From nobody Thu Feb  6 19:11:16 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ypmsw6FX5z5mvJ2;
	Thu, 06 Feb 2025 19:11:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ypmsw43kxz40sg;
	Thu, 06 Feb 2025 19:11:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1738869076;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prkQHSoaAZ/DxE/XrscviAiXNcqKvq20mpSaMKQWk6c=;
	b=rrdunCDZRHWeFBucVC1lCp28Zj4aUoMPo8THTlVG451JNjMmkaPgxpyWXwrgd7+cyhHxSe
	96/bZ/WR46Yz6lq/w7+e8+8fgyBNGSmKXL1wNKi4RIzO5TQ+vYRoPuljOmUCB3XM0xb4Gn
	7xYuhEJd+Da9J/EkUK5PvTjAmOGMi/qLgLf2zNI3qiFvt6p0Y5onIPcROoMDsb5Q1w38/8
	9tixz6Du5AwwEqYmBKy3x+wkSrUXSruXsBD8usrAtlSU6O2X+DhfRgbJkpfnAr3fM+5VeW
	2k+PoY472+nzCKqwojJ+vHzqWEJ24RP/ApEeU+ENMgzcoA6fowPihSkBPGSPWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1738869076;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prkQHSoaAZ/DxE/XrscviAiXNcqKvq20mpSaMKQWk6c=;
	b=CcRCniSb0vV9KvfRlGWzIVV3eRYXpMwbwiXoDWl2571i6KVNkckpHk/22iv31D3UMwCkD5
	XDk+Uuzj9SvqXaPxhCGoBpvROHBMlvNcsA1HYvpxcLyb2MrqY0uiCZl39v4o0qXVsZK0q5
	Zpn/gXm32neqUsCug7AF5y6qko591k88kQGKPM6py4VIgakO4DaBG2wdEoPZTl9inrAYkt
	Hd/i8GFsq4VQn4zZOcvRDUqGY/Xvuv1+TZ7Qgn8IAkzlyhIFZW6mpkkgufUM1ue2rKnaLt
	0Whg5c22VW0BAzJSV6csNMDWb6CyGq9af1o5GFRRxkyqby7hcpznI7eVSDEUIg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738869076; a=rsa-sha256; cv=none;
	b=qjNJa3SSZ5WTi2aZUap6KbN0eVvD1H0qT2vnvg3FEyXH9AYae9LjCnwtrWFywTAIZ746Hn
	OWSCZn5vVgaGwHLRksxY5HfEA2xCawk0wRPohznrrDINc3xKbvFzljCf+9pPn5NJX8sZsA
	ZNBOO3wufJouZcLW7Z1eykDTflSBimmVtGqZbqWDgV+5RdFJRg6d15eb1vPXVCOescYdMf
	qCznq3JNyK6Sb4NV26MRdt5X3lc/9dN7Dvxap3zDjYuDbxpO5mb0odPHKhuwWyMFk/LxhJ
	5+XJ631FdDxrsC12ndmhSYlXoZ0f2bewzz1rbBzx5H/wf0sAl0iItUSk6nV7hw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ypmsw3TkszrNk;
	Thu, 06 Feb 2025 19:11:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 516JBGJk007902;
	Thu, 6 Feb 2025 19:11:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 516JBGMc007899;
	Thu, 6 Feb 2025 19:11:16 GMT
	(envelope-from git)
Date: Thu, 6 Feb 2025 19:11:16 GMT
Message-Id: <202502061911.516JBGMc007899@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Zhenlei Huang <zlei@FreeBSD.org>
Subject: git: 2e4eaf3c13d2 - stable/14 - ifnet: Detach BPF descriptors
  on interface vmove event
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: zlei
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 2e4eaf3c13d2b5aa76f9759e51e35faf29d56993
Auto-Submitted: auto-generated

The branch stable/14 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=2e4eaf3c13d2b5aa76f9759e51e35faf29d56993

commit 2e4eaf3c13d2b5aa76f9759e51e35faf29d56993
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-02-04 15:04:59 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-02-06 18:37:01 +0000

    ifnet: Detach BPF descriptors on interface vmove event
    
    When an interface is moving to/from a vnet jail, it may still have BPF
    descriptors attached. The userland (e.g. tcpdump) does not get noticed
    that the interface is departing and still opens BPF descriptors thus
    may result in leaking sensitive traffic (e.g. an interface is moved
    back to parent jail but a user is still sniffing traffic over it in
    the child jail).
    
    Detach BPF descriptors so that the userland will be signaled.
    
    Reviewed by:    ae
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D45727
    
    (cherry picked from commit 1ed9b381d4701fc9f66741256e93b96e22273217)
    
    ifnet: Fix build without BPF
    
    The newly introduced function bpf_ifdetach() is only available when
    device bpf is enabled.
    
    Fixes:  1ed9b381d470 ifnet: Detach BPF descriptors on interface vmove event
    (cherry picked from commit d8413a1c3ba235a79ae6b8cc35767a861855c7e2)
---
 sys/net/bpf.c | 27 +++++++++++++++++++++++++++
 sys/net/bpf.h |  1 +
 sys/net/if.c  |  7 +++++++
 3 files changed, 35 insertions(+)

diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 7c7f6e84d9ee..e8c9aa7ce4f3 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -2849,6 +2849,33 @@ bpf_get_bp_params(struct bpf_if *bp, u_int *bif_dlt, u_int *bif_hdrlen)
 
 	return (0);
 }
+
+/*
+ * Detach descriptors on interface's vmove event.
+ */
+void
+bpf_ifdetach(struct ifnet *ifp)
+{
+	struct bpf_if *bp;
+	struct bpf_d *d;
+
+	BPF_LOCK();
+	CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
+		if (bp->bif_ifp != ifp)
+			continue;
+
+		/* Detach common descriptors */
+		while ((d = CK_LIST_FIRST(&bp->bif_dlist)) != NULL) {
+			bpf_detachd_locked(d, true);
+		}
+
+		/* Detach writer-only descriptors */
+		while ((d = CK_LIST_FIRST(&bp->bif_wlist)) != NULL) {
+			bpf_detachd_locked(d, true);
+		}
+	}
+	BPF_UNLOCK();
+}
 #endif
 
 /*
diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index 991d50bcd68c..c4132d2e633c 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -431,6 +431,7 @@ void	bpfdetach(struct ifnet *);
 bool	bpf_peers_present_if(struct ifnet *);
 #ifdef VIMAGE
 int	bpf_get_bp_params(struct bpf_if *, u_int *, u_int *);
+void	bpf_ifdetach(struct ifnet *);
 #endif
 
 void	bpfilterattach(int);
diff --git a/sys/net/if.c b/sys/net/if.c
index ad8dd9703c56..4bc626b2de75 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1266,6 +1266,13 @@ finish_vnet_shutdown:
 static void
 if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
 {
+#ifdef DEV_BPF
+	/*
+	 * Detach BPF file descriptors from its interface.
+	 */
+	bpf_ifdetach(ifp);
+#endif
+
 	/*
 	 * Detach from current vnet, but preserve LLADDR info, do not
 	 * mark as dead etc. so that the ifnet can be reattached later.