aboutsummaryrefslogtreecommitdiff
path: root/secure/lib
diff options
context:
space:
mode:
authorMarko Zec <zec@FreeBSD.org>2022-05-03 14:57:55 +0000
committerMarko Zec <zec@FreeBSD.org>2022-05-03 17:27:57 +0000
commitd461deeaa4a47ae71e1d8fda8b35c6faa8dabe85 (patch)
tree9179c07e878f2fec95292b5101391b0659d45aee /secure/lib
parent6c741ffbfa7f3dabb6af23dbbfe1d1e9f535d16b (diff)
downloadsrc-d461deeaa4a47ae71e1d8fda8b35c6faa8dabe85.tar.gz
src-d461deeaa4a47ae71e1d8fda8b35c6faa8dabe85.zip
VNET: Revert "ifnet: make if_index global"
This reverts commit 91f44749c6feb50f39af8805dd803e860f0418f1. Devirtualization of V_if_index and V_ifindex_table was rushed into the tree lacking proper context, discussion, and declaration of intent, so I'm backing it out as harmful to VNET on the following grounds: 1) The change repurposed the decades-old and stable if_index KBI for new, unclear goals which were omitted from the commit note. 2) The change opened up a new resource exhaustion vector where any vnet could starve the system of ifnet indices, including vnet0. 3) To circumvent the newly introduced problem of separating ifnets belonging to different vnets from the globalized ifindex_table, the author introduced sysctl_ifcount() which does a linear traversal over the (potentially huge) global ifnet list just to return a simple upper bound on existing ifnet indices. 4) The change effectively led to nonuniform ifnet index allocation among vnets. 5) The commit note clearly stated that the patch changed the implicit if_index ABI contract where ifnet indices were assumed to be starting from one. The commit note also included a correct observation that holes in interface indices were always allowed, but failed to declare that the userland-observable ifindex tables could now include huge empty spans even under modest operating conditions. 6) The author had an earlier proposal in the works which did not affect per-vnet ifnet lists (D33265) but which he abandoned without providing the rationale behind his decision to do so, at the expense of sacrificing the vnet isolation contract and if_index ABI / KBI. Furthermore, the author agreed to back out his changes himself and to follow up with a proposal for a less intrusive alternative, but later silently declined to act. Therefore, I decided to resolve the status-quo by backing this out myself. This in no way precludes a future proposal aiming to mitigate ifnet-removal related system crashes or panics to be accepted, provided it would not unnecessarily compromise the goal of as strict as possible isolation between vnets. Obtained from: github.com/glebius/FreeBSD/commits/backout-ifindex
Diffstat (limited to 'secure/lib')
0 files changed, 0 insertions, 0 deletions