git: 9419d273e471 - stable/12 - pf: fix pagefault in pf_getstatus()

Kristof Provost Thu, 30 Sep 2021 05:22:06 -0700

The branch stable/12 has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=9419d273e4718ee8c768865cd73a3b907f365d8d


commit 9419d273e4718ee8c768865cd73a3b907f365d8d
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2021-09-23 08:39:49 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2021-09-30 07:54:44 +0000

    pf: fix pagefault in pf_getstatus()
    
    We can't copyout() while holding a lock, in case it triggers a page
    fault.
    Release the lock before copyout, which is safe because we've already
    copied all the data into the nvlist.
    
    PR:             258601
    Reviewed by:    mjg
    MFC after:      1 week
    Sponsored by:   Modirum MDPay
    Differential Revision:  https://reviews.freebsd.org/D32076
    
    (cherry picked from commit cb13059663e455b3fc69c293dadec53c164490dc)
---
 sys/netpfil/pf/pf_ioctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index cf17d67cc894..bbafaed0c1b0 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -5023,11 +5023,14 @@ pf_getstatus(struct pfioc_nv *nv)
        else if (nv->size < nv->len)
                ERROUT(ENOSPC);
 
+       PF_RULES_RUNLOCK();
        error = copyout(nvlpacked, nv->data, nv->len);
+       goto done;
 
 #undef ERROUT
 errout:
        PF_RULES_RUNLOCK();
+done:
        free(nvlpacked, M_NVLIST);
        nvlist_destroy(nvc);
        nvlist_destroy(nvl);
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"

git: 9419d273e471 - stable/12 - pf: fix pagefault in pf_getstatus()

Reply via email to