Date: Mon, 26 Oct 2020 13:23:41 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r367057 - stable/12/sys/netpfil/pf Message-ID: <202010261323.09QDNfkl067043@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Mon Oct 26 13:23:40 2020 New Revision: 367057 URL: https://svnweb.freebsd.org/changeset/base/367057 Log: MFC r366667: pf: do not remove kifs that are referenced by rules Even if a kif doesn't have an ifp or if_group pointer we still can't delete it if it's referenced by a rule. In other words: we must check rulerefs as well. While we're here also teach pfi_kif_unref() not to remove kifs with flags. Reported-by: syzbot+b31d1d7e12c5d4d42f28@syzkaller.appspotmail.com Modified: stable/12/sys/netpfil/pf/pf_if.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/pf/pf_if.c ============================================================================== --- stable/12/sys/netpfil/pf/pf_if.c Mon Oct 26 13:22:55 2020 (r367056) +++ stable/12/sys/netpfil/pf/pf_if.c Mon Oct 26 13:23:40 2020 (r367057) @@ -258,8 +258,10 @@ pfi_kif_unref(struct pfi_kif *kif) if (kif->pfik_rulerefs > 0) return; - /* kif referencing an existing ifnet or group should exist. */ - if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == V_pfi_all) + /* kif referencing an existing ifnet or group or holding flags should + * exist. */ + if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || + kif == V_pfi_all || kif->pfik_flags != 0) return; RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif); @@ -814,7 +816,7 @@ pfi_clear_flags(const char *name, int flags) p->pfik_flags &= ~flags; if (p->pfik_ifp == NULL && p->pfik_group == NULL && - p->pfik_flags == 0) { + p->pfik_flags == 0 && p->pfik_rulerefs == 0) { /* Delete this kif. */ RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p); free(p, PFI_MTYPE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010261323.09QDNfkl067043>