GPF when doing jail -r, possibly an use-after-free
Mikolaj Golub
trociny at freebsd.org
Mon Jul 9 20:48:03 UTC 2012
On Mon, 9 Jul 2012 06:07:05 +0000 Bjoern A. Zeeb wrote:
BAZ> On 9. Jul 2012, at 06:01 , Mikolaj Golub wrote:
>>
>> On Sun, 8 Jul 2012 20:52:55 +0000 Bjoern A. Zeeb wrote:
>>
>> BAZ> Situation 1)
>>
>> BAZ> epairNa is in base, eiparNb is jail foo
>> BAZ> stop jail foo: jail -r foo
>> BAZ> both epairN[ab] will live in base and can be destiryed without vnet switching
>>
>> BAZ> Situation 2)
>>
>> BAZ> epairNa is in base, eiparNb is jail foo
>> BAZ> you are in jail foo and type epairNb destroy; that should not be allowed
>>
>> BAZ> Situation 3)
>>
>> BAZ> epairNa is in base, eiparNb is jail foo
>> BAZ> you are in base and type ifconfig epairNa destroy
>>
>> BAZ> This is your case ... I am not sure what I'd expect in this case,
>> BAZ> especailly given epair is special... You probably are right.
>> BAZ> Ideally I'd not allow it to be destroyed unless both are in the
>> BAZ> if_home_vnet. However it seems we allow this; so in that case
>> BAZ> I definitively make sure to use the CURVNET_SET_QUIET() version
>> BAZ> to avoid the expected noise otherwise.
>>
>> It looks like epair was expected to allow this, because in non-patched version
>> it already did switching before freeing the interface. It just did not switch
>> bere detaching.
>>
>> CURVNET_SET_QUIET() is used in the current version of the patch so I suppose I
>> can commit it.
>>
>> But if you think that just not allowing to destroy unless both ends are in the
>> f_home_vnet is a preferred solution and it is not late to change this I can
>> provide the patch.
BAZ> Get it in for now; it helps people. We should keep the other things in mind and
BAZ> write down a proper policy; it's more interesting as you can do other things with
BAZ> cloners you can create inside a vnet as well, today and later.
Thank you for the discussion. The patch is committed.
--
Mikolaj Golub
More information about the freebsd-virtualization
mailing list