Page MenuHomeFreeBSD

ipsec: enter epoch before calling into ipsec_run_hhooks
ClosedPublic

Authored by mjg on Sep 17 2021, 3:33 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 15, 1:39 AM
Unknown Object (File)
Tue, Jan 10, 3:34 AM
Unknown Object (File)
Mon, Jan 9, 8:08 AM
Unknown Object (File)
Sun, Jan 8, 7:13 PM
Unknown Object (File)
Dec 14 2022, 6:02 AM
Subscribers

Details

Summary

pfil_run_hooks which eventually can get called asserts on it.

Fixes a failed epoch assert:

panic: Assertion in_epoch(net_epoch_preempt) failed at /usr/home/mjg/git/netgate/FreeBSD-src/sys/net/pfil.c:172
panic() at panic+0x43/frame 0xfffffe00c8917850
pfil_run_hooks() at pfil_run_hooks+0x129/frame 0xfffffe00c8917890
enc_hhook() at enc_hhook+0x247/frame 0xfffffe00c89178d0
hhook_run_hooks() at hhook_run_hooks+0x6a/frame 0xfffffe00c8917940
ipsec_run_hhooks() at ipsec_run_hhooks+0x69/frame 0xfffffe00c8917960
ipsec4_common_input_cb() at ipsec4_common_input_cb+0x3bf/frame 0xfffffe00c89179f0
esp_input_cb() at esp_input_cb+0x587/frame 0xfffffe00c8917a70
crypto_ret_proc() at crypto_ret_proc+0x78/frame 0xfffffe00c8917ab0
fork_exit() at fork_exit+0x80/frame 0xfffffe00c8917af0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00c8917af0

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

mjg requested review of this revision.Sep 17 2021, 3:33 PM
mjg edited the summary of this revision. (Show Details)
mjg added a reviewer: ae.
sys/netipsec/ipsec_input.c
485

It seems there is possible one case when we are not in the EPOCH.

681–682

extra EPOCH enter/exit.

692

missing NET_EPOCH_EXIT()

huh, sorry for the lazy patch

This revision is now accepted and ready to land.Sep 21 2021, 2:47 PM