Re: svn commit: r326362 - in head: share/man/man4 sys/net

Wed, 29 Nov 2017 04:19:50 -0800 

On 11/29/17 13:16, Hartmann, O. wrote:

On Wed, 29 Nov 2017 12:49:19 +0100
Hans Petter Selasky <h...@selasky.org> wrote:


On 11/29/17 11:51, Hartmann, O. wrote:

On Wed, 29 Nov 2017 09:40:11 +0000 (UTC)
Hans Petter Selasky <hsela...@freebsd.org> wrote:

Author: hselasky
Date: Wed Nov 29 09:40:11 2017
New Revision: 326362
URL: https://svnweb.freebsd.org/changeset/base/326362

Log:
    Disallow TUN and TAP character device IOCTLs to modify the
network device type to any value. This can cause page faults and
panics due to accessing uninitialized fields in the "struct ifnet"
which are specific to the network device type.
MFC after: 1 week 
    Found by:   j...@iki.fi
    PR:         223767
    Sponsored by:       Mellanox Technologies

Modified:
    head/share/man/man4/tap.4
    head/share/man/man4/tun.4
    head/sys/net/if_tap.c
    head/sys/net/if_tun.c

Modified: head/share/man/man4/tap.4
==============================================================================
--- head/share/man/man4/tap.4   Wed Nov 29 09:18:24 2017
(r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 09:40:11
2017    (r326362) @@ -1,7 +1,7 @@
   .\" $FreeBSD$
   .\" Based on PR#2411
   .\"
-.Dd April 10, 2015
+.Dd November 29, 2017
   .Dt TAP 4
   .Os
   .Sh NAME
@@ -171,7 +171,14 @@ calls are supported
   .In net/if_tap.h ) :
   .Bl -tag -width VMIO_SIOCSETMACADDR
   .It Dv TAPSIFINFO
-Set network interface information (line speed, MTU and type).
+Set network interface information (line speed and MTU).
+The type must be the same as returned by
+.Dv TAPGIFINFO
+or set to
+.Dv IFT_ETHER
+else the
+.Xr ioctl 2
+call will fail.
   The argument should be a pointer to a
   .Va struct tapinfo .
   .It Dv TAPGIFINFO

Modified: head/share/man/man4/tun.4
==============================================================================
--- head/share/man/man4/tun.4   Wed Nov 29 09:18:24 2017
(r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 09:40:11
2017    (r326362) @@ -2,7 +2,7 @@
   .\" $FreeBSD$
   .\" Based on PR#2411
   .\"
-.Dd November 30, 2014
+.Dd November 29, 2017
   .Dt TUN 4
   .Os
   .Sh NAME
@@ -208,8 +208,15 @@ this stores the internal debugging variable's
value in .It Dv TUNSIFINFO
   The argument should be a pointer to an
   .Vt struct tuninfo
-and allows setting the MTU, the type, and the baudrate of the
tunnel +and allows setting the MTU and the baudrate of the tunnel
   device.
+The type must be the same as returned by
+.Dv TUNGIFINFO
+or set to
+.Dv IFT_PPP
+else the
+.Xr ioctl 2
+call will fail.
   The
   .Vt struct tuninfo
   is declared in

Modified: head/sys/net/if_tap.c
==============================================================================
--- head/sys/net/if_tap.c       Wed Nov 29 09:18:24 2017
(r326361) +++ head/sys/net/if_tap.c     Wed Nov 29 09:40:11
2017    (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev
*dev, u_long cmd, caddr_t data, i switch (cmd) {
                case TAPSIFINFO:
                        tapp = (struct tapinfo *)data;
+                       if (ifp->if_type != tapp->type)
+                               return (EPROTOTYPE);
                        mtx_lock(&tp->tap_mtx);
                        ifp->if_mtu = tapp->mtu;
-                       ifp->if_type = tapp->type;
                        ifp->if_baudrate = tapp->baudrate;
                        mtx_unlock(&tp->tap_mtx);
                        break;

Modified: head/sys/net/if_tun.c
==============================================================================
--- head/sys/net/if_tun.c       Wed Nov 29 09:18:24 2017
(r326361) +++ head/sys/net/if_tun.c     Wed Nov 29 09:40:11
2017    (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev
*dev, u_long cmd, caddr_t data, i if (error)
                                return (error);
                }
+               if (TUN2IFP(tp)->if_type != tunp->type)
+                       return (EPROTOTYPE);
                mtx_lock(&tp->tun_mtx);
                TUN2IFP(tp)->if_mtu = tunp->mtu;
-               TUN2IFP(tp)->if_type = tunp->type;
                TUN2IFP(tp)->if_baudrate = tunp->baudrate;
                mtx_unlock(&tp->tun_mtx);
                break;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to
"svn-src-head-unsubscr...@freebsd.org"


after updating from r325893 to r326362, FreeBSD CURRENT crashes
while booting the kernel. I'm sorry having no further informations,
it happens on a laptop with reduced space.

At the moment, it seems that a lot of boxes running most recent
CURRENT tend to crash spontanously.


Hi,

And you built the kernel from scratch and made sure your source tree
does not contain any .o files nor /usr/obj/* .

--HPS


Last time I did the make cleandir was when the OFED driver problem
occured, that was some days ago. Useually, I build world and kernel
with WITH_META_MODE set.



Hi,

Try to do a clean build w/o META mode.

rm -rf /usr/obj/*

And check:

find /usr/src -name "*.o"

--HPS

_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to