Page MenuHomeFreeBSD

bhyve: fix arguments to ioctl(VMIO_SIOCSIFFLAGS)
ClosedPublic

Authored by glebius on Oct 26 2023, 1:34 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 15, 7:03 AM
Unknown Object (File)
Wed, Nov 13, 4:27 AM
Unknown Object (File)
Sep 24 2024, 12:23 AM
Unknown Object (File)
Sep 16 2024, 7:02 AM
Unknown Object (File)
Sep 15 2024, 1:26 PM
Unknown Object (File)
Sep 1 2024, 8:41 PM
Unknown Object (File)
Sep 1 2024, 8:41 PM
Unknown Object (File)
Sep 1 2024, 8:41 PM

Details

Summary

ioctl(2)'s with integer argument shall pass command argument by value,
not by pointer. The ioctl(2) manual page is not very clear about that.
See sys/kern/sys_generic.c:sys_ioctl() near IOC_VOID.

Fixes: fd8b9c73a5a63a7aa438a73951d7a535b4f25d9a

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This is how bug manifests itself:

>dtrace -n 'fbt::tunioctl:entry /execname == "bhyve" && args[1] == 0x20045600/ { printf("%x", *(int *)args[2]); }'

Before:
  5  13039                   tunioctl:entry 20045600 d5dea838
  2  13039                   tunioctl:entry 20045600 8751d008
  2  13039                   tunioctl:entry 20045600 93248d28
  4  13039                   tunioctl:entry 20045600 d85557a8

After:
dtrace: description 'fbt::tunioctl:entry ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  7  13039                   tunioctl:entry 1

Eventually it ends up with setting NOARP flag on the vmnet interface. On CURRENT the bug could be masked either by INVARIANTS in the kernel or by MALLOC_PRODUCTION in the userland.

P.S. See also 9fddcc6661d2cf7bb8e704308437d2b1674b50be

Thank you. :(

The bug is in releng/14.0. Could you please make sure this makes it there too? I can help get that done if needed.

This revision is now accepted and ready to land.Oct 26 2023, 3:23 AM