git: 7164b77ce2f3 - stable/12 - pfsync: locking fixes
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Dec 2021 13:50:38 UTC
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=7164b77ce2f3ecc3697a5ea9a225ff15a6a421ab
commit 7164b77ce2f3ecc3697a5ea9a225ff15a6a421ab
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-12-02 16:42:56 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-12-13 08:54:16 +0000
pfsync: locking fixes
* Ensure we unlock the pfsync lock in pfsync_defer()
* We must hold the bucket lock when calling pfsync_push()
* The pfsync_defer_tmo() callout locks the bucket lock, not the pfsync
lock
Reviewed by: glebius
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33243
(cherry picked from commit 41c4f1987243cefe81adcc31d5401e7a80a0428c)
---
sys/netpfil/pf/if_pfsync.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index ce4ad158e557..44f84b811596 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1753,12 +1753,17 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
return (0);
}
+ PFSYNC_BUCKET_LOCK(b);
+ PFSYNC_UNLOCK(sc);
+
if (b->b_deferred >= 128)
pfsync_undefer(TAILQ_FIRST(&b->b_deferrals), 0);
pd = malloc(sizeof(*pd), M_PFSYNC, M_NOWAIT);
- if (pd == NULL)
+ if (pd == NULL) {
+ PFSYNC_BUCKET_UNLOCK(b);
return (0);
+ }
b->b_deferred++;
m->m_flags |= M_SKIP_FIREWALL;
@@ -1775,6 +1780,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
callout_reset(&pd->pd_tmo, PFSYNC_DEFER_TIMEOUT, pfsync_defer_tmo, pd);
pfsync_push(b);
+ PFSYNC_BUCKET_UNLOCK(b);
return (1);
}
@@ -1821,7 +1827,7 @@ pfsync_defer_tmo(void *arg)
pd->pd_st->state_flags &= ~PFSTATE_ACK; /* XXX: locking! */
if (pd->pd_refs == 0)
free(pd, M_PFSYNC);
- PFSYNC_UNLOCK(sc);
+ PFSYNC_BUCKET_UNLOCK(b);
ip_output(m, NULL, NULL, 0, NULL, NULL);