Page MenuHomeFreeBSD

pf: Fix panic on unload
ClosedPublic

Authored by kp on Mar 16 2017, 8:16 AM.

Details

Reviewers
eri
Group Reviewers
network
Commits
rS317773: pf: Fix panic on unload
Summary

vnet_pf_uninit() is called through vnet_deregister_sysuninit() and
linker_file_unload() when the pf module is unloaded. This is executed
after pf_unload() so we end up trying to take locks which have been
destroyed already.

Ensure we don't call pf_unload_vnet() from vnet_pf_uninit() for the root
vnet. We still need to do that cleanup, so call it directly from
pf_unload().

Test Plan

kldload pf
pfctl -g -f pf.conf
pfctl -e
kldunload -f pf

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kp created this revision.Mar 16 2017, 8:16 AM
kp added a reviewer: network.Mar 16 2017, 8:16 AM
kp set the repository for this revision to rS FreeBSD src repository.
eri added a subscriber: eri.Mar 16 2017, 5:18 PM

It feels a lot like a hack.
Shouldn't the proper VNET accessor be called on creation and teardown?

kp added a comment.Mar 17 2017, 1:40 AM
In D10025#207198, @eri wrote:

It feels a lot like a hack.
Shouldn't the proper VNET accessor be called on creation and teardown?

Yes, but that's essentially what's happening here. The root/default vnet is getting torn down.
The problem is the order of operations. pf_modevent() gets called before vnet_pf_uninit().

eri requested changes to this revision.Mar 17 2017, 10:01 PM

I would rather remove the pf_unload and pf_load to empty stubs and do their operation in pf_vnet_[un]init wiht DEFAULT_VNET wrapping than this.

Check ipfw(4) code and it has the same solution and makes consistency.

The other way is to use a semaphore pattern but the above is much simpler.

This revision now requires changes to proceed.Mar 17 2017, 10:01 PM
kp updated this revision to Diff 26382.Mar 18 2017, 8:56 AM
kp edited edge metadata.

I think you have a point, but I don't want to move pf_load(), because that can fail.

kp updated this revision to Diff 27155.Apr 6 2017, 8:31 PM

Use SYSUNINIT() to ensure pf_load() isn't called until after all vnet_pf_uninit()s have been called

This revision was automatically updated to reflect the committed changes.