git: cb13059663e4 - main - pf: fix pagefault in pf_getstatus()
Kristof Provost
kp at FreeBSD.org
Thu Sep 23 19:57:33 UTC 2021
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=cb13059663e455b3fc69c293dadec53c164490dc
commit cb13059663e455b3fc69c293dadec53c164490dc
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-09-23 08:39:49 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-09-23 19:56:59 +0000
pf: fix pagefault in pf_getstatus()
We can't copyout() while holding a lock, in case it triggers a page
fault.
Release the lock before copyout, which is safe because we've already
copied all the data into the nvlist.
PR: 258601
Reviewed by: mjg
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D32076
---
sys/netpfil/pf/pf_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index e7e37d5a6d5a..3242c51a2c66 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -5006,11 +5006,14 @@ pf_getstatus(struct pfioc_nv *nv)
else if (nv->size < nv->len)
ERROUT(ENOSPC);
+ PF_RULES_RUNLOCK();
error = copyout(nvlpacked, nv->data, nv->len);
+ goto done;
#undef ERROUT
errout:
PF_RULES_RUNLOCK();
+done:
free(nvlpacked, M_NVLIST);
nvlist_destroy(nvc);
nvlist_destroy(nvl);
More information about the dev-commits-src-all
mailing list