From nobody Mon Mar 28 11:47:30 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DF8701A42706;
	Mon, 28 Mar 2022 11:47:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KRrXf5Dwzz4ShG;
	Mon, 28 Mar 2022 11:47:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1648468050;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=s6417OALEnwdXXrmFaJhT+D7bKm1rTvd3YLMzehy+ik=;
	b=crakr57Bncr2Fjd/BUhLs+m4ZsLqWF3i+ueOHSnIyqXK6HVrxKjYLnfiPlVmaLAv/NNmJF
	R67AgO5O4c0SkufQcuLHAYG5mRjaIghPMyy4Gq2OEYJVYJm/5jKEhqE8fC4Q3Eo95ElwXW
	l4Ty+aqQBytO+8/z3HbI2WHyNeD+bYk/p4s6POGqlv3QLCVJVksAq+7dEo9mIEeh7npSuE
	T7IaVJWllN/pWrhqsY2vOLalkBdf6FLIbG2F9r/WuBPLCsJrjmuUC4IcsbGLkXAA+u8R8g
	nLnKPZClerAX0prMt9iTmzO86WG3kJlZ1VAi+bdP3O/MNXWKpjeZQv6500NoBQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 92086F4C;
	Mon, 28 Mar 2022 11:47:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22SBlUhT090142;
	Mon, 28 Mar 2022 11:47:30 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22SBlUXA090141;
	Mon, 28 Mar 2022 11:47:30 GMT
	(envelope-from git)
Date: Mon, 28 Mar 2022 11:47:30 GMT
Message-Id: <202203281147.22SBlUXA090141@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mateusz Guzik <mjg@FreeBSD.org>
Subject: git: 93f8c38c0371 - main - pf: add pf_config_lock
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mjg
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 93f8c38c0371139fbe444b645ef36ae0d92d400a
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1648468050;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=s6417OALEnwdXXrmFaJhT+D7bKm1rTvd3YLMzehy+ik=;
	b=J2+jlchoit9hl7Tik8rmROMJvreOer9NZKIBV3WlijizUme7kQSACe5b1lQ1DN3I3nkfn3
	2nL+1mkhtwWnWDNIlMGkKXa9I99NUEGox5OYCjpbJ3L0vV7eb6rwzB9L/Y3r2HGngkcj1a
	KSWz4THVb9b0DnNp10TV+O30YmQ5PW/hBzMQQA2Mm5EK2uW01fFmzebP5dYa6QeG7zss29
	JikyYy6iLNfXRjmTDvgK8g6UIXnsoYWfFfjMb5UVdlqHAOzRzYskkRwDZ2GXazRHapeu+o
	DRlvIVjnUfikdhd3xu6o5GeX1cUWTNGlM7MPFRrEiV/30kEtpGpkJR3uFoCE6Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648468050; a=rsa-sha256; cv=none;
	b=xF+hl+r3nj5FPjGqUzV3cZvNOf026CyzC/eaEn0zKvZ2OyINLHsiMjvIFIQdEZc1+iuH6y
	ibVI7ObXBDyNGAdCbxFZ8lEAqVuruQ9tuCnZHMbiqJ1lmHYjNQ8A7/vwt4Xm3TGdDRTumq
	Us4fqcArPh+y5gEHo/bDDnopzIapNfi+LTDQayKyFbCKekes//wngtBNjMwbt6yvfA48pB
	Ec4TJuvGdjBojmB2HxKD02t11/J6gOAVIaGWKRXEJ3SuxTERin+GrYJPOVw0UTuuOZMQrr
	sD4k0pAsGOcjnbUmbvK8DW1epjuA+jv/Fopr4pEqOdHfZFDfpx9ORj4KYt67zw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=93f8c38c0371139fbe444b645ef36ae0d92d400a

commit 93f8c38c0371139fbe444b645ef36ae0d92d400a
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2022-02-25 17:56:45 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2022-03-28 11:44:46 +0000

    pf: add pf_config_lock
    
    For now only protects rule creation/destruction, but will allow
    gradually reducing the scope of rules lock when changing the
    rules.
    
    Reviewed by:    kp
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/pfvar.h           | 5 +++++
 sys/netpfil/pf/pf.c       | 5 +++++
 sys/netpfil/pf/pf_ioctl.c | 3 +++
 3 files changed, 13 insertions(+)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 5ae069694187..66cb6a4ba051 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -357,6 +357,11 @@ extern struct mtx_padalign pf_unlnkdrules_mtx;
 #define	PF_UNLNKDRULES_UNLOCK()	mtx_unlock(&pf_unlnkdrules_mtx)
 #define	PF_UNLNKDRULES_ASSERT()	mtx_assert(&pf_unlnkdrules_mtx, MA_OWNED)
 
+extern struct sx pf_config_lock;
+#define	PF_CONFIG_LOCK()	sx_xlock(&pf_config_lock)
+#define	PF_CONFIG_UNLOCK()	sx_xunlock(&pf_config_lock)
+#define	PF_CONFIG_ASSERT()	sx_assert(&pf_config_lock, SA_XLOCKED)
+
 extern struct rmlock pf_rules_lock;
 #define	PF_RULES_RLOCK_TRACKER	struct rm_priotracker _pf_rules_tracker
 #define	PF_RULES_RLOCK()	rm_rlock(&pf_rules_lock, &_pf_rules_tracker)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 0a479c8a77e8..027d48c82688 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -236,6 +236,9 @@ struct mtx_padalign pf_unlnkdrules_mtx;
 MTX_SYSINIT(pf_unlnkdrules_mtx, &pf_unlnkdrules_mtx, "pf unlinked rules",
     MTX_DEF);
 
+struct sx pf_config_lock;
+SX_SYSINIT(pf_config_lock, &pf_config_lock, "pf config");
+
 struct mtx_padalign pf_table_stats_lock;
 MTX_SYSINIT(pf_table_stats_lock, &pf_table_stats_lock, "pf table stats",
     MTX_DEF);
@@ -2201,12 +2204,14 @@ pf_purge_unlinked_rules()
 	PF_UNLNKDRULES_UNLOCK();
 
 	if (!TAILQ_EMPTY(&tmpq)) {
+		PF_CONFIG_LOCK();
 		PF_RULES_WLOCK();
 		TAILQ_FOREACH_SAFE(r, &tmpq, entries, r1) {
 			TAILQ_REMOVE(&tmpq, r, entries);
 			pf_free_rule(r);
 		}
 		PF_RULES_WUNLOCK();
+		PF_CONFIG_UNLOCK();
 	}
 }
 
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 45f14fc92f7b..117ee0d04c53 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2088,6 +2088,7 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
 	rule->cpid = td->td_proc ? td->td_proc->p_pid : 0;
 	TAILQ_INIT(&rule->rpool.list);
 
+	PF_CONFIG_LOCK();
 	PF_RULES_WLOCK();
 #ifdef PF_WANT_32_TO_64_COUNTER
 	LIST_INSERT_HEAD(&V_pf_allrulelist, rule, allrulelist);
@@ -2203,12 +2204,14 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
 	ruleset->rules[rs_num].inactive.rcount++;
 
 	PF_RULES_WUNLOCK();
+	PF_CONFIG_UNLOCK();
 
 	return (0);
 
 #undef ERROUT
 errout:
 	PF_RULES_WUNLOCK();
+	PF_CONFIG_UNLOCK();
 errout_unlocked:
 	pf_kkif_free(kif);
 	pf_krule_free(rule);