Date: Wed, 29 Nov 2017 13:16:28 +0100 From: Hans Petter Selasky <hps@selasky.org> To: "Hartmann, O." <o.hartmann@walstatt.org> Cc: "Hartmann, O." <ohartmann@walstatt.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r326362 - in head: share/man/man4 sys/net Message-ID: <b2316fba-0357-a215-a54e-f7ee0b4b88a8@selasky.org> In-Reply-To: <20171129131556.2247c97c@hermann> References: <201711290940.vAT9eBWV096246@repo.freebsd.org> <20171129115125.24dd4aa0@hermann> <dccf8e08-b181-17da-25c7-f2f27685543e@selasky.org> <20171129131556.2247c97c@hermann>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/29/17 13:16, Hartmann, O. wrote: > On Wed, 29 Nov 2017 12:49:19 +0100 > Hans Petter Selasky <hps@selasky.org> wrote: > >> On 11/29/17 11:51, Hartmann, O. wrote: >>> On Wed, 29 Nov 2017 09:40:11 +0000 (UTC) >>> Hans Petter Selasky <hselasky@FreeBSD.org> wrote: >>> >>>> Author: hselasky >>>> Date: Wed Nov 29 09:40:11 2017 >>>> New Revision: 326362 >>>> URL: https://svnweb.freebsd.org/changeset/base/326362 >>>> >>>> Log: >>>> Disallow TUN and TAP character device IOCTLs to modify the >>>> network device type to any value. This can cause page faults and >>>> panics due to accessing uninitialized fields in the "struct ifnet" >>>> which are specific to the network device type. >>>> >>>> MFC after: 1 week >>>> Found by: jau@iki.fi >>>> PR: 223767 >>>> Sponsored by: Mellanox Technologies >>>> >>>> Modified: >>>> head/share/man/man4/tap.4 >>>> head/share/man/man4/tun.4 >>>> head/sys/net/if_tap.c >>>> head/sys/net/if_tun.c >>>> >>>> Modified: head/share/man/man4/tap.4 >>>> ============================================================================== >>>> --- head/share/man/man4/tap.4 Wed Nov 29 09:18:24 2017 >>>> (r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 09:40:11 >>>> 2017 (r326362) @@ -1,7 +1,7 @@ >>>> .\" $FreeBSD$ >>>> .\" Based on PR#2411 >>>> .\" >>>> -.Dd April 10, 2015 >>>> +.Dd November 29, 2017 >>>> .Dt TAP 4 >>>> .Os >>>> .Sh NAME >>>> @@ -171,7 +171,14 @@ calls are supported >>>> .In net/if_tap.h ) : >>>> .Bl -tag -width VMIO_SIOCSETMACADDR >>>> .It Dv TAPSIFINFO >>>> -Set network interface information (line speed, MTU and type). >>>> +Set network interface information (line speed and MTU). >>>> +The type must be the same as returned by >>>> +.Dv TAPGIFINFO >>>> +or set to >>>> +.Dv IFT_ETHER >>>> +else the >>>> +.Xr ioctl 2 >>>> +call will fail. >>>> The argument should be a pointer to a >>>> .Va struct tapinfo . >>>> .It Dv TAPGIFINFO >>>> >>>> Modified: head/share/man/man4/tun.4 >>>> ============================================================================== >>>> --- head/share/man/man4/tun.4 Wed Nov 29 09:18:24 2017 >>>> (r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 09:40:11 >>>> 2017 (r326362) @@ -2,7 +2,7 @@ >>>> .\" $FreeBSD$ >>>> .\" Based on PR#2411 >>>> .\" >>>> -.Dd November 30, 2014 >>>> +.Dd November 29, 2017 >>>> .Dt TUN 4 >>>> .Os >>>> .Sh NAME >>>> @@ -208,8 +208,15 @@ this stores the internal debugging variable's >>>> value in .It Dv TUNSIFINFO >>>> The argument should be a pointer to an >>>> .Vt struct tuninfo >>>> -and allows setting the MTU, the type, and the baudrate of the >>>> tunnel +and allows setting the MTU and the baudrate of the tunnel >>>> device. >>>> +The type must be the same as returned by >>>> +.Dv TUNGIFINFO >>>> +or set to >>>> +.Dv IFT_PPP >>>> +else the >>>> +.Xr ioctl 2 >>>> +call will fail. >>>> The >>>> .Vt struct tuninfo >>>> is declared in >>>> >>>> Modified: head/sys/net/if_tap.c >>>> ============================================================================== >>>> --- head/sys/net/if_tap.c Wed Nov 29 09:18:24 2017 >>>> (r326361) +++ head/sys/net/if_tap.c Wed Nov 29 09:40:11 >>>> 2017 (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev >>>> *dev, u_long cmd, caddr_t data, i switch (cmd) { >>>> case TAPSIFINFO: >>>> tapp = (struct tapinfo *)data; >>>> + if (ifp->if_type != tapp->type) >>>> + return (EPROTOTYPE); >>>> mtx_lock(&tp->tap_mtx); >>>> ifp->if_mtu = tapp->mtu; >>>> - ifp->if_type = tapp->type; >>>> ifp->if_baudrate = tapp->baudrate; >>>> mtx_unlock(&tp->tap_mtx); >>>> break; >>>> >>>> Modified: head/sys/net/if_tun.c >>>> ============================================================================== >>>> --- head/sys/net/if_tun.c Wed Nov 29 09:18:24 2017 >>>> (r326361) +++ head/sys/net/if_tun.c Wed Nov 29 09:40:11 >>>> 2017 (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev >>>> *dev, u_long cmd, caddr_t data, i if (error) >>>> return (error); >>>> } >>>> + if (TUN2IFP(tp)->if_type != tunp->type) >>>> + return (EPROTOTYPE); >>>> mtx_lock(&tp->tun_mtx); >>>> TUN2IFP(tp)->if_mtu = tunp->mtu; >>>> - TUN2IFP(tp)->if_type = tunp->type; >>>> TUN2IFP(tp)->if_baudrate = tunp->baudrate; >>>> mtx_unlock(&tp->tun_mtx); >>>> break; >>>> _______________________________________________ >>>> svn-src-head@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/svn-src-head >>>> To unsubscribe, send any mail to >>>> "svn-src-head-unsubscribe@freebsd.org" >>> >>> after updating from r325893 to r326362, FreeBSD CURRENT crashes >>> while booting the kernel. I'm sorry having no further informations, >>> it happens on a laptop with reduced space. >>> >>> At the moment, it seems that a lot of boxes running most recent >>> CURRENT tend to crash spontanously. >>> >> >> Hi, >> >> And you built the kernel from scratch and made sure your source tree >> does not contain any .o files nor /usr/obj/* . >> >> --HPS > > Last time I did the make cleandir was when the OFED driver problem > occured, that was some days ago. Useually, I build world and kernel > with WITH_META_MODE set. > Hi, Try to do a clean build w/o META mode. rm -rf /usr/obj/* And check: find /usr/src -name "*.o" --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2316fba-0357-a215-a54e-f7ee0b4b88a8>