diff options
| author |   mpi <mpi@openbsd.org> | 2017-07-04 14:10:15 +0000 |
|---|---|---|
| committer | mpi <mpi@openbsd.org> | 2017-07-04 14:10:15 +0000 |
| commit | 9a02b2b7f0ee6155d097fc931fd692eb19934ca9 (patch) | |
| tree | 0e37fff29733cb48df7b02eea268c7994950c189 | |
| parent | Should have committed this two days ago, last part that ran during depend (diff) | |
| download | wireguard-openbsd-9a02b2b7f0ee6155d097fc931fd692eb19934ca9.tar.xz wireguard-openbsd-9a02b2b7f0ee6155d097fc931fd692eb19934ca9.zip | |
Revert previous, it exposed two edge cases still requiring the
KERNEL_LOCK().
- radix_node_head are still allocated with malloc(9) and pf_table can
free(9) some.
- pfsync(4) might send some traffic which can exercise IPsec code
Found by bluhm@ and Hrvoje Popovski
| -rw-r--r-- | sys/net/pf.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 82be49e688f..14c71ea118e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1036 2017/07/03 08:11:21 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.1037 2017/07/04 14:10:15 mpi Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1204,12 +1204,10 @@ pf_purge_thread(void *v) { int nloops = 0, s; - KERNEL_UNLOCK(); - - NET_LOCK(s); for (;;) { - rwsleep(pf_purge_thread, &netlock, PWAIT, "pftm", 1 * hz); + tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz); + NET_LOCK(s); PF_LOCK(); /* process a fraction of the state table every second */ @@ -1229,8 +1227,9 @@ pf_purge_thread(void *v) pf_purge_expired_fragments(); nloops = 0; } + + NET_UNLOCK(s); } - NET_UNLOCK(s); } int32_t |