Re: git: 6efe8e6be413 - main - pf: Fix a lock leak in pf_ioctl_addrule()

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 28 Jul 2025 15:46:44 UTC
On 28 Jul 2025, at 17:43, Mark Johnston wrote:
> The branch main has been updated by markj:
>
> URL: 
> https://cgit.FreeBSD.org/src/commit/?id=6efe8e6be4135643d8283fcb6773da641326f427
>
> commit 6efe8e6be4135643d8283fcb6773da641326f427
> Author:     Mark Johnston <markj@FreeBSD.org>
> AuthorDate: 2025-07-27 13:23:22 +0000
> Commit:     Mark Johnston <markj@FreeBSD.org>
> CommitDate: 2025-07-28 15:40:20 +0000
>
>     pf: Fix a lock leak in pf_ioctl_addrule()
>
>     The ERROUT macro assumes that the rules lock is held, but some 
> error
>     paths arise before that lock is acquired.  Introduce 
> ERROUT_UNLOCKED for
>     that case.
>
>     Reviewed by:    kp
>     Reported by:    syzkaller
>     Fixes:          cc68decda316 ("pf: Reject rules with invalid port 
> ranges")
>     Differential Revision:  https://reviews.freebsd.org/D51571
> ---
>  sys/amd64/conf/SYZKALLER  |  5 +++++
>  sys/netpfil/pf/pf_ioctl.c | 16 ++++++++--------
>  2 files changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/sys/amd64/conf/SYZKALLER b/sys/amd64/conf/SYZKALLER
> new file mode 100644
> index 000000000000..49059302793b
> --- /dev/null
> +++ b/sys/amd64/conf/SYZKALLER
> @@ -0,0 +1,5 @@
> +include GENERIC
> +ident SYZKALLER
> +
> +options 	COVERAGE
> +options 	KCOV
^— This hunk might not have been intended to be part of this.

—
Kristof