From 468cefa22e66bd250077b080167787fa9821b471 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Sun, 7 May 2017 14:33:58 +0000 Subject: [PATCH] pf: Fix vnet initialisation When running the vnet init code (pf_load_vnet()) we used to iterate over all vnets, marking them as unhooked. This is incorrect and leads to panics if pf is unloaded, as the unload code does not unregister the pfil hooks (because the vnet is marked as unhooked). There's no need or reason to touch other vnets during initialisation. Their pf_load_vnet() function will be triggered, which handles all required initialisation. Reviewed by: zec, gnn Differential Revision: https://reviews.freebsd.org/D10592 --- sys/netpfil/pf/pf_ioctl.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index b655bf69d8d..4416e05191a 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3712,17 +3712,8 @@ dehook_pf(void) static void pf_load_vnet(void) { - VNET_ITERATOR_DECL(vnet_iter); - - VNET_LIST_RLOCK(); - VNET_FOREACH(vnet_iter) { - CURVNET_SET(vnet_iter); - V_pf_pfil_hooked = 0; - TAILQ_INIT(&V_pf_tags); - TAILQ_INIT(&V_pf_qids); - CURVNET_RESTORE(); - } - VNET_LIST_RUNLOCK(); + TAILQ_INIT(&V_pf_tags); + TAILQ_INIT(&V_pf_qids); pfattach_vnet(); V_pf_vnet_active = 1;