Date: Sun, 4 Aug 2019 12:47:38 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350568 - head/sys/contrib/ipfilter/netinet Message-ID: <201908041247.x74ClcGO057283@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Sun Aug 4 12:47:38 2019 New Revision: 350568 URL: https://svnweb.freebsd.org/changeset/base/350568 Log: Resolve ipfilter kld unload issues related to VNET jails. When the ipfilter kld is loaded, used within VNET jail, and unloaded, then subsequent loading, use, and unloading of another packet filters will cause the subsequently loaded netpfil kld's to panic. The scenario is as follows: cd /usr/tests/sys/netpfil/common kldunload ipl kldunload pfsync kldunload ipfw kyua test pass_block kldload ipl kyua test pass_block kldunload ipl kldload pfsync kyua test pass_block kldunload pfsync -- page fault panic occurs here -- Reported by: "Ahsan Barkati" <ahsanbarkati@g.....com> via kp@ Discussed with: kp@ Tested by: kp@ MFC after: 3 days Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sun Aug 4 12:47:35 2019 (r350567) +++ head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sun Aug 4 12:47:38 2019 (r350568) @@ -100,7 +100,10 @@ VNET_DEFINE(ipf_main_softc_t, ipfmain) = { # include <sys/conf.h> # include <net/pfil.h> -static eventhandler_tag ipf_arrivetag, ipf_departtag; +VNET_DEFINE_STATIC(eventhandler_tag, ipf_arrivetag); +VNET_DEFINE_STATIC(eventhandler_tag, ipf_departtag); +#define V_ipf_arrivetag VNET(ipf_arrivetag) +#define V_ipf_departtag VNET(ipf_departtag) #if 0 /* * Disable the "cloner" event handler; we are getting interface @@ -110,7 +113,8 @@ static eventhandler_tag ipf_arrivetag, ipf_departtag; * If it turns out to be needed, well need a dedicated event handler * for it to deal with the ifc and the correct vnet. */ -static eventhandler_tag ipf_clonetag; +VNET_DEFINE_STATIC(eventhandler_tag, ipf_clonetag); +#define V_ipf_clonetag VNET(ipf_clonetag) #endif static void ipf_ifevent(void *arg, struct ifnet *ifp); @@ -1383,14 +1387,14 @@ int ipf_pfil_hook(void) { void ipf_event_reg(void) { - ipf_arrivetag = EVENTHANDLER_REGISTER(ifnet_arrival_event, \ + V_ipf_arrivetag = EVENTHANDLER_REGISTER(ifnet_arrival_event, \ ipf_ifevent, NULL, \ EVENTHANDLER_PRI_ANY); - ipf_departtag = EVENTHANDLER_REGISTER(ifnet_departure_event, \ + V_ipf_departtag = EVENTHANDLER_REGISTER(ifnet_departure_event, \ ipf_ifevent, NULL, \ EVENTHANDLER_PRI_ANY); #if 0 - ipf_clonetag = EVENTHANDLER_REGISTER(if_clone_event, ipf_ifevent, \ + V_ipf_clonetag = EVENTHANDLER_REGISTER(if_clone_event, ipf_ifevent, \ NULL, EVENTHANDLER_PRI_ANY); #endif } @@ -1398,15 +1402,15 @@ ipf_event_reg(void) void ipf_event_dereg(void) { - if (ipf_arrivetag != NULL) { - EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ipf_arrivetag); + if (V_ipf_arrivetag != NULL) { + EVENTHANDLER_DEREGISTER(ifnet_arrival_event, V_ipf_arrivetag); } - if (ipf_departtag != NULL) { - EVENTHANDLER_DEREGISTER(ifnet_departure_event, ipf_departtag); + if (V_ipf_departtag != NULL) { + EVENTHANDLER_DEREGISTER(ifnet_departure_event, V_ipf_departtag); } #if 0 - if (ipf_clonetag != NULL) { - EVENTHANDLER_DEREGISTER(if_clone_event, ipf_clonetag); + if (V_ipf_clonetag != NULL) { + EVENTHANDLER_DEREGISTER(if_clone_event, V_ipf_clonetag); } #endif } Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Sun Aug 4 12:47:35 2019 (r350567) +++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Sun Aug 4 12:47:38 2019 (r350568) @@ -283,6 +283,10 @@ vnet_ipf_uninit(void) V_ipfmain.ipf_running = -2; ipf_destroy_all(&V_ipfmain); + if (!IS_DEFAULT_VNET(curvnet)) { + ipf_event_dereg(); + (void)ipf_pfil_unhook(); + } } } VNET_SYSUNINIT(vnet_ipf_uninit, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908041247.x74ClcGO057283>