Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 9 Mar 2019 10:28:36 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r344963 - stable/12/sys/netpfil/pf
Message-ID:  <201903091028.x29ASaKh048823@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Sat Mar  9 10:28:36 2019
New Revision: 344963
URL: https://svnweb.freebsd.org/changeset/base/344963

Log:
  MFC r340073, r341359:
  
  pf: Keep a reference to struct ifnets we're using
  
  Ensure that the struct ifnet we use can't go away until we're done with
  it.
  
  pf: Fix panic on overlapping interface names
  
  In rare situations[*] it's possible for two different interfaces to have
  the same name. This confuses pf, because kifs are indexed by name (which
  is assumed to be unique). As a result we can end up trying to
  if_rele(NULL), which panics.
  
  Explicitly checking the ifp pointer before if_rele() prevents the panic.
  Note pf will likely behave in unexpected ways on the the overlapping
  interfaces.
  
  [*] Insert an interface in a vnet jail. Rename it to an interface which
  exists on the host. Remove the jail. There are now two interfaces with
  the same name in the host.

Modified:
  stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/12/sys/netpfil/pf/pf_if.c	Sat Mar  9 10:24:39 2019	(r344962)
+++ stable/12/sys/netpfil/pf/pf_if.c	Sat Mar  9 10:28:36 2019	(r344963)
@@ -165,8 +165,10 @@ pfi_cleanup_vnet(void)
 		RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif);
 		if (kif->pfik_group)
 			kif->pfik_group->ifg_pf_kif = NULL;
-		if (kif->pfik_ifp)
+		if (kif->pfik_ifp) {
+			if_rele(kif->pfik_ifp);
 			kif->pfik_ifp->if_pf_kif = NULL;
+		}
 		free(kif, PFI_MTYPE);
 	}
 
@@ -322,6 +324,8 @@ pfi_attach_ifnet(struct ifnet *ifp)
 	V_pfi_update++;
 	kif = pfi_kif_attach(kif, ifp->if_xname);
 
+	if_ref(ifp);
+
 	kif->pfik_ifp = ifp;
 	ifp->if_pf_kif = kif;
 
@@ -847,6 +851,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	pfi_kif_update(kif);
+
+	if (kif->pfik_ifp)
+		if_rele(kif->pfik_ifp);
 
 	kif->pfik_ifp = NULL;
 	ifp->if_pf_kif = NULL;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903091028.x29ASaKh048823>