From owner-freebsd-virtualization@FreeBSD.ORG  Mon Jul  9 20:48:03 2012
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B618110656F8
	for <freebsd-virtualization@freebsd.org>;
	Mon,  9 Jul 2012 20:48:03 +0000 (UTC)
	(envelope-from to.my.trociny@gmail.com)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com
	[209.85.212.178])
	by mx1.freebsd.org (Postfix) with ESMTP id 3797D8FC14
	for <freebsd-virtualization@freebsd.org>;
	Mon,  9 Jul 2012 20:48:03 +0000 (UTC)
Received: by wibhr14 with SMTP id hr14so2725273wib.13
	for <freebsd-virtualization@freebsd.org>;
	Mon, 09 Jul 2012 13:48:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:references:x-comment-to:sender:date:in-reply-to
	:message-id:user-agent:mime-version:content-type;
	bh=qagJ+7qJZHJrNloq9w/25YH3vp/PwLmqSrGpq0qVPTE=;
	b=HwUobJETYU2ug2zgfBouwYkPuYNaniMtZmdzwU00rt+giFZgMlW6b221JD6tVfzq9H
	/sNI4Mwr/ZmBOdT3s2+hXE1IVqQU2K0psDcglr1M6aC6uot5VuOIgSDQBs5RFSradi6P
	G5Uu2syLOR5uVWJx4nhR9FuMztkPwGbEXk1klcFQeFn6c4uUFpFxRCkQphj2WS/w/CnA
	j9Lt/uy7x0ZE6o1mF0+X/5xfcKmspnOeAIHwPVRpgKAMsL0M10B8IK/ZZGyzEfwwct9O
	BBJwCSisE2BFXTZ6g518nRYdOxOSqRS3/IZzt9VKd0F3SZ01wdzb2VJckn8bHvmanN89
	kW0A==
Received: by 10.180.98.200 with SMTP id ek8mr3680812wib.0.1341866882339;
	Mon, 09 Jul 2012 13:48:02 -0700 (PDT)
Received: from localhost ([95.69.175.25])
	by mx.google.com with ESMTPS id l5sm37511397wix.5.2012.07.09.13.47.57
	(version=TLSv1/SSLv3 cipher=OTHER);
	Mon, 09 Jul 2012 13:47:58 -0700 (PDT)
From: Mikolaj Golub <trociny@freebsd.org>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3>
	<4FF5E87C.2020908@delphij.net> <86r4sqasrt.fsf@kopusha.home.net>
	<672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net>
	<86zk7da10y.fsf@in138.ua3>
	<E909B0C0-F4DE-4110-B151-98FAC9330B82@lists.zabbadoz.net>
	<86obnqq94x.fsf@kopusha.home.net>
	<50CFED43-7789-4F27-9EC7-85268B7F23D4@lists.zabbadoz.net>
	<86liit8ocs.fsf@in138.ua3>
	<A8594672-5F62-4809-BBE7-7C2C3FAFE3C3@lists.zabbadoz.net>
X-Comment-To: Bjoern A. Zeeb
Sender: Mikolaj Golub <to.my.trociny@gmail.com>
Date: Mon, 09 Jul 2012 23:47:55 +0300
In-Reply-To: <A8594672-5F62-4809-BBE7-7C2C3FAFE3C3@lists.zabbadoz.net> (Bjoern
	A. Zeeb's message of "Mon, 9 Jul 2012 06:07:05 +0000")
Message-ID: <86wr2cveys.fsf@kopusha.home.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: d@delphij.net,
	FreeBSD virtualization mailing list <freebsd-virtualization@FreeBSD.org>
Subject: Re: GPF when doing jail -r, possibly an use-after-free
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 20:48:03 -0000


On Mon, 9 Jul 2012 06:07:05 +0000 Bjoern A. Zeeb wrote:

 BAZ> On 9. Jul 2012, at 06:01 , Mikolaj Golub wrote:

 >> 
 >> On Sun, 8 Jul 2012 20:52:55 +0000 Bjoern A. Zeeb wrote:
 >> 
 >> BAZ> Situation 1)
 >> 
 >> BAZ>         epairNa is in base, eiparNb is jail foo
 >> BAZ>         stop jail foo: jail -r foo
 >> BAZ>         both epairN[ab] will live in base and can be destiryed without vnet switching
 >> 
 >> BAZ> Situation 2)
 >> 
 >> BAZ>         epairNa is in base, eiparNb is jail foo
 >> BAZ>         you are in jail foo and type epairNb destroy;  that should not be allowed
 >> 
 >> BAZ> Situation 3)
 >> 
 >> BAZ>         epairNa is in base, eiparNb is jail foo
 >> BAZ>         you are in base and type ifconfig epairNa destroy
 >> 
 >> BAZ>         This is your case ...  I am not sure what I'd expect in this case,
 >> BAZ>         especailly given epair is special...  You probably are right.
 >> BAZ>         Ideally I'd not allow it to be destroyed unless both are in the
 >> BAZ>         if_home_vnet.  However it seems we allow this; so in that case
 >> BAZ>         I definitively make sure to use the CURVNET_SET_QUIET() version
 >> BAZ>         to avoid the expected noise otherwise.
 >> 
 >> It looks like epair was expected to allow this, because in non-patched version
 >> it already did switching before freeing the interface. It just did not switch
 >> bere detaching.
 >> 
 >> CURVNET_SET_QUIET() is used in the current version of the patch so I suppose I
 >> can commit it.
 >> 
 >> But if you think that just not allowing to destroy unless both ends are in the
 >> f_home_vnet is a preferred solution and it is not late to change this I can
 >> provide the patch.

 BAZ> Get it in for now; it helps people.  We should keep the other things in mind and
 BAZ> write down a proper policy; it's more interesting as you can do other things with
 BAZ> cloners you can create inside a vnet as well, today and later.

Thank you for the discussion. The patch is committed.

-- 
Mikolaj Golub