From 9a02b2b7f0ee6155d097fc931fd692eb19934ca9 Mon Sep 17 00:00:00 2001 From: mpi Date: Tue, 4 Jul 2017 14:10:15 +0000 Subject: [PATCH] Revert previous, it exposed two edge cases still requiring the KERNEL_LOCK(). - radix_node_head are still allocated with malloc(9) and pf_table can free(9) some. - pfsync(4) might send some traffic which can exercise IPsec code Found by bluhm@ and Hrvoje Popovski --- sys/net/pf.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index 82be49e688f..14c71ea118e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1036 2017/07/03 08:11:21 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.1037 2017/07/04 14:10:15 mpi Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1204,12 +1204,10 @@ pf_purge_thread(void *v) { int nloops = 0, s; - KERNEL_UNLOCK(); - - NET_LOCK(s); for (;;) { - rwsleep(pf_purge_thread, &netlock, PWAIT, "pftm", 1 * hz); + tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz); + NET_LOCK(s); PF_LOCK(); /* process a fraction of the state table every second */ @@ -1229,8 +1227,9 @@ pf_purge_thread(void *v) pf_purge_expired_fragments(); nloops = 0; } + + NET_UNLOCK(s); } - NET_UNLOCK(s); } int32_t -- 2.20.1