Site Navigation

Date:      Thu, 23 Jun 2016 22:31:11 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r302159 - head/sys/netpfil/pf
Message-ID:  <201606232231.u5NMVBTj075888@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: bz
Date: Thu Jun 23 22:31:10 2016
New Revision: 302159
URL: https://svnweb.freebsd.org/changeset/base/302159

Log:
  Make sure pflog is attached after pf is initializaed so we can
  borrow pf's lock, and also make sure pflog goes after pf is gone
  in order to avoid callouts in VNETs to an already freed instance.
  
  Reported by:    Ivan Klymenko, Johan Hendriks  on current@ today
  Obtained from:  projects/vnet
  Sponsored by:   The FreeBSD Foundation
  MFC after:      13 days
  Approved by:	re (gjb)

Modified:
  head/sys/netpfil/pf/if_pflog.c

Modified: head/sys/netpfil/pf/if_pflog.c
==============================================================================
--- head/sys/netpfil/pf/if_pflog.c	Thu Jun 23 21:50:52 2016	(r302158)
+++ head/sys/netpfil/pf/if_pflog.c	Thu Jun 23 22:31:10 2016	(r302159)
@@ -268,7 +268,7 @@ vnet_pflog_init(const void *unused __unu
 
 	pflogattach(1);
 }
-VNET_SYSINIT(vnet_pflog_init, SI_SUB_PSEUDO, SI_ORDER_ANY,
+VNET_SYSINIT(vnet_pflog_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY,
     vnet_pflog_init, NULL);
 
 static void
@@ -277,6 +277,10 @@ vnet_pflog_uninit(const void *unused __u
 
 	if_clone_detach(V_pflog_cloner);
 }
+/*
+ * Detach after pf is gone; otherwise we might touch pflog memory
+ * from within pf after freeing pflog.
+ */
 VNET_SYSUNINIT(vnet_pflog_uninit, SI_SUB_INIT_IF, SI_ORDER_SECOND,
     vnet_pflog_uninit, NULL);
 
@@ -308,6 +312,7 @@ static moduledata_t pflog_mod = { pflogn
 
 #define PFLOG_MODVER 1
 
-DECLARE_MODULE(pflog, pflog_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
+/* Do not run before pf is initialized as we depend on its locks. */
+DECLARE_MODULE(pflog, pflog_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY);
 MODULE_VERSION(pflog, PFLOG_MODVER);
 MODULE_DEPEND(pflog, pf, PF_MODVER, PF_MODVER, PF_MODVER);

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606232231.u5NMVBTj075888>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact