +960,18 @@ export_satype(void **p, struct tdb *tdb) void export_counter(void **p, struct tdb *tdb) { - uint64_t counters[tdb_ncounters]; struct sadb_x_counter *scnt = (struct sadb_x_counter *)*p; - counters_read(tdb->tdb_counters, counters, tdb_ncounters); - scnt->sadb_x_counter_len = sizeof(struct sadb_x_counter) / sizeof(uint64_t); scnt->sadb_x_counter_pad = 0; - scnt->sadb_x_counter_ipackets = counters[tdb_ipackets]; - scnt->sadb_x_counter_opackets = counters[tdb_opackets]; - scnt->sadb_x_counter_ibytes = counters[tdb_ibytes]; - scnt->sadb_x_counter_obytes = counters[tdb_obytes]; - scnt->sadb_x_counter_idrops = counters[tdb_idrops]; - scnt->sadb_x_counter_odrops = counters[tdb_odrops]; - scnt->sadb_x_counter_idecompbytes = counters[tdb_idecompbytes]; - scnt->sadb_x_counter_ouncompbytes = counters[tdb_ouncompbytes]; + scnt->sadb_x_counter_ipackets = tdb->tdb_ipackets; + scnt->sadb_x_counter_opackets = tdb->tdb_opackets; + scnt->sadb_x_counter_ibytes = tdb->tdb_ibytes; + scnt->sadb_x_counter_obytes = tdb->tdb_obytes; + scnt->sadb_x_counter_idrops = tdb->tdb_idrops; + scnt->sadb_x_counter_odrops = tdb->tdb_odrops; + scnt->sadb_x_counter_idecompbytes = tdb->tdb_idecompbytes; + scnt->sadb_x_counter_ouncompbytes = tdb->tdb_ouncompbytes; *p += sizeof(struct sadb_x_counter); } diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 56ee5eda5e9..7c1197488dd 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.153 2021/07/26 23:17:06 mvs Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.154 2021/07/27 17:13:03 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -609,7 +609,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Update the counters. */ ibytes = (m->m_pkthdr.len - skip - hl * sizeof(u_int32_t)); tdb->tdb_cur_bytes += ibytes; - tdbstat_add(tdb, tdb_ibytes, ibytes); + tdb->tdb_ibytes += ibytes; ahstat_add(ahs_ibytes, ibytes); /* Hard expiration. */ diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 641c1153de6..0ff7f0eb076 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.171 2021/07/26 23:17:06 mvs Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.172 2021/07/27 17:13:03 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -426,7 +426,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Update the counters */ ibytes = m->m_pkthdr.len - skip - hlen - alen; tdb->tdb_cur_bytes += ibytes; - tdbstat_add(tdb, tdb_ibytes, ibytes); + tdb->tdb_ibytes += ibytes; espstat_add(esps_ibytes, ibytes); /* Hard expiration */ diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index ce6d028cdb5..c42ee40f7b5 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.73 2021/07/26 23:17:06 mvs Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.74 2021/07/27 17:13:03 mvs Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -213,7 +213,7 @@ ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen /* update the counters */ ibytes = m->m_pkthdr.len - (skip + hlen); tdb->tdb_cur_bytes += ibytes; - tdbstat_add(tdb, tdb_ibytes, ibytes); + tdb->tdb_ibytes += ibytes; ipcompstat_add(ipcomps_ibytes, ibytes); /* Hard expiration */ diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 0df16f3e19e..8140f464c5d 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.243 2021/07/26 23:17:06 mvs Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.244 2021/07/27 17:13:03 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -830,9 +830,6 @@ tdb_alloc(u_int rdomain) tdbp->tdb_rdomain = rdomain; tdbp->tdb_rdomain_post = rdomain; - /* Initialize counters. */ - tdbp->tdb_counters = counters_alloc(tdb_ncounters); - /* Initialize timeouts. */ timeout_set_proc(&tdbp->tdb_timer_tmo, tdb_timeout, tdbp); timeout_set_proc(&tdbp->tdb_first_tmo, tdb_firstuse, tdbp); @@ -885,8 +882,6 @@ tdb_free(struct tdb *tdbp) if ((tdbp->tdb_inext) && (tdbp->tdb_inext->tdb_onext == tdbp)) tdbp->tdb_inext->tdb_onext = NULL; - counters_free(tdbp->tdb_counters, tdb_ncounters); - /* Remove expiration timeouts. */ tdbp->tdb_flags &= ~(TDBF_FIRSTUSE | TDBF_SOFT_FIRSTUSE | TDBF_TIMER | TDBF_SOFT_TIMER); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 4453d410292..5fc42aacc93 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.204 2021/07/26 23:17:07 mvs Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.205 2021/07/27 17:13:03 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -135,6 +135,17 @@ struct ipsecstat { uint64_t ipsec_noxform; /* Crypto error */ }; +struct tdb_data { + uint64_t tdd_ipackets; /* Input IPsec packets */ + uint64_t tdd_opackets; /* Output IPsec packets */ + uint64_t tdd_ibytes; /* Input bytes */ + uint64_t tdd_obytes; /* Output bytes */ + uint64_t tdd_idrops; /* Dropped on input */ + uint64_t tdd_odrops; /* Dropped on output */ + uint64_t tdd_idecompbytes; /* Input bytes, decompressed */ + uint64_t tdd_ouncompbytes; /* Output bytes, uncompressed */ +}; + #ifdef _KERNEL #include @@ -358,8 +369,7 @@ struct tdb { /* tunnel descriptor block */ u_int64_t tdb_last_used; /* When was this SA last used */ u_int64_t tdb_last_marked;/* Last SKIPCRYPTO status change */ - struct cpumem *tdb_counters; /* stats about this TDB */ - + struct tdb_data tdb_data; /* stats about this TDB */ u_int64_t tdb_cryptoid; /* Crypto session ID */ u_int32_t tdb_spi; /* SPI */ @@ -405,37 +415,15 @@ struct tdb { /* tunnel descriptor block */ TAILQ_HEAD(tdb_policy_head, ipsec_policy) tdb_policy_head; TAILQ_ENTRY(tdb) tdb_sync_entry; }; +#define tdb_ipackets tdb_data.tdd_ipackets +#define tdb_opackets tdb_data.tdd_opackets +#define tdb_ibytes tdb_data.tdd_ibytes +#define tdb_obytes tdb_data.tdd_obytes +#define tdb_idrops tdb_data.tdd_idrops +#define tdb_odrops tdb_data.tdd_odrops +#define tdb_idecompbytes tdb_data.tdd_idecompbytes +#define tdb_ouncompbytes tdb_data.tdd_ouncompbytes -enum tdb_counters { - tdb_ipackets, /* Input IPsec packets */ - tdb_opackets, /* Output IPsec packets */ - tdb_ibytes, /* Input bytes */ - tdb_obytes, /* Output bytes */ - tdb_idrops, /* Dropped on input */ - tdb_odrops, /* Dropped on output */ - tdb_idecompbytes, /* Input bytes, decompressed */ - tdb_ouncompbytes, /* Output bytes, uncompressed */ - tdb_ncounters -}; - -static inline void -tdbstat_inc(struct tdb *tdb, enum tdb_counters c) -{ - counters_inc(tdb->tdb_counters, c); -} - -static inline void -tdbstat_add(struct tdb *tdb, enum tdb_counters c, uint64_t v) -{ - counters_add(tdb->tdb_counters, c, v); -} - -static inline void -tdbstat_pkt(struct tdb *tdb, enum tdb_counters pc, enum tdb_counters bc, - uint64_t bytes) -{ - counters_pkt(tdb->tdb_counters, pc, bc, bytes); -} struct tdb_ident { u_int32_t spi; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 984f624b8d5..a739f1fd356 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.373 2021/07/26 23:17:07 mvs Exp $ */ +/* $OpenBSD: ip_output.c,v 1.374 2021/07/27 17:13:03 mvs Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -646,7 +646,7 @@ ip_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route *ro, int fwd) error = ipsp_process_packet(m, tdb, AF_INET, 0); if (error) { ipsecstat_inc(ipsec_odrops); - tdbstat_inc(tdb, tdb_odrops); + tdb->tdb_odrops++; } return error; } diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index a982624aeec..eb0fd6f7b6e 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.178 2021/07/26 23:17:07 mvs Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.179 2021/07/27 17:13:03 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -350,7 +350,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, tdbp->tdb_soft_first_use); } - tdbstat_pkt(tdbp, tdb_ipackets, tdb_ibytes, m->m_pkthdr.len); + tdbp->tdb_ipackets++; + tdbp->tdb_ibytes += m->m_pkthdr.len; /* * Call appropriate transform and return -- callback takes care of @@ -359,14 +360,14 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, error = (*(tdbp->tdb_xform->xf_input))(m, tdbp, skip, protoff); if (error) { ipsecstat_inc(ipsec_idrops); - tdbstat_inc(tdbp, tdb_idrops); + tdbp->tdb_idrops++; } return error; drop: ipsecstat_inc(ipsec_idrops); if (tdbp != NULL) - tdbstat_inc(tdbp, tdb_idrops); + tdbp->tdb_idrops++; m_freem(m); return error; } @@ -435,14 +436,14 @@ ipsec_input_cb(struct cryptop *crp) if (error) { ipsecstat_inc(ipsec_idrops); - tdbstat_inc(tdb, tdb_idrops); + tdb->tdb_idrops++; } return; drop: ipsecstat_inc(ipsec_idrops); if (tdb != NULL) - tdbstat_inc(tdb, tdb_idrops); + tdb->tdb_idrops++; free(tc, M_XDATA, 0); m_freem(m); crypto_freereq(crp); @@ -687,7 +688,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) m->m_flags |= M_TUNNEL; ipsecstat_add(ipsec_idecompbytes, m->m_pkthdr.len); - tdbstat_add(tdbp, tdb_idecompbytes, m->m_pkthdr.len); + tdbp->tdb_idecompbytes += m->m_pkthdr.len; #if NBPFILTER > 0 if ((encif = enc_getif(tdbp->tdb_rdomain_post, tdbp->tdb_tap)) != NULL) { diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 2a882eb0928..9fb432a7c25 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.85 2021/07/26 23:17:07 mvs Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.86 2021/07/27 17:13:03 mvs Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -365,7 +365,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } ipsecstat_add(ipsec_ouncompbytes, m->m_pkthdr.len); - tdbstat_add(tdb, tdb_ouncompbytes, m->m_pkthdr.len); + tdb->tdb_ouncompbytes += m->m_pkthdr.len; /* Non expansion policy for IPCOMP */ if (tdb->tdb_sproto == IPPROTO_IPCOMP) { @@ -451,13 +451,13 @@ ipsec_output_cb(struct cryptop *crp) if (error) { ipsecstat_inc(ipsec_odrops); - tdbstat_inc(tdb, tdb_odrops); + tdb->tdb_odrops++; } return; drop: if (tdb != NULL) - tdbstat_inc(tdb, tdb_odrops); + tdb->tdb_odrops++; m_freem(m); free(tc, M_XDATA, 0); crypto_freereq(crp); @@ -585,7 +585,8 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) ipsecstat_inc(ipsec_opackets); ipsecstat_add(ipsec_obytes, m->m_pkthdr.len); - tdbstat_pkt(tdb, tdb_opackets, tdb_obytes, m->m_pkthdr.len); + tdb->tdb_opackets++; + tdb->tdb_obytes += m->m_pkthdr.len; /* If there's another (bundled) TDB to apply, do so. */ if (tdb->tdb_onext) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index d830a0ec827..fe75a0d08fa 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.259 2021/07/26 23:17:07 mvs Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.260 2021/07/27 17:13:03 mvs Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -2872,7 +2872,7 @@ ip6_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route_in6 *ro, error = ipsp_process_packet(m, tdb, AF_INET6, tunalready); if (error) { ipsecstat_inc(ipsec_odrops); - tdbstat_inc(tdb, tdb_odrops); + tdb->tdb_odrops++; } return error; } -- 2.20.1