0010: pf.conf.5: revise divert-to and divert-reply#10
Closed
Conversation
ihoro
changed the title
ihoro
force-pushed
the
0010-update-man-5-pf.conf
branch
from
0e3eba2 to
5bb0ff7
Compare
ihoro
added
Landed
ihoro
pushed a commit
that referenced
this pull request
Aug 21, 2024
A number of people have reported panics with it enabled by default, possibly due to broken ACPI tables, which we do not handle well. D46382 is a potential fix for this issue. Additionally DMAR is currently not compatible with bhyve passthrough (see comment #10 in PR280817), with a draft patch to address that in D25672. Revert to disabling DMAR by default pending the resolution of those two issues. This reverts commit 3192fc3. PR: 280817 Sponsored by: The FreeBSD Foundation
ihoro
pushed a commit
that referenced
this pull request
Nov 15, 2024
Avoid calling _callout_stop_safe with a non-sleepable lock held when
detaching by initializing callout_init_rw() with CALLOUT_SHAREDLOCK.
It avoids the following WITNESS warning when stopping the service:
# service ipfilter stop
calling _callout_stop_safe with the following non-sleepable locks held:
shared rw ipf filter load/unload mutex (ipf filter load/unload mutex) r = 0 (0xffff0000417c7530) locked @ /usr/src/sys/netpfil/ipfilter/netinet/fil.c:7926
stack backtrace:
#0 0xffff00000052d394 at witness_debugger+0x60
#1 0xffff00000052e620 at witness_warn+0x404
#2 0xffff0000004d4ffc at _callout_stop_safe+0x8c
#3 0xffff0000f7236674 at ipfdetach+0x3c
#4 0xffff0000f723fa4c at ipf_ipf_ioctl+0x788
#5 0xffff0000f72367e0 at ipfioctl+0x144
#6 0xffff00000034abd8 at devfs_ioctl+0x100
#7 0xffff0000005c66a0 at vn_ioctl+0xbc
#8 0xffff00000034b2cc at devfs_ioctl_f+0x24
#9 0xffff0000005331ec at kern_ioctl+0x2e0
#10 0xffff000000532eb4 at sys_ioctl+0x140
#11 0xffff000000880480 at do_el0_sync+0x604
#12 0xffff0000008579ac at handle_el0_sync+0x4c
PR: 282478
Suggested by: markj
Reviewed by: cy
Approved by: emaste (mentor)
MFC after: 1 week
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Result preview: