svn commit: r324046 - in stable/11/sys/netpfil/ipfw: . nat64 nptv6

Andrey V. Elsukov ae at FreeBSD.org
Wed Sep 27 01:46:16 UTC 2017 

Author: ae
Date: Wed Sep 27 01:46:14 2017
New Revision: 324046
URL: https://svnweb.freebsd.org/changeset/base/324046

Log:
  MFC r323836:
    Do not acquire IPFW_WLOCK when a named object is created and destroyed.
  
    Acquiring of IPFW_WLOCK is requried for cases when we are going to
    change some data that can be accessed during processing of packets flow.
    When we create new named object, there are not yet any rules, that
    references it, thus holding IPFW_UH_WLOCK is enough to safely update
    needed structures. When we destroy an object, we do this only when its
    reference counter becomes zero. And it is safe to not acquire IPFW_WLOCK,
    because noone references it. The another case is when we failed to finish
    some action and thus we are doing rollback and destroying an object, in
    this case it is still not referenced by rules and no need to acquire
    IPFW_WLOCK.
  
    This also fixes panic with INVARIANTS due to recursive IPFW_WLOCK acquiring.
  
    Sponsored by:	Yandex LLC

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
  stable/11/sys/netpfil/ipfw/ip_fw_table.c
  stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c
  stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c
  stable/11/sys/netpfil/ipfw/nptv6/nptv6.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Wed Sep 27 01:31:52 2017	(r324045)
+++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Wed Sep 27 01:46:14 2017	(r324046)
@@ -418,9 +418,7 @@ dyn_create(struct ip_fw_chain *ch, struct tid_info *ti
 		return (ENOSPC);
 	}
 	ipfw_objhash_add(ni, &obj->no);
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, obj->no.kidx) = obj;
-	IPFW_WUNLOCK(ch);
 	obj->no.refcnt++;
 	*pkidx = obj->no.kidx;
 	IPFW_UH_WUNLOCK(ch);
@@ -440,10 +438,8 @@ dyn_destroy(struct ip_fw_chain *ch, struct named_objec
 	    no->name, no->etlv, no->kidx, no->refcnt));
 
 	DYN_DEBUG("kidx %d", no->kidx);
-	IPFW_WLOCK(ch);
 	obj = SRV_OBJECT(ch, no->kidx);
 	SRV_OBJECT(ch, no->kidx) = NULL;
-	IPFW_WUNLOCK(ch);
 	ipfw_objhash_del(CHAIN_TO_SRV(ch), no);
 	ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), no->kidx);
 

Modified: stable/11/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_table.c	Wed Sep 27 01:31:52 2017	(r324045)
+++ stable/11/sys/netpfil/ipfw/ip_fw_table.c	Wed Sep 27 01:46:14 2017	(r324046)
@@ -1925,9 +1925,7 @@ create_table_internal(struct ip_fw_chain *ch, struct t
 		tc->no.kidx = kidx;
 		tc->no.etlv = IPFW_TLV_TBL_NAME;
 
-		IPFW_WLOCK(ch);
 		link_table(ch, tc);
-		IPFW_WUNLOCK(ch);
 	}
 
 	if (compat != 0)
@@ -3229,7 +3227,6 @@ link_table(struct ip_fw_chain *ch, struct table_config
 	uint16_t kidx;
 
 	IPFW_UH_WLOCK_ASSERT(ch);
-	IPFW_WLOCK_ASSERT(ch);
 
 	ni = CHAIN_TO_NI(ch);
 	kidx = tc->no.kidx;

Modified: stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c	Wed Sep 27 01:31:52 2017	(r324045)
+++ stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c	Wed Sep 27 01:46:14 2017	(r324046)
@@ -208,10 +208,7 @@ nat64lsn_create(struct ip_fw_chain *ch, ip_fw3_opheade
 	ipfw_objhash_add(CHAIN_TO_SRV(ch), &cfg->no);
 
 	/* Okay, let's link data */
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, cfg->no.kidx) = cfg;
-	IPFW_WUNLOCK(ch);
-
 	nat64lsn_start_instance(cfg);
 
 	IPFW_UH_WUNLOCK(ch);
@@ -259,10 +256,7 @@ nat64lsn_destroy(struct ip_fw_chain *ch, ip_fw3_ophead
 		return (EBUSY);
 	}
 
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, cfg->no.kidx) = NULL;
-	IPFW_WUNLOCK(ch);
-
 	nat64lsn_detach_config(ch, cfg);
 	IPFW_UH_WUNLOCK(ch);
 

Modified: stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c	Wed Sep 27 01:31:52 2017	(r324045)
+++ stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c	Wed Sep 27 01:46:14 2017	(r324046)
@@ -220,10 +220,7 @@ nat64stl_create(struct ip_fw_chain *ch, ip_fw3_opheade
 	error = nat64stl_create_internal(ch, cfg, uc);
 	if (error == 0) {
 		/* Okay, let's link data */
-		IPFW_WLOCK(ch);
 		SRV_OBJECT(ch, cfg->no.kidx) = cfg;
-		IPFW_WUNLOCK(ch);
-
 		IPFW_UH_WUNLOCK(ch);
 		return (0);
 	}
@@ -342,10 +339,7 @@ nat64stl_destroy(struct ip_fw_chain *ch, ip_fw3_ophead
 		return (EBUSY);
 	}
 
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, cfg->no.kidx) = NULL;
-	IPFW_WUNLOCK(ch);
-
 	nat64stl_detach_config(ch, cfg);
 	IPFW_UH_WUNLOCK(ch);
 

Modified: stable/11/sys/netpfil/ipfw/nptv6/nptv6.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/nptv6/nptv6.c	Wed Sep 27 01:31:52 2017	(r324045)
+++ stable/11/sys/netpfil/ipfw/nptv6/nptv6.c	Wed Sep 27 01:46:14 2017	(r324046)
@@ -560,9 +560,7 @@ nptv6_create(struct ip_fw_chain *ch, ip_fw3_opheader *
 		return (ENOSPC);
 	}
 	ipfw_objhash_add(ni, &cfg->no);
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, cfg->no.kidx) = cfg;
-	IPFW_WUNLOCK(ch);
 	IPFW_UH_WUNLOCK(ch);
 	return (0);
 }
@@ -599,10 +597,7 @@ nptv6_destroy(struct ip_fw_chain *ch, ip_fw3_opheader 
 		return (EBUSY);
 	}
 
-	IPFW_WLOCK(ch);
 	SRV_OBJECT(ch, cfg->no.kidx) = NULL;
-	IPFW_WUNLOCK(ch);
-
 	ipfw_objhash_del(CHAIN_TO_SRV(ch), &cfg->no);
 	ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), cfg->no.kidx);
 	IPFW_UH_WUNLOCK(ch);

More information about the svn-src-all mailing list