From owner-svn-src-head@freebsd.org  Thu Feb 25 09:17:45 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FD2EAB4BD1;
 Thu, 25 Feb 2016 09:17:45 +0000 (UTC)
 (envelope-from kp@vega.codepro.be)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 56EC71771;
 Thu, 25 Feb 2016 09:17:45 +0000 (UTC)
 (envelope-from kp@vega.codepro.be)
Received: from vega.codepro.be (unknown [172.16.1.3])
 by venus.codepro.be (Postfix) with ESMTP id AF2B01987B;
 Thu, 25 Feb 2016 10:17:41 +0100 (CET)
Received: by vega.codepro.be (Postfix, from userid 1001)
 id A810F7F542; Thu, 25 Feb 2016 10:17:41 +0100 (CET)
Date: Thu, 25 Feb 2016 10:17:41 +0100
From: Kristof Provost <kp@FreeBSD.org>
To: Conrad Meyer <cem@FreeBSD.org>
Cc: Adrian Chadd <adrian.chadd@gmail.com>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Subject: Re: svn commit: r296025 - head/sys/netpfil/pf
Message-ID: <20160225091741.GF3003@vega.codepro.be>
References: <201602250733.u1P7Xxoh041746@repo.freebsd.org>
 <CAJ-Vmok_-SzGnUdYi+nnDYdGhcKXOUthC1nnPyxHrnWJCKA+cw@mail.gmail.com>
 <CAG6CVpWwidL6S90fnThc7mXp9sj3PbJB6rvkBN=MmbvFS+_vtw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAG6CVpWwidL6S90fnThc7mXp9sj3PbJB6rvkBN=MmbvFS+_vtw@mail.gmail.com>
X-Checked-By-NSA: Probably
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 09:17:45 -0000

On 2016-02-24 23:47:55 (-0800), Conrad Meyer <cem@FreeBSD.org> wrote:
> On Wed, Feb 24, 2016 at 11:41 PM, Adrian Chadd <adrian.chadd@gmail.com> wrote:
> > .. what's capping totlen so one doesn't run out of memory?
> 
> There was a DoS vector before (user controlled io->pfrio_size) and
> basically the same DoS vector now (either of io->pfrio_size or
> io->pfrio_size2).  This change isn't a regression.  Still, it should
> be fixed.
> 
It's an M_WAITOK allocation, so if the user asks for more memory than is
available the thread will sleep. I'd assumed that if the user terminates
the thread the sleep will wake, the allocation will fail and the ioctl()
will return an error.

Perhaps we should do what OpenBSD do, and not allocate the temporary
buffer at all. They copy in/out the individual entries one by one. On
the other hand, one could still exhaust memory by inserting large
numbers of addresses in the table.

I'm a little wary of adding arbitrary limits to the number of entries in
a table, because this bug (and #192677) show that users do actually
insert 100.000 addresses in a table.

Regards,
Kristof