From nobody Mon May 30 14:10:24 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8000A1B55679; Mon, 30 May 2022 14:10:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LBckS36mfz3nMb; Mon, 30 May 2022 14:10:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653919824; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ALcrXnshQiX/+Ne5HDMZOiCjDLduyATKY40Z4cckrQM=; b=ZIvddDXElmejSxzWnTy/vtU9UIAoVzcirZjnqIDXHtzi0M+i79e+dX/KM3KiJDGv+SBQeb VQmi5yST180TQki/w9u4Fikp8AyyinWQzk//MaiTxzyLnebel/PdYGXBbC0kGhZd7Ujk3Q BlY9j/3ownAsdy+7wilh/EeOFdablwtVY+MsiU2TK1WJ5sRo8a6HqzfPZivGKc5uupDXZW dJNrAXh3vLcrHgAfKjU1quniBOFm+GoW9Ar8D+E9H0UB6b7whnbof8fnBymQikKmtbLque oAPmDfg9S4LNvr5KqricyKAdyhfwNl/yEXozd0Wjlql7ZLgT2/Svr7nXqimrOg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4789E18AB1; Mon, 30 May 2022 14:10:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24UEAOtt032245; Mon, 30 May 2022 14:10:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24UEAOTj032244; Mon, 30 May 2022 14:10:24 GMT (envelope-from git) Date: Mon, 30 May 2022 14:10:24 GMT Message-Id: <202205301410.24UEAOTj032244@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Guzik Subject: git: a3d974082549 - main - pf: make sure the rule tree is allocated in DIOCCHANGERULE List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a3d9740825499c8a495261e09b7f9e49f6b4ac81 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653919824; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ALcrXnshQiX/+Ne5HDMZOiCjDLduyATKY40Z4cckrQM=; b=Hef454qyw5qmTobHSTlGXEMkciwq9woPoMSyMbqdVeRKmzPUsttKFatf4f4LJ0QXi8JOWc d6ofZjp89wHh8fPwhnSDdD8dBWw+P5fxWLDE5js0kTRPkOnJDNHhZ3dfIK1f6xmoa5/Xw0 poWa9By2PGlmxfU7GoxHMoL1rXcZIaVumJv3/LhyQ2llQuwu01u2njQIzt4KYLN/3cQxJ0 wnKobBd5VoW12ttTIncc+MuER3RjpLfKuohexaSguERsQA+Ho0I3O/PCHBnHXCrii6wXOa L72raXWvfVEyK2qPOYcjBwO3m5QLFk78xe18QkBavd73NvAQFRDYYcsIB3RKlg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653919824; a=rsa-sha256; cv=none; b=W8AceZDwYWaohXAMbvntq9Zpm1+GZcx2hyyzPG0leGBfppAZbDYNCTguG4+9MqoK1kQ6tQ jhypdk3U6juTj/NSfn1OICzHWR9ykr5oYlmsDBkkUEBUPGDIfawlQSvApXgltnbSBI97zr HHa0nkuksarOtWJnVT5j3FytKUo8/4FK44rmv9ScxlWP+uO7Vk3ikNYOyfniObRrADZTlE wn3dg18ODCpanpJdzdQQ0l2/O/Jl12u2oOOI5a/GkuAY0AIMM03vLlj/WTYDoR9uZY3Gw+ Cq1G29N5x2bWn+LqXzJfllBzONEjmFgMKo91lkQo4G44/noNM5Xf8NHjYjYj0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=a3d9740825499c8a495261e09b7f9e49f6b4ac81 commit a3d9740825499c8a495261e09b7f9e49f6b4ac81 Author: Mateusz Guzik AuthorDate: 2022-05-27 22:15:34 +0000 Commit: Mateusz Guzik CommitDate: 2022-05-30 14:09:53 +0000 pf: make sure the rule tree is allocated in DIOCCHANGERULE Original patch by: peter Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 5185e457867e..745b9b69060b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1152,6 +1152,25 @@ out: } #endif /* ALTQ */ +static struct pf_krule_global * +pf_rule_tree_alloc(int flags) +{ + struct pf_krule_global *tree; + + tree = malloc(sizeof(struct pf_krule_global), M_TEMP, flags); + if (tree == NULL) + return (NULL); + RB_INIT(tree); + return (tree); +} + +static void +pf_rule_tree_free(struct pf_krule_global *tree) +{ + + free(tree, M_TEMP); +} + static int pf_begin_rules(u_int32_t *ticket, int rs_num, const char *anchor) { @@ -1163,16 +1182,15 @@ pf_begin_rules(u_int32_t *ticket, int rs_num, const char *anchor) if (rs_num < 0 || rs_num >= PF_RULESET_MAX) return (EINVAL); - tree = malloc(sizeof(struct pf_krule_global), M_TEMP, M_NOWAIT); + tree = pf_rule_tree_alloc(M_NOWAIT); if (tree == NULL) return (ENOMEM); - RB_INIT(tree); rs = pf_find_or_create_kruleset(anchor); if (rs == NULL) { free(tree, M_TEMP); return (EINVAL); } - free(rs->rules[rs_num].inactive.tree, M_TEMP); + pf_rule_tree_free(rs->rules[rs_num].inactive.tree); rs->rules[rs_num].inactive.tree = tree; while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) { @@ -3455,6 +3473,22 @@ DIOCGETRULENV_error: if (rs_num >= PF_RULESET_MAX) ERROUT(EINVAL); + /* + * XXXMJG: there is no guarantee that the ruleset was + * created by the usual route of calling DIOCXBEGIN. + * As a result it is possible the rule tree will not + * be allocated yet. Hack around it by doing it here. + * Note it is fine to let the tree persist in case of + * error as it will be freed down the road on future + * updates (if need be). + */ + if (ruleset->rules[rs_num].active.tree == NULL) { + ruleset->rules[rs_num].active.tree = pf_rule_tree_alloc(M_NOWAIT); + if (ruleset->rules[rs_num].active.tree == NULL) { + ERROUT(ENOMEM); + } + } + if (pcr->action == PF_CHANGE_GET_TICKET) { pcr->ticket = ++ruleset->rules[rs_num].active.ticket; ERROUT(0);