diff options
author | Kristof Provost <kp@FreeBSD.org> | 2021-12-02 16:42:56 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2021-12-06 12:25:14 +0000 |
commit | 41c4f1987243cefe81adcc31d5401e7a80a0428c (patch) | |
tree | 931c3ee830bd1f8c221927d09513a63fd72787ad | |
parent | 93a3fa41dcff274180133712a13392d17a3e75a1 (diff) | |
download | src-41c4f1987243cefe81adcc31d5401e7a80a0428c.tar.gz src-41c4f1987243cefe81adcc31d5401e7a80a0428c.zip |
pfsync: locking fixes
* Ensure we unlock the pfsync lock in pfsync_defer()
* We must hold the bucket lock when calling pfsync_push()
* The pfsync_defer_tmo() callout locks the bucket lock, not the pfsync
lock
Reviewed by: glebius
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33243
-rw-r--r-- | sys/netpfil/pf/if_pfsync.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 244e619bbe46..918516940ee8 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1751,12 +1751,17 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) return (0); } + PFSYNC_BUCKET_LOCK(b); + PFSYNC_UNLOCK(sc); + if (b->b_deferred >= 128) pfsync_undefer(TAILQ_FIRST(&b->b_deferrals), 0); pd = malloc(sizeof(*pd), M_PFSYNC, M_NOWAIT); - if (pd == NULL) + if (pd == NULL) { + PFSYNC_BUCKET_UNLOCK(b); return (0); + } b->b_deferred++; m->m_flags |= M_SKIP_FIREWALL; @@ -1773,6 +1778,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) callout_reset(&pd->pd_tmo, PFSYNC_DEFER_TIMEOUT, pfsync_defer_tmo, pd); pfsync_push(b); + PFSYNC_BUCKET_UNLOCK(b); return (1); } @@ -1821,7 +1827,7 @@ pfsync_defer_tmo(void *arg) pd->pd_st->state_flags &= ~PFSTATE_ACK; /* XXX: locking! */ if (pd->pd_refs == 0) free(pd, M_PFSYNC); - PFSYNC_UNLOCK(sc); + PFSYNC_BUCKET_UNLOCK(b); ip_output(m, NULL, NULL, 0, NULL, NULL); |