Page MenuHomeFreeBSD

Mark vnet loader tunnables with CTLFLAG_NOFETCH
ClosedPublic

Authored by zlei on Aug 21 2023, 2:35 PM.
Tags
None
Referenced Files
F107041182: D41525.id127168.diff
Thu, Jan 9, 8:43 AM
Unknown Object (File)
Fri, Dec 13, 5:02 AM
Unknown Object (File)
Nov 21 2024, 10:24 AM
Unknown Object (File)
Nov 21 2024, 10:24 AM
Unknown Object (File)
Nov 14 2024, 2:23 PM
Unknown Object (File)
Nov 13 2024, 10:54 PM
Unknown Object (File)
Sep 28 2024, 4:12 AM
Unknown Object (File)
Sep 27 2024, 12:40 PM

Details

Summary

With recent change D39638, the flag CTLFLAG_VNET can no longer prevent kernel from fetching value from kernel environment, mark vnet loader tunnables with CTLFLAG_NOFETCH to restore the previous behavior.

Fixes: D39638 sysctl(9): Enable vnet sysctl variables to be loader tunable
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Could you explain what the problem is?

Could you explain what the problem is?

The original comment is in D39638.

This may tigger panic if SYSCTL nodes are declared with SYSCTL_PROC and without flag CTLFLAG_NOFETCH, such as

SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow,
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE,
    &VNET_NAME(carp_allow), 0, carp_allow_sysctl, "I",
    "Accept incoming CARP packets");

in sys/netinet/ip_carp.c .

I will post separated fixes for them.

Maybe it is better that SYSCTL_PROC be refined to include flag CTLFLAG_NOFETCH

/* Oid for a procedure.  Specified by a pointer and an arg. */
 #define        SYSCTL_PROC(parent, nbr, name, access, ptr, arg, handler, fmt, descr) \
-       SYSCTL_OID(parent, nbr, name, (access),                         \
+       SYSCTL_OID(parent, nbr, name, CTLFLAG_NOFETCH | (access),                               \
            ptr, arg, handler, fmt, descr);                             \
        CTASSERT(((access) & CTLTYPE) != 0)
 
@@ -821,7 +821,7 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry);
 ({                                                                     \
        CTASSERT(((access) & CTLTYPE) != 0);                            \
        SYSCTL_ENFORCE_FLAGS(access);                                   \
-       sysctl_add_oid(ctx, parent, nbr, name, (access),                \
+       sysctl_add_oid(ctx, parent, nbr, name, CTLFLAG_NOFETCH | (access),              \
            (ptr), (arg), (handler), (fmt), __DESCR(descr), NULL);      \
 })
In D41525#946280, @zlei wrote:

Maybe it is better that SYSCTL_PROC be refined to include flag CTLFLAG_NOFETCH

/* Oid for a procedure.  Specified by a pointer and an arg. */
 #define        SYSCTL_PROC(parent, nbr, name, access, ptr, arg, handler, fmt, descr) \
-       SYSCTL_OID(parent, nbr, name, (access),                         \
+       SYSCTL_OID(parent, nbr, name, CTLFLAG_NOFETCH | (access),                               \
            ptr, arg, handler, fmt, descr);                             \
        CTASSERT(((access) & CTLTYPE) != 0)
 
@@ -821,7 +821,7 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry);
 ({                                                                     \
        CTASSERT(((access) & CTLTYPE) != 0);                            \
        SYSCTL_ENFORCE_FLAGS(access);                                   \
-       sysctl_add_oid(ctx, parent, nbr, name, (access),                \
+       sysctl_add_oid(ctx, parent, nbr, name, CTLFLAG_NOFETCH | (access),              \
            (ptr), (arg), (handler), (fmt), __DESCR(descr), NULL);      \
 })

A second thought about it, well SYSCTL_PROC defines tunables with custom handler, the handler may or may not have side effect and CTLFLAG_NOFETCH seems too strict.
Here is one of the examples:

% grep -ErA3 'SYSCTL_PROC' sys | grep -Eb1 'CTLFLAG_R[DW]TUN'                                
2588-sys/kern/tty_info.c:SYSCTL_PROC(_kern, OID_AUTO, tty_info_kstacks,
2655:sys/kern/tty_info.c-    CTLFLAG_RWTUN | CTLFLAG_MPSAFE | CTLTYPE_INT, NULL, 0,
2734-sys/kern/tty_info.c-    sysctl_tty_info_kstacks, "I",
--

Currently only a combination of SYSCTL_PROC and CTLFLAG_VNET | CTLFLAG_TUN implicit requires`CTLFLAG_NOFETCH` but there're only few such combinations.

% grep -ErA3 'SYSCTL_PROC' sys | grep -Eb1 'CTLFLAG_VNET.*CTLFLAG_R[DW]TUN|CTLFLAG_R[DW]TUN.*CTLFLAG_VNET'
53349-sys/net/route/route_tables.c:SYSCTL_PROC(_net, OID_AUTO, fibs,
53412:sys/net/route/route_tables.c-    CTLFLAG_VNET | CTLTYPE_U32 | CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE,
53524-sys/net/route/route_tables.c-    NULL, 0, &sysctl_fibs, "IU",
--
73447-sys/netinet/tcp_fastopen.c:SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, ccache_bucket_limit,
73541:sys/netinet/tcp_fastopen.c-    CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_NEEDGIANT,
73637-sys/netinet/tcp_fastopen.c-    NULL, 0, &sysctl_net_inet_tcp_fastopen_ccache_bucket_limit, "IU",
--
84497-sys/netinet/ip_carp.c:SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow,
84564:sys/netinet/ip_carp.c-    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE,
84651-sys/netinet/ip_carp.c-    &VNET_NAME(carp_allow), 0, carp_allow_sysctl, "I",
zlei retitled this revision from Explicitly mark vnet loader tunnables with CTLFLAG_NOFETCH to Mark vnet loader tunnables with CTLFLAG_NOFETCH.Aug 30 2023, 4:44 PM
zlei edited the summary of this revision. (Show Details)

Changed the summary to be more descriptive.

@tuexen Is it OK?

sys/netinet/tcp_fastopen.c
274

A quick test shows loader tunable net.inet.tcp.fastopen.ccache_bucket_limit does NOT work. I'll file a dedicated PR.

This revision was not accepted when it landed; it landed in state Needs Review.Sep 9 2023, 8:21 AM
This revision was automatically updated to reflect the committed changes.