Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jan 2018 04:29:17 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r328313 - head/sys/netpfil/pf
Message-ID:  <201801240429.w0O4THIl059440@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Wed Jan 24 04:29:16 2018
New Revision: 328313
URL: https://svnweb.freebsd.org/changeset/base/328313

Log:
  pf: States have at least two references
  
  pf_unlink_state() releases a reference to the state without checking if
  this is the last reference. It can't be, because pf_state_insert()
  initialises it to two. KASSERT() that this is always the case.
  
  CID:	1347140

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Wed Jan 24 03:09:56 2018	(r328312)
+++ head/sys/netpfil/pf/pf.c	Wed Jan 24 04:29:16 2018	(r328313)
@@ -1613,6 +1613,7 @@ int
 pf_unlink_state(struct pf_state *s, u_int flags)
 {
 	struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)];
+	int last;
 
 	if ((flags & PF_ENTER_LOCKED) == 0)
 		PF_HASHROW_LOCK(ih);
@@ -1653,7 +1654,8 @@ pf_unlink_state(struct pf_state *s, u_int flags)
 	PF_HASHROW_UNLOCK(ih);
 
 	pf_detach_state(s);
-	refcount_release(&s->refs);
+	last = refcount_release(&s->refs);
+	KASSERT(last == 0, ("Incorrect state reference count"));
 
 	return (pf_release_state(s));
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801240429.w0O4THIl059440>