diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-03-23 09:02:00 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-03-23 09:02:00 +0000 |
| commit | a7cd51de3f845a9911b20dfdc9ef7f638cfdee1d (patch) | |
| tree | d36f8b8ce274f4f80f11ca7584cd7029f39aeee2 | |
| parent | 9419dcffe228159fcf3f8d7a8506d34d08452a24 (diff) | |
resurrect pf_consistency_lock as pfioctl_rw this time. pfioctl_rw
serializes access to pf(4) from concurrent processes which
change/read firewall configuration.
OK bluhm@
| -rw-r--r-- | sys/net/pf_ioctl.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index dbbc79c0a0e..dc56f6afe02 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.373 2022/02/16 04:25:34 dlg Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.374 2022/03/23 09:01:59 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -150,6 +150,7 @@ TAILQ_HEAD(pf_tags, pf_tagname) pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags), */ struct rwlock pf_lock = RWLOCK_INITIALIZER("pf_lock"); struct rwlock pf_state_lock = RWLOCK_INITIALIZER("pf_state_lock"); +struct rwlock pfioctl_rw = RWLOCK_INITIALIZER("pfioctl_rw"); #if (PF_QNAME_SIZE != PF_TAG_NAME_SIZE) #error PF_QNAME_SIZE must be equal to PF_TAG_NAME_SIZE @@ -1142,6 +1143,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) return (EACCES); } + if (flags & FWRITE) + rw_enter_write(&pfioctl_rw); + else + rw_enter_read(&pfioctl_rw); + switch (cmd) { case DIOCSTART: @@ -2945,8 +2951,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCSETIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; - if (io == NULL) - return (EINVAL); + if (io == NULL) { + error = EINVAL; + break; + } NET_LOCK(); PF_LOCK(); @@ -2959,8 +2967,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCCLRIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; - if (io == NULL) - return (EINVAL); + if (io == NULL) { + error = EINVAL; + break; + } NET_LOCK(); PF_LOCK(); @@ -3020,6 +3030,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } fail: + if (flags & FWRITE) + rw_exit_write(&pfioctl_rw); + else + rw_exit_read(&pfioctl_rw); + return (error); } |