Date: Mon, 01 Dec 2025 21:31:22 +0000 From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 639e65144aa7 - main - pfsync: fix incorrect unlock during destroy Message-ID: <692e092a.344f5.30b2413f@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=639e65144aa71cb03b5431861803f528308760dc commit 639e65144aa71cb03b5431861803f528308760dc Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-12-01 21:30:56 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-12-01 21:30:56 +0000 pfsync: fix incorrect unlock during destroy During pfsync_clone_destroy() we clean up pending packets. This may involve calling pfsync_undefer() or callout_drain(). We may not hold the bucket lock during callout_drain(), but must hold it during pfsync_undefer(). We incorrectly always released the lock, leading to assertion failures during cleanup if there were pending deferred packets. MFC after: 1 week Sponsored by: Orange Business Services --- sys/netpfil/pf/if_pfsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index de69ecbb0985..b571734b4250 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -466,13 +466,13 @@ pfsync_clone_destroy(struct ifnet *ifp) TAILQ_FIRST(&b->b_deferrals); ret = callout_stop(&pd->pd_tmo); - PFSYNC_BUCKET_UNLOCK(b); if (ret > 0) { pfsync_undefer(pd, 1); } else { + PFSYNC_BUCKET_UNLOCK(b); callout_drain(&pd->pd_tmo); + PFSYNC_BUCKET_LOCK(b); } - PFSYNC_BUCKET_LOCK(b); } MPASS(b->b_deferred == 0); MPASS(TAILQ_EMPTY(&b->b_deferrals));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?692e092a.344f5.30b2413f>