From owner-svn-src-projects@FreeBSD.ORG Thu Jun 7 15:57:31 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6336E106566C; Thu, 7 Jun 2012 15:57:31 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4F5568FC0A; Thu, 7 Jun 2012 15:57:31 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q57FvVLv097440; Thu, 7 Jun 2012 15:57:31 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q57FvVUD097438; Thu, 7 Jun 2012 15:57:31 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201206071557.q57FvVUD097438@svn.freebsd.org> From: Gleb Smirnoff Date: Thu, 7 Jun 2012 15:57:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r236718 - projects/pf/head/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 15:57:31 -0000 Author: glebius Date: Thu Jun 7 15:57:30 2012 New Revision: 236718 URL: http://svn.freebsd.org/changeset/base/236718 Log: o Close a race on state unlink. Although a state is already removed from the id hash, it still can be located via key hash. To avoid this, check for the PFTM_UNLINKED value in the pf_find_state(). o Call into pfsync_delete_state() after state had been removed from both hashes. Modified: projects/pf/head/sys/contrib/pf/net/pf.c Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Thu Jun 7 15:54:52 2012 (r236717) +++ projects/pf/head/sys/contrib/pf/net/pf.c Thu Jun 7 15:57:30 2012 (r236718) @@ -1183,6 +1183,15 @@ pf_find_state(struct pfi_kif *kif, struc if (s->kif == V_pfi_all || s->kif == kif) { PF_STATE_LOCK(s); PF_HASHROW_UNLOCK(kh); + if (s->timeout == PFTM_UNLINKED) { + /* + * State is being processed + * by pf_unlink_state() in + * an other thread. + */ + PF_STATE_UNLOCK(s); + return (NULL); + } return (s); } PF_HASHROW_UNLOCK(kh); @@ -1464,8 +1473,6 @@ pf_unlink_state(struct pf_state *s, u_in if (export_pflow_ptr != NULL) export_pflow_ptr(s); #endif - if (pfsync_delete_state_ptr != NULL) - pfsync_delete_state_ptr(s); s->timeout = PFTM_UNLINKED; pf_src_tree_remove_state(s); PF_HASHROW_UNLOCK(ih); @@ -1473,6 +1480,9 @@ pf_unlink_state(struct pf_state *s, u_in pf_detach_state(s); refcount_release(&s->refs); + if (pfsync_delete_state_ptr != NULL) + pfsync_delete_state_ptr(s); + return (pf_release_state(s)); }