git: b6196537b012 - main - pf: fix the "keepcounters" to stop truncating to 32-bit

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mateusz Guzik <mjg_at_FreeBSD.org>
Date: Thu, 20 Jun 2024 17:55:48 UTC
The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=b6196537b0125c50f25bd64ed60e1cdd635ecd34

commit b6196537b0125c50f25bd64ed60e1cdd635ecd34
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2024-06-20 17:48:52 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2024-06-20 17:55:43 +0000

    pf: fix the "keepcounters" to stop truncating to 32-bit
    
    The machinery to support 64-bit counters even on 32-bit kernels had a
    bug where it would unitentionally truncate the value back to 32-bits
    when transferring to a new counter. This resulted in buggy be behavior
    on 64-bit kernels as well.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/pfvar.h           | 15 +++++++++++++++
 sys/netpfil/pf/pf_ioctl.c | 10 +++++-----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index d6d01c9b5970..62c367fe6a29 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -127,6 +127,14 @@ pf_counter_u64_critical_exit(void)
 	critical_exit();
 }
 
+static inline void
+pf_counter_u64_rollup_protected(struct pf_counter_u64 *pfcu64, uint64_t n)
+{
+
+	MPASS(curthread->td_critnest > 0);
+	pfcu64->pfcu64_value += n;
+}
+
 static inline void
 pf_counter_u64_add_protected(struct pf_counter_u64 *pfcu64, uint32_t n)
 {
@@ -250,6 +258,13 @@ pf_counter_u64_critical_exit(void)
 
 }
 
+static inline void
+pf_counter_u64_rollup_protected(struct pf_counter_u64 *pfcu64, uint64_t n)
+{
+
+	counter_u64_add(pfcu64->counter, n);
+}
+
 static inline void
 pf_counter_u64_add_protected(struct pf_counter_u64 *pfcu64, uint32_t n)
 {
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index f801afd9da80..2cb6923e1e69 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1408,15 +1408,15 @@ pf_commit_rules(u_int32_t ticket, int rs_num, char *anchor)
 				continue;
 			}
 			pf_counter_u64_critical_enter();
-			pf_counter_u64_add_protected(&rule->evaluations,
+			pf_counter_u64_rollup_protected(&rule->evaluations,
 			    pf_counter_u64_fetch(&old_rule->evaluations));
-			pf_counter_u64_add_protected(&rule->packets[0],
+			pf_counter_u64_rollup_protected(&rule->packets[0],
 			    pf_counter_u64_fetch(&old_rule->packets[0]));
-			pf_counter_u64_add_protected(&rule->packets[1],
+			pf_counter_u64_rollup_protected(&rule->packets[1],
 			    pf_counter_u64_fetch(&old_rule->packets[1]));
-			pf_counter_u64_add_protected(&rule->bytes[0],
+			pf_counter_u64_rollup_protected(&rule->bytes[0],
 			    pf_counter_u64_fetch(&old_rule->bytes[0]));
-			pf_counter_u64_add_protected(&rule->bytes[1],
+			pf_counter_u64_rollup_protected(&rule->bytes[1],
 			    pf_counter_u64_fetch(&old_rule->bytes[1]));
 			pf_counter_u64_critical_exit();
 		}