Date: Sat, 15 Dec 2012 17:19:37 +0000 (UTC) From: Mikolaj Golub <trociny@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r244268 - head/sys/netpfil/pf Message-ID: <201212151719.qBFHJbj1003553@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trociny Date: Sat Dec 15 17:19:36 2012 New Revision: 244268 URL: http://svnweb.freebsd.org/changeset/base/244268 Log: In pfioctl, if the permission checks failed we returned with vnet context set. As the checks don't require vnet context, this is fixed by setting vnet after the checks. PR: kern/160541 Submitted by: Nikos Vassiliadis (slightly different approach) Modified: head/sys/netpfil/pf/pf_ioctl.c Modified: head/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 15:21:09 2012 (r244267) +++ head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 17:19:36 2012 (r244268) @@ -963,8 +963,6 @@ pfioctl(struct cdev *dev, u_long cmd, ca { int error = 0; - CURVNET_SET(TD_TO_VNET(td)); - /* XXX keep in sync with switch() below */ if (securelevel_gt(td->td_ucred, 2)) switch (cmd) { @@ -1068,6 +1066,8 @@ pfioctl(struct cdev *dev, u_long cmd, ca return (EACCES); } + CURVNET_SET(TD_TO_VNET(td)); + switch (cmd) { case DIOCSTART: PF_RULES_WLOCK();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212151719.qBFHJbj1003553>