From nobody Mon Jan 29 13:52:41 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TNqVy0t8qz58lq5;
	Mon, 29 Jan 2024 13:52:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TNqVx75XMz4MjD;
	Mon, 29 Jan 2024 13:52:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1706536362;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FyxS/XR5DbYrJFevdroidpIYFBXIv5nOx8xZV9W3dx4=;
	b=FyrmvfWFOnavX4kPqEi55HYSBsW3TYEXblzR3O7AbbHDSc4QyiYxQmzQ8rNZhafPLWKGRt
	ZC7bzqIqELatrIYw8LLZ6o/kfO3UUvEfnOUP7ofbSfvP5TMpjn430CpClZgqx+/em6OtAA
	gPzepHVxr26m7HthArugq7HHirCe+0hQ3mIQOSGXcAG/dqP0K6mrxAvi1ahxSNYqGKajyd
	plsF6vt6J7Br+aYewnD/pLo872oSD3VC0Yd5pdK8FVWb1EH6k7BxVVGutHQZmKSEQfG62f
	cbpnK0LnMxaujEvxX/3m0EH3E9tbhM6FdYDFhW1iluYHT7l3nZ/eRQ5wb6B9hQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1706536362;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FyxS/XR5DbYrJFevdroidpIYFBXIv5nOx8xZV9W3dx4=;
	b=J2HV+4b4QhzZ17+KiUFquDvtIl+kyziie7INjwuMPS/6zJ4kA/0DOUkVb0zE05qmo37ewv
	csjc/sPWGV+tq1pkiezSQbsOrvSfwitq4GOb1dGpqkHnr5JV8zX7NF6iEVPvxN9x2TXmYW
	j4WSHKy8cwXuEb5eSpY4LqYububEE1u57H8zkHPZ3hYzS1kLOxoEpOYJcNTwJcRuW4GNtI
	1oagwVbe4g5plIx6levLR91ngQvirsJLXewClAfL21Uf6UHB230nQEXYVin8y/2iEVYbcL
	abYFfv4HflsfkMgaPHIwDs4xk9jKQkU4j8KFPmPOd/qOf2FF976aJp3w7Te4pw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706536362; a=rsa-sha256; cv=none;
	b=BqMV/Igj1jHP6H2Dpv14//dCnFaXcNH8U9GiFlKKbYNpJbZI3ZmtT28vj7cPSPXCwkUy13
	X6pipM8ibI5HUpmm9CFcqvHfZHCpjchugXoWuRDUTS4Lr0JniJ31nxxGU4vnl0QzFiWZws
	76eP/Put8MLOvlf32ujdyfvTTRelbimFH2hqr79JbWi8MvZouRp7jjWMCUE1mUviEWtGgc
	M+O3HYHbSan+ofIxoiI8jsa2VMZXAEsv3r3w01JbIJL0i/DqzaV3foPQ6g65rWFyMKn6Ed
	gt+qiiRV8aoyVIp8QCLN+gz9BvgQqkROqBg1BLUss1VQeENE0WO1xYHLHlPn7g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TNqVx69QyztR1;
	Mon, 29 Jan 2024 13:52:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40TDqftB033576;
	Mon, 29 Jan 2024 13:52:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40TDqfBZ033573;
	Mon, 29 Jan 2024 13:52:41 GMT
	(envelope-from git)
Date: Mon, 29 Jan 2024 13:52:41 GMT
Message-Id: <202401291352.40TDqfBZ033573@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: ffeab76b6855 - main - pfil: PFIL_PASS never frees the
  mbuf
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ffeab76b68550c347abcd7c31c3b3dfcdea732b5
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=ffeab76b68550c347abcd7c31c3b3dfcdea732b5

commit ffeab76b68550c347abcd7c31c3b3dfcdea732b5
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-01-26 12:29:31 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-01-29 13:10:19 +0000

    pfil: PFIL_PASS never frees the mbuf
    
    pfil hooks (i.e. firewalls) may pass, modify or free the mbuf passed
    to them. (E.g. when rejecting a packet, or when gathering up packets
    for reassembly).
    
    If the hook returns PFIL_PASS the mbuf must still be present. Assert
    this in pfil_mem_common() and ensure that ipfilter follows this
    convention. pf and ipfw already did.
    Similarly, if the hook returns PFIL_DROPPED or PFIL_CONSUMED the mbuf
    must have been freed (or now be owned by the firewall for further
    processing, like packet scheduling or reassembly).
    
    This allows us to remove a few extraneous NULL checks.
    
    Suggested by:   tuexen
    Reviewed by:    tuexen, zlei
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D43617
---
 sys/net/if_ethersubr.c                        | 2 +-
 sys/net/pfil.c                                | 7 ++++++-
 sys/netinet/ip_input.c                        | 4 ----
 sys/netinet6/ip6_input.c                      | 2 --
 sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c | 4 ++++
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index ef0b1f705260..4332f4ce864e 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -878,7 +878,7 @@ ether_demux(struct ifnet *ifp, struct mbuf *m)
 	/* Do not grab PROMISC frames in case we are re-entered. */
 	if (PFIL_HOOKED_IN(V_link_pfil_head) && !(m->m_flags & M_PROMISC)) {
 		i = pfil_mbuf_in(V_link_pfil_head, &m, ifp, NULL);
-		if (i != 0 || m == NULL)
+		if (i != PFIL_PASS)
 			return;
 	}
 
diff --git a/sys/net/pfil.c b/sys/net/pfil.c
index 3ceffcefb758..fae150839eb3 100644
--- a/sys/net/pfil.c
+++ b/sys/net/pfil.c
@@ -211,9 +211,14 @@ pfil_mbuf_common(pfil_chain_t *pch, struct mbuf **m, struct ifnet *ifp,
 	CK_STAILQ_FOREACH(link, pch, link_chain) {
 		rv = link->link_mbuf_chk(m, ifp, flags, link->link_ruleset,
 		    inp);
-		if (rv == PFIL_DROPPED || rv == PFIL_CONSUMED)
+		if (rv == PFIL_DROPPED || rv == PFIL_CONSUMED) {
+			MPASS(*m == NULL);
 			break;
+		} else {
+			MPASS(*m != NULL);
+		}
 	}
+
 	return (rv);
 }
 
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index e501c15cb7e8..82d7acdd0710 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -621,8 +621,6 @@ tooshort:
 	if (pfil_mbuf_in(V_inet_pfil_head, &m, ifp, NULL) !=
 	    PFIL_PASS)
 		return;
-	if (m == NULL)			/* consumed by filter */
-		return;
 
 	ip = mtod(m, struct ip *);
 	dchg = (odst.s_addr != ip->ip_dst.s_addr);
@@ -827,8 +825,6 @@ ours:
 		if (pfil_mbuf_out(V_inet_local_pfil_head, &m, V_loif, NULL) !=
 		    PFIL_PASS)
 			return;
-		if (m == NULL)			/* consumed by filter */
-			return;
 		ip = mtod(m, struct ip *);
 	}
 
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 5de8f49b5483..11b92c152a1a 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -894,8 +894,6 @@ passin:
 		if (pfil_mbuf_out(V_inet6_local_pfil_head, &m, V_loif, NULL) !=
 		    PFIL_PASS)
 			return;
-		if (m == NULL)			/* consumed by filter */
-			return;
 		ip6 = mtod(m, struct ip6_hdr *);
 	}
 
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
index 1922880e90df..bcde0d2c7323 100644
--- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
@@ -133,6 +133,8 @@ ipf_check_wrapper(struct mbuf **mp, struct ifnet *ifp, int flags,
 	rv = ipf_check(&V_ipfmain, ip, ip->ip_hl << 2, ifp,
 	    !!(flags & PFIL_OUT), mp);
 	CURVNET_RESTORE();
+	if (rv == 0 && *mp == NULL)
+		return (PFIL_CONSUMED);
 	return (rv == 0 ? PFIL_PASS : PFIL_DROPPED);
 }
 
@@ -147,6 +149,8 @@ ipf_check_wrapper6(struct mbuf **mp, struct ifnet *ifp, int flags,
 	rv = ipf_check(&V_ipfmain, mtod(*mp, struct ip *),
 	    sizeof(struct ip6_hdr), ifp, !!(flags & PFIL_OUT), mp);
 	CURVNET_RESTORE();
+	if (rv == 0 && *mp == NULL)
+		return (PFIL_CONSUMED);
 
 	return (rv == 0 ? PFIL_PASS : PFIL_DROPPED);
 }