diff options
| author |   cheloha <cheloha@openbsd.org> | 2020-06-24 22:03:40 +0000 |
|---|---|---|
| committer | cheloha <cheloha@openbsd.org> | 2020-06-24 22:03:40 +0000 |
| commit | 3209772dfcc3950dd5df01bc44eebf75e637511e (patch) | |
| tree | 674a3736a2e3e277e801c3c22c1430cb8a2d032f /sys/net/pf_norm.c | |
| parent | First stab at making signal handling work. (diff) | |
| download | wireguard-openbsd-3209772dfcc3950dd5df01bc44eebf75e637511e.tar.xz wireguard-openbsd-3209772dfcc3950dd5df01bc44eebf75e637511e.zip | |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_t. However,
time_t is 64-bit everywhere, so it is not generally safe to use them
on 32-bit platforms: you have a split-read problem if your hardware
cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor
interface, throughout the kernel. Similarly, time_uptime(9) is replaced
with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for
eliminating the split-read problem: instead of two register reads you
now have a lockless read loop to pull the values from the timehands.
This is really not *too* bad in the grand scheme of things, but
compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
Diffstat (limited to 'sys/net/pf_norm.c')
| -rw-r--r-- | sys/net/pf_norm.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 570d0523cfc..0a438543e10 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.218 2019/02/28 20:20:47 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.219 2020/06/24 22:03:43 cheloha Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -220,7 +220,7 @@ pf_purge_expired_fragments(void) PF_ASSERT_UNLOCKED(); - expire = time_uptime - pf_default_rule.timeout[PFTM_FRAG]; + expire = getuptime() - pf_default_rule.timeout[PFTM_FRAG]; PF_FRAG_LOCK(); while ((frag = TAILQ_LAST(&pf_fragqueue, pf_fragqueue)) != NULL) { @@ -589,7 +589,7 @@ pf_fillup_fragment(struct pf_frnode *key, u_int32_t id, memset(frag->fr_entries, 0, sizeof(frag->fr_entries)); TAILQ_INIT(&frag->fr_queue); frag->fr_id = id; - frag->fr_timeout = time_uptime; + frag->fr_timeout = getuptime(); frag->fr_gen = frnode->fn_gen++; frag->fr_maxlen = frent->fe_len; frag->fr_holes = 1; @@ -1352,7 +1352,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, u_short *reason, getmicrouptime(&uptime); if (src->scrub && (src->scrub->pfss_flags & PFSS_PAWS) && (uptime.tv_sec - src->scrub->pfss_last.tv_sec > TS_MAX_IDLE || - time_uptime - state->creation > TS_MAX_CONN)) { + getuptime() - state->creation > TS_MAX_CONN)) { if (pf_status.debug >= LOG_NOTICE) { log(LOG_NOTICE, "pf: src idled out of PAWS "); pf_print_state(state); |