From owner-svn-src-head@freebsd.org Wed Nov 29 11:52:07 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB7B6E51118; Wed, 29 Nov 2017 11:52:07 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 84F8F70E09; Wed, 29 Nov 2017 11:52:07 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2016.home.selasky.org (unknown [62.141.128.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 9206D260072; Wed, 29 Nov 2017 12:52:03 +0100 (CET) Subject: Re: svn commit: r326362 - in head: share/man/man4 sys/net To: "Hartmann, O." Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201711290940.vAT9eBWV096246@repo.freebsd.org> <20171129115125.24dd4aa0@hermann> From: Hans Petter Selasky Message-ID: Date: Wed, 29 Nov 2017 12:49:19 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171129115125.24dd4aa0@hermann> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 11:52:08 -0000 On 11/29/17 11:51, Hartmann, O. wrote: > On Wed, 29 Nov 2017 09:40:11 +0000 (UTC) > Hans Petter Selasky wrote: > >> Author: hselasky >> Date: Wed Nov 29 09:40:11 2017 >> New Revision: 326362 >> URL: https://svnweb.freebsd.org/changeset/base/326362 >> >> Log: >> Disallow TUN and TAP character device IOCTLs to modify the network >> device type to any value. This can cause page faults and panics due >> to accessing uninitialized fields in the "struct ifnet" which are >> specific to the network device type. >> >> MFC after: 1 week >> Found by: jau@iki.fi >> PR: 223767 >> Sponsored by: Mellanox Technologies >> >> Modified: >> head/share/man/man4/tap.4 >> head/share/man/man4/tun.4 >> head/sys/net/if_tap.c >> head/sys/net/if_tun.c >> >> Modified: head/share/man/man4/tap.4 >> ============================================================================== >> --- head/share/man/man4/tap.4 Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -1,7 +1,7 @@ >> .\" $FreeBSD$ >> .\" Based on PR#2411 >> .\" >> -.Dd April 10, 2015 >> +.Dd November 29, 2017 >> .Dt TAP 4 >> .Os >> .Sh NAME >> @@ -171,7 +171,14 @@ calls are supported >> .In net/if_tap.h ) : >> .Bl -tag -width VMIO_SIOCSETMACADDR >> .It Dv TAPSIFINFO >> -Set network interface information (line speed, MTU and type). >> +Set network interface information (line speed and MTU). >> +The type must be the same as returned by >> +.Dv TAPGIFINFO >> +or set to >> +.Dv IFT_ETHER >> +else the >> +.Xr ioctl 2 >> +call will fail. >> The argument should be a pointer to a >> .Va struct tapinfo . >> .It Dv TAPGIFINFO >> >> Modified: head/share/man/man4/tun.4 >> ============================================================================== >> --- head/share/man/man4/tun.4 Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -2,7 +2,7 @@ >> .\" $FreeBSD$ >> .\" Based on PR#2411 >> .\" >> -.Dd November 30, 2014 >> +.Dd November 29, 2017 >> .Dt TUN 4 >> .Os >> .Sh NAME >> @@ -208,8 +208,15 @@ this stores the internal debugging variable's >> value in .It Dv TUNSIFINFO >> The argument should be a pointer to an >> .Vt struct tuninfo >> -and allows setting the MTU, the type, and the baudrate of the tunnel >> +and allows setting the MTU and the baudrate of the tunnel >> device. >> +The type must be the same as returned by >> +.Dv TUNGIFINFO >> +or set to >> +.Dv IFT_PPP >> +else the >> +.Xr ioctl 2 >> +call will fail. >> The >> .Vt struct tuninfo >> is declared in >> >> Modified: head/sys/net/if_tap.c >> ============================================================================== >> --- head/sys/net/if_tap.c Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/sys/net/if_tap.c Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev *dev, >> u_long cmd, caddr_t data, i switch (cmd) { >> case TAPSIFINFO: >> tapp = (struct tapinfo *)data; >> + if (ifp->if_type != tapp->type) >> + return (EPROTOTYPE); >> mtx_lock(&tp->tap_mtx); >> ifp->if_mtu = tapp->mtu; >> - ifp->if_type = tapp->type; >> ifp->if_baudrate = tapp->baudrate; >> mtx_unlock(&tp->tap_mtx); >> break; >> >> Modified: head/sys/net/if_tun.c >> ============================================================================== >> --- head/sys/net/if_tun.c Wed Nov 29 09:18:24 2017 >> (r326361) +++ head/sys/net/if_tun.c Wed Nov 29 09:40:11 >> 2017 (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev *dev, >> u_long cmd, caddr_t data, i if (error) >> return (error); >> } >> + if (TUN2IFP(tp)->if_type != tunp->type) >> + return (EPROTOTYPE); >> mtx_lock(&tp->tun_mtx); >> TUN2IFP(tp)->if_mtu = tunp->mtu; >> - TUN2IFP(tp)->if_type = tunp->type; >> TUN2IFP(tp)->if_baudrate = tunp->baudrate; >> mtx_unlock(&tp->tun_mtx); >> break; >> _______________________________________________ >> svn-src-head@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/svn-src-head >> To unsubscribe, send any mail to >> "svn-src-head-unsubscribe@freebsd.org" > > after updating from r325893 to r326362, FreeBSD CURRENT crashes while > booting the kernel. I'm sorry having no further informations, it > happens on a laptop with reduced space. > > At the moment, it seems that a lot of boxes running most recent CURRENT > tend to crash spontanously. > Hi, And you built the kernel from scratch and made sure your source tree does not contain any .o files nor /usr/obj/* . --HPS