artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d1fa90)
Revert previous, it exposed two edge cases still requiring the
authormpi <mpi@openbsd.org>
Tue, 4 Jul 2017 14:10:15 +0000 (14:10 +0000)
committermpi <mpi@openbsd.org>
Tue, 4 Jul 2017 14:10:15 +0000 (14:10 +0000)
KERNEL_LOCK().

- radix_node_head are still allocated with malloc(9) and pf_table can
  free(9) some.

- pfsync(4) might send some traffic which can exercise IPsec code

Found by bluhm@ and Hrvoje Popovski

sys/net/pf.c patch | blob | history

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 82be49e..14c71ea 100644 (file)
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf.c,v 1.1036 2017/07/03 08:11:21 mpi Exp $ */
+/*     $OpenBSD: pf.c,v 1.1037 2017/07/04 14:10:15 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1204,12 +1204,10 @@ pf_purge_thread(void *v)
 {
        int nloops = 0, s;
 
-       KERNEL_UNLOCK();
-
-       NET_LOCK(s);
        for (;;) {
-               rwsleep(pf_purge_thread, &netlock, PWAIT, "pftm", 1 * hz);
+               tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
 
+               NET_LOCK(s);
 
                PF_LOCK();
                /* process a fraction of the state table every second */
@@ -1229,8 +1227,9 @@ pf_purge_thread(void *v)
                        pf_purge_expired_fragments();
                        nloops = 0;
                }
+
+               NET_UNLOCK(s);
        }
-       NET_UNLOCK(s);
 }
 
 int32_t
OpenBSD src
by Ahmet Artu Yildirim