Page MenuHomeFreeBSD
Differential D54535

ipfw: make the upper half lock sleepable
Needs ReviewPublic
Actions

Authored by glebius on Mon, Jan 5, 7:38 PM.
Tags
None
Referenced Files
F141981697: D54535.id.diff
Wed, Jan 14, 11:55 AM
Unknown Object (File)
Mon, Jan 12, 2:11 AM
Unknown Object (File)
Sat, Jan 10, 4:17 PM
Unknown Object (File)
Sat, Jan 10, 5:41 AM
Unknown Object (File)
Sat, Jan 10, 12:07 AM
Unknown Object (File)
Thu, Jan 8, 4:20 PM
Unknown Object (File)
Thu, Jan 8, 10:45 AM
Unknown Object (File)
Wed, Jan 7, 12:33 AM
View All 11 Files
Subscribers
donner
imp
vegeta_tuxpowered.net

Details

Reviewers
melifaro
ae
lytboris_gmail.com
Group Reviewers
network
Summary

The so called upper half ipfw lock is not used in the forwarding path. It
is used only during configuration changes and servicing system events like
interface arrival/departure or vnet creation. The original code drops the
lock before malloc(M_WAITOK) and then goes into great efforts to recover
from possible races. But the races still exist, e.g. create_table() would
first check for table existence, but then drop the lock. The change also
fixes unlock leak in check_table_space() in a branch that apparently was
never entered.

Changing to a sleepable lock we can reduce a lot of existing complexity
associated with race recovery, and as use the lock to cover other
configuration time allocations, like recently added per-rule bpf(4) taps.

This change doesn't remove much of a race recovery code, to ease bisection
in case of a regression. This will be done in a separate commit. This
change just removes lock drops during configuration events. The only
reduction is removal of get_map(), which is a straightforward reduce to a
simple malloc(9).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 69687
Build 66570: arc lint + arc unit

Event Timeline

glebius created this revision.Mon, Jan 5, 7:38 PM
Herald added subscribers: vegeta_tuxpowered.net, donner, imp. · View Herald TranscriptMon, Jan 5, 7:38 PM
glebius requested review of this revision.Mon, Jan 5, 7:38 PM
Harbormaster completed remote builds in B69632: Diff 169093.Mon, Jan 5, 7:38 PM
glebius updated this revision to Diff 169197.Tue, Jan 6, 5:51 PM
  • Fix lock leak in ipfw_commit_rules().
Harbormaster completed remote builds in B69667: Diff 169197.Tue, Jan 6, 5:51 PM
glebius updated this revision to Diff 169254.Wed, Jan 7, 5:33 PM
The only sleepable context where the lock was acquired was dyn_tick(). The
comment said it is done to prevent parallel execution of
dyn_expire_states().  However, there is proper internal locking in there
and function should be safe to execute in parallel.  The real problem is
dyn_expire_states() called via userland to race with dyn_grow_hashtable()
called via dyn_tick().  Protect against this condition with the main chain
lock.
Harbormaster completed remote builds in B69687: Diff 169254.Wed, Jan 7, 5:33 PM
glebius added a child revision: D54580: ipfw: remove locking workarounds in the table code.Wed, Jan 7, 5:41 PM
ae added inline comments.Mon, Jan 12, 11:11 AM
sys/netpfil/ipfw/ip_fw_table.c
1079

While you are here, it seems there is missing IPFW_UH_RUNLOCK.

glebius added inline comments.Tue, Jan 13, 5:58 PM
sys/netpfil/ipfw/ip_fw_table.c
1079

I'd better assert that table implementation can find an entry :) Will make a separate commit.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfw/
3 lines
37 lines
5 lines
5 lines
20 lines
79 lines
38 lines
13 lines

Diff 169254

View Options

sys/netpfil/ipfw/ip_fw2.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_dynamic.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_iface.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_nat.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_private.h

Loading...
View Options

sys/netpfil/ipfw/ip_fw_sockopt.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table_value.c

Loading...