CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2022/11/24 15:51:23
Modified files:
sys/net : Tag: OPENBSD_7_2 pf.c
Log message:
This diff fixes panic tripped by KASSERT(st->sync_state == PFSYNC_S_NONE)
found in pfsync_insert_state(). It is caused by two packets which happen
to belong to the same session. Think of UDP stream or two TCP SYN packets
transmitted almost simultaneously. The first such packet wins a state lock
and inserts state to table. The second packet waits for state lock
as a reader. As soon as the first packet is done with state creation
it drops the lock and is going to sent S_INS message to its peer via
pfsync. The second update meanwhile obtains the state lock as a reader.
It finds a state created by the first packet. Later the second packet
also finds out the state needs to be updated, because sync_state
is still set to PFSYNC_S_NONE. The second packet puts state to snapshot
list marking it as S_UPD. All this happens before the first packet has
a chance to make a progress. Think of the first packet loses cpu after
dropping a write lock. Once the first packet gets running again it
trips KASSERT() because sync_state is set to S_UPD.
tested by hrvoje@
OK dlg@
from sashan@
this is errata/7.2/008_pfsync.patch.sig
