Kill a bunch of recursive splsoftnet()s. pf_ioctl() already call
splsoftnet() and for the functions that are also called from pf_test()
the spl level is already IPL_SOFTNET.
ok?
Index: net/pf_if.c
===================================================================
RCS file: /cvs/src/sys/net/pf_if.c,v
retrieving revision 1.86
diff -u -p -r1.86 pf_if.c
--- net/pf_if.c 27 Sep 2016 04:57:17 -0000 1.86
+++ net/pf_if.c 15 Nov 2016 14:27:47 -0000
@@ -356,7 +356,7 @@ pfi_dynaddr_setup(struct pf_addr_wrap *a
struct pfi_dynaddr *dyn;
char tblname[PF_TABLE_NAME_SIZE];
struct pf_ruleset *ruleset = NULL;
- int s, rv = 0;
+ int rv = 0;
if (aw->type != PF_ADDR_DYNIFTL)
return (0);
@@ -364,7 +364,6 @@ pfi_dynaddr_setup(struct pf_addr_wrap *a
== NULL)
return (1);
- s = splsoftnet();
if (!strcmp(aw->v.ifname, "self"))
dyn->pfid_kif = pfi_kif_get(IFG_ALL);
else
@@ -407,7 +406,6 @@ pfi_dynaddr_setup(struct pf_addr_wrap *a
TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
aw->p.dyn = dyn;
pfi_kif_update(dyn->pfid_kif);
- splx(s);
return (0);
_bad:
@@ -418,7 +416,6 @@ _bad:
if (dyn->pfid_kif != NULL)
pfi_kif_unref(dyn->pfid_kif, PFI_KIF_REF_RULE);
pool_put(&pfi_addr_pl, dyn);
- splx(s);
return (rv);
}
@@ -589,13 +586,10 @@ pfi_address_add(struct sockaddr *sa, sa_
void
pfi_dynaddr_remove(struct pf_addr_wrap *aw)
{
- int s;
-
if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL ||
aw->p.dyn->pfid_kif == NULL || aw->p.dyn->pfid_kt == NULL)
return;
- s = splsoftnet();
TAILQ_REMOVE(&aw->p.dyn->pfid_kif->pfik_dynaddrs, aw->p.dyn, entry);
pfi_kif_unref(aw->p.dyn->pfid_kif, PFI_KIF_REF_RULE);
aw->p.dyn->pfid_kif = NULL;
@@ -603,7 +597,6 @@ pfi_dynaddr_remove(struct pf_addr_wrap *
aw->p.dyn->pfid_kt = NULL;
pool_put(&pfi_addr_pl, aw->p.dyn);
aw->p.dyn = NULL;
- splx(s);
}
void
@@ -640,23 +633,20 @@ pfi_update_status(const char *name, stru
struct pfi_kif_cmp key;
struct ifg_member p_member, *ifgm;
TAILQ_HEAD(, ifg_member) ifg_members;
- int i, j, k, s;
+ int i, j, k;
- s = splsoftnet();
if (*name == '\0' && pfs == NULL) {
RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
bzero(p->pfik_packets, sizeof(p->pfik_packets));
bzero(p->pfik_bytes, sizeof(p->pfik_bytes));
p->pfik_tzero = time_second;
}
- splx(s);
return;
}
strlcpy(key.pfik_name, name, sizeof(key.pfik_name));
p = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&key);
if (p == NULL) {
- splx(s);
return;
}
if (p->pfik_group != NULL) {
@@ -694,16 +684,14 @@ pfi_update_status(const char *name, stru
p->pfik_bytes[i][j][k];
}
}
- splx(s);
}
int
pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
{
struct pfi_kif *p, *nextp;
- int s, n = 0;
+ int n = 0;
- s = splsoftnet();
for (p = RB_MIN(pfi_ifhead, &pfi_ifs); p; p = nextp) {
nextp = RB_NEXT(pfi_ifhead, &pfi_ifs, p);
if (pfi_skip_if(name, p))
@@ -714,14 +702,12 @@ pfi_get_ifaces(const char *name, struct
pfi_kif_ref(p, PFI_KIF_REF_RULE);
if (copyout(p, buf++, sizeof(*buf))) {
pfi_kif_unref(p, PFI_KIF_REF_RULE);
- splx(s);
return (EFAULT);
}
nextp = RB_NEXT(pfi_ifhead, &pfi_ifs, p);
pfi_kif_unref(p, PFI_KIF_REF_RULE);
}
}
- splx(s);
*size = n;
return (0);
}
@@ -752,15 +738,12 @@ int
pfi_set_flags(const char *name, int flags)
{
struct pfi_kif *p;
- int s;
- s = splsoftnet();
RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags_new = p->pfik_flags | flags;
}
- splx(s);
return (0);
}
@@ -768,15 +751,12 @@ int
pfi_clear_flags(const char *name, int flags)
{
struct pfi_kif *p;
- int s;
- s = splsoftnet();
RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags_new = p->pfik_flags & ~flags;
}
- splx(s);
return (0);
}
@@ -784,12 +764,9 @@ void
pfi_xcommit(void)
{
struct pfi_kif *p;
- int s;
- s = splsoftnet();
RB_FOREACH(p, pfi_ifhead, &pfi_ifs)
p->pfik_flags = p->pfik_flags_new;
- splx(s);
}
/* from pf_print_state.c */
Index: net/pf_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.304
diff -u -p -r1.304 pf_ioctl.c
--- net/pf_ioctl.c 28 Oct 2016 07:54:19 -0000 1.304
+++ net/pf_ioctl.c 15 Nov 2016 14:26:42 -0000
@@ -769,7 +769,7 @@ pf_commit_rules(u_int32_t ticket, char *
struct pf_ruleset *rs;
struct pf_rule *rule, **old_array;
struct pf_rulequeue *old_rules;
- int s, error;
+ int error;
u_int32_t old_rcount;
/* Make sure any expired rules get removed from active rules first. */
@@ -788,7 +788,6 @@ pf_commit_rules(u_int32_t ticket, char *
}
/* Swap rules, keep the old. */
- s = splsoftnet();
old_rules = rs->rules.active.ptr;
old_rcount = rs->rules.active.rcount;
old_array = rs->rules.active.ptr_array;
@@ -813,7 +812,6 @@ pf_commit_rules(u_int32_t ticket, char *
rs->rules.inactive.rcount = 0;
rs->rules.inactive.open = 0;
pf_remove_if_empty_ruleset(rs);
- splx(s);
/* queue defs only in the main ruleset */
if (anchor[0])
