From nobody Mon Sep 4 08:53:49 2023 X-Original-To: virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RfMqx5Ty4z4sMrd for ; Mon, 4 Sep 2023 08:53:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RfMqx0CYvz4MDt for ; Mon, 4 Sep 2023 08:53:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693817629; a=rsa-sha256; cv=none; b=wx3JsR/hhKGexBqtEmllkvbPkSXwelg3dDiECYUVqH8RA8hldBWTzAXVAzqfQocFh09+wy 9fCilB/5CYCz/r+CAW0RhfdYLxtggtkRfqVRlBbXCF9mCcjrWn/NqwqBL7487I4hK6RhLD ZV5ApNsGzBYQmYurpMXDSnluaXzUgh0DVsWCY6j3hjV79uOmmbkDrxseSIwJ+0gt+UjLJ8 ceKnSpXYmrOAtEa+HNPqflEx6Z4ff+W55L1gzefKKC5UOTfKUijZPICAXuyuD7aH49R57i u1xVSyrvKjzMXh48wGi4R/SWHesidRy1Apedo65cXJq481x+Ek27APFZYSDUUg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693817629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LlR+NgoSXLhk9+btJj7mARj4/sc4K3c738Bue85HJyE=; b=Sfn1h2C/XCLcsBKhj8MvltMLYDqS05vnDrI7rv4/BGrVH4LiOlktUuQoZvuJifAFepXD4m treo4u7Lvzw2enyRlG6wF/OpA+6R29ftEO0NBmpzCe2Ba1Sl3uO2XExZ1ZwbIP2tmHmcKp QnHaL/xnMmNcaAWsaZbyQPBIxg/6XSU8rVoyuToeB11cIPbEi5YiRJUJtB0jA1lU0FUalO zFxhuld8I+bf3Mg1wLpFERQKupjo0XTgd26Ky+7E14d4BpKtrM8lwRiOur8CAbPdjX09Li AQUBfHVUJPXfqiQzn0jElSYamC4a6soZa4xRlpMmj6lCnlSy67wRjRbTjLrb7g== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RfMqw6Pjxz118X for ; Mon, 4 Sep 2023 08:53:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3848rmH4047799 for ; Mon, 4 Sep 2023 08:53:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3848rmR9047798 for virtualization@FreeBSD.org; Mon, 4 Sep 2023 08:53:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: virtualization@FreeBSD.org Subject: [Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included. Date: Mon, 04 Sep 2023 08:53:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bhyve X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: crest@rlwinm.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: virtualization@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273557 Bug ID: 273557 Summary: Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included. Product: Base System Version: 13.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bhyve Assignee: virtualization@FreeBSD.org Reporter: crest@rlwinm.de Created attachment 244627 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D244627&action= =3Dedit Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS Bhyve used to require either the sysctl net.link.tap.up_on_open=3D1 or an external wrapper to set the tap/vmnet interfaces link state after the device has been opened. Bjoern A. Zeeb's solution to this uses an IP socket (trying both IPv4 and IPv6). The code as shipped in FreeBSD 13.2 refuses to start b= hyve if it can't create an IP socket to set the link state of the tap/vmnet interface. It turns out there is a better way to set the link state on tap interfaces since there is an equivalent ioctl() available directly on the tap/vmnet device. The included patch against FreeBSD 13.2 removes the unused variables (ifrq = and s) replaces ioctl(s, SIOCGIFFLAGS) on the socket with ioctl(be->fd, VMIO_SIOCSIFFLAGS) on the tap/vmnet device. The patch restores the ability to run bhyve inside a jail with ip4=3Ddisabl= e and ip6=3Ddisable. The guest running inside bhyve accesses the network through = the tap device without using IP sockets inside the bhyve process. This previous= ly supported configuration provides defense in depth against guest escapes. --=20 You are receiving this mail because: You are the assignee for the bug.=