Page MenuHomeFreeBSD
Differential D34115

pf: Initialize pf_kpool mutexes earlier
ClosedPublic
Actions

Authored by markj on Jan 31 2022, 5:40 PM.
Tags
None
Referenced Files
F156407809: D34115.id102180.diff
Wed, May 13, 11:52 AM
F156360518: D34115.id102180.diff
Tue, May 12, 11:48 PM
F156360468: D34115.id102172.diff
Tue, May 12, 11:48 PM
F156360301: D34115.diff
Tue, May 12, 11:47 PM
Unknown Object (File)
Wed, May 6, 10:53 PM
Unknown Object (File)
Mon, Apr 27, 5:47 PM
Unknown Object (File)
Sun, Apr 19, 9:08 PM
Unknown Object (File)
Sun, Apr 19, 12:39 PM
View All Files
Subscribers
ae
farrokhi
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rG773e3a71b2f1: pf: Initialize pf_kpool mutexes earlier
Summary

There are some error paths in ioctl handlers that will call
pf_krule_free() before the rule's rpool.mtx field is initialized,
causing a panic with INVARIANTS enabled.

Fix the problem by introducing pf_krule_alloc() and initializing the
mutex there. This does mean that the rule->krule and pool->kpool
conversion functions need to stop zeroing the input structure, but I
don't see a nicer way to handle this except perhaps by guarding the
mtx_destroy() with a mtx_initialized() check.

Constify some related functions while here and add a regression test
based on a syzkaller reproducer.

Reported by: syzbot+77cd12872691d219c158@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
net/
5 lines
netpfil/
pf/
34 lines
2 lines
tests/
sys/
netpfil/
pf/
ioctl/
27 lines

Diff 102180

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nv.c

Loading...
View Options

tests/sys/netpfil/pf/ioctl/validation.c

Loading...