From owner-freebsd-virtualization@FreeBSD.ORG Mon Jul 9 20:52:16 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 580B61065673; Mon, 9 Jul 2012 20:52:16 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 33C628FC22; Mon, 9 Jul 2012 20:52:16 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id E09CA11CEF; Mon, 9 Jul 2012 13:52:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1341867136; bh=hv+OPTjlq/4GEAclF/JOq9ypfnzW/ANPvl4QKFV19Jo=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=KJJaVFIZS5Yvz+fVmU/M01XmZMCpn+A2rzkHSl+f7tlV1a5PpKC3JzCfO03YsIsnh 2quRsVTnlqv2WCULZHjGwxVeefuYcPGcWFj1x+B5VY2lgWf8HqvX6Vix3Wcz7i2M9P hkou+l/yeN5sR+o4PfA1vzNQozTG9mehDhUXWYRQ= Message-ID: <4FFB447F.6080508@delphij.net> Date: Mon, 09 Jul 2012 13:52:15 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Mikolaj Golub References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> <4FF5E87C.2020908@delphij.net> <86r4sqasrt.fsf@kopusha.home.net> <672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net> <86zk7da10y.fsf@in138.ua3> <86obnqq94x.fsf@kopusha.home.net> <50CFED43-7789-4F27-9EC7-85268B7F23D4@lists.zabbadoz.net> <86liit8ocs.fsf@in138.ua3> <86wr2cveys.fsf@kopusha.home.net> In-Reply-To: <86wr2cveys.fsf@kopusha.home.net> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "Bjoern A. Zeeb" , d@delphij.net, FreeBSD virtualization mailing list Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:52:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/09/12 13:47, Mikolaj Golub wrote: > > On Mon, 9 Jul 2012 06:07:05 +0000 Bjoern A. Zeeb wrote: > > BAZ> On 9. Jul 2012, at 06:01 , Mikolaj Golub wrote: > >>> >>> On Sun, 8 Jul 2012 20:52:55 +0000 Bjoern A. Zeeb wrote: >>> >>> BAZ> Situation 1) >>> >>> BAZ> epairNa is in base, eiparNb is jail foo BAZ> >>> stop jail foo: jail -r foo BAZ> both epairN[ab] will >>> live in base and can be destiryed without vnet switching >>> >>> BAZ> Situation 2) >>> >>> BAZ> epairNa is in base, eiparNb is jail foo BAZ> >>> you are in jail foo and type epairNb destroy; that should not >>> be allowed >>> >>> BAZ> Situation 3) >>> >>> BAZ> epairNa is in base, eiparNb is jail foo BAZ> >>> you are in base and type ifconfig epairNa destroy >>> >>> BAZ> This is your case ... I am not sure what I'd >>> expect in this case, BAZ> especailly given epair is >>> special... You probably are right. BAZ> Ideally I'd >>> not allow it to be destroyed unless both are in the BAZ> >>> if_home_vnet. However it seems we allow this; so in that case >>> BAZ> I definitively make sure to use the >>> CURVNET_SET_QUIET() version BAZ> to avoid the expected >>> noise otherwise. >>> >>> It looks like epair was expected to allow this, because in >>> non-patched version it already did switching before freeing the >>> interface. It just did not switch bere detaching. >>> >>> CURVNET_SET_QUIET() is used in the current version of the patch >>> so I suppose I can commit it. >>> >>> But if you think that just not allowing to destroy unless both >>> ends are in the f_home_vnet is a preferred solution and it is >>> not late to change this I can provide the patch. > > BAZ> Get it in for now; it helps people. We should keep the other > things in mind and BAZ> write down a proper policy; it's more > interesting as you can do other things with BAZ> cloners you can > create inside a vnet as well, today and later. > > Thank you for the discussion. The patch is committed. Thanks! Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP+0R/AAoJEG80Jeu8UPuzhdUIAKYXIbwMSxEMmtqZVcLuWXqx 50f/ni+zkXkGgECMGclWcD5jDwJCCPBsUPg1aOl35pXlVZEKQY+gbMU53olz83fn vkRZmS6PBPYgYY/vT0W8EmCk1Sb/DeGVnrltVPnHxOkQkcV6u0c8xzxxX36H7hFl oJDYq3bXfEOQTlJYQHt42oPtJrPyAlG+yCQSIp2YbxZhlU+jF2qakG1FyqrP9jX8 rQAcfw0uLKGcI1JBfhzcW635CFVlTQZCkLWi//Djb0Wo/YgXpKD9fGWA54iN8qEm bd6Io7w9vF6otk0JEkmySYEvAceOx0Ae8M8oMm+q4abUYnOJZtNyYul7IhGDkVM= =Yr4X -----END PGP SIGNATURE-----