Date: Sat, 1 Dec 2018 09:58:21 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r341359 - head/sys/netpfil/pf Message-ID: <201812010958.wB19wLeK032270@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Sat Dec 1 09:58:21 2018 New Revision: 341359 URL: https://svnweb.freebsd.org/changeset/base/341359 Log: pf: Fix panic on overlapping interface names In rare situations[*] it's possible for two different interfaces to have the same name. This confuses pf, because kifs are indexed by name (which is assumed to be unique). As a result we can end up trying to if_rele(NULL), which panics. Explicitly checking the ifp pointer before if_rele() prevents the panic. Note pf will likely behave in unexpected ways on the the overlapping interfaces. [*] Insert an interface in a vnet jail. Rename it to an interface which exists on the host. Remove the jail. There are now two interfaces with the same name in the host. Modified: head/sys/netpfil/pf/pf_if.c Modified: head/sys/netpfil/pf/pf_if.c ============================================================================== --- head/sys/netpfil/pf/pf_if.c Sat Dec 1 09:57:29 2018 (r341358) +++ head/sys/netpfil/pf/pf_if.c Sat Dec 1 09:58:21 2018 (r341359) @@ -853,7 +853,8 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne V_pfi_update++; pfi_kif_update(kif); - if_rele(kif->pfik_ifp); + if (kif->pfik_ifp) + if_rele(kif->pfik_ifp); kif->pfik_ifp = NULL; ifp->if_pf_kif = NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812010958.wB19wLeK032270>