On Sun, 18 Mar 2007, Julian Elischer wrote: >> If using uid/gid firewall rules, make sure to read the pertinent man pages >> regarding setting debug.mpsafenet=0 in loader.conf to avoid deadlocks. This >> is only a workaround for the issue, and when debug.mpsafenet is removed, >> this workaround will no longer be available. The authors/maintainers of >> the various firewall packages need to correct these problems or the lock >> order reversals (and associated deadlocks) will persist. > > I actually have some work on this in an experimental branch.. it removes the > requirement for users of ipfw to hold a lock on it by making the firewall > table an array rather than a lined list and then using a read-copy-replace > write semantic with reference conts on the array.. a bit like the cred > structures that processes and threads have.. i.e. you never change it, just > replace it with a new one.. previosu users ofthe structure just keep using > the one they have and release the reference when they are done.. (freeing if > it goes to 0). the result is that since the firewall lock goes away, so does > the lock order reversal. Great -- this is precisely the sort of fix we require. Robert N M Watson Computer Laboratory University of CambridgeReceived on Sun Mar 18 2007 - 18:23:14 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:06 UTC