[Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"...
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 29 06:36:21 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879
--- Comment #5 from commit-hook at freebsd.org ---
A commit references this bug:
Author: kp
Date: Wed Jul 29 06:35:37 UTC 2015
New revision: 285999
URL: https://svnweb.freebsd.org/changeset/base/285999
Log:
pf: Always initialise pf_fragment.fr_flags
When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to
initialise the fr_flags field. As a result we sometimes mistakenly thought
the
fragment to not be a buffered fragment. This resulted in panics because we'd
end
up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing
it
to be part of V_pf_cachequeue).
The next time we iterated V_pf_fragqueue we'd use a freed object and panic.
While here also fix a pf_fragment use after free in pf_normalize_ip().
pf_reassemble() frees the pf_fragment, so we can't use it any more.
PR: 201879, 201932
MFC after: 5 days
Changes:
head/sys/netpfil/pf/pf_norm.c
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list