Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder:
NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0)
Robert Watson
rwatson at FreeBSD.org
Fri Jul 20 20:33:42 UTC 2007
On Fri, 20 Jul 2007, Julian Elischer wrote:
> Robert Watson wrote:
>>
>> On Tue, 17 Jul 2007, Max Laier wrote:
>>
>> So far I have had 0 (zero) reports of problems since this thread began.
>> Could people using uid/gid/jail rules with ipfw or pf on 7.x *please* try
>> running their firewalls without debug.mpsafenet -- ignore the witness
>> warnings and/or disable witness, and let us know if you experience
>> deadlocks. We're reaching the very end of the merge cycle for 7.0, and I
>> would really like to remove the Giant crutches (now effectively unused)
>> from the network stack so it's not part of the ABI/API, the code is
>> simplified and cleaned up, etc.
>
> does "problem" include a LOR message, or only a deadlock? I've seen plenty
> of the first, but not the second.
Deadlocks. The LOR is expected, but actually a false positive with respect to
deadlock potential, we now believe. To be specific: there is a cycle, but
since the cycling conditions always involve read acquisition, they shouldn't
lead to a wait cycle. So what we're looking for here is evidence of something
more than the WITNESS warning.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-net
mailing list