Page MenuHomeFreeBSD
Differential D39223

pfsync: hold b_mtx for callout_stop(pd_tmo)
ClosedPublic
Actions

Authored by kp on Mar 23 2023, 1:33 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, May 4, 5:28 PM
Unknown Object (File)
Sat, May 4, 5:28 PM
Unknown Object (File)
Sat, May 4, 5:28 PM
Unknown Object (File)
Sat, May 4, 5:28 PM
Unknown Object (File)
Sat, May 4, 5:28 PM
Unknown Object (File)
Sat, May 4, 5:27 PM
Unknown Object (File)
Sat, May 4, 5:16 PM
Unknown Object (File)
Jan 14 2024, 7:34 AM
View All 24 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
markj
Group Reviewers
network
Commits
rG9965ab873cd7: pfsync: hold b_mtx for callout_stop(pd_tmo)
rG5f74ed9afdb1: pfsync: hold b_mtx for callout_stop(pd_tmo)
rG01194da28a21: pfsync: hold b_mtx for callout_stop(pd_tmo)
Summary

The pd_tmo callout has an associated mutex, which we must hold while
calling callout_stop().

Reported by: markj
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Mar 23 2023, 1:33 AM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptMar 23 2023, 1:33 AM
kp requested review of this revision.Mar 23 2023, 1:33 AM
Harbormaster completed remote builds in B50536: Diff 119309.Mar 23 2023, 1:34 AM
kp updated this revision to Diff 119310.Mar 23 2023, 1:35 AM

Remove unrelated changes.

Harbormaster completed remote builds in B50537: Diff 119310.Mar 23 2023, 1:36 AM
markj added inline comments.Mar 23 2023, 2:00 PM
sys/netpfil/pf/if_pfsync.c
418–419

Are you only taking the lock for the sake of callout_stop()? That is, it's ok to do the tailq remove without the mutex held? It's not immediately obvious since b_deferred is decremented with the lock held.

427

Perhaps assert that pd->pd_refs == 0 before freeing?

kp added inline comments.Mar 24 2023, 8:47 AM
sys/netpfil/pf/if_pfsync.c
427

That turns out to not quite work. pd_refs isn't really a reference count, but an indication to the timeout function that we want to do the free.

That's a bit silly, so I'm posting D39248 to remove it entirely (and restructure the timeout function a bit).

kp updated this revision to Diff 119385.Mar 24 2023, 8:51 AM

Protect tailq operation with the bucket lock.

Harbormaster completed remote builds in B50562: Diff 119385.Mar 24 2023, 8:51 AM
markj added inline comments.Mar 24 2023, 4:57 PM
sys/netpfil/pf/if_pfsync.c
417

I think loading TAILQ_FIRST(&b->b_deferrals) also needs to be done under the mutex.

419

Suppose ret == 0, i.e., the callout is about to be executed but is currently waiting for the bucket lock. Once the bucket lock is released, pfsync_defer_tmo() will execute. It will also remove pd from the deferrals list, so we end up removing pd twice, which will presumably result in a panic.

Either we should avoid modifying the list here when callout_stop() returns 0 (can it return -1? I think not?), or the callout handler needs to detect that pfsync_clone_destroy() has already removed the deferral structure from the list.

kp mentioned this in D39248: pf: remove pd_refs from pfsync.Mar 25 2023, 12:58 AM
kp updated this revision to Diff 119467.Mar 26 2023, 1:20 AM
  • rework locking
  • use pfsync_undefer directly rather than doing basically the same thing with duplicated code
  • improved assertions (assert we've cleaned up all deferred packets)
Harbormaster completed remote builds in B50586: Diff 119467.Mar 26 2023, 1:21 AM
markj accepted this revision as: markj.Mar 27 2023, 9:49 PM
This revision is now accepted and ready to land.Mar 27 2023, 9:49 PM
Closed by commit rG01194da28a21: pfsync: hold b_mtx for callout_stop(pd_tmo) (authored by kp). · Explain WhyMar 28 2023, 1:19 AM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG01194da28a21: pfsync: hold b_mtx for callout_stop(pd_tmo).
kp added a commit: rG5f74ed9afdb1: pfsync: hold b_mtx for callout_stop(pd_tmo).Mar 30 2023, 3:08 AM
kp added a commit: rG9965ab873cd7: pfsync: hold b_mtx for callout_stop(pd_tmo).

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
19 lines

Diff 119537

View Options

sys/netpfil/pf/if_pfsync.c

Loading...