In D18420#392922, @ae wrote:

I think such method can be useful. Do you plan to merge it?

Sorry but my understanding is that this could possibly free the softc even before lagg_clone_destroy() has finished, couldn't it?

@imp could you please comment on your architectural views (or wish-list) while there is still time? Otherwise I might have to sort it out after the facts; I am expecting to be at a point when I need to make a driver talk to some SDIO in about a week and that means I'll work on any middle-glue-code I'll see fit.

I'll trust you to get the assertion right; sounds good to me.

In D12467#277167, @imp wrote:

Sorry, getting IPv4 fragments into my head is absolutely not a good idea.

Sorry; getting IPv4 fragments into my head is not a good idea.

Can you please site the Apple CVE and possibly the original writeup instead of a (random) reddit thing?

To me this change seems wrong. The only caller for this function is exactly for the situation when the link-local address is missing.
If we are in the progress of "configuring" the interface and someone is already de-configuring it to me that sounds like a concurrency problem elsewhere.
This entire function seems to be based on the idea that there's a lock held around it and it's the only actor (which might very well still be coming from &Giant days of FreeBSD 4).

See PR 230857 for details.

So is it the last 5 commits on your github branch or is there anything in there from before that? Having this broken up in logical junks for review will make it a lot easier.

In D17512#379535, @arichardson wrote:

Ideally we could place the padding outside of the section instead of inside and then just use <=. However, the linker can place any orphan section inbetween so there might be some relocations...
Since that is not possible this solution looks fine to me.

In D17512#378547, @jhb wrote:

The magic value seems kind of odd. Note that it is a valid KVA on i386 now that i386 was 4:4 (and even before then it was possible to move the top of UVA down to give more KVA, e.g. some folks ran 2:2 on i386 instead of 3:1). Do you have more details on the relocation check? Is it using < instead of <= or some such?

Ok, I've tested this (well the shorter constants version mostly) with my two test modules (no longer panics, size of 1 symbol works), which a linker script which had a wrong padding, and with the matching modules. I am aware that 3rd party modules will be unhappy but after spending days and weeks to get to this, no better solution could be found. Does anyone want to review this quickly so it can go into HEAD and go to 12, to prevent panics there?

Update the constants to sizeof linker-script-LONG (32bit) to have a smaller
possibility of accidentally matching.

Go with Alex's suggestion of fixed padding at the end as linkers are not
working reliable enough to simply extend an already existing section (see PR 232291).
This simplfis the linker script logic and adds some extra checkes to link_elf.c
for just i386.

Neither this nor the kernel version (though that one just less likely) is not deadlock safe. It can still happen.

What's the reason we can't just use the IFNET_WLOCK() and be good with it and not rewriting the entire code but going back to what it was?
The original version if_grow() could not fail, ifindex_alloc() had at best one retry, ... I am still not getting why this wasn't good enough?

Anyone? I'd love to get this in ...

In D17598#376045, @hselasky wrote:

@bz: Try modifying the script to create 65536 /dev/tun devices.

Silly question; can you explain that test case? How do 255 multicast addresses assigned to 255 interfaces make you run out of ifindex space?

For as much as my brain still functions this seems ok

It would greatly help if the proposed commit message would also cite the RFC sections not just the RFCs; ideally actually comments in the code would do that as well at the right place so that future reference lookups will be easier.

Scrolling through it looks OK with cross-checking to the RFCs.
Mostly commenting on the fact that we should get this in before BETA as it does change the kernel KPI.
Hope someone will do the full technical review (want to add lstewart as well?)

May I ask if you have a chance to look at this? It's been sitting around here so long that I forgot about it.

In D17593#375498, @mmacy wrote:

Is this in response to an observed bug? This is adding a lot of complexity when we can simply validate the result

Maybe both? We also don't want to not get notified and have an interface hanging around for ever given pf never releases a reference?
In the first block of you patch you might want to switch the order and set the kif to NULL before releasing the reference.

In D17512#373738, @arichardson wrote:

I wonder if this could be done in a single pass by adding a dummy symbol in the pcpu/vnet macros and using . = . + (DEFINED(pcpu_dummy) ? 1 : 0?

The kmod.mk changes can be reduced to two linker invocations instead of three,
also needing one less intermediate file to cleanup.

Argh the kmod changes are the old ones. I'll update in a second

Still wonder if pf should hold a reference to the interface as well.

That was kind-of the model I had in mind for the other callbacks as well ;-)

OK, this only makes sense after the callback functions are virtualized; before the above comment did make sense but was expecting a different architechtural solution (whether true or not at the time of writing)

OK. I was thinking (when reading the UNINIT change) that that only starts to make sense after virtualising these here; and then I wondered why I'd want to virtualise if these called functions would be perfectly fine and happy to determine if pfsync is enabled (RUNNING) in this vnet or not. That way there'd be less virtualisation.

Actually, why is this needed?

I assume the "other way round" is only true after the function pointers have been virtualised, otherwise not.
And that makes me wonder..

I only scrolled through but it looks good to me.

While you are at it, what about https://reviews.freebsd.org/D13865 ?

Quick question from scrolling through