From owner-dev-commits-src-all@freebsd.org Tue Mar 23 12:24:30 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A1E05AD1E2; Tue, 23 Mar 2021 12:24:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F4Vt60F9pz4nLs; Tue, 23 Mar 2021 12:24:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF7C820FB6; Tue, 23 Mar 2021 12:24:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12NCOTL1006575; Tue, 23 Mar 2021 12:24:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12NCOTTi006574; Tue, 23 Mar 2021 12:24:29 GMT (envelope-from git) Date: Tue, 23 Mar 2021 12:24:29 GMT Message-Id: <202103231224.12NCOTTi006574@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 961e7887b9ba - stable/12 - pf: pool/kpool conversion code MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 961e7887b9bad9dd446a2289f3e5266ad2d122ef Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2021 12:24:30 -0000 The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=961e7887b9bad9dd446a2289f3e5266ad2d122ef commit 961e7887b9bad9dd446a2289f3e5266ad2d122ef Author: Kristof Provost AuthorDate: 2021-03-11 10:37:05 +0000 Commit: Kristof Provost CommitDate: 2021-03-23 12:24:15 +0000 pf: pool/kpool conversion code stuct pf_pool and struct pf_kpool are different. We should not simply bcopy() them. Happily it turns out that their differences were all pointers, and the userspace provided pointers were overwritten by the kernel, so this did actually work correctly, but we should fix it anyway. Reviewed by: glebius MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29216 (cherry picked from commit 15b82e00a1640d1b9a1d720c95f65e580be30187) --- sys/netpfil/pf/pf_ioctl.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index d5e09ea1c443..8212d5055ef7 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1466,6 +1466,39 @@ pf_pooladdr_to_kpooladdr(const struct pf_pooladdr *pool, strlcpy(kpool->ifname, pool->ifname, sizeof(kpool->ifname)); } +static void +pf_kpool_to_pool(const struct pf_kpool *kpool, struct pf_pool *pool) +{ + bzero(pool, sizeof(*pool)); + + bcopy(&kpool->key, &pool->key, sizeof(pool->key)); + bcopy(&kpool->counter, &pool->counter, sizeof(pool->counter)); + + pool->tblidx = kpool->tblidx; + pool->proxy_port[0] = kpool->proxy_port[0]; + pool->proxy_port[1] = kpool->proxy_port[1]; + pool->opts = kpool->opts; +} + +static int +pf_pool_to_kpool(const struct pf_pool *pool, struct pf_kpool *kpool) +{ + _Static_assert(sizeof(pool->key) == sizeof(kpool->key), ""); + _Static_assert(sizeof(pool->counter) == sizeof(kpool->counter), ""); + + bzero(kpool, sizeof(*kpool)); + + bcopy(&pool->key, &kpool->key, sizeof(kpool->key)); + bcopy(&pool->counter, &kpool->counter, sizeof(kpool->counter)); + + kpool->tblidx = pool->tblidx; + kpool->proxy_port[0] = pool->proxy_port[0]; + kpool->proxy_port[1] = pool->proxy_port[1]; + kpool->opts = pool->opts; + + return (0); +} + static void pf_krule_to_rule(const struct pf_krule *krule, struct pf_rule *rule) { @@ -1492,7 +1525,7 @@ pf_krule_to_rule(const struct pf_krule *krule, struct pf_rule *rule) strlcpy(rule->overload_tblname, krule->overload_tblname, sizeof(rule->overload_tblname)); - bcopy(&krule->rpool, &rule->rpool, sizeof(krule->rpool)); + pf_kpool_to_pool(&krule->rpool, &rule->rpool); rule->evaluations = counter_u64_fetch(krule->evaluations); for (int i = 0; i < 2; i++) { @@ -1629,7 +1662,9 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) strlcpy(krule->overload_tblname, rule->overload_tblname, sizeof(rule->overload_tblname)); - bcopy(&rule->rpool, &krule->rpool, sizeof(krule->rpool)); + ret = pf_pool_to_kpool(&rule->rpool, &krule->rpool); + if (ret != 0) + return (ret); /* Don't allow userspace to set evaulations, packets or bytes. */ /* kif, anchor, overload_tbl are not copied over. */