Page MenuHomeFreeBSD

ipfilter: Do not reinitialize lock in timer function
ClosedPublic

Authored by jlduran on Tue, Nov 12, 6:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 23, 3:30 PM
Unknown Object (File)
Sat, Nov 16, 9:14 PM
Unknown Object (File)
Wed, Nov 13, 10:28 AM
Unknown Object (File)
Wed, Nov 13, 9:27 AM
Unknown Object (File)
Wed, Nov 13, 9:14 AM
Unknown Object (File)
Wed, Nov 13, 4:51 AM
Unknown Object (File)
Wed, Nov 13, 3:10 AM
Unknown Object (File)
Wed, Nov 13, 1:51 AM

Details

Summary

This is unnecessary and may result in a deadlock.

PR: 282478
Reported by: markj
Fixes: 1fa6daaafd74 ("ipfilter: Avoid stopping with a lock held")

Test Plan

My interaction with ipfilter is limited to the following tests:

  1. Testing the original PR:
service ipfw onestart
service ipfw onestop
dmesg -a
  1. Running the test suite:
kldload if_bridge
kldload if_epair
cd /usr/tests
kyua test -k /usr/tests/Kyuafile sys/netpfil/common | grep -v skipped:
sys/netpfil/common/forward:ipf_v4  ->  passed  [8.042s]
sys/netpfil/common/fragments:ipf_fragments  ->  passed  [11.408s]
sys/netpfil/common/nat:ipfnat_basic  ->  passed  [4.115s]
sys/netpfil/common/pass_block:ipf_v4  ->  passed  [1.511s]
sys/netpfil/common/pass_block:ipf_v6  ->  passed  [3.136s]
sys/netpfil/common/rdr:ipfnat_basic  ->  passed  [4.921s]
sys/netpfil/common/rdr:ipfnat_local_redirect  ->  passed  [4.727s]

...

7/42 passed (0 broken, 0 failed, 35 skipped)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 60507
Build 57391: arc lint + arc unit

Event Timeline

This revision is now accepted and ready to land.Tue, Nov 12, 8:16 PM

This is the ticket. You will need to reapply the revert. Probably makes more sense to reapply while squashing this. I don't know if you need still mentor approval or if my approval is good enough.

My apologies, I forgot that it's always ok for a rwlock read lock to recurse, so there is no deadlock. Most of our lock types don't have that property.

In D47530#1084128, @cy wrote:

This is the ticket. You will need to reapply the revert. Probably makes more sense to reapply while squashing this. I don't know if you need still mentor approval or if my approval is good enough.

Will do then. If you have other tests that you run, I would gladly try to add them to the suite (once I finish with other fixes), I feel ipfilter is "undertested", but I may be wrong.
I was explained that the approval of my mentor is an "administrative approval", and may not necessarily be a technical one, of course, having both is much more reassuring.

Thank you!

In D47530#1084128, @cy wrote:

This is the ticket. You will need to reapply the revert. Probably makes more sense to reapply while squashing this. I don't know if you need still mentor approval or if my approval is good enough.

Will do then. If you have other tests that you run, I would gladly try to add them to the suite (once I finish with other fixes), I feel ipfilter is "undertested", but I may be wrong.
I was explained that the approval of my mentor is an "administrative approval", and may not necessarily be a technical one, of course, having both is much more reassuring.

Thank you!

I simply test on my sandbox machine. It's working there, no panics. Should have tested it first before accepting the review. (And if I'm ready to commit I always install on my prod firewall here at home. It panicking or not working in some way impacts my ability to work from home, as the company has become a WFH company since the pandemic.)

This + the previous patch works perfectly.

I'm sorry for not testing the patch before accepting it. That's on me.