From owner-svn-src-stable@freebsd.org Wed Sep 27 01:46:16 2017 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89B83E28184; Wed, 27 Sep 2017 01:46:16 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62D3383867; Wed, 27 Sep 2017 01:46:16 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8R1kF2t066864; Wed, 27 Sep 2017 01:46:15 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8R1kFQH066859; Wed, 27 Sep 2017 01:46:15 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201709270146.v8R1kFQH066859@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Wed, 27 Sep 2017 01:46:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r324046 - in stable/11/sys/netpfil/ipfw: . nat64 nptv6 X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: in stable/11/sys/netpfil/ipfw: . nat64 nptv6 X-SVN-Commit-Revision: 324046 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 01:46:16 -0000 Author: ae Date: Wed Sep 27 01:46:14 2017 New Revision: 324046 URL: https://svnweb.freebsd.org/changeset/base/324046 Log: MFC r323836: Do not acquire IPFW_WLOCK when a named object is created and destroyed. Acquiring of IPFW_WLOCK is requried for cases when we are going to change some data that can be accessed during processing of packets flow. When we create new named object, there are not yet any rules, that references it, thus holding IPFW_UH_WLOCK is enough to safely update needed structures. When we destroy an object, we do this only when its reference counter becomes zero. And it is safe to not acquire IPFW_WLOCK, because noone references it. The another case is when we failed to finish some action and thus we are doing rollback and destroying an object, in this case it is still not referenced by rules and no need to acquire IPFW_WLOCK. This also fixes panic with INVARIANTS due to recursive IPFW_WLOCK acquiring. Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c stable/11/sys/netpfil/ipfw/ip_fw_table.c stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c stable/11/sys/netpfil/ipfw/nptv6/nptv6.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Wed Sep 27 01:31:52 2017 (r324045) +++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Wed Sep 27 01:46:14 2017 (r324046) @@ -418,9 +418,7 @@ dyn_create(struct ip_fw_chain *ch, struct tid_info *ti return (ENOSPC); } ipfw_objhash_add(ni, &obj->no); - IPFW_WLOCK(ch); SRV_OBJECT(ch, obj->no.kidx) = obj; - IPFW_WUNLOCK(ch); obj->no.refcnt++; *pkidx = obj->no.kidx; IPFW_UH_WUNLOCK(ch); @@ -440,10 +438,8 @@ dyn_destroy(struct ip_fw_chain *ch, struct named_objec no->name, no->etlv, no->kidx, no->refcnt)); DYN_DEBUG("kidx %d", no->kidx); - IPFW_WLOCK(ch); obj = SRV_OBJECT(ch, no->kidx); SRV_OBJECT(ch, no->kidx) = NULL; - IPFW_WUNLOCK(ch); ipfw_objhash_del(CHAIN_TO_SRV(ch), no); ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), no->kidx); Modified: stable/11/sys/netpfil/ipfw/ip_fw_table.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_table.c Wed Sep 27 01:31:52 2017 (r324045) +++ stable/11/sys/netpfil/ipfw/ip_fw_table.c Wed Sep 27 01:46:14 2017 (r324046) @@ -1925,9 +1925,7 @@ create_table_internal(struct ip_fw_chain *ch, struct t tc->no.kidx = kidx; tc->no.etlv = IPFW_TLV_TBL_NAME; - IPFW_WLOCK(ch); link_table(ch, tc); - IPFW_WUNLOCK(ch); } if (compat != 0) @@ -3229,7 +3227,6 @@ link_table(struct ip_fw_chain *ch, struct table_config uint16_t kidx; IPFW_UH_WLOCK_ASSERT(ch); - IPFW_WLOCK_ASSERT(ch); ni = CHAIN_TO_NI(ch); kidx = tc->no.kidx; Modified: stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c Wed Sep 27 01:31:52 2017 (r324045) +++ stable/11/sys/netpfil/ipfw/nat64/nat64lsn_control.c Wed Sep 27 01:46:14 2017 (r324046) @@ -208,10 +208,7 @@ nat64lsn_create(struct ip_fw_chain *ch, ip_fw3_opheade ipfw_objhash_add(CHAIN_TO_SRV(ch), &cfg->no); /* Okay, let's link data */ - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = cfg; - IPFW_WUNLOCK(ch); - nat64lsn_start_instance(cfg); IPFW_UH_WUNLOCK(ch); @@ -259,10 +256,7 @@ nat64lsn_destroy(struct ip_fw_chain *ch, ip_fw3_ophead return (EBUSY); } - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = NULL; - IPFW_WUNLOCK(ch); - nat64lsn_detach_config(ch, cfg); IPFW_UH_WUNLOCK(ch); Modified: stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c Wed Sep 27 01:31:52 2017 (r324045) +++ stable/11/sys/netpfil/ipfw/nat64/nat64stl_control.c Wed Sep 27 01:46:14 2017 (r324046) @@ -220,10 +220,7 @@ nat64stl_create(struct ip_fw_chain *ch, ip_fw3_opheade error = nat64stl_create_internal(ch, cfg, uc); if (error == 0) { /* Okay, let's link data */ - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = cfg; - IPFW_WUNLOCK(ch); - IPFW_UH_WUNLOCK(ch); return (0); } @@ -342,10 +339,7 @@ nat64stl_destroy(struct ip_fw_chain *ch, ip_fw3_ophead return (EBUSY); } - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = NULL; - IPFW_WUNLOCK(ch); - nat64stl_detach_config(ch, cfg); IPFW_UH_WUNLOCK(ch); Modified: stable/11/sys/netpfil/ipfw/nptv6/nptv6.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nptv6/nptv6.c Wed Sep 27 01:31:52 2017 (r324045) +++ stable/11/sys/netpfil/ipfw/nptv6/nptv6.c Wed Sep 27 01:46:14 2017 (r324046) @@ -560,9 +560,7 @@ nptv6_create(struct ip_fw_chain *ch, ip_fw3_opheader * return (ENOSPC); } ipfw_objhash_add(ni, &cfg->no); - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = cfg; - IPFW_WUNLOCK(ch); IPFW_UH_WUNLOCK(ch); return (0); } @@ -599,10 +597,7 @@ nptv6_destroy(struct ip_fw_chain *ch, ip_fw3_opheader return (EBUSY); } - IPFW_WLOCK(ch); SRV_OBJECT(ch, cfg->no.kidx) = NULL; - IPFW_WUNLOCK(ch); - ipfw_objhash_del(CHAIN_TO_SRV(ch), &cfg->no); ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), cfg->no.kidx); IPFW_UH_WUNLOCK(ch);