From: kn Date: Thu, 18 May 2023 14:11:18 +0000 (+0000) Subject: Assert pf lock on interface handling X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=128c3c8c87582da19c1b4f60c191a69b1d4207df;p=openbsd Assert pf lock on interface handling Make sure that all hooks into pf's internal list of interfaces do happen with the pf lock held, i.e. nothing relies on the net lock alone, so that later unlocking can then rely on it. Full i386 regress (thanks bluhm) and daily usage are fine OK sashan --- diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index 9722484e544..74661507497 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.109 2022/11/22 22:28:40 sashan Exp $ */ +/* $OpenBSD: pf_if.c,v 1.110 2023/05/18 14:11:18 kn Exp $ */ /* * Copyright 2005 Henning Brauer @@ -157,6 +157,8 @@ pfi_kif_find(const char *kif_name) { struct pfi_kif_cmp s; + PF_ASSERT_LOCKED(); + memset(&s, 0, sizeof(s)); strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name)); return (RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s)); @@ -167,6 +169,8 @@ pfi_kif_get(const char *kif_name, struct pfi_kif **prealloc) { struct pfi_kif *kif; + PF_ASSERT_LOCKED(); + if ((kif = pfi_kif_find(kif_name))) return (kif); @@ -187,6 +191,8 @@ pfi_kif_get(const char *kif_name, struct pfi_kif **prealloc) void pfi_kif_ref(struct pfi_kif *kif, enum pfi_kif_refs what) { + PF_ASSERT_LOCKED(); + switch (what) { case PFI_KIF_REF_RULE: kif->pfik_rules++; @@ -214,6 +220,8 @@ pfi_kif_unref(struct pfi_kif *kif, enum pfi_kif_refs what) if (kif == NULL) return; + PF_ASSERT_LOCKED(); + switch (what) { case PFI_KIF_REF_NONE: break; @@ -801,6 +809,8 @@ pfi_skip_if(const char *filter, struct pfi_kif *p) struct ifg_list *i; int n; + PF_ASSERT_LOCKED(); + if (filter == NULL || !*filter) return (0); if (!strcmp(p->pfik_name, filter)) @@ -823,6 +833,8 @@ pfi_set_flags(const char *name, int flags) struct pfi_kif *p; size_t n; + PF_ASSERT_LOCKED(); + if (name != NULL && name[0] != '\0') { p = pfi_kif_find(name); if (p == NULL) { @@ -862,6 +874,8 @@ pfi_clear_flags(const char *name, int flags) { struct pfi_kif *p, *w; + PF_ASSERT_LOCKED(); + if (name != NULL && name[0] != '\0') { p = pfi_kif_find(name); if (p != NULL) { @@ -899,6 +913,8 @@ pfi_xcommit(void) struct ifnet *ifp; size_t n; + PF_ASSERT_LOCKED(); + RB_FOREACH(p, pfi_ifhead, &pfi_ifs) { p->pfik_flags = p->pfik_flags_new; n = strlen(p->pfik_name);