Diffusion FreeBSD src repository - subversion rS297228

MFC r292254:
rS297228
Actions

Description

MFC r292254:

Properly drain callouts in the IPFW subsystem to avoid use after free
panics when unloading the dummynet and IPFW modules:

The callout drain function can sleep and should not be called having

a non-sleepable lock locked. Remove locks around "ipfw_dyn_uninit(0)".

Add a new "dn_gone" variable to prevent asynchronous restart of

dummynet callouts when unloading the dummynet kernel module.

Call "dn_reschedule()" locked so that "dn_gone" can be set and

checked atomically with regard to starting a new callout.

PR: 208171
Requested by: Franco Fichtner (opnsense.org)
Differential Revision: https://reviews.freebsd.org/D3855

Details

Provenance

• hselasky

Authored on

Differential Revision

D3855: Properly drain callouts in the IPFW subsystem

Parents

rS297227: Move mbuf provider under SDT to indicate that it is FreeBSD specific

Branches

Unknown

Tags

Unknown

Event Timeline

• hselasky committed rS297228: MFC r292254:.Mar 24 2016, 9:22 AM

Changes (4)

Path

Size

stable/

10/

sys/

netpfil/

ipfw/

ip_dn_io.c

ip_dummynet.c

ip_fw2.c

rS297228

View Options

stable/10/

View Options

stable/10/sys/netpfil/ipfw/ip_dn_io.c

View Options

stable/10/sys/netpfil/ipfw/ip_dummynet.c

View Options

stable/10/sys/netpfil/ipfw/ip_fw2.c

MFC r292254:rS297228Actions

Description

Details

Event Timeline

Changes (4)

rS297228

stable/10/

stable/10/sys/netpfil/ipfw/ip_dn_io.c

stable/10/sys/netpfil/ipfw/ip_dummynet.c

stable/10/sys/netpfil/ipfw/ip_fw2.c

MFC r292254:
rS297228
Actions