- Fix a bad typo (FreeBSD specific) in pfsync_bulk_update(). Instead

of scheduling next run pfsync_bulk_update(), pfsync_bulk_fail() was scheduled. This lead to instant 100% state leak after first bulk update request. - After above fix, it appeared that pfsync_bulk_update() lacks locking. To fix this, sc_bulk_tmo callout was converted to an mtx one. Eventually, all pf/pfsync callouts should be converted to mtx version, since it isn't possible to stop or drain a non-mtx callout without risk of race. - Add comment that callout_stop() in pfsync_clone_destroy() lacks locking. Since pfsync0 can't be destroyed (yet), let it be here.
svn path=/head/; revision=226661
2011-10-23 15:08:18 +00:00 · 2011-10-23 15:08:18 +00:00 · 2f2086d57e · 2020-12-20 02:59:44 +00:00
commit 2f2086d57e
parent 35ad95774e
1 changed files with 3 additions and 3 deletions
--- a/sys/contrib/pf/net/if_pfsync.c
+++ b/sys/contrib/pf/net/if_pfsync.c
@ -493,7 +493,7 @@ pfsync_clone_create(struct if_clone *ifc, int unit)
 	ifp->if_mtu = 1500; /* XXX */
 #ifdef __FreeBSD__
 	callout_init(&sc->sc_tmo, CALLOUT_MPSAFE);
-	callout_init(&sc->sc_bulk_tmo, CALLOUT_MPSAFE);
+	callout_init_mtx(&sc->sc_bulk_tmo, &pf_task_mtx, 0);
 	callout_init(&sc->sc_bulkfail_tmo, CALLOUT_MPSAFE);
 #else
 	ifp->if_hardmtu = MCLBYTES; /* XXX */
@ -540,7 +540,7 @@ pfsync_clone_destroy(struct ifnet *ifp)
 #ifdef __FreeBSD__
 	EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc->sc_detachtag);
 #endif
-	timeout_del(&sc->sc_bulk_tmo);
+	timeout_del(&sc->sc_bulk_tmo);	/* XXX: need PF_LOCK() before */
 	timeout_del(&sc->sc_tmo);
 #if NCARP > 0
 #ifdef notyet
@ -3061,7 +3061,7 @@ pfsync_bulk_update(void *arg)
 			sc->sc_bulk_next = st;
 #ifdef __FreeBSD__
 			callout_reset(&sc->sc_bulk_tmo, 1,
-			    pfsync_bulk_fail, sc);
+			    pfsync_bulk_update, sc);
 #else
 			timeout_add(&sc->sc_bulk_tmo, 1);
 #endif