pf: fix pagefault in pf_getstatus()

We can't copyout() while holding a lock, in case it triggers a page fault. Release the lock before copyout, which is safe because we've already copied all the data into the nvlist. PR: 258601 Reviewed by: mjg MFC after: 1 week Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D32076
2024-09-29 21:26:51 +00:00 · 2021-09-23 10:39:49 +02:00 · 2021-09-23 10:39:49 +02:00 · cb13059663
parent d5ad2f2a67
commit cb13059663
1 changed files with 3 additions and 0 deletions
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@ -5006,11 +5006,14 @@ pf_getstatus(struct pfioc_nv *nv)
 	else if (nv->size < nv->len)
 		ERROUT(ENOSPC);

+	PF_RULES_RUNLOCK();
 	error = copyout(nvlpacked, nv->data, nv->len);
+	goto done;

 #undef ERROUT
 errout:
 	PF_RULES_RUNLOCK();
+done:
 	free(nvlpacked, M_NVLIST);
 	nvlist_destroy(nvc);
 	nvlist_destroy(nvl);