Project

General

Profile

Download (4.61 KB)

Regression #12660 ยป 0001-pf-protect-the-rpool-from-races.patch

Kristof Provost, 01/10/2022 01:20 PM

View differences:

sys/net/pfvar.h
547 547 
TAILQ_HEAD(pf_kpalist, pf_kpooladdr);
548 548 

  		




  549
  549
  
    
struct pf_kpool {

  		




  
  550
  
    
	struct mtx		 mtx;

  		




  550
  551
  
    
	struct pf_kpalist	 list;

  		




  551
  552
  
    
	struct pf_kpooladdr	*cur;

  		




  552
  553
  
    
	struct pf_poolhashkey	 key;

  		












  

    
      sys/netpfil/pf/pf_ioctl.c
    
  





  1538
  1538
  
    
	counter_u64_free(rule->states_cur);

  		




  1539
  1539
  
    
	counter_u64_free(rule->states_tot);

  		




  1540
  1540
  
    
	counter_u64_free(rule->src_nodes);

  		




  
  1541
  
    

  		




  
  1542
  
    

  		




  
  1543
  
    
	mtx_destroy(&rule->rpool.mtx);

  		




  1541
  1544
  
    
	free(rule, M_PFRULE);

  		




  1542
  1545
  
    
}

  		




  1543
  1546
  
    

  		




  ......




  2113
  2116
  
    
	TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,

  		




  2114
  2117
  
    
	    rule, entries);

  		




  2115
  2118
  
    
	ruleset->rules[rs_num].inactive.rcount++;

  		




  
  2119
  
    

  		




  
  2120
  
    
	mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);

  		




  2116
  2121
  
    
	PF_RULES_WUNLOCK();

  		




  2117
  2122
  
    

  		




  2118
  2123
  
    
	return (0);

  		












  

    
      sys/netpfil/pf/pf_lb.c
    
  





  370
  370
  
    
		return (0);

  		




  371
  371
  
    
	}

  		




  372
  372
  
    

  		




  
  373
  
    
	mtx_lock(&rpool->mtx);

  		




  373
  374
  
    
	/* Find the route using chosen algorithm. Store the found route

  		




  374
  375
  
    
	   in src_node if it was given or found. */

  		




  375
  
  
    
	if (rpool->cur->addr.type == PF_ADDR_NOROUTE)

  		




  
  376
  
    
	if (rpool->cur->addr.type == PF_ADDR_NOROUTE) {

  		




  
  377
  
    
		mtx_unlock(&rpool->mtx);

  		




  376
  378
  
    
		return (1);

  		




  
  379
  
    
	}

  		




  377
  380
  
    
	if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {

  		




  378
  381
  
    
		switch (af) {

  		




  379
  382
  
    
#ifdef INET

  		




  380
  383
  
    
		case AF_INET:

  		




  381
  384
  
    
			if (rpool->cur->addr.p.dyn->pfid_acnt4 < 1 &&

  		




  382
  385
  
    
			    (rpool->opts & PF_POOL_TYPEMASK) !=

  		




  383
  
  
    
			    PF_POOL_ROUNDROBIN)

  		




  
  386
  
    
			    PF_POOL_ROUNDROBIN) {

  		




  
  387
  
    
				mtx_unlock(&rpool->mtx);

  		




  384
  388
  
    
				return (1);

  		




  385
  
  
    
			 raddr = &rpool->cur->addr.p.dyn->pfid_addr4;

  		




  386
  
  
    
			 rmask = &rpool->cur->addr.p.dyn->pfid_mask4;

  		




  
  389
  
    
			}

  		




  
  390
  
    
			raddr = &rpool->cur->addr.p.dyn->pfid_addr4;

  		




  
  391
  
    
			rmask = &rpool->cur->addr.p.dyn->pfid_mask4;

  		




  387
  392
  
    
			break;

  		




  388
  393
  
    
#endif /* INET */

  		




  389
  394
  
    
#ifdef INET6

  		




  390
  395
  
    
		case AF_INET6:

  		




  391
  396
  
    
			if (rpool->cur->addr.p.dyn->pfid_acnt6 < 1 &&

  		




  392
  397
  
    
			    (rpool->opts & PF_POOL_TYPEMASK) !=

  		




  393
  
  
    
			    PF_POOL_ROUNDROBIN)

  		




  
  398
  
    
			    PF_POOL_ROUNDROBIN) {

  		




  
  399
  
    
				mtx_unlock(&rpool->mtx);

  		




  394
  400
  
    
				return (1);

  		




  
  401
  
    
			}

  		




  395
  402
  
    
			raddr = &rpool->cur->addr.p.dyn->pfid_addr6;

  		




  396
  403
  
    
			rmask = &rpool->cur->addr.p.dyn->pfid_mask6;

  		




  397
  404
  
    
			break;

  		




  398
  405
  
    
#endif /* INET6 */

  		




  399
  406
  
    
		}

  		




  400
  407
  
    
	} else if (rpool->cur->addr.type == PF_ADDR_TABLE) {

  		




  401
  
  
    
		if ((rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_ROUNDROBIN)

  		




  
  408
  
    
		if ((rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_ROUNDROBIN) {

  		




  
  409
  
    
			mtx_unlock(&rpool->mtx);

  		




  402
  410
  
    
			return (1); /* unsupported */

  		




  
  411
  
    
		}

  		




  403
  412
  
    
	} else {

  		




  404
  413
  
    
		raddr = &rpool->cur->addr.v.a.addr;

  		




  405
  414
  
    
		rmask = &rpool->cur->addr.v.a.mask;

  		




  ......




  507
  516
  
    
				/* table contains no address of type 'af' */

  		




  508
  517
  
    
				if (rpool->cur != acur)

  		




  509
  518
  
    
					goto try_next;

  		




  
  519
  
    
				mtx_unlock(&rpool->mtx);

  		




  510
  520
  
    
				return (1);

  		




  511
  521
  
    
			}

  		




  512
  522
  
    
		} else if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {

  		




  ......




  516
  526
  
    
				/* table contains no address of type 'af' */

  		




  517
  527
  
    
				if (rpool->cur != acur)

  		




  518
  528
  
    
					goto try_next;

  		




  
  529
  
    
				mtx_unlock(&rpool->mtx);

  		




  519
  530
  
    
				return (1);

  		




  520
  531
  
    
			}

  		




  521
  532
  
    
		} else {

  		




  ......




  535
  546
  
    
	if (*sn != NULL)

  		




  536
  547
  
    
		PF_ACPY(&(*sn)->raddr, naddr, af);

  		




  537
  548
  
    

  		




  
  549
  
    
	mtx_unlock(&rpool->mtx);

  		




  
  550
  
    

  		




  538
  551
  
    
	if (V_pf_status.debug >= PF_DEBUG_MISC &&

  		




  539
  552
  
    
	    (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {

  		




  540
  553
  
    
		printf("pf_map_addr: selected address ");

  		















  
    (1-1/1)