Page MenuHomeFreeBSD

bhyve: fix arguments to ioctl(VMIO_SIOCSIFFLAGS)
ClosedPublic

Authored by glebius on Oct 26 2023, 1:34 AM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 11 2024, 9:04 PM
Unknown Object (File)
Feb 6 2024, 2:41 AM
Unknown Object (File)
Jan 16 2024, 1:13 PM
Unknown Object (File)
Jan 6 2024, 9:08 AM
Unknown Object (File)
Dec 23 2023, 3:16 AM
Unknown Object (File)
Dec 14 2023, 10:58 AM
Unknown Object (File)
Dec 11 2023, 12:00 PM
Unknown Object (File)
Nov 11 2023, 2:45 PM

Details

Summary

ioctl(2)'s with integer argument shall pass command argument by value,
not by pointer. The ioctl(2) manual page is not very clear about that.
See sys/kern/sys_generic.c:sys_ioctl() near IOC_VOID.

Fixes: fd8b9c73a5a63a7aa438a73951d7a535b4f25d9a

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This is how bug manifests itself:

>dtrace -n 'fbt::tunioctl:entry /execname == "bhyve" && args[1] == 0x20045600/ { printf("%x", *(int *)args[2]); }'

Before:
  5  13039                   tunioctl:entry 20045600 d5dea838
  2  13039                   tunioctl:entry 20045600 8751d008
  2  13039                   tunioctl:entry 20045600 93248d28
  4  13039                   tunioctl:entry 20045600 d85557a8

After:
dtrace: description 'fbt::tunioctl:entry ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  7  13039                   tunioctl:entry 1

Eventually it ends up with setting NOARP flag on the vmnet interface. On CURRENT the bug could be masked either by INVARIANTS in the kernel or by MALLOC_PRODUCTION in the userland.

P.S. See also 9fddcc6661d2cf7bb8e704308437d2b1674b50be

Thank you. :(

The bug is in releng/14.0. Could you please make sure this makes it there too? I can help get that done if needed.

This revision is now accepted and ready to land.Oct 26 2023, 3:23 AM