svn commit: r284348 - in head/sys: dev/virtio/network net

Kristof Provost kp at FreeBSD.org
Sat Jun 13 19:39:22 UTC 2015 

Author: kp
Date: Sat Jun 13 19:39:21 2015
New Revision: 284348
URL: https://svnweb.freebsd.org/changeset/base/284348

Log:
  Fix panic when adding vtnet interfaces to a bridge
  
  vtnet interfaces are always in promiscuous mode (at least if the
  VIRTIO_NET_F_CTRL_RX feature is not negotiated with the host).  if_promisc() on
  a vtnet interface returned ENOTSUP although it has IFF_PROMISC set. This
  confused the bridge code. Instead we now accept all enable/disable promiscuous
  commands (and always keep IFF_PROMISC set).
  
  There are also two issues with the if_bridge error handling.
  
  If if_promisc() fails it uses bridge_delete_member() to clean up. This tries to
  disable promiscuous mode on the interface. That runs into an assert, because
  promiscuous mode was never set in the first place. (That's the panic reported in
  PR 200210.)
  We can only unset promiscuous mode if the interface actually is promiscuous.
  This goes against the reference counting done by if_promisc(), but only the
  first/last if_promic() calls can actually fail, so this is safe.
  
  A second issue is a double free of bif. It's already freed by
  bridge_delete_member().
  
  PR:		200210
  Differential Revision:	https://reviews.freebsd.org/D2804
  Reviewed by:	philip (mentor)

Modified:
  head/sys/dev/virtio/network/if_vtnet.c
  head/sys/net/if_bridge.c

Modified: head/sys/dev/virtio/network/if_vtnet.c
==============================================================================
--- head/sys/dev/virtio/network/if_vtnet.c	Sat Jun 13 19:36:32 2015	(r284347)
+++ head/sys/dev/virtio/network/if_vtnet.c	Sat Jun 13 19:39:21 2015	(r284348)
@@ -1080,8 +1080,12 @@ vtnet_ioctl(struct ifnet *ifp, u_long cm
 			    (IFF_PROMISC | IFF_ALLMULTI)) {
 				if (sc->vtnet_flags & VTNET_FLAG_CTRL_RX)
 					vtnet_rx_filter(sc);
-				else
-					error = ENOTSUP;
+				else {
+					ifp->if_flags |= IFF_PROMISC;
+					if ((ifp->if_flags ^ sc->vtnet_if_flags)
+					    & IFF_ALLMULTI)
+						error = ENOTSUP;
+				}
 			}
 		} else
 			vtnet_init_locked(sc);

Modified: head/sys/net/if_bridge.c
==============================================================================
--- head/sys/net/if_bridge.c	Sat Jun 13 19:36:32 2015	(r284347)
+++ head/sys/net/if_bridge.c	Sat Jun 13 19:39:21 2015	(r284348)
@@ -1033,9 +1033,12 @@ bridge_delete_member(struct bridge_softc
 		case IFT_ETHER:
 		case IFT_L2VLAN:
 			/*
-			 * Take the interface out of promiscuous mode.
+			 * Take the interface out of promiscuous mode, but only
+			 * if it was promiscuous in the first place. It might
+			 * not be if we're in the bridge_ioctl_add() error path.
 			 */
-			(void) ifpromisc(ifs, 0);
+			if (ifs->if_flags & IFF_PROMISC)
+				(void) ifpromisc(ifs, 0);
 			break;
 
 		case IFT_GIF:
@@ -1203,10 +1206,8 @@ bridge_ioctl_add(struct bridge_softc *sc
 			break;
 	}
 
-	if (error) {
+	if (error)
 		bridge_delete_member(sc, bif, 0);
-		free(bif, M_DEVBUF);
-	}
 	return (error);
 }

More information about the svn-src-all mailing list