Date: Sun, 19 Aug 2018 00:15:58 +0200 From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: Kristof Provost <kp@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: pf tables locking Message-ID: <1831273.qCtLAga6ZT@energia> In-Reply-To: <18F24996-29D6-4792-BCB7-88738F756077@FreeBSD.org> References: <8680316.SccKl5VnxN@energia> <18F24996-29D6-4792-BCB7-88738F756077@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart5655015.LPuHGhcovh Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" On Monday, 13 August 2018 15:22:33 CEST Kristof Provost wrote: > > This function is called from pf_test only after PF_RULES_RUNLOCK(). >=20 > I think you=E2=80=99re right, this does look wrong. >=20 > It=E2=80=99s very unlikely that this will actually lead to a crash, becau= se > rules (and associated tables) won=E2=80=99t just go away while there=E2= =80=99s still > state, but we could theoretically lose memory (in the pfrke_counters > allocation), and miscount. >=20 > I don=E2=80=99t want to re-take the rules lock for this But what about things other than counters and disappearing tables, that is= =20 getting addresses out of pool in pf_map_addr? I understand that rpool can't= =20 change live because it changes only with loading a ruleset. But then there = is=20 pfr_pool_get. This one operates totally unlocked. I proposed a patch lockin= g=20 pools in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230640 but now= as I=20 see it locking of each table seems necessary. Why not have granular locking for each pool (or maybe rule) and for each=20 table? =2D-=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --nextPart5655015.LPuHGhcovh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCW3iangAKCRDjtFCvbXs6 FPG4AJ4mSh2S9rFxP3NwQlDz1CG9unGiYgCguljhbuVzV9AdKgp3dJDypNo2AvE= =jpec -----END PGP SIGNATURE----- --nextPart5655015.LPuHGhcovh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1831273.qCtLAga6ZT>