svn commit: r344964 - stable/11/sys/netpfil/pf

Kristof Provost kp at FreeBSD.org
Sat Mar 9 10:28:37 UTC 2019 

Author: kp
Date: Sat Mar  9 10:28:36 2019
New Revision: 344964
URL: https://svnweb.freebsd.org/changeset/base/344964

Log:
  MFC r340073, r341359:
  
  pf: Keep a reference to struct ifnets we're using
  
  Ensure that the struct ifnet we use can't go away until we're done with
  it.
  
  pf: Fix panic on overlapping interface names
  
  In rare situations[*] it's possible for two different interfaces to have
  the same name. This confuses pf, because kifs are indexed by name (which
  is assumed to be unique). As a result we can end up trying to
  if_rele(NULL), which panics.
  
  Explicitly checking the ifp pointer before if_rele() prevents the panic.
  Note pf will likely behave in unexpected ways on the the overlapping
  interfaces.
  
  [*] Insert an interface in a vnet jail. Rename it to an interface which
  exists on the host. Remove the jail. There are now two interfaces with
  the same name in the host.

Modified:
  stable/11/sys/netpfil/pf/pf_if.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/11/sys/netpfil/pf/pf_if.c	Sat Mar  9 10:28:36 2019	(r344963)
+++ stable/11/sys/netpfil/pf/pf_if.c	Sat Mar  9 10:28:36 2019	(r344964)
@@ -163,8 +163,10 @@ pfi_cleanup_vnet(void)
 		RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif);
 		if (kif->pfik_group)
 			kif->pfik_group->ifg_pf_kif = NULL;
-		if (kif->pfik_ifp)
+		if (kif->pfik_ifp) {
+			if_rele(kif->pfik_ifp);
 			kif->pfik_ifp->if_pf_kif = NULL;
+		}
 		free(kif, PFI_MTYPE);
 	}
 
@@ -315,6 +317,8 @@ pfi_attach_ifnet(struct ifnet *ifp)
 	V_pfi_update++;
 	kif = pfi_kif_attach(kif, ifp->if_xname);
 
+	if_ref(ifp);
+
 	kif->pfik_ifp = ifp;
 	ifp->if_pf_kif = kif;
 
@@ -845,6 +849,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	pfi_kif_update(kif);
+
+	if (kif->pfik_ifp)
+		if_rele(kif->pfik_ifp);
 
 	kif->pfik_ifp = NULL;
 	ifp->if_pf_kif = NULL;

More information about the svn-src-stable-11 mailing list