Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Dec 2012 08:38:14 +0000 (UTC)
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r243944 - head/sys/netpfil/pf
Message-ID:  <201212060838.qB68cEoo000480@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: glebius
Date: Thu Dec  6 08:38:14 2012
New Revision: 243944
URL: http://svnweb.freebsd.org/changeset/base/243944

Log:
    Rule memory garbage collecting in new pf scans only states that are on
  id hash. If a state has been disconnected from id hash, its rule pointers
  can no longer be dereferenced, and referenced memory can't be modified.
  Thus, move rule statistics from pf_free_rule() to pf_unlink_rule() and
  update them prior to releasing id hash slot lock.
  
  Reported by:	Ian FREISLICH <ianf cloudseed.co.za>

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Thu Dec  6 08:36:30 2012	(r243943)
+++ head/sys/netpfil/pf/pf.c	Thu Dec  6 08:38:14 2012	(r243944)
@@ -1504,6 +1504,12 @@ pf_unlink_state(struct pf_state *s, u_in
 	if (pfsync_delete_state_ptr != NULL)
 		pfsync_delete_state_ptr(s);
 
+	--s->rule.ptr->states_cur;
+	if (s->nat_rule.ptr != NULL)
+		--s->nat_rule.ptr->states_cur;
+	if (s->anchor.ptr != NULL)
+		--s->anchor.ptr->states_cur;
+
 	s->timeout = PFTM_UNLINKED;
 
 	PF_HASHROW_UNLOCK(ih);
@@ -1521,11 +1527,7 @@ pf_free_state(struct pf_state *cur)
 	KASSERT(cur->refs == 0, ("%s: %p has refs", __func__, cur));
 	KASSERT(cur->timeout == PFTM_UNLINKED, ("%s: timeout %u", __func__,
 	    cur->timeout));
-	--cur->rule.ptr->states_cur;
-	if (cur->nat_rule.ptr != NULL)
-		--cur->nat_rule.ptr->states_cur;
-	if (cur->anchor.ptr != NULL)
-		--cur->anchor.ptr->states_cur;
+
 	pf_normalize_tcp_cleanup(cur);
 	uma_zfree(V_pf_state_z, cur);
 	V_pf_status.fcounters[FCNT_STATE_REMOVALS]++;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212060838.qB68cEoo000480>