Page MenuHomeFreeBSD
Differential D43866

pf: Fix match_rules memory leak
AbandonedPublic
Actions

Authored by vegeta_tuxpowered.net on Feb 13 2024, 4:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 13, 10:44 PM
Unknown Object (File)
Sun, May 12, 10:48 PM
Unknown Object (File)
Sun, May 12, 6:52 PM
Unknown Object (File)
Sun, May 5, 11:40 AM
Unknown Object (File)
Thu, Apr 25, 11:12 PM
Unknown Object (File)
Feb 18 2024, 10:53 PM
Subscribers
farrokhi
glebius
imp
kp
melifaro

Details

Reviewers
None
Summary

During evaluation of the ruleset by pf_test_rule() all "match" rules are
gathered in match_rules to be later copied into a state once a "pass"
rule finally accepts the packet.

When pf_create_state() fails due to hitting limits it terminates early
without calling pf_free_state(), as the state has not been allocated
yet. In such case free match_rules as the caller pf_test_rule() won't do
it.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 55987
Build 52876: arc lint + arc unit

Event Timeline

vegeta_tuxpowered.net created this revision.Feb 13 2024, 4:40 PM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptFeb 13 2024, 4:40 PM
vegeta_tuxpowered.net requested review of this revision.Feb 13 2024, 4:40 PM
Harbormaster completed remote builds in B55987: Diff 134263.Feb 13 2024, 4:40 PM
kp added a subscriber: kp.Feb 13 2024, 8:47 PM

I failed to apply this patch, and I think it's because you already fixed this problem in https://cgit.freebsd.org/src/commit/?id=4d19eceaefb7106d761bc9504bb0da737ae0d674

Or am I missing something else?

vegeta_tuxpowered.net abandoned this revision.Feb 13 2024, 9:25 PM
In D43866#1000864, @kp wrote:

I failed to apply this patch, and I think it's because you already fixed this problem in https://cgit.freebsd.org/src/commit/?id=4d19eceaefb7106d761bc9504bb0da737ae0d674

Or am I missing something else?

This is absolutely embarrassing but I can explain myself :)

I've seen memory leaking on my systems running FreeBSD 14.0 , looked at the code for releng/14.0, found the leak, patched it… I forgot that I've worked on it already before, and the commit is not in release/14.0. I see it in stable/14, though. I'm abandoning this revision.

kp added a comment.Feb 13 2024, 9:29 PM
In D43866#1000883, @vegeta_tuxpowered.net wrote:
In D43866#1000864, @kp wrote:

I failed to apply this patch, and I think it's because you already fixed this problem in https://cgit.freebsd.org/src/commit/?id=4d19eceaefb7106d761bc9504bb0da737ae0d674

Or am I missing something else?

This is absolutely embarrassing but I can explain myself :)

I've seen memory leaking on my systems running FreeBSD 14.0 , looked at the code for releng/14.0, found the leak, patched it… I forgot that I've worked on it already before, and the commit is not in release/14.0. I see it in stable/14, though. I'm abandoning this revision.

If it helps, I've had a very similar experience just last month, and also didn't notice until I found the commit that fixed the problem and discovered that it was mine.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
10 lines

Diff 134263

View Options

sys/netpfil/pf/pf.c

Loading...