From nobody Wed May 11 00:03:35 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 093BB1AE06B5; Wed, 11 May 2022 00:03:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KyZr76mD0z4l9t; Wed, 11 May 2022 00:03:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652227416; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DjxUJgQOZH5T7UH1QqBX0L/SBScl6vtTDzsLVmawKK0=; b=YNeFCZ64dAdEItAMwB6Xz+0Uj0F/Qp397qsG0ASfalCFwn/jp16Zx5Fax2Vr1FG8M8qCAw BO8tL+lnXGAIQQsvEX/vSzhE2hsitUrYFTQ/xUwdeSH4D2UuBRRSKP7cbxHxKeiB8GPH+m Id2eeqCbvryInFtQpYHGY8iwEDfEnAZGFhZzwmpzRdI17+cbmu9OzeJSQOsqLrbo9vGjZG SH3Ehbt7gVqd29oCHJY7BMND8jBqSR/6rT7Ae82R6B5yarkLbYo+df8Enp3R+ffAO/i1Mv nNi9Y9O+FVbpPciZHjBi+JA5yBTuTbuIKk79XyLs8W6n3jpbaTijhcubO3iItQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C81BE72EC; Wed, 11 May 2022 00:03:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24B03ZO1026966; Wed, 11 May 2022 00:03:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24B03ZGc026965; Wed, 11 May 2022 00:03:35 GMT (envelope-from git) Date: Wed, 11 May 2022 00:03:35 GMT Message-Id: <202205110003.24B03ZGc026965@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: a43916645fd8 - stable/13 - IPsec: Use protocol-specific malloc types instead of M_XDATA. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a43916645fd8044824822cf39188df93d1642ea0 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652227416; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DjxUJgQOZH5T7UH1QqBX0L/SBScl6vtTDzsLVmawKK0=; b=tiePg2KznvvJS3PjJ+VzZTIagRdQBdRGzEIe+tt9sSMNG2qp/zPo0/dR3Ohgj4kOInCA6K U0ZUSWtqfDJ31kjx7Yh1mrRUIrEU/hT01H7CZCe7zYCk/XiS6PtuVVMKHJcV2ZqcBJ06uM x0w0ox9tcnTyQbBWTqVdKokz9Mz/JI1GWJ13X/QY6MCaSKNM4pOrrOVGVfJ888kMZpaRgR jFMBozLbUZDGfdw+4bUGACfTps6bBk0fq9romhj7In8jLIVxad0aujTcjQv2YPGoBzgIXk upqPzNNed1TsBU/CMLp9Oh5MT+Hf5L73sZb+CBf70QpeUdyr8KtRXHblIxyK2g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1652227416; a=rsa-sha256; cv=none; b=uhPgmNXtjm8Ip6/azlNXXzUMPishw66Zp1xYtO6nyzSKsMXwiaoKJfmljeQZfNjR0Xqegn gLTuQxmAi8K9WeAh4sOpEPqXP7nbJtXSXzVsdeir8ZJn6TkIoGd+P/jZz1N2rVWv+E0DHv +eDe+hB4TIDYCpJI8n9I4a+1KjyNeX3x2fiiSzFEGWnDGLV82Z5COdolKcjxSYUBZy+/nv iVOXnDxKWv9lEGdvZyUK1GLrMT8pkw4e1bf8mIl+1VVCM8t7bfDe5gwyd966Evso2fDG8W jrkm3IROSiW3kmx4SPe0jTUyYIKib+xJo3UBnGdX46RuHRpOCBb6zjHz/YNmpQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=a43916645fd8044824822cf39188df93d1642ea0 commit a43916645fd8044824822cf39188df93d1642ea0 Author: John Baldwin AuthorDate: 2022-01-24 23:27:39 +0000 Commit: John Baldwin CommitDate: 2022-05-10 23:33:00 +0000 IPsec: Use protocol-specific malloc types instead of M_XDATA. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33992 (cherry picked from commit 35d9e00dba8cf0c25fbfdbd41ad4d6d1906eed4b) --- sys/netipsec/xform_ah.c | 25 ++++++++++++++----------- sys/netipsec/xform_esp.c | 31 +++++++++++++++++-------------- sys/netipsec/xform_ipcomp.c | 15 +++++++++------ 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 5163bda86931..55dfe872092c 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -42,6 +42,7 @@ #include #include +#include #include #include #include @@ -108,6 +109,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat, ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); #endif +static MALLOC_DEFINE(M_AH, "ah", "IPsec AH"); + static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ static int ah_input_cb(struct cryptop*); @@ -426,7 +429,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) if (m->m_len <= skip) { ptr = (unsigned char *) malloc( skip - sizeof(struct ip6_hdr), - M_XDATA, M_NOWAIT); + M_AH, M_NOWAIT); if (ptr == NULL) { DPRINTF(("%s: failed to allocate memory" "for IPv6 headers\n",__func__)); @@ -505,7 +508,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) __func__, off)); error6: if (alloc) - free(ptr, M_XDATA); + free(ptr, M_AH); m_freem(m); return EINVAL; } @@ -514,7 +517,7 @@ error6: if (alloc) { m_copyback(m, sizeof(struct ip6_hdr), skip - sizeof(struct ip6_hdr), ptr); - free(ptr, M_XDATA); + free(ptr, M_AH); } break; @@ -615,7 +618,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_XDATA, + xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -643,7 +646,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (error != 0) { /* NB: mbuf is free'd by ah_massage_headers */ AHSTAT_INC(ahs_hdrops); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); return (error); @@ -760,7 +763,7 @@ ah_input_cb(struct cryptop *crp) /* Copyback the saved (uncooked) network headers. */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA), xd = NULL; /* No longer needed */ + free(xd, M_AH), xd = NULL; /* No longer needed */ /* * Header is now authenticated. @@ -821,7 +824,7 @@ bad: if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_AH); if (crp != NULL) crypto_freereq(crp); return error; @@ -974,7 +977,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(struct xform_data) + skip, M_XDATA, + xd = malloc(sizeof(struct xform_data) + skip, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { crypto_freereq(crp); @@ -1028,7 +1031,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, skip, ahx->type, 1); if (error != 0) { m = NULL; /* mbuf was free'd by ah_massage_headers. */ - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); goto bad; } @@ -1119,7 +1122,7 @@ ah_output_cb(struct cryptop *crp) */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); AHSTAT_INC(ahs_hist[sav->alg_auth]); #ifdef REGRESSION @@ -1142,7 +1145,7 @@ ah_output_cb(struct cryptop *crp) return (error); bad: CURVNET_RESTORE(); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index dc64dc732992..01072cb4e2d6 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -102,6 +103,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats, struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); +static MALLOC_DEFINE(M_ESP, "esp", "IPsec ESP"); + static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -355,7 +358,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) } /* Get IPsec-specific opaque pointer */ - xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(*xd), M_ESP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); goto xd_fail; @@ -374,7 +377,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) int aad_skip; crp->crp_aad_length += sizeof(seqh); - crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT); + crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT); if (crp->crp_aad == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -463,7 +466,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) return (crypto_dispatch(crp)); crp_aad_fail: - free(xd, M_XDATA); + free(xd, M_ESP); xd_fail: crypto_freereq(crp); ESPSTAT_INC(esps_crypto); @@ -549,8 +552,8 @@ esp_input_cb(struct cryptop *crp) } /* Release the crypto descriptors */ - free(xd, M_XDATA), xd = NULL; - free(crp->crp_aad, M_XDATA), crp->crp_aad = NULL; + free(xd, M_ESP), xd = NULL; + free(crp->crp_aad, M_ESP), crp->crp_aad = NULL; crypto_freereq(crp), crp = NULL; /* @@ -659,9 +662,9 @@ bad: if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_ESP); if (crp != NULL) { - free(crp->crp_aad, M_XDATA); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); } return error; @@ -853,7 +856,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, } /* IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(struct xform_data), M_ESP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); goto xd_fail; @@ -915,7 +918,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, int aad_skip; crp->crp_aad_length += sizeof(seqh); - crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT); + crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT); if (crp->crp_aad == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -947,7 +950,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, return crypto_dispatch(crp); crp_aad_fail: - free(xd, M_XDATA); + free(xd, M_ESP); xd_fail: crypto_freereq(crp); ESPSTAT_INC(esps_crypto); @@ -1005,8 +1008,8 @@ esp_output_cb(struct cryptop *crp) error = EINVAL; goto bad; } - free(xd, M_XDATA); - free(crp->crp_aad, M_XDATA); + free(xd, M_ESP); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); ESPSTAT_INC(esps_hist[sav->alg_enc]); if (sav->tdb_authalgxform != NULL) @@ -1039,8 +1042,8 @@ esp_output_cb(struct cryptop *crp) return (error); bad: CURVNET_RESTORE(); - free(xd, M_XDATA); - free(crp->crp_aad, M_XDATA); + free(xd, M_ESP); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index b9dfe0e3532f..760fd8dd2aa8 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -37,6 +37,7 @@ #include #include +#include #include #include #include @@ -90,6 +91,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ipcomp, IPSECCTL_STATS, stats, struct ipcompstat, ipcompstat, "IPCOMP statistics (struct ipcompstat, netipsec/ipcomp_var.h"); +static MALLOC_DEFINE(M_IPCOMP, "ipcomp", "IPCOMP"); + static int ipcomp_input_cb(struct cryptop *crp); static int ipcomp_output_cb(struct cryptop *crp); @@ -235,7 +238,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) goto bad; } /* Get IPsec-specific opaque pointer */ - xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(*xd), M_IPCOMP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: cannot allocate xform_data\n", __func__)); IPCOMPSTAT_INC(ipcomps_crypto); @@ -328,7 +331,7 @@ ipcomp_input_cb(struct cryptop *crp) clen = crp->crp_olen; /* Length of data after processing */ /* Release the crypto descriptors */ - free(xd, M_XDATA), xd = NULL; + free(xd, M_IPCOMP), xd = NULL; crypto_freereq(crp), crp = NULL; /* In case it's not done already, adjust the size of the mbuf chain */ @@ -382,7 +385,7 @@ bad: if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_IPCOMP); if (crp != NULL) crypto_freereq(crp); return error; @@ -486,7 +489,7 @@ ipcomp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, crp->crp_payload_length = ralen; /* IPsec-specific opaque crypto info */ - xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(struct xform_data), M_IPCOMP, M_NOWAIT | M_ZERO); if (xd == NULL) { IPCOMPSTAT_INC(ipcomps_crypto); DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -641,7 +644,7 @@ ipcomp_output_cb(struct cryptop *crp) } /* Release the crypto descriptor */ - free(xd, M_XDATA); + free(xd, M_IPCOMP); crypto_freereq(crp); /* NB: m is reclaimed by ipsec_process_done. */ @@ -652,7 +655,7 @@ bad: if (m) m_freem(m); CURVNET_RESTORE(); - free(xd, M_XDATA); + free(xd, M_IPCOMP); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp);