From nobody Fri Jun 03 01:36:00 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4858B1B6C160; Fri, 3 Jun 2022 01:36:07 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LDlpG0gZDz3hgp; Fri, 3 Jun 2022 01:36:06 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: by mail-pj1-x1029.google.com with SMTP id hv24-20020a17090ae41800b001e33eebdb5dso6338277pjb.0; Thu, 02 Jun 2022 18:36:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:message-id:date:mime-version:user-agent:reply-to:subject:to :references:content-language:from:in-reply-to :content-transfer-encoding; bh=mODlHjZKe8Eaj+bLdID6cYMA7uOxjIRwPB95+0pucg0=; b=RK+SZPIu6M0trIPUfUvUoCYaynlrZPKEk6Bf6HIYpCfDikCgxMWc7ztXAWzJ1hKjk8 OUHYnl7Y3EU7Q5Fj7W0u1rLWje9NK3x1kuG7uebN1WI6BXmScjtdf6Y/7JzPvED2srZR OavH9n2FRwfp4xCcuasG9EXAIrR+/uEikwS+xco8nFKsQKv/m2KkpIuU2+X/ZrjiR+tw NEX0Ew4MVifViLYrzYna/rkfOv3txqUxQTUGLkNW/NhOtDmEtmkF8k3iU/2pYze0Zw9W w2OqmsFQ7WVwT3VvYYcmK3TEI+Tg3saWRdu4pW8LUvjlIGLB809QA65rkV3HAP3aK/0s Bj8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:message-id:date:mime-version:user-agent :reply-to:subject:to:references:content-language:from:in-reply-to :content-transfer-encoding; bh=mODlHjZKe8Eaj+bLdID6cYMA7uOxjIRwPB95+0pucg0=; b=gTmm8+YS+O5K/U/5tVXh4SCWmJCl8XH/KYRRb+4JuTvLHbBOCWkIrj8xvAYTqp76QC /E+pD3kct/5yI6Ia6GXhoRffeEQv9LIQIVCzqEDSpZIMArSmlF3ZeBTySp97qXOUgMXg 4uqxDKwv7iVvf1/kK+wVlyWDI8Tl7aVuKIkUfZ42TVcnbNYypdUuIZj1TzIydCLs4AW6 cEbZQUehcvlPWrO02cll4ZhHgCqAVDyh8R1gYUVE/p98XJ5Ngtn6EyV3QHegcGttFWm5 RNqp2bToLczLkFy28Pqx2y1S6TifKfSFxdB8Zlvx7tGT0StJmsOp7e428Go8FQGYSXqZ 04dg== X-Gm-Message-State: AOAM530DQvh/n/4+egpAcgqxqgrCPk4HXjiDzYZdwMEWpDyP9C3Un3xR /f/+OgVRISF07fvvH7r00EKaLqAQ2ZY= X-Google-Smtp-Source: ABdhPJzpaR0kjNXgFOjmHFfL4uljENdkog9pENDkoNagkkaRMrbMP05p/RaO56GzCe2bPXPv5gRiCg== X-Received: by 2002:a17:902:dacd:b0:164:17ef:54c6 with SMTP id q13-20020a170902dacd00b0016417ef54c6mr7928147plx.11.1654220164938; Thu, 02 Jun 2022 18:36:04 -0700 (PDT) Received: from ?IPV6:2403:5807:1b:1:6c9e:b489:476f:91c0? (2403-5807-1b-1-6c9e-b489-476f-91c0.ip6.aussiebb.net. [2403:5807:1b:1:6c9e:b489:476f:91c0]) by smtp.gmail.com with ESMTPSA id p1-20020a170903248100b00163e459be9asm4215723plw.136.2022.06.02.18.36.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jun 2022 18:36:04 -0700 (PDT) Message-ID: Date: Fri, 3 Jun 2022 11:36:00 +1000 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Thunderbird/103.0a1 Reply-To: koobs@FreeBSD.org Subject: Re: git: a37e0e6de652 - main - pf: fix more syncookie memory leaks To: Kristof Provost , src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202206021818.252IIAdK087215@gitrepo.freebsd.org> Content-Language: en-US From: Kubilay Kocak In-Reply-To: <202206021818.252IIAdK087215@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4LDlpG0gZDz3hgp X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=RK+SZPIu; dmarc=none; spf=pass (mx1.freebsd.org: domain of koobsfreebsd@gmail.com designates 2607:f8b0:4864:20::1029 as permitted sender) smtp.mailfrom=koobsfreebsd@gmail.com X-Spamd-Result: default: False [-1.35 / 15.00]; HAS_REPLYTO(0.00)[koobs@FreeBSD.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; FORGED_SENDER(0.30)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_NEQ_ENVFROM(0.00)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.85)[0.847]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1029:from]; MLMMJ_DEST(0.00)[dev-commits-src-all,dev-commits-src-main]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On 3/06/2022 4:18 am, Kristof Provost wrote: > The branch main has been updated by kp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4 > > commit a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4 > Author: Franco Fichtner > AuthorDate: 2022-06-02 16:27:43 +0000 > Commit: Kristof Provost > CommitDate: 2022-06-02 18:17:25 +0000 > > pf: fix more syncookie memory leaks > > Allocate memory for packed nvlists in M_NVLIST, as nvlist_pack() does > this as well, and we use the same variable interchangable with the > memory we allocate. When we free it we can end up freeing from the wrong > zone, leaking memory. > > Reviewed by: kp > Differential Revision: https://reviews.freebsd.org/D35385 Hi Kristof, Are stable{13,12} affected or only introduced in main? > --- > sys/netpfil/pf/pf_ioctl.c | 20 ++++++++++---------- > sys/netpfil/pf/pf_syncookies.c | 6 +++--- > 2 files changed, 13 insertions(+), 13 deletions(-) > > diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c > index 745b9b69060b..1ccbbd3814ac 100644 > --- a/sys/netpfil/pf/pf_ioctl.c > +++ b/sys/netpfil/pf/pf_ioctl.c > @@ -2722,7 +2722,7 @@ DIOCGETETHRULES_error: > if (nv->len > pf_ioctl_maxcount) > ERROUT(ENOMEM); > > - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); > + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); > if (nvlpacked == NULL) > ERROUT(ENOMEM); > > @@ -2763,7 +2763,7 @@ DIOCGETETHRULES_error: > > nvlist_destroy(nvl); > nvl = NULL; > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > nvlpacked = NULL; > > rule = TAILQ_FIRST(rs->active.rules); > @@ -2803,7 +2803,7 @@ DIOCGETETHRULES_error: > > #undef ERROUT > DIOCGETETHRULE_error: > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > nvlist_destroy(nvl); > break; > } > @@ -2819,7 +2819,7 @@ DIOCGETETHRULE_error: > > #define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x) > > - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); > + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); > if (nvlpacked == NULL) > ERROUT(ENOMEM); > > @@ -2922,7 +2922,7 @@ DIOCGETETHRULE_error: > #undef ERROUT > DIOCADDETHRULE_error: > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > break; > } > > @@ -3117,7 +3117,7 @@ DIOCGETETHRULESET_error: > if (nv->len > pf_ioctl_maxcount) > ERROUT(ENOMEM); > > - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); > + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); > error = copyin(nv->data, nvlpacked, nv->len); > if (error) > ERROUT(error); > @@ -3156,13 +3156,13 @@ DIOCGETETHRULESET_error: > anchor_call, td); > > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > break; > #undef ERROUT > DIOCADDRULENV_error: > pf_krule_free(rule); > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > > break; > } > @@ -6018,7 +6018,7 @@ pf_keepcounters(struct pfioc_nv *nv) > if (nv->len > pf_ioctl_maxcount) > ERROUT(ENOMEM); > > - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); > + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); > if (nvlpacked == NULL) > ERROUT(ENOMEM); > > @@ -6037,7 +6037,7 @@ pf_keepcounters(struct pfioc_nv *nv) > > on_error: > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > return (error); > } > > diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c > index 5230502be30c..6a375411d8ea 100644 > --- a/sys/netpfil/pf/pf_syncookies.c > +++ b/sys/netpfil/pf/pf_syncookies.c > @@ -171,7 +171,7 @@ pf_get_syncookies(struct pfioc_nv *nv) > #undef ERROUT > errout: > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > > return (error); > } > @@ -191,7 +191,7 @@ pf_set_syncookies(struct pfioc_nv *nv) > if (nv->len > pf_ioctl_maxcount) > return (ENOMEM); > > - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); > + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); > if (nvlpacked == NULL) > return (ENOMEM); > > @@ -232,7 +232,7 @@ pf_set_syncookies(struct pfioc_nv *nv) > #undef ERROUT > errout: > nvlist_destroy(nvl); > - free(nvlpacked, M_TEMP); > + free(nvlpacked, M_NVLIST); > > return (error); > } >