From owner-svn-src-head@FreeBSD.ORG Mon Apr 7 07:06:14 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 061CE8EF; Mon, 7 Apr 2014 07:06:14 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CCA44220; Mon, 7 Apr 2014 07:06:13 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3776Dbn087035; Mon, 7 Apr 2014 07:06:13 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3776D05087034; Mon, 7 Apr 2014 07:06:13 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201404070706.s3776D05087034@svn.freebsd.org> From: Martin Matuska Date: Mon, 7 Apr 2014 07:06:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r264220 - head/sys/netpfil/pf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 07:06:14 -0000 Author: mm Date: Mon Apr 7 07:06:13 2014 New Revision: 264220 URL: http://svnweb.freebsd.org/changeset/base/264220 Log: Merge from projects/pf r264198: Execute pf_overload_task() in vnet context. Fixes a vnet kernel panic. Reviewed by: trociny MFC after: 1 week Modified: head/sys/netpfil/pf/pf.c Directory Properties: head/sys/ (props changed) Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Mon Apr 7 05:33:30 2014 (r264219) +++ head/sys/netpfil/pf/pf.c Mon Apr 7 07:06:13 2014 (r264220) @@ -284,7 +284,7 @@ static int pf_addr_wrap_neq(struct pf_ static struct pf_state *pf_find_state(struct pfi_kif *, struct pf_state_key_cmp *, u_int); static int pf_src_connlimit(struct pf_state **); -static void pf_overload_task(void *c, int pending); +static void pf_overload_task(void *v, int pending); static int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, struct pf_addr *, sa_family_t); static u_int pf_purge_expired_states(u_int, int); @@ -516,16 +516,18 @@ pf_src_connlimit(struct pf_state **state } static void -pf_overload_task(void *c, int pending) +pf_overload_task(void *v, int pending) { struct pf_overload_head queue; struct pfr_addr p; struct pf_overload_entry *pfoe, *pfoe1; uint32_t killed = 0; + CURVNET_SET((struct vnet *)v); + PF_OVERLOADQ_LOCK(); - queue = *(struct pf_overload_head *)c; - SLIST_INIT((struct pf_overload_head *)c); + queue = V_pf_overloadqueue; + SLIST_INIT(&V_pf_overloadqueue); PF_OVERLOADQ_UNLOCK(); bzero(&p, sizeof(p)); @@ -569,8 +571,10 @@ pf_overload_task(void *c, int pending) V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; /* If nothing to flush, return. */ - if (SLIST_EMPTY(&queue)) + if (SLIST_EMPTY(&queue)) { + CURVNET_RESTORE(); return; + } for (int i = 0; i <= pf_hashmask; i++) { struct pf_idhash *ih = &V_pf_idhash[i]; @@ -599,6 +603,8 @@ pf_overload_task(void *c, int pending) free(pfoe, M_PFTEMP); if (V_pf_status.debug >= PF_DEBUG_MISC) printf("%s: %u states killed", __func__, killed); + + CURVNET_RESTORE(); } /* @@ -795,7 +801,7 @@ pf_initialize() /* Send & overload+flush queues. */ STAILQ_INIT(&V_pf_sendqueue); SLIST_INIT(&V_pf_overloadqueue); - TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, &V_pf_overloadqueue); + TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, curvnet); mtx_init(&pf_sendqueue_mtx, "pf send queue", NULL, MTX_DEF); mtx_init(&pf_overloadqueue_mtx, "pf overload/flush queue", NULL, MTX_DEF);