From: dlg <dlg@openbsd.org>
Date: Fri, 11 Nov 2022 15:02:31 +0000 (+0000)
Subject: add a mutex to struct pf_state and init it.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3eb75377085e55d6e66bc0814c3359f206dc2264;p=openbsd

add a mutex to struct pf_state and init it.

nothing is protected by it yet but it will allow us to provide
consistent updates to individual states without relying on a global
lock. getting that right between the packet processing in pf itself,
pfsync, the pf purge code, the ioctl paths, etc is not worth the
required contortions.

while pf_state does grow, it doesn't use more cachelines on machines
where we will want to run in parallel with a lot of states.

stolen from and ok sashan@
---

diff --git a/sys/net/pf.c b/sys/net/pf.c
index d93611288e2..37351ef347d 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1150 2022/11/11 11:47:12 dlg Exp $ */
+/*	$OpenBSD: pf.c,v 1.1151 2022/11/11 15:02:31 dlg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1464,6 +1464,7 @@ pf_state_import(const struct pfsync_state *sp, int flags)
 	st->sync_state = PFSYNC_S_NONE;
 
 	refcnt_init(&st->refcnt);
+	mtx_init(&st->mtx, IPL_NET);
 
 	/* XXX when we have anchors, use STATE_INC_COUNTERS */
 	r->states_cur++;
@@ -4357,6 +4358,7 @@ pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct pf_rule *a,
 	 * pf_state_inserts() grabs reference for pfsync!
 	 */
 	refcnt_init(&s->refcnt);
+	mtx_init(&s->mtx, IPL_NET);
 
 	switch (pd->proto) {
 	case IPPROTO_TCP:
diff --git a/sys/net/pfvar_priv.h b/sys/net/pfvar_priv.h
index 8516a4144af..746b6fedb07 100644
--- a/sys/net/pfvar_priv.h
+++ b/sys/net/pfvar_priv.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar_priv.h,v 1.18 2022/11/11 12:50:45 dlg Exp $	*/
+/*	$OpenBSD: pfvar_priv.h,v 1.19 2022/11/11 15:02:31 dlg Exp $	*/
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -43,6 +43,7 @@
 /*
  * Protection/ownership of pf_state members:
  *	I	immutable after creation
+ *	M	pf_state mtx
  *	P	PF_STATE_LOCK
  *	S	pfsync mutex
  *	L	pf_state_list
@@ -70,6 +71,8 @@ struct pf_state {
 	struct pf_sn_head	 src_nodes;	/* [I] */
 	struct pf_state_key	*key[2];	/* [ddresses stack and wire  */
 	struct pfi_kif		*kif;		/* [I] */
+	struct mutex		 mtx;
+	pf_refcnt_t		 refcnt;
 	u_int64_t		 packets[2];
 	u_int64_t		 bytes[2];
 	int32_t			 creation;	/* [I] */
@@ -90,7 +93,6 @@ struct pf_state {
 	u_int16_t		 max_mss;	/* [I] */
 	u_int16_t		 if_index_in;	/* [I] */
 	u_int16_t		 if_index_out;	/* [I] */
-	pf_refcnt_t		 refcnt;
 	u_int16_t		 delay;		/* [I] */
 	u_int8_t		 rt;		/* [I] */
 	u_int8_t		 snapped;	/* [S] */