Bug 200222

Summary: [patch][pf] fix possible kernel panic on missing mtag
Product: Base System Reporter: Oliver Pinter <op>
Component: kernAssignee: Gleb Smirnoff <glebius>
Status: Closed FIXED    
Severity: Affects Only Me CC: franco, garga, glebius, re
Priority: --- Keywords: patch
Version: 10.0-STABLEFlags: op: mfc-stable10?
Hardware: Any   
OS: Any   

Description Oliver Pinter freebsd_committer 2015-05-15 16:41:54 UTC
pf: don't panic on missing mtag

Somewhat similar to the previous fix, but specifically tailored
for ALTQ and not generally hogging system resources...

for more details ping Franco Fichtner @OPNsense
Comment 2 Gleb Smirnoff freebsd_committer 2015-05-18 14:52:59 UTC
The patches referenced don't look like patches to FreeBSD head or stable/10. There is no pd.act.qid in FreeBSD pf.

Can you please better explain the problem?
Comment 3 Franco Fichtner 2015-05-18 14:59:18 UTC
Please ignore the first commit, it is based on 10.1-RELENG.  The second patch is for 10-STABLE.

The problem still stands: if pf_get_mtag() fails, in those instances NULL is dereferenced.
Comment 4 Gleb Smirnoff freebsd_committer 2015-05-18 15:01:22 UTC
I've found the context and the problem. Thanks.
Comment 5 commit-hook freebsd_committer 2015-05-18 15:06:08 UTC
A commit references this bug:

Author: glebius
Date: Mon May 18 15:05:13 UTC 2015
New revision: 283061
URL: https://svnweb.freebsd.org/changeset/base/283061

Log:
  Don't dereference NULL is pf_get_mtag() fails.

  PR:		200222
  Submitted by:	Franco Fichtner <franco opnsense.org>

Changes:
  head/sys/netpfil/pf/pf.c
Comment 6 Franco Fichtner 2015-05-18 15:23:18 UTC
Thanks.  Is this also going to get backported to 10-STABLE?
Comment 7 Gleb Smirnoff freebsd_committer 2015-05-18 15:25:48 UTC
Should be, if I don't forget :)
Comment 9 Gleb Smirnoff freebsd_committer 2015-05-18 15:52:01 UTC
Thanks, Oliver!
Comment 10 commit-hook freebsd_committer 2015-05-18 15:52:12 UTC
A commit references this bug:

Author: glebius
Date: Mon May 18 15:51:28 UTC 2015
New revision: 283063
URL: https://svnweb.freebsd.org/changeset/base/283063

Log:
  A miss from r283061: don't dereference NULL is pf_get_mtag() fails.

  PR:		200222
  Submitted by:	Franco Fichtner <franco opnsense.org>

Changes:
  head/sys/netpfil/pf/pf.c
Comment 11 Oliver Pinter freebsd_committer 2015-06-22 19:27:38 UTC
Gleb, could you please MFC this change to 10-STABLE before the 10.2-RELEASE is out?
Comment 12 Franco Fichtner 2015-06-22 19:32:04 UTC
Yes, let's get this into stable/10. :)
Comment 13 Franco Fichtner 2015-06-28 08:53:52 UTC
A MFC in time for 10.2 would be awesome.  :)
Comment 14 Glen Barber freebsd_committer 2015-07-03 23:39:17 UTC
No need to CC me, I read RE email.
Comment 15 commit-hook freebsd_committer 2015-07-28 09:17:04 UTC
A commit references this bug:

Author: glebius
Date: Tue Jul 28 09:16:55 UTC 2015
New revision: 285941
URL: https://svnweb.freebsd.org/changeset/base/285941

Log:
  Merge r283061, r283063: don't dereference NULL is pf_get_mtag() fails.

  PR:		200222

Changes:
_U  stable/10/
  stable/10/sys/netpfil/pf/pf.c
Comment 16 commit-hook freebsd_committer 2015-07-29 14:17:30 UTC
A commit references this bug:

Author: glebius
Date: Wed Jul 29 14:16:27 UTC 2015
New revision: 286014
URL: https://svnweb.freebsd.org/changeset/base/286014

Log:
  Merge r285939-285941,285943,286004 from stable/10:
  - Protect against ioctl() vs ioctl() races.
  - Always lock hash row of a source node when updating
    its 'states' counter. [1]
  - Don't dereference NULL is pf_get_mtag() fails. [2]
  - During module unload drop locks before destroying UMA zone.

  PR:		182401 [1]
  PR:		200222 [2]
  Approved by:	re (gjb)

Changes:
_U  releng/10.2/
  releng/10.2/sys/net/pfvar.h
  releng/10.2/sys/netpfil/pf/pf.c
  releng/10.2/sys/netpfil/pf/pf_ioctl.c