Date: Sun, 19 Aug 2018 00:15:58 +0200 From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: Kristof Provost <kp@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: pf tables locking Message-ID: <1831273.qCtLAga6ZT@energia> In-Reply-To: <18F24996-29D6-4792-BCB7-88738F756077@FreeBSD.org> References: <8680316.SccKl5VnxN@energia> <18F24996-29D6-4792-BCB7-88738F756077@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Monday, 13 August 2018 15:22:33 CEST Kristof Provost wrote: > > This function is called from pf_test only after PF_RULES_RUNLOCK(). > > I think you’re right, this does look wrong. > > It’s very unlikely that this will actually lead to a crash, because > rules (and associated tables) won’t just go away while there’s still > state, but we could theoretically lose memory (in the pfrke_counters > allocation), and miscount. > > I don’t want to re-take the rules lock for this But what about things other than counters and disappearing tables, that is getting addresses out of pool in pf_map_addr? I understand that rpool can't change live because it changes only with loading a ruleset. But then there is pfr_pool_get. This one operates totally unlocked. I proposed a patch locking pools in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230640 but now as I see it locking of each table seems necessary. Why not have granular locking for each pool (or maybe rule) and for each table? -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCW3iangAKCRDjtFCvbXs6 FPG4AJ4mSh2S9rFxP3NwQlDz1CG9unGiYgCguljhbuVzV9AdKgp3dJDypNo2AvE= =jpec -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1831273.qCtLAga6ZT>