kern/158686: [PATCH] [if_tap] Add VIMAGE support to if_tap

Wed Jul 6 13:10:02 UTC 2011

>Number:         158686
>Category:       kern
>Synopsis:       [PATCH] [if_tap] Add VIMAGE support to if_tap
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 06 13:10:01 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Daan Vreeken [PA4DAN]
>Release:        FreeBSD 9.0-CURRENT amd64
>Organization:
Vitsch Electronics - http://Vitsch.nl/
>Environment:
System: FreeBSD RacebeestV3.VEHosting.LAN 9.0-CURRENT FreeBSD 9.0-CURRENT #9 r219581M: Mon Jul  4 22:10:19 CEST 2011     root at RacebeestV3.VEHosting.LAN:/usr/obj/mnt/2/sys/Multimedia  amd64


	
>Description:

When using a kernel with 'options VIMAGE', using (and closing) a /dev/tap*
device will crash the kernel.

	
>How-To-Repeat:

o Create a kernel with 'options VIMAGE' and 'device tap'
o Start an application that uses /dev/tap* device(s)
o Stop the application and see the crash

	
>Fix:

The following patch is based on similar changes that were made to if_tun.c
and prevents the panic :



Index: sys/net/if_tap.c
===================================================================

--- sys/net/if_tap.c	(revision 222928)
+++ sys/net/if_tap.c	(working copy)
@@ -42,6 +42,7 @@
 #include <sys/conf.h>
 #include <sys/fcntl.h>
 #include <sys/filio.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
@@ -64,8 +65,9 @@
 #include <net/if.h>
 #include <net/if_clone.h>
 #include <net/if_dl.h>
+#include <net/if_types.h>
 #include <net/route.h>
-#include <net/if_types.h>
+#include <net/vnet.h>
 
 #include <netinet/in.h>
 
@@ -214,6 +216,7 @@
 	KASSERT(!(tp->tap_flags & TAP_OPEN),
 		("%s flags is out of sync", ifp->if_xname));
 
+	CURVNET_SET(ifp->if_vnet);
 	knlist_destroy(&tp->tap_rsel.si_note);
 	destroy_dev(tp->tap_dev);
 	ether_ifdetach(ifp);
@@ -221,6 +224,7 @@
 
 	mtx_destroy(&tp->tap_mtx);
 	free(tp, M_TAP);
+	CURVNET_RESTORE();
 }
 
 static void
@@ -362,6 +366,7 @@
 	if (unit == -1)
 		append_unit = 1;
 
+	CURVNET_SET(CRED_TO_VNET(cred));
 	/* find any existing device, or allocate new unit number */
 	i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
 	if (i) {
@@ -380,6 +385,7 @@
 	}
 
 	if_clone_create(name, namelen, NULL);
+	CURVNET_RESTORE();
 } /* tapclone */
 
 
@@ -520,6 +526,7 @@
 
 	/* junk all pending output */
 	mtx_lock(&tp->tap_mtx);
+	CURVNET_SET(ifp->if_vnet);
 	IF_DRAIN(&ifp->if_snd);
 
 	/*
@@ -543,6 +550,8 @@
 	}
 
 	if_link_state_change(ifp, LINK_STATE_DOWN);
+	CURVNET_RESTORE();
+
 	funsetown(&tp->tap_sigio);
 	selwakeuppri(&tp->tap_rsel, PZERO+1);
 	KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
@@ -944,7 +953,12 @@
 	}
 
 	/* Pass packet up to parent. */
+	CURVNET_SET(ifp->if_vnet);
+#if __FreeBSD_version > 900038
+	M_SETFIB(m, ifp->if_fib);
+#endif
 	(*ifp->if_input)(ifp, m);
+	CURVNET_RESTORE();
 	ifp->if_ipackets ++; /* ibytes are counted in parent */
 
 	return (0);




This diff file can also be found here:
 http://www.vitsch.nl/patches/
>Release-Note:
>Audit-Trail:
>Unformatted:
