>Number: 158686
>Category: kern
>Synopsis: [PATCH] [if_tap] Add VIMAGE support to if_tap
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 06 13:10:01 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Daan Vreeken [PA4DAN]
>Release: FreeBSD 9.0-CURRENT amd64
>Organization:
Vitsch Electronics - http://Vitsch.nl/
>Environment:
System: FreeBSD RacebeestV3.VEHosting.LAN 9.0-CURRENT FreeBSD 9.0-CURRENT #9
r219581M: Mon Jul 4 22:10:19 CEST 2011
[email protected]:/usr/obj/mnt/2/sys/Multimedia amd64
>Description:
When using a kernel with 'options VIMAGE', using (and closing) a /dev/tap*
device will crash the kernel.
>How-To-Repeat:
o Create a kernel with 'options VIMAGE' and 'device tap'
o Start an application that uses /dev/tap* device(s)
o Stop the application and see the crash
>Fix:
The following patch is based on similar changes that were made to if_tun.c
and prevents the panic :
Index: sys/net/if_tap.c
===================================================================
--- sys/net/if_tap.c (revision 222928)
+++ sys/net/if_tap.c (working copy)
@@ -42,6 +42,7 @@
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/filio.h>
+#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
@@ -64,8 +65,9 @@
#include <net/if.h>
#include <net/if_clone.h>
#include <net/if_dl.h>
+#include <net/if_types.h>
#include <net/route.h>
-#include <net/if_types.h>
+#include <net/vnet.h>
#include <netinet/in.h>
@@ -214,6 +216,7 @@
KASSERT(!(tp->tap_flags & TAP_OPEN),
("%s flags is out of sync", ifp->if_xname));
+ CURVNET_SET(ifp->if_vnet);
knlist_destroy(&tp->tap_rsel.si_note);
destroy_dev(tp->tap_dev);
ether_ifdetach(ifp);
@@ -221,6 +224,7 @@
mtx_destroy(&tp->tap_mtx);
free(tp, M_TAP);
+ CURVNET_RESTORE();
}
static void
@@ -362,6 +366,7 @@
if (unit == -1)
append_unit = 1;
+ CURVNET_SET(CRED_TO_VNET(cred));
/* find any existing device, or allocate new unit number */
i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
if (i) {
@@ -380,6 +385,7 @@
}
if_clone_create(name, namelen, NULL);
+ CURVNET_RESTORE();
} /* tapclone */
@@ -520,6 +526,7 @@
/* junk all pending output */
mtx_lock(&tp->tap_mtx);
+ CURVNET_SET(ifp->if_vnet);
IF_DRAIN(&ifp->if_snd);
/*
@@ -543,6 +550,8 @@
}
if_link_state_change(ifp, LINK_STATE_DOWN);
+ CURVNET_RESTORE();
+
funsetown(&tp->tap_sigio);
selwakeuppri(&tp->tap_rsel, PZERO+1);
KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
@@ -944,7 +953,12 @@
}
/* Pass packet up to parent. */
+ CURVNET_SET(ifp->if_vnet);
+#if __FreeBSD_version > 900038
+ M_SETFIB(m, ifp->if_fib);
+#endif
(*ifp->if_input)(ifp, m);
+ CURVNET_RESTORE();
ifp->if_ipackets ++; /* ibytes are counted in parent */
return (0);
This diff file can also be found here:
http://www.vitsch.nl/patches/
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
