if_ovpn: ensure we're in vnet context when calling sorele()
ClosedPublic
Actions

Authored by kp on Nov 10 2022, 1:31 PM.

Details

Reviewers

None

Group Reviewers

network
pfsense

Commits

rG6905fd01cb64: if_ovpn: ensure we're in vnet context when calling sorele()

Summary

We reference count to ensure we don't release the socket while we still
have data in flight. That means that we can end up releasing the socket
from ovpn_encrypt_tx_cb().

We must have a vnet context set when calling sorele() (which asserts
this from within sofree()), so move the CURVNET_SET()/CURVNET_RESTORE()
to ensure this is the case.

While here also add a couple of assertions to make this more obvious,
and to ease future debugging.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Nov 10 2022, 1:31 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptNov 10 2022, 1:31 PM

kp requested review of this revision.Nov 10 2022, 1:31 PM

Harbormaster completed remote builds in B48253: Diff 112841.Nov 10 2022, 1:31 PM

Just a fractional micropercent optimization suggestion. First set the VNET context, then enter the epoch. Same at the end: first exit the epoch, then restore VNET pointer. The VNET context set on a thread for extra time doesn't have any negative impact. The epoch prolonged for extra time does.

micro-optimisation, as recommended by Gleb.

Harbormaster completed remote builds in B48298: Diff 112923.Nov 11 2022, 10:35 AM

This revision was not accepted when it landed; it landed in state Needs Review.Nov 14 2022, 8:37 AM

Closed by commit rG6905fd01cb64: if_ovpn: ensure we're in vnet context when calling sorele() (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG6905fd01cb64: if_ovpn: ensure we're in vnet context when calling sorele().