From owner-freebsd-current@FreeBSD.ORG  Thu Jul 22 22:54:00 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AA9C316A4CE; Thu, 22 Jul 2004 22:54:00 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.185])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1EBFD43D3F; Thu, 22 Jul 2004 22:54:00 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BnmRq-0003kv-00; Fri, 23 Jul 2004 00:53:58 +0200
Received: from [84.128.139.174] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1BnmRq-0007Mb-00; Fri, 23 Jul 2004 00:53:58 +0200
From: Max Laier <max@love2party.net>
To: freebsd-current@freebsd.org
Date: Fri, 23 Jul 2004 00:51:44 +0200
User-Agent: KMail/1.6.2
References: <Pine.NEB.3.96L.1040722083203.69594B-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1040722083203.69594B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-02=_HUEABX694/GxqKJ";
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200407230051.51939.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
cc: Wiktor Niesiobedzki <bsd@w.evip.pl>
cc: Robert Watson <rwatson@freebsd.org>
Subject: Re: LORs with PF
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2004 22:54:00 -0000


--Boundary-02=_HUEABX694/GxqKJ
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 22 July 2004 14:36, Robert Watson wrote:
> On Thu, 22 Jul 2004, Bjoern A. Zeeb wrote:
> > > I don't think, it was reported yet, but here it goes:
> > >
> > > lock order reversal
> > >  1st 0xc0632c80 pf task mtx (pf task mtx) @
> > > /usr/src/sys/contrib/pf/net/pf.c:5822 2nd 0xc066638c tcp (tcp) @
> > > /usr/src/sys/contrib/pf/net/pf.c:2420
> >
> > for reference: added it to "LOR page" with LOR # 017:
> > http://sources.zabbadoz.net/freebsd/lor.html#017
>
> I have no immediate fix, but here's an explanation:
>
> This likely occurs because calls are made into pf in the outgoing packet
> path, which may hold protocol layer locks (inpcb and pcbinfo locks).  The
> pf mutex will therefore typically follow the protocol locks in the lock
> order.  However, when pf calls up to the pcb/socket code to find
> potentially matching pcbs or sockets for a packet, it can't/shouldn't hold
> the pf lock across that.  A similar bug exists in ipfw.
>
> FWIW, this is actually symptomatic of a race: technically, that pcb lookup
> could have a different result between when the firewall looks it up and
> when the TCP or UDP code looks it up.  It's a property of what is
> generally considered a layering violation, albeit a useful one.
>
> The solution I'm looking at for ipfw, but haven't had a chance to
> prototype yet, is to avoid holding the mutex for the duration of the call
> to ipfw, but instead use some rule set reference count such that ipfw
> consumers hold a reference on the rules to prevent them from changing out
> from under them.  Note that this has interesting semantic consideration
> such as starvation, which are usually remedied using copy-on-write, but
> that may be expensive for large rule sets.  Just something to think
> about...

This raises the question (at least for me) for a useable sx(9) implementati=
on=20
or a busycount of some sort. Somebody suggested atomic refcounts, but I don=
't=20
remember what the outcome was. I know of at least two places where we have=
=20
handrolled busycounts: pfil_hooks and MAC
Something general with tuneable starvation scheme might be worthwhile?

In any case, I must look into something of that kind for pf as well. At the=
=20
moment we have a lot of: "drop lock - call back into the stack - reaquire=20
lock".

=2D-=20
/"\  Best regards,			| mlaier@freebsd.org
\ /  Max Laier				| ICQ #67774661
 X   http://pf4freebsd.love2party.net/	| mlaier@EFnet
/ \  ASCII Ribbon Campaign		| Against HTML Mail and News

--Boundary-02=_HUEABX694/GxqKJ
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBBAEUHXyyEoT62BG0RAml9AJ9cOycGlCjgSm251O5O704YSlF9BwCcD4lD
R34aNh7qFRfkih5l9bTZLnQ=
=wLOY
-----END PGP SIGNATURE-----

--Boundary-02=_HUEABX694/GxqKJ--