GPF when doing jail -r, possibly an use-after-free

Xin Li delphij at delphij.net
Mon Jul 9 20:52:16 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/09/12 13:47, Mikolaj Golub wrote:
> 
> On Mon, 9 Jul 2012 06:07:05 +0000 Bjoern A. Zeeb wrote:
> 
> BAZ> On 9. Jul 2012, at 06:01 , Mikolaj Golub wrote:
> 
>>> 
>>> On Sun, 8 Jul 2012 20:52:55 +0000 Bjoern A. Zeeb wrote:
>>> 
>>> BAZ> Situation 1)
>>> 
>>> BAZ>         epairNa is in base, eiparNb is jail foo BAZ>
>>> stop jail foo: jail -r foo BAZ>         both epairN[ab] will
>>> live in base and can be destiryed without vnet switching
>>> 
>>> BAZ> Situation 2)
>>> 
>>> BAZ>         epairNa is in base, eiparNb is jail foo BAZ>
>>> you are in jail foo and type epairNb destroy;  that should not
>>> be allowed
>>> 
>>> BAZ> Situation 3)
>>> 
>>> BAZ>         epairNa is in base, eiparNb is jail foo BAZ>
>>> you are in base and type ifconfig epairNa destroy
>>> 
>>> BAZ>         This is your case ...  I am not sure what I'd
>>> expect in this case, BAZ>         especailly given epair is
>>> special...  You probably are right. BAZ>         Ideally I'd
>>> not allow it to be destroyed unless both are in the BAZ>
>>> if_home_vnet.  However it seems we allow this; so in that case 
>>> BAZ>         I definitively make sure to use the
>>> CURVNET_SET_QUIET() version BAZ>         to avoid the expected
>>> noise otherwise.
>>> 
>>> It looks like epair was expected to allow this, because in
>>> non-patched version it already did switching before freeing the
>>> interface. It just did not switch bere detaching.
>>> 
>>> CURVNET_SET_QUIET() is used in the current version of the patch
>>> so I suppose I can commit it.
>>> 
>>> But if you think that just not allowing to destroy unless both
>>> ends are in the f_home_vnet is a preferred solution and it is
>>> not late to change this I can provide the patch.
> 
> BAZ> Get it in for now; it helps people.  We should keep the other
> things in mind and BAZ> write down a proper policy; it's more
> interesting as you can do other things with BAZ> cloners you can
> create inside a vnet as well, today and later.
> 
> Thank you for the discussion. The patch is committed.

Thanks!

Cheers,
- -- 
Xin LI <delphij at delphij.net>	https://www.delphij.net/
FreeBSD - The Power to Serve!		Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQEcBAEBCAAGBQJP+0R/AAoJEG80Jeu8UPuzhdUIAKYXIbwMSxEMmtqZVcLuWXqx
50f/ni+zkXkGgECMGclWcD5jDwJCCPBsUPg1aOl35pXlVZEKQY+gbMU53olz83fn
vkRZmS6PBPYgYY/vT0W8EmCk1Sb/DeGVnrltVPnHxOkQkcV6u0c8xzxxX36H7hFl
oJDYq3bXfEOQTlJYQHt42oPtJrPyAlG+yCQSIp2YbxZhlU+jF2qakG1FyqrP9jX8
rQAcfw0uLKGcI1JBfhzcW635CFVlTQZCkLWi//Djb0Wo/YgXpKD9fGWA54iN8qEm
bd6Io7w9vF6otk0JEkmySYEvAceOx0Ae8M8oMm+q4abUYnOJZtNyYul7IhGDkVM=
=Yr4X
-----END PGP SIGNATURE-----

More information about the freebsd-virtualization mailing list