From eddfbb763ded6b5f6777335142be9a0edab628bb Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Tue, 14 Jul 2009 22:48:30 +0000 Subject: Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith) --- sys/netipsec/xform_esp.c | 57 +++++++++++------------------------------------- 1 file changed, 13 insertions(+), 44 deletions(-) (limited to 'sys/netipsec/xform_esp.c') diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 6508c14701d4..afb9d2d57fc3 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -49,6 +49,7 @@ #include #include +#include #include #include @@ -76,30 +77,21 @@ #include #include -#ifdef VIMAGE_GLOBALS -struct espstat espstat; -static int esp_max_ivlen; /* max iv length over all algorithms */ -int esp_enable; -#endif +VNET_DEFINE(int, esp_enable) = 1; +VNET_DEFINE(struct espstat, espstat); SYSCTL_DECL(_net_inet_esp); -SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_esp, OID_AUTO, - esp_enable, CTLFLAG_RW, esp_enable, 0, ""); -SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS, - stats, CTLFLAG_RD, espstat, espstat, ""); +SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO, + esp_enable, CTLFLAG_RW, &VNET_NAME(esp_enable), 0, ""); +SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS, + stats, CTLFLAG_RD, &VNET_NAME(espstat), espstat, ""); + +/* max iv length over all algorithms */ +static VNET_DEFINE(int, esp_max_ivlen) = 0; +#define V_esp_max_ivlen VNET_GET(esp_max_ivlen) static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); -static int esp_iattach(const void *); - -#ifndef VIMAGE_GLOBALS -static const vnet_modinfo_t vnet_esp_modinfo = { - .vmi_id = VNET_MOD_ESP, - .vmi_name = "ipsec_esp", - .vmi_dependson = VNET_MOD_IPSEC, - .vmi_iattach = esp_iattach -}; -#endif /* !VIMAGE_GLOBALS */ /* * NB: this is public for use by the PF_KEY support. @@ -134,7 +126,6 @@ esp_algorithm_lookup(int alg) size_t esp_hdrsiz(struct secasvar *sav) { - INIT_VNET_IPSEC(curvnet); size_t size; if (sav != NULL) { @@ -169,7 +160,6 @@ esp_hdrsiz(struct secasvar *sav) static int esp_init(struct secasvar *sav, struct xformsw *xsp) { - INIT_VNET_IPSEC(curvnet); struct enc_xform *txform; struct cryptoini cria, crie; int keylen; @@ -280,7 +270,6 @@ esp_zeroize(struct secasvar *sav) static int esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { - INIT_VNET_IPSEC(curvnet); struct auth_hash *esph; struct enc_xform *espx; struct tdb_ident *tdbi; @@ -463,7 +452,6 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int esp_input_cb(struct cryptop *crp) { - INIT_VNET_IPSEC(curvnet); u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; int hlen, skip, protoff, error; struct mbuf *m; @@ -667,7 +655,6 @@ esp_output( int protoff ) { - INIT_VNET_IPSEC(curvnet); struct enc_xform *espx; struct auth_hash *esph; int hlen, rlen, plen, padding, blks, alen, i, roff; @@ -898,7 +885,6 @@ bad: static int esp_output_cb(struct cryptop *crp) { - INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; @@ -1000,27 +986,10 @@ static struct xformsw esp_xformsw = { static void esp_attach(void) { - - xform_register(&esp_xformsw); -#ifndef VIMAGE_GLOBALS - vnet_mod_register(&vnet_esp_modinfo); -#else - esp_iattach(NULL); -#endif -} - -static int -esp_iattach(const void *unused __unused) -{ - INIT_VNET_IPSEC(curvnet); - #define MAXIV(xform) \ if (xform.blocksize > V_esp_max_ivlen) \ V_esp_max_ivlen = xform.blocksize \ - V_esp_enable = 1; - V_esp_max_ivlen = 0; - MAXIV(enc_xform_des); /* SADB_EALG_DESCBC */ MAXIV(enc_xform_3des); /* SADB_EALG_3DESCBC */ MAXIV(enc_xform_rijndael128); /* SADB_X_EALG_AES */ @@ -1029,8 +998,8 @@ esp_iattach(const void *unused __unused) MAXIV(enc_xform_skipjack); /* SADB_X_EALG_SKIPJACK */ MAXIV(enc_xform_null); /* SADB_EALG_NULL */ MAXIV(enc_xform_camellia); /* SADB_X_EALG_CAMELLIACBC */ -#undef MAXIV - return (0); + xform_register(&esp_xformsw); +#undef MAXIV } SYSINIT(esp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, esp_attach, NULL); -- cgit v1.2.3