From owner-svn-src-all@FreeBSD.ORG Thu Dec 6 08:38:14 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE743E3E; Thu, 6 Dec 2012 08:38:14 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id A66068FC12; Thu, 6 Dec 2012 08:38:14 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qB68cEPC000481; Thu, 6 Dec 2012 08:38:14 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qB68cEoo000480; Thu, 6 Dec 2012 08:38:14 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201212060838.qB68cEoo000480@svn.freebsd.org> From: Gleb Smirnoff Date: Thu, 6 Dec 2012 08:38:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r243944 - head/sys/netpfil/pf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2012 08:38:14 -0000 Author: glebius Date: Thu Dec 6 08:38:14 2012 New Revision: 243944 URL: http://svnweb.freebsd.org/changeset/base/243944 Log: Rule memory garbage collecting in new pf scans only states that are on id hash. If a state has been disconnected from id hash, its rule pointers can no longer be dereferenced, and referenced memory can't be modified. Thus, move rule statistics from pf_free_rule() to pf_unlink_rule() and update them prior to releasing id hash slot lock. Reported by: Ian FREISLICH Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Thu Dec 6 08:36:30 2012 (r243943) +++ head/sys/netpfil/pf/pf.c Thu Dec 6 08:38:14 2012 (r243944) @@ -1504,6 +1504,12 @@ pf_unlink_state(struct pf_state *s, u_in if (pfsync_delete_state_ptr != NULL) pfsync_delete_state_ptr(s); + --s->rule.ptr->states_cur; + if (s->nat_rule.ptr != NULL) + --s->nat_rule.ptr->states_cur; + if (s->anchor.ptr != NULL) + --s->anchor.ptr->states_cur; + s->timeout = PFTM_UNLINKED; PF_HASHROW_UNLOCK(ih); @@ -1521,11 +1527,7 @@ pf_free_state(struct pf_state *cur) KASSERT(cur->refs == 0, ("%s: %p has refs", __func__, cur)); KASSERT(cur->timeout == PFTM_UNLINKED, ("%s: timeout %u", __func__, cur->timeout)); - --cur->rule.ptr->states_cur; - if (cur->nat_rule.ptr != NULL) - --cur->nat_rule.ptr->states_cur; - if (cur->anchor.ptr != NULL) - --cur->anchor.ptr->states_cur; + pf_normalize_tcp_cleanup(cur); uma_zfree(V_pf_state_z, cur); V_pf_status.fcounters[FCNT_STATE_REMOVALS]++;