aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2021-09-23 08:39:49 +0000
committerKristof Provost <kp@FreeBSD.org>2021-09-30 07:54:44 +0000
commit9419d273e4718ee8c768865cd73a3b907f365d8d (patch)
treeb03763f053fde0bb0cb070b6e9c2c0c425a0d67c
parent3c25f7e860d8dc18aaa370352cb968df65c176f5 (diff)
downloadsrc-9419d273e4718ee8c768865cd73a3b907f365d8d.tar.gz
src-9419d273e4718ee8c768865cd73a3b907f365d8d.zip
pf: fix pagefault in pf_getstatus()
We can't copyout() while holding a lock, in case it triggers a page fault. Release the lock before copyout, which is safe because we've already copied all the data into the nvlist. PR: 258601 Reviewed by: mjg MFC after: 1 week Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D32076 (cherry picked from commit cb13059663e455b3fc69c293dadec53c164490dc)
Diffstat
-rw-r--r--sys/netpfil/pf/pf_ioctl.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index cf17d67cc894..bbafaed0c1b0 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -5023,11 +5023,14 @@ pf_getstatus(struct pfioc_nv *nv)
else if (nv->size < nv->len)
ERROUT(ENOSPC);
+ PF_RULES_RUNLOCK();
error = copyout(nvlpacked, nv->data, nv->len);
+ goto done;
#undef ERROUT
errout:
PF_RULES_RUNLOCK();
+done:
free(nvlpacked, M_NVLIST);
nvlist_destroy(nvc);
nvlist_destroy(nvl);
generated by cgit v1.2.3 (git 2.25.1) at 2022-06-25 22:39:17 +0000