[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize

Tue Jan 16 22:20:12 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475

--- Comment #16 from fehmi noyan isi <fnoyanisi at yahoo.com> ---
(In reply to Kristof Provost from comment #15)
>> It does now. It was added very recently (in head). man 9 mallocarray. It might be worth doing that change in a separate commit.

This is news to me! A quick look at the head revealed quite a few commits that
replaces malloc(9) with mallocarray(9). That's good...

However, I would say even the first problem you mentioned needs to be split
into two as we can have cases where the requested amount of memory does not
overflow but exceeds the available memory.

Attempting malloc() (or using mallocarray() in this situation would yield the
same result) and checking return value, then in case NULL is returned,
re-attempting another allocation does not sound like the best approach that
could possibly used here.

How about the two-step process below?

1 ) making sure the requested allocation size does not exceed the system memory
or the available free memory- we need to check this

2 ) avoiding overflow - mallocarray(9) would do this

which can be represented in pseudo-code as given below

pf_initiazlize(){
   /* the first check */
   alloc_size = check_if_we_have_enough_memory(pf_hashsize * sizeof(pf_idhash))

   /* it should be safe at this point, but better to be cautious than sad */
   V_pf_srchash = mallocarray(alloc_size, ... ,M_NOWAIT|M_ZERO)
}

size_t check_if_we_have_enough_memory(u_long size) {
   return (size > available_or_free_memory)? PF_HASHSIZ : size;
}

I think the second issue below can be addressed independently from the one I
mentioned above.

>This suggests that there's a race in pf initialisation where the ioctl() handler is already registered before all initialisation is done (i.e. the large allocation is still blocked). That's a bug too, and one that could potentially occur even if the large allocation succeeds (though in a very small time window).

-- 
You are receiving this mail because:
You are the assignee for the bug.