From owner-freebsd-pf@FreeBSD.ORG Fri Jul 20 20:33:42 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A51516A419; Fri, 20 Jul 2007 20:33:42 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id F359A13C467; Fri, 20 Jul 2007 20:33:41 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 902AE48748; Fri, 20 Jul 2007 16:33:40 -0400 (EDT) Date: Fri, 20 Jul 2007 21:33:40 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Julian Elischer In-Reply-To: <46A100C2.1030606@elischer.org> Message-ID: <20070720213241.N83919@fledge.watson.org> References: <20070717131518.G1177@fledge.watson.org> <200707172342.39082.max@love2party.net> <20070720111539.U1096@fledge.watson.org> <46A100C2.1030606@elischer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-arch@freebsd.org, freebsd-current@freebsd.org, freebsd-pf@freebsd.org, freebsd-net@freebsd.org Subject: Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2007 20:33:42 -0000 On Fri, 20 Jul 2007, Julian Elischer wrote: > Robert Watson wrote: >> >> On Tue, 17 Jul 2007, Max Laier wrote: >> >> So far I have had 0 (zero) reports of problems since this thread began. >> Could people using uid/gid/jail rules with ipfw or pf on 7.x *please* try >> running their firewalls without debug.mpsafenet -- ignore the witness >> warnings and/or disable witness, and let us know if you experience >> deadlocks. We're reaching the very end of the merge cycle for 7.0, and I >> would really like to remove the Giant crutches (now effectively unused) >> from the network stack so it's not part of the ABI/API, the code is >> simplified and cleaned up, etc. > > does "problem" include a LOR message, or only a deadlock? I've seen plenty > of the first, but not the second. Deadlocks. The LOR is expected, but actually a false positive with respect to deadlock potential, we now believe. To be specific: there is a cycle, but since the cycling conditions always involve read acquisition, they shouldn't lead to a wait cycle. So what we're looking for here is evidence of something more than the WITNESS warning. Robert N M Watson Computer Laboratory University of Cambridge