Re: git: 6efe8e6be413 - main - pf: Fix a lock leak in pf_ioctl_addrule()
- In reply to: Mark Johnston : "git: 6efe8e6be413 - main - pf: Fix a lock leak in pf_ioctl_addrule()"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Jul 2025 15:46:44 UTC
On 28 Jul 2025, at 17:43, Mark Johnston wrote:
> The branch main has been updated by markj:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=6efe8e6be4135643d8283fcb6773da641326f427
>
> commit 6efe8e6be4135643d8283fcb6773da641326f427
> Author: Mark Johnston <markj@FreeBSD.org>
> AuthorDate: 2025-07-27 13:23:22 +0000
> Commit: Mark Johnston <markj@FreeBSD.org>
> CommitDate: 2025-07-28 15:40:20 +0000
>
> pf: Fix a lock leak in pf_ioctl_addrule()
>
> The ERROUT macro assumes that the rules lock is held, but some
> error
> paths arise before that lock is acquired. Introduce
> ERROUT_UNLOCKED for
> that case.
>
> Reviewed by: kp
> Reported by: syzkaller
> Fixes: cc68decda316 ("pf: Reject rules with invalid port
> ranges")
> Differential Revision: https://reviews.freebsd.org/D51571
> ---
> sys/amd64/conf/SYZKALLER | 5 +++++
> sys/netpfil/pf/pf_ioctl.c | 16 ++++++++--------
> 2 files changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/sys/amd64/conf/SYZKALLER b/sys/amd64/conf/SYZKALLER
> new file mode 100644
> index 000000000000..49059302793b
> --- /dev/null
> +++ b/sys/amd64/conf/SYZKALLER
> @@ -0,0 +1,5 @@
> +include GENERIC
> +ident SYZKALLER
> +
> +options COVERAGE
> +options KCOV
^— This hunk might not have been intended to be part of this.
—
Kristof