Author: ae
Date: Wed Sep 20 22:00:06 2017
New Revision: 323836
URL: https://svnweb.freebsd.org/changeset/base/323836
Log:
Do not acquire IPFW_WLOCK when a named object is created and destroyed.
Acquiring of IPFW_WLOCK is requried for cases when we are going to
change some data that can be accessed during processing of packets flow.
When we create new named object, there are not yet any rules, that
references it, thus holding IPFW_UH_WLOCK is enough to safely update
needed structures. When we destroy an object, we do this only when its
reference counter becomes zero. And it is safe to not acquire IPFW_WLOCK,
because noone references it. The another case is when we failed to finish
some action and thus we are doing rollback and destroying an object, in
this case it is still not referenced by rules and no need to acquire
IPFW_WLOCK.
This also fixes panic with INVARIANTS due to recursive IPFW_WLOCK acquiring.
MFC after: 1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw_dynamic.c
head/sys/netpfil/ipfw/ip_fw_table.c
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
head/sys/netpfil/ipfw/nat64/nat64stl_control.c
head/sys/netpfil/ipfw/nptv6/nptv6.c
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c Wed Sep 20 21:51:10 2017
(r323835)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Wed Sep 20 22:00:06 2017
(r323836)
@@ -418,9 +418,7 @@ dyn_create(struct ip_fw_chain *ch, struct tid_info *ti
return (ENOSPC);
}
ipfw_objhash_add(ni, &obj->no);
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, obj->no.kidx) = obj;
- IPFW_WUNLOCK(ch);
obj->no.refcnt++;
*pkidx = obj->no.kidx;
IPFW_UH_WUNLOCK(ch);
@@ -440,10 +438,8 @@ dyn_destroy(struct ip_fw_chain *ch, struct named_objec
no->name, no->etlv, no->kidx, no->refcnt));
DYN_DEBUG("kidx %d", no->kidx);
- IPFW_WLOCK(ch);
obj = SRV_OBJECT(ch, no->kidx);
SRV_OBJECT(ch, no->kidx) = NULL;
- IPFW_WUNLOCK(ch);
ipfw_objhash_del(CHAIN_TO_SRV(ch), no);
ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), no->kidx);
Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c Wed Sep 20 21:51:10 2017
(r323835)
+++ head/sys/netpfil/ipfw/ip_fw_table.c Wed Sep 20 22:00:06 2017
(r323836)
@@ -1925,9 +1925,7 @@ create_table_internal(struct ip_fw_chain *ch, struct t
tc->no.kidx = kidx;
tc->no.etlv = IPFW_TLV_TBL_NAME;
- IPFW_WLOCK(ch);
link_table(ch, tc);
- IPFW_WUNLOCK(ch);
}
if (compat != 0)
@@ -3229,7 +3227,6 @@ link_table(struct ip_fw_chain *ch, struct table_config
uint16_t kidx;
IPFW_UH_WLOCK_ASSERT(ch);
- IPFW_WLOCK_ASSERT(ch);
ni = CHAIN_TO_NI(ch);
kidx = tc->no.kidx;
Modified: head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
==============================================================================
--- head/sys/netpfil/ipfw/nat64/nat64lsn_control.c Wed Sep 20 21:51:10
2017 (r323835)
+++ head/sys/netpfil/ipfw/nat64/nat64lsn_control.c Wed Sep 20 22:00:06
2017 (r323836)
@@ -208,10 +208,7 @@ nat64lsn_create(struct ip_fw_chain *ch, ip_fw3_opheade
ipfw_objhash_add(CHAIN_TO_SRV(ch), &cfg->no);
/* Okay, let's link data */
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = cfg;
- IPFW_WUNLOCK(ch);
-
nat64lsn_start_instance(cfg);
IPFW_UH_WUNLOCK(ch);
@@ -259,10 +256,7 @@ nat64lsn_destroy(struct ip_fw_chain *ch, ip_fw3_ophead
return (EBUSY);
}
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = NULL;
- IPFW_WUNLOCK(ch);
-
nat64lsn_detach_config(ch, cfg);
IPFW_UH_WUNLOCK(ch);
Modified: head/sys/netpfil/ipfw/nat64/nat64stl_control.c
==============================================================================
--- head/sys/netpfil/ipfw/nat64/nat64stl_control.c Wed Sep 20 21:51:10
2017 (r323835)
+++ head/sys/netpfil/ipfw/nat64/nat64stl_control.c Wed Sep 20 22:00:06
2017 (r323836)
@@ -220,10 +220,7 @@ nat64stl_create(struct ip_fw_chain *ch, ip_fw3_opheade
error = nat64stl_create_internal(ch, cfg, uc);
if (error == 0) {
/* Okay, let's link data */
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = cfg;
- IPFW_WUNLOCK(ch);
-
IPFW_UH_WUNLOCK(ch);
return (0);
}
@@ -342,10 +339,7 @@ nat64stl_destroy(struct ip_fw_chain *ch, ip_fw3_ophead
return (EBUSY);
}
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = NULL;
- IPFW_WUNLOCK(ch);
-
nat64stl_detach_config(ch, cfg);
IPFW_UH_WUNLOCK(ch);
Modified: head/sys/netpfil/ipfw/nptv6/nptv6.c
==============================================================================
--- head/sys/netpfil/ipfw/nptv6/nptv6.c Wed Sep 20 21:51:10 2017
(r323835)
+++ head/sys/netpfil/ipfw/nptv6/nptv6.c Wed Sep 20 22:00:06 2017
(r323836)
@@ -560,9 +560,7 @@ nptv6_create(struct ip_fw_chain *ch, ip_fw3_opheader *
return (ENOSPC);
}
ipfw_objhash_add(ni, &cfg->no);
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = cfg;
- IPFW_WUNLOCK(ch);
IPFW_UH_WUNLOCK(ch);
return (0);
}
@@ -599,10 +597,7 @@ nptv6_destroy(struct ip_fw_chain *ch, ip_fw3_opheader
return (EBUSY);
}
- IPFW_WLOCK(ch);
SRV_OBJECT(ch, cfg->no.kidx) = NULL;
- IPFW_WUNLOCK(ch);
-
ipfw_objhash_del(CHAIN_TO_SRV(ch), &cfg->no);
ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), cfg->no.kidx);
IPFW_UH_WUNLOCK(ch);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
