Date: Wed, 29 Nov 2017 13:42:42 +0100 From: "Hartmann, O." <o.hartmann@walstatt.org> To: Hans Petter Selasky <hps@selasky.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, "Hartmann, O." <ohartmann@walstatt.org> Subject: Re: svn commit: r326362 - in head: share/man/man4 sys/net Message-ID: <20171129134228.4c7bcefe@hermann> In-Reply-To: <b2316fba-0357-a215-a54e-f7ee0b4b88a8@selasky.org> References: <201711290940.vAT9eBWV096246@repo.freebsd.org> <20171129115125.24dd4aa0@hermann> <dccf8e08-b181-17da-25c7-f2f27685543e@selasky.org> <20171129131556.2247c97c@hermann> <b2316fba-0357-a215-a54e-f7ee0b4b88a8@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Nov 2017 13:16:28 +0100 Hans Petter Selasky <hps@selasky.org> wrote: > On 11/29/17 13:16, Hartmann, O. wrote: > > On Wed, 29 Nov 2017 12:49:19 +0100 > > Hans Petter Selasky <hps@selasky.org> wrote: > > > >> On 11/29/17 11:51, Hartmann, O. wrote: > >>> On Wed, 29 Nov 2017 09:40:11 +0000 (UTC) > >>> Hans Petter Selasky <hselasky@FreeBSD.org> wrote: > >>> > >>>> Author: hselasky > >>>> Date: Wed Nov 29 09:40:11 2017 > >>>> New Revision: 326362 > >>>> URL: https://svnweb.freebsd.org/changeset/base/326362 > >>>> > >>>> Log: > >>>> Disallow TUN and TAP character device IOCTLs to modify the > >>>> network device type to any value. This can cause page faults and > >>>> panics due to accessing uninitialized fields in the "struct > >>>> ifnet" which are specific to the network device type. > >>>> > >>>> MFC after: 1 week > >>>> Found by: jau@iki.fi > >>>> PR: 223767 > >>>> Sponsored by: Mellanox Technologies > >>>> > >>>> Modified: > >>>> head/share/man/man4/tap.4 > >>>> head/share/man/man4/tun.4 > >>>> head/sys/net/if_tap.c > >>>> head/sys/net/if_tun.c > >>>> > >>>> Modified: head/share/man/man4/tap.4 > >>>> ============================================================================== > >>>> --- head/share/man/man4/tap.4 Wed Nov 29 09:18:24 2017 > >>>> (r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 > >>>> 09:40:11 2017 (r326362) @@ -1,7 +1,7 @@ > >>>> .\" $FreeBSD$ > >>>> .\" Based on PR#2411 > >>>> .\" > >>>> -.Dd April 10, 2015 > >>>> +.Dd November 29, 2017 > >>>> .Dt TAP 4 > >>>> .Os > >>>> .Sh NAME > >>>> @@ -171,7 +171,14 @@ calls are supported > >>>> .In net/if_tap.h ) : > >>>> .Bl -tag -width VMIO_SIOCSETMACADDR > >>>> .It Dv TAPSIFINFO > >>>> -Set network interface information (line speed, MTU and type). > >>>> +Set network interface information (line speed and MTU). > >>>> +The type must be the same as returned by > >>>> +.Dv TAPGIFINFO > >>>> +or set to > >>>> +.Dv IFT_ETHER > >>>> +else the > >>>> +.Xr ioctl 2 > >>>> +call will fail. > >>>> The argument should be a pointer to a > >>>> .Va struct tapinfo . > >>>> .It Dv TAPGIFINFO > >>>> > >>>> Modified: head/share/man/man4/tun.4 > >>>> ============================================================================== > >>>> --- head/share/man/man4/tun.4 Wed Nov 29 09:18:24 2017 > >>>> (r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 > >>>> 09:40:11 2017 (r326362) @@ -2,7 +2,7 @@ > >>>> .\" $FreeBSD$ > >>>> .\" Based on PR#2411 > >>>> .\" > >>>> -.Dd November 30, 2014 > >>>> +.Dd November 29, 2017 > >>>> .Dt TUN 4 > >>>> .Os > >>>> .Sh NAME > >>>> @@ -208,8 +208,15 @@ this stores the internal debugging > >>>> variable's value in .It Dv TUNSIFINFO > >>>> The argument should be a pointer to an > >>>> .Vt struct tuninfo > >>>> -and allows setting the MTU, the type, and the baudrate of the > >>>> tunnel +and allows setting the MTU and the baudrate of the tunnel > >>>> device. > >>>> +The type must be the same as returned by > >>>> +.Dv TUNGIFINFO > >>>> +or set to > >>>> +.Dv IFT_PPP > >>>> +else the > >>>> +.Xr ioctl 2 > >>>> +call will fail. > >>>> The > >>>> .Vt struct tuninfo > >>>> is declared in > >>>> > >>>> Modified: head/sys/net/if_tap.c > >>>> ============================================================================== > >>>> --- head/sys/net/if_tap.c Wed Nov 29 09:18:24 2017 > >>>> (r326361) +++ head/sys/net/if_tap.c Wed Nov 29 09:40:11 > >>>> 2017 (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev > >>>> *dev, u_long cmd, caddr_t data, i switch (cmd) { > >>>> case TAPSIFINFO: > >>>> tapp = (struct tapinfo *)data; > >>>> + if (ifp->if_type != tapp->type) > >>>> + return (EPROTOTYPE); > >>>> mtx_lock(&tp->tap_mtx); > >>>> ifp->if_mtu = tapp->mtu; > >>>> - ifp->if_type = tapp->type; > >>>> ifp->if_baudrate = tapp->baudrate; > >>>> mtx_unlock(&tp->tap_mtx); > >>>> break; > >>>> > >>>> Modified: head/sys/net/if_tun.c > >>>> ============================================================================== > >>>> --- head/sys/net/if_tun.c Wed Nov 29 09:18:24 2017 > >>>> (r326361) +++ head/sys/net/if_tun.c Wed Nov 29 09:40:11 > >>>> 2017 (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev > >>>> *dev, u_long cmd, caddr_t data, i if (error) > >>>> return (error); > >>>> } > >>>> + if (TUN2IFP(tp)->if_type != tunp->type) > >>>> + return (EPROTOTYPE); > >>>> mtx_lock(&tp->tun_mtx); > >>>> TUN2IFP(tp)->if_mtu = tunp->mtu; > >>>> - TUN2IFP(tp)->if_type = tunp->type; > >>>> TUN2IFP(tp)->if_baudrate = tunp->baudrate; > >>>> mtx_unlock(&tp->tun_mtx); > >>>> break; > >>>> _______________________________________________ > >>>> svn-src-head@freebsd.org mailing list > >>>> https://lists.freebsd.org/mailman/listinfo/svn-src-head > >>>> To unsubscribe, send any mail to > >>>> "svn-src-head-unsubscribe@freebsd.org" > >>> > >>> after updating from r325893 to r326362, FreeBSD CURRENT crashes > >>> while booting the kernel. I'm sorry having no further > >>> informations, it happens on a laptop with reduced space. > >>> > >>> At the moment, it seems that a lot of boxes running most recent > >>> CURRENT tend to crash spontanously. > >>> > >> > >> Hi, > >> > >> And you built the kernel from scratch and made sure your source > >> tree does not contain any .o files nor /usr/obj/* . > >> > >> --HPS > > > > Last time I did the make cleandir was when the OFED driver problem > > occured, that was some days ago. Useually, I build world and kernel > > with WITH_META_MODE set. > > > > Hi, > > Try to do a clean build w/o META mode. > > rm -rf /usr/obj/* > > And check: > > find /usr/src -name "*.o" > > --HPS I just started a while ago after "make cleanworld" - which seems to kill all subsequent folders in /usr/obj or whatever MAKEOBJDIRPREFIX path is set. I hope this suffice for thew moment, my hardware is not the fastest. Sincerely oh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171129134228.4c7bcefe>