Page MenuHomeFreeBSD
Differential D3855

Properly drain callouts in the IPFW subsystem
ClosedPublic
Actions

Authored by hselasky on Oct 9 2015, 12:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 7, 7:08 PM
Unknown Object (File)
Dec 22 2024, 3:25 PM
Unknown Object (File)
Dec 8 2024, 8:08 PM
Unknown Object (File)
Oct 30 2024, 9:41 AM
Unknown Object (File)
Oct 19 2024, 3:36 AM
Unknown Object (File)
Oct 19 2024, 3:36 AM
Unknown Object (File)
Oct 19 2024, 3:35 AM
Unknown Object (File)
Oct 19 2024, 3:13 AM
View All 98 Files
Subscribers
franco_opnsense.org
imp

Details

Reviewers
hiren
rrs
jch
Group Reviewers
network
Commits
rS297228: MFC r292254:
rS292254: Properly drain callouts in the IPFW subsystem to avoid use after free
Summary

When unloading the dummynet module, there is a slight chance that the dummynet timer might be restarted after the callout is drained. Add a drain variable and use an existing lock to ensure the dymmynet timer is not restarted after the teardown sequence is started.

Callout drain can sleep and must not be called locked.

Test Plan
#!/bin/sh
while true
do
kldunload dummynet
kldunload ipfw
kldload ipfw
kldload dummynet
done

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

hselasky updated this revision to Diff 9273.Oct 9 2015, 12:30 PM
hselasky retitled this revision from to Properly drain callouts in the IPFW subsystem.
hselasky updated this object.
hselasky edited the test plan for this revision. (Show Details)
hselasky added reviewers: hiren, jch, rrs.
hselasky set the repository for this revision to rS FreeBSD src repository - subversion.
Herald added a subscriber: imp. · View Herald TranscriptOct 9 2015, 12:30 PM
hselasky added a reviewer: network.Oct 23 2015, 8:49 AM
hiren accepted this revision.Dec 14 2015, 1:34 PM
hiren edited edge metadata.

I am not 100% sure if this is the correct approach but its better than whats going on right now. Please go ahead with this patch.
Rasool Al-Saadi also confirmed that this works and avoids panic.

This revision is now accepted and ready to land.Dec 14 2015, 1:34 PM
Closed by commit rS292254: Properly drain callouts in the IPFW subsystem to avoid use after free (authored by hselasky). · Explain WhyDec 15 2015, 9:02 AM
This revision was automatically updated to reflect the committed changes.
franco_opnsense.org added a subscriber: franco_opnsense.org.Mar 20 2016, 9:24 AM

I just hit this and noticed it was never MFC'd. Can this be pushed to STABLE?

hselasky added a comment.Mar 20 2016, 2:58 PM

Feel free to MFC if the patches apply to 10-stable. I won't be able to MFC until end of next week.

franco_opnsense.org added a comment.Mar 20 2016, 5:22 PM

Ok, I'll open a bug report for the MFC.

FWIW, applies cleanly to 10.2-RELENG and kldunload works as expected, thanks for this patch!

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
ipfw/
2 lines
11 lines
5 lines

Diff 11284

View Options

head/sys/netpfil/ipfw/ip_dn_io.c

Loading...
View Options

head/sys/netpfil/ipfw/ip_dummynet.c

Loading...
View Options

head/sys/netpfil/ipfw/ip_fw2.c

Loading...