Page MenuHomeFreeBSD
Differential D51526

if_ovpn: Destroy cloned interfaces via a prison removal callback
ClosedPublic
Actions

Authored by markj on Jul 25 2025, 2:22 PM.
Tags
None
Referenced Files
F132455641: D51526.id159086.diff
Fri, Oct 17, 2:15 AM
Unknown Object (File)
Sat, Oct 11, 7:29 AM
Unknown Object (File)
Sat, Oct 11, 7:29 AM
Unknown Object (File)
Sat, Oct 11, 7:29 AM
Unknown Object (File)
Sat, Oct 11, 7:29 AM
Unknown Object (File)
Sat, Oct 11, 7:28 AM
Unknown Object (File)
Sat, Oct 11, 12:10 AM
Unknown Object (File)
Tue, Oct 7, 9:40 AM
View All 41 Files
Subscribers
ae
glebius
imp
melifaro

Details

Reviewers
kp
Group Reviewers
network
Commits
rGdfd8306a79b5: if_ovpn: Destroy cloned interfaces via a prison removal callback
rG96b29c7f0cff: if_ovpn: Destroy cloned interfaces via a prison removal callback
Summary

A if_ovpn interface carries a reference to a socket, which has a
credential reference, which holds a reference on the containing prison
and prevents SYSUNINITs from being invoked. So, register a
PR_METHOD_REMOVE callback and destroy the cloner from there instead,
since that mechanism doesn't require the prison refcount to drop to zero
first.

This fixes a bug where jails get left stuck in the DYING state after
running if_ovpn regression tests.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Jul 25 2025, 2:22 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptJul 25 2025, 2:22 PM
markj requested review of this revision.Jul 25 2025, 2:22 PM
Harbormaster completed remote builds in B65713: Diff 159086.Jul 25 2025, 2:22 PM
markj mentioned this in D51524: jail: Make prison_owns_vnet() operate on a prison instead of a ucred.Jul 25 2025, 5:28 PM
kp added a comment.Jul 28 2025, 2:15 PM

Should we unconditionally detach the V_ovpn_cloner cloner in the non-VIMAGE case? Or under MOD_UNLOAD?
If I'm reading this right we wouldn't do so now, so we could end up unloading if_ovpn.ko and being left with the cloner functions pointing to now uninitialised memory.

markj updated this revision to Diff 159320.Jul 28 2025, 2:25 PM

Be sure to detach the root VNET's cloner during module unload.

Harbormaster completed remote builds in B65799: Diff 159320.Jul 28 2025, 2:25 PM
markj added a comment.Jul 28 2025, 2:27 PM
In D51526#1178362, @kp wrote:

Should we unconditionally detach the V_ovpn_cloner cloner in the non-VIMAGE case? Or under MOD_UNLOAD?
If I'm reading this right we wouldn't do so now, so we could end up unloading if_ovpn.ko and being left with the cloner functions pointing to now uninitialised memory.

Yes, you're completely right. I think it has to happen under MOD_UNLOAD.

kp added inline comments.Jul 28 2025, 2:33 PM
sys/net/if_ovpn.c
2799

I think I'd feel better if we did V_ovpn_cloner = NULL here, because I can't quite convince myself that we're not going to double-detach the host vnet's cloner on module unload.

markj updated this revision to Diff 159324.Jul 28 2025, 2:35 PM
markj marked an inline comment as done.

Defend against double detaches of the cloner.

Harbormaster completed remote builds in B65802: Diff 159324.Jul 28 2025, 2:35 PM
kp added inline comments.Jul 28 2025, 2:41 PM
sys/net/if_ovpn.c
2796
/usr/src/sys/net/if_ovpn.c:2796:23: error: incompatible pointer types passing 'struct prison *' to parameter of type 'struct ucred *' [-Werror,-Wincompatible-pointer-types]
 2796 |         if (prison_owns_vnet(pr)) {
      |                              ^~
/usr/src/sys/sys/jail.h:438:37: note: passing argument to parameter here
  438 | bool prison_owns_vnet(struct ucred *);
      |                                     ^
1 error generated.
markj added inline comments.Jul 28 2025, 2:42 PM
sys/net/if_ovpn.c
2796

Sorry, yes, this depends on D51524. I forgot to create a link in the patch stack.

markj added a parent revision: D51524: jail: Make prison_owns_vnet() operate on a prison instead of a ucred.Jul 28 2025, 2:43 PM
kp accepted this revision as: kp.Jul 28 2025, 3:06 PM

Ah, that makes sense. I was pretty surprised that your patch didn't build.

This revision is now accepted and ready to land.Jul 28 2025, 3:06 PM
Closed by commit rG96b29c7f0cff: if_ovpn: Destroy cloned interfaces via a prison removal callback (authored by markj). · Explain WhyJul 28 2025, 4:20 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG96b29c7f0cff: if_ovpn: Destroy cloned interfaces via a prison removal callback.
markj added a commit: rGdfd8306a79b5: if_ovpn: Destroy cloned interfaces via a prison removal callback.Aug 13 2025, 12:02 PM

Revision Contents
Changeset List

PathSize
sys/
net/
48 lines

Diff 159340

View Options

sys/net/if_ovpn.c

Loading...