d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pfsync: locking fixes

Browse Source 
* Ensure we unlock the pfsync lock in pfsync_defer()
 * We must hold the bucket lock when calling pfsync_push()
 * The pfsync_defer_tmo() callout locks the bucket lock, not the pfsync
   lock

Reviewed by:	glebius
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D33243
This commit is contained in:
Kristof Provost 2021-12-02 17:42:56 +01:00
parent 93a3fa41dc
commit 41c4f19872
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netpfil/pf/if_pfsync.c
View File

@ -1751,12 +1751,17 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
return (0);
}
PFSYNC_BUCKET_LOCK(b);
PFSYNC_UNLOCK(sc);
if (b->b_deferred >= 128)
pfsync_undefer(TAILQ_FIRST(&b->b_deferrals), 0);
pd = malloc(sizeof(*pd), M_PFSYNC, M_NOWAIT);
if (pd == NULL)
if (pd == NULL) {
PFSYNC_BUCKET_UNLOCK(b);
return (0);
}
b->b_deferred++;
m->m_flags |= M_SKIP_FIREWALL;
@ -1773,6 +1778,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
callout_reset(&pd->pd_tmo, PFSYNC_DEFER_TIMEOUT, pfsync_defer_tmo, pd);
pfsync_push(b);
PFSYNC_BUCKET_UNLOCK(b);
return (1);
}
@ -1821,7 +1827,7 @@ pfsync_defer_tmo(void *arg)
pd->pd_st->state_flags &= ~PFSTATE_ACK; /* XXX: locking! */
if (pd->pd_refs == 0)
free(pd, M_PFSYNC);
PFSYNC_UNLOCK(sc);
PFSYNC_BUCKET_UNLOCK(b);
ip_output(m, NULL, NULL, 0, NULL, NULL);