From owner-svn-src-all@freebsd.org  Thu Jun 23 22:31:12 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1522FB74C36;
 Thu, 23 Jun 2016 22:31:12 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DB0A929C5;
 Thu, 23 Jun 2016 22:31:11 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5NMVBJU075889;
 Thu, 23 Jun 2016 22:31:11 GMT (envelope-from bz@FreeBSD.org)
Received: (from bz@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5NMVBTj075888;
 Thu, 23 Jun 2016 22:31:11 GMT (envelope-from bz@FreeBSD.org)
Message-Id: <201606232231.u5NMVBTj075888@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org
 using -f
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Thu, 23 Jun 2016 22:31:11 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r302159 - head/sys/netpfil/pf
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2016 22:31:12 -0000

Author: bz
Date: Thu Jun 23 22:31:10 2016
New Revision: 302159
URL: https://svnweb.freebsd.org/changeset/base/302159

Log:
  Make sure pflog is attached after pf is initializaed so we can
  borrow pf's lock, and also make sure pflog goes after pf is gone
  in order to avoid callouts in VNETs to an already freed instance.
  
  Reported by:    Ivan Klymenko, Johan Hendriks  on current@ today
  Obtained from:  projects/vnet
  Sponsored by:   The FreeBSD Foundation
  MFC after:      13 days
  Approved by:	re (gjb)

Modified:
  head/sys/netpfil/pf/if_pflog.c

Modified: head/sys/netpfil/pf/if_pflog.c
==============================================================================
--- head/sys/netpfil/pf/if_pflog.c	Thu Jun 23 21:50:52 2016	(r302158)
+++ head/sys/netpfil/pf/if_pflog.c	Thu Jun 23 22:31:10 2016	(r302159)
@@ -268,7 +268,7 @@ vnet_pflog_init(const void *unused __unu
 
 	pflogattach(1);
 }
-VNET_SYSINIT(vnet_pflog_init, SI_SUB_PSEUDO, SI_ORDER_ANY,
+VNET_SYSINIT(vnet_pflog_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY,
     vnet_pflog_init, NULL);
 
 static void
@@ -277,6 +277,10 @@ vnet_pflog_uninit(const void *unused __u
 
 	if_clone_detach(V_pflog_cloner);
 }
+/*
+ * Detach after pf is gone; otherwise we might touch pflog memory
+ * from within pf after freeing pflog.
+ */
 VNET_SYSUNINIT(vnet_pflog_uninit, SI_SUB_INIT_IF, SI_ORDER_SECOND,
     vnet_pflog_uninit, NULL);
 
@@ -308,6 +312,7 @@ static moduledata_t pflog_mod = { pflogn
 
 #define PFLOG_MODVER 1
 
-DECLARE_MODULE(pflog, pflog_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
+/* Do not run before pf is initialized as we depend on its locks. */
+DECLARE_MODULE(pflog, pflog_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY);
 MODULE_VERSION(pflog, PFLOG_MODVER);
 MODULE_DEPEND(pflog, pf, PF_MODVER, PF_MODVER, PF_MODVER);