git: c780d3ad7bcb - main - pf: clear ethernet rules prior to shutdown
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 19 Aug 2022 13:13:02 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=c780d3ad7bcbf3cc181b50a4e09b8ab18b8bd3c6
commit c780d3ad7bcbf3cc181b50a4e09b8ab18b8bd3c6
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-08-19 10:01:58 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-08-19 12:53:09 +0000
pf: clear ethernet rules prior to shutdown
Ethernet rule cleanup is postponed to an epoch callback. Ensure it's
been called before we remove the entire vnet, or we risk the rules still
getting hit after we've freed the uma zone, i.e. a use-after-free.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 696ae4d0de70..81f35ba1c98c 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -6714,6 +6714,9 @@ pf_unload_vnet(void)
shutdown_pf();
PF_RULES_WUNLOCK();
+ /* Make sure we've cleaned up ethernet rules before we continue. */
+ NET_EPOCH_DRAIN_CALLBACKS();
+
ret = swi_remove(V_pf_swi_cookie);
MPASS(ret == 0);
ret = intr_event_destroy(V_pf_swi_ie);