pfsync: fix incorrect unlock during destroy

During pfsync_clone_destroy() we clean up pending packets. This
may involve calling pfsync_undefer() or callout_drain(). We may not
hold the bucket lock during callout_drain(), but must hold it during
pfsync_undefer().

We incorrectly always released the lock, leading to assertion failures
during cleanup if there were pending deferred packets.

MFC after:	1 week
Sponsored by:	Orange Business Services
This commit is contained in:
Kristof Provost
2025-12-01 22:30:56 +01:00
parent 7a283c4018
commit 639e65144a
+2 -2
View File
@@ -466,13 +466,13 @@ pfsync_clone_destroy(struct ifnet *ifp)
TAILQ_FIRST(&b->b_deferrals);
ret = callout_stop(&pd->pd_tmo);
PFSYNC_BUCKET_UNLOCK(b);
if (ret > 0) {
pfsync_undefer(pd, 1);
} else {
PFSYNC_BUCKET_UNLOCK(b);
callout_drain(&pd->pd_tmo);
PFSYNC_BUCKET_LOCK(b);
}
PFSYNC_BUCKET_LOCK(b);
}
MPASS(b->b_deferred == 0);
MPASS(TAILQ_EMPTY(&b->b_deferrals));