Date: Thu, 23 Sep 2021 19:57:33 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: cb13059663e4 - main - pf: fix pagefault in pf_getstatus() Message-ID: <202109231957.18NJvXeC077415@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=cb13059663e455b3fc69c293dadec53c164490dc commit cb13059663e455b3fc69c293dadec53c164490dc Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-09-23 08:39:49 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-09-23 19:56:59 +0000 pf: fix pagefault in pf_getstatus() We can't copyout() while holding a lock, in case it triggers a page fault. Release the lock before copyout, which is safe because we've already copied all the data into the nvlist. PR: 258601 Reviewed by: mjg MFC after: 1 week Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D32076 --- sys/netpfil/pf/pf_ioctl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index e7e37d5a6d5a..3242c51a2c66 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5006,11 +5006,14 @@ pf_getstatus(struct pfioc_nv *nv) else if (nv->size < nv->len) ERROUT(ENOSPC); + PF_RULES_RUNLOCK(); error = copyout(nvlpacked, nv->data, nv->len); + goto done; #undef ERROUT errout: PF_RULES_RUNLOCK(); +done: free(nvlpacked, M_NVLIST); nvlist_destroy(nvc); nvlist_destroy(nvl);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109231957.18NJvXeC077415>