From owner-svn-src-projects@FreeBSD.ORG Tue Oct 7 10:54:55 2014 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0BA432A8; Tue, 7 Oct 2014 10:54:55 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EB9B4C14; Tue, 7 Oct 2014 10:54:54 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s97AssUs011217; Tue, 7 Oct 2014 10:54:54 GMT (envelope-from melifaro@FreeBSD.org) Received: (from melifaro@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s97AsrxU011209; Tue, 7 Oct 2014 10:54:53 GMT (envelope-from melifaro@FreeBSD.org) Message-Id: <201410071054.s97AsrxU011209@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: melifaro set sender to melifaro@FreeBSD.org using -f From: "Alexander V. Chernikov" Date: Tue, 7 Oct 2014 10:54:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r272685 - projects/ipfw/sys/netpfil/ipfw X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2014 10:54:55 -0000 Author: melifaro Date: Tue Oct 7 10:54:53 2014 New Revision: 272685 URL: https://svnweb.freebsd.org/changeset/base/272685 Log: * Fix crash in interface tracker due to using old "linked" field. * Ensure we're flushing entries without any locks held. * Free memory in (rare) case when interface tracker fails to register ifp. * Add KASSERT on table values refcounts. Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_iface.c projects/ipfw/sys/netpfil/ipfw/ip_fw_private.h projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_iface.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_iface.c Tue Oct 7 10:36:06 2014 (r272684) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_iface.c Tue Oct 7 10:54:53 2014 (r272685) @@ -392,8 +392,7 @@ ipfw_iface_del_notify(struct ip_fw_chain IPFW_UH_WLOCK_ASSERT(ch); iif = ic->iface; - if (ic->linked != 0) - TAILQ_REMOVE(&iif->consumers, ic, next); + TAILQ_REMOVE(&iif->consumers, ic, next); } /* Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_private.h ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_private.h Tue Oct 7 10:36:06 2014 (r272684) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_private.h Tue Oct 7 10:54:53 2014 (r272685) @@ -355,8 +355,6 @@ struct ipfw_ifc { struct ipfw_iface *iface; ipfw_ifc_cb *cb; void *cbdata; - int linked; - int spare; }; /* Macro for working with various counters */ Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c Tue Oct 7 10:36:06 2014 (r272684) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c Tue Oct 7 10:54:53 2014 (r272685) @@ -564,10 +564,14 @@ add_table_entry(struct ip_fw_chain *ch, */ restart: if (ts.modified != 0) { + IPFW_UH_WUNLOCK(ch); flush_batch_buffer(ch, ta, tei, count, rollback, ta_buf_m, ta_buf); memset(&ts, 0, sizeof(ts)); + ta = NULL; + IPFW_UH_WLOCK(ch); } + error = find_ref_table(ch, ti, tei, count, OP_ADD, &tc); if (error != 0) { IPFW_UH_WUNLOCK(ch); Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c Tue Oct 7 10:36:06 2014 (r272684) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c Tue Oct 7 10:54:53 2014 (r272685) @@ -2045,8 +2045,10 @@ ta_prepare_add_ifidx(struct ip_fw_chain ife->ic.cb = if_notifier; ife->ic.cbdata = ife; - if (ipfw_iface_ref(ch, ifname, &ife->ic) != 0) + if (ipfw_iface_ref(ch, ifname, &ife->ic) != 0) { + free(ife, M_IPFW_TBL); return (EINVAL); + } /* Use ipfw_iface 'ifname' field as stable storage */ ife->no.name = ife->ic.iface->ifname; Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c Tue Oct 7 10:36:06 2014 (r272684) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c Tue Oct 7 10:54:53 2014 (r272685) @@ -251,10 +251,9 @@ unref_table_value(struct namedobj_instan { struct table_val_link *ptvl; - if (pval[kidx].refcnt > 1) { - pval[kidx].refcnt--; + KASSERT(pval[kidx].refcnt > 0, ("Refcount is 0 on kidx %d", kidx)); + if (--pval[kidx].refcnt > 0) return; - } /* Last reference, delete item */ ptvl = (struct table_val_link *)ipfw_objhash_lookup_kidx(vi, kidx); @@ -307,6 +306,8 @@ ipfw_unref_table_values(struct ip_fw_cha { struct flush_args fa; + IPFW_UH_WLOCK_ASSERT(ch); + memset(&fa, 0, sizeof(fa)); fa.ch = ch; fa.ta = ta;