Date: Wed, 29 Nov 2017 12:49:19 +0100 From: Hans Petter Selasky <hps@selasky.org> To: "Hartmann, O." <ohartmann@walstatt.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r326362 - in head: share/man/man4 sys/net Message-ID: <dccf8e08-b181-17da-25c7-f2f27685543e@selasky.org> In-Reply-To: <20171129115125.24dd4aa0@hermann> References: <201711290940.vAT9eBWV096246@repo.freebsd.org> <20171129115125.24dd4aa0@hermann>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/29/17 11:51, Hartmann, O. wrote: > On Wed, 29 Nov 2017 09:40:11 +0000 (UTC) > Hans Petter Selasky <hselasky@FreeBSD.org> wrote: > >> Author: hselasky >> Date: Wed Nov 29 09:40:11 2017 >> New Revision: 326362 >> URL: https://svnweb.freebsd.org/changeset/base/326362 >> >> Log: >> Disallow TUN and TAP character device IOCTLs to modify the network >> device type to any value. This can cause page faults and panics due >> to accessing uninitialized fields in the "struct ifnet" which are >> specific to the network device type. >> >> MFC after: 1 week >> Found by: jau@iki.fi >> PR: 223767 >> Sponsored by: Mellanox Technologies >> >> Modified: >> head/share/man/man4/tap.4 >> head/share/man/man4/tun.4 >> head/sys/net/if_tap.c >> head/sys/net/if_tun.c >> >> Modified: head/share/man/man4/tap.4 >> ============================================================================== >> --- head/share/man/man4/tap.4 Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -1,7 +1,7 @@ >> .\" $FreeBSD$ >> .\" Based on PR#2411 >> .\" >> -.Dd April 10, 2015 >> +.Dd November 29, 2017 >> .Dt TAP 4 >> .Os >> .Sh NAME >> @@ -171,7 +171,14 @@ calls are supported >> .In net/if_tap.h ) : >> .Bl -tag -width VMIO_SIOCSETMACADDR >> .It Dv TAPSIFINFO >> -Set network interface information (line speed, MTU and type). >> +Set network interface information (line speed and MTU). >> +The type must be the same as returned by >> +.Dv TAPGIFINFO >> +or set to >> +.Dv IFT_ETHER >> +else the >> +.Xr ioctl 2 >> +call will fail. >> The argument should be a pointer to a >> .Va struct tapinfo . >> .It Dv TAPGIFINFO >> >> Modified: head/share/man/man4/tun.4 >> ============================================================================== >> --- head/share/man/man4/tun.4 Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -2,7 +2,7 @@ >> .\" $FreeBSD$ >> .\" Based on PR#2411 >> .\" >> -.Dd November 30, 2014 >> +.Dd November 29, 2017 >> .Dt TUN 4 >> .Os >> .Sh NAME >> @@ -208,8 +208,15 @@ this stores the internal debugging variable's >> value in .It Dv TUNSIFINFO >> The argument should be a pointer to an >> .Vt struct tuninfo >> -and allows setting the MTU, the type, and the baudrate of the tunnel >> +and allows setting the MTU and the baudrate of the tunnel >> device. >> +The type must be the same as returned by >> +.Dv TUNGIFINFO >> +or set to >> +.Dv IFT_PPP >> +else the >> +.Xr ioctl 2 >> +call will fail. >> The >> .Vt struct tuninfo >> is declared in >> >> Modified: head/sys/net/if_tap.c >> ============================================================================== >> --- head/sys/net/if_tap.c Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/sys/net/if_tap.c Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev *dev, >> u_long cmd, caddr_t data, i switch (cmd) { >> case TAPSIFINFO: >> tapp = (struct tapinfo *)data; >> + if (ifp->if_type != tapp->type) >> + return (EPROTOTYPE); >> mtx_lock(&tp->tap_mtx); >> ifp->if_mtu = tapp->mtu; >> - ifp->if_type = tapp->type; >> ifp->if_baudrate = tapp->baudrate; >> mtx_unlock(&tp->tap_mtx); >> break; >> >> Modified: head/sys/net/if_tun.c >> ============================================================================== >> --- head/sys/net/if_tun.c Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/sys/net/if_tun.c Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev *dev, >> u_long cmd, caddr_t data, i if (error) >> return (error); >> } >> + if (TUN2IFP(tp)->if_type != tunp->type) >> + return (EPROTOTYPE); >> mtx_lock(&tp->tun_mtx); >> TUN2IFP(tp)->if_mtu = tunp->mtu; >> - TUN2IFP(tp)->if_type = tunp->type; >> TUN2IFP(tp)->if_baudrate = tunp->baudrate; >> mtx_unlock(&tp->tun_mtx); >> break; >> _______________________________________________ >> svn-src-head@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/svn-src-head >> To unsubscribe, send any mail to >> "svn-src-head-unsubscribe@freebsd.org" > > after updating from r325893 to r326362, FreeBSD CURRENT crashes while > booting the kernel. I'm sorry having no further informations, it > happens on a laptop with reduced space. > > At the moment, it seems that a lot of boxes running most recent CURRENT > tend to crash spontanously. > Hi, And you built the kernel from scratch and made sure your source tree does not contain any .o files nor /usr/obj/* . --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dccf8e08-b181-17da-25c7-f2f27685543e>