From owner-freebsd-pf@FreeBSD.ORG Sun Dec 14 14:54:21 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 08D361C6 for ; Sun, 14 Dec 2014 14:54:21 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C093F2DB for ; Sun, 14 Dec 2014 14:54:20 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id sBEEsK4C024014 for ; Sun, 14 Dec 2014 14:54:20 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id sBEEsKTd024013; Sun, 14 Dec 2014 14:54:20 GMT (envelope-from root) Date: Sun, 14 Dec 2014 14:54:20 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Request, 100 lines] D1315: VIMAGE PF fixes #4 Message-ID: X-Priority: 3 Thread-Topic: D1315: VIMAGE PF fixes #4 X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Thread-Index: ZGI1YWY1MTBmYjU4M2RhM2FhZDQyNzA4YWQ1 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , , , MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2014 14:54:21 -0000 rodrigc created this revision. rodrigc added reviewers: bz, glebius, trociny, network. rodrigc added subscribers: freebsd-net, freebsd-pf, freebsd-virtualization. REVISION SUMMARY Instead of creating a purge thread for every vnet, create a single purge thread and clean up all vnets from this thread. TEST PLAN (1) Boot a kernel with VIMAGE enabled (2) Create a vnet jail jail -c persist name=testjail001 vnet path=/ host.hostname=testjail001 allow.raw_sockets allow.socket_af (3) Start pf inside the jail service start pf (4) Delete the vnet jail jail -r testjail001 Without this patch, the kernel would panic in step (4). With the patch, the kernel does not panic REVISION DETAIL https://reviews.freebsd.org/D1315 AFFECTED FILES sys/net/pfvar.h sys/netpfil/pf/pf.c sys/netpfil/pf/pf_ioctl.c To: rodrigc, bz, glebius, trociny, np, melifaro, hrs, wollman, bryanv, rpaulo, adrian, gnn, hiren, rwatson Cc: freebsd-virtualization, freebsd-pf, freebsd-net