[Git][hardenedbsd/HardenedBSD][freebsd/current/main] 2 commits: ifnet: Fix decreasing the vnet interface count

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch freebsd/current/main at HardenedBSD / HardenedBSD


Commits:
8065ff63 by Zhenlei Huang at 2026-03-17T00:20:08+08:00
ifnet: Fix decreasing the vnet interface count

It should be decreased only when the interface has been successfully
removed from the "active" list.

This prevents vnet_if_return() from potential OOB writes to the
allocated memory "pending".

Reviewed by: kp, pouria
Fixes: a779388f8bb3 if: Protect V_ifnet in vnet_if_return()
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55873

- - - - -
e0731059 by Zhenlei Huang at 2026-03-17T01:03:05+08:00
ifnet: Remove unreachable code

The ioctls SIOCSIFVNET and SIOCSIFRVNET are for userland only. For
SIOCSIFVNET, if_vmove_loan(), the interface is obtained from current
VNET. For SIOCSIFRVNET, if_vmove_reclaim(), a valid child prison is
held before getting the interface. In both cases the VNET of the
obtained interfaces is stable, so there's no need to check it.

No functional change intended.

Reviewed by: glebius, jamie (for #jails)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55828

- - - - -


1 changed file:

- sys/net/if.c


Changes:

=====================================
sys/net/if.c
=====================================
@@ -447,14 +447,14 @@ if_unlink_ifnet(struct ifnet *ifp, bool vmove)
CK_STAILQ_FOREACH(iter, &V_ifnet, if_link)
if (iter == ifp) {
CK_STAILQ_REMOVE(&V_ifnet, ifp, ifnet, if_link);
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt--;
+#endif
if (!vmove)
ifp->if_flags |= IFF_DYING;
found = 1;
break;
}
-#ifdef VIMAGE
- curvnet->vnet_ifcnt--;
-#endif
IFNET_WUNLOCK();

return (found);
@@ -1188,7 +1188,6 @@ if_vmove_loan(struct thread *td, struct ifnet *ifp, char *ifname, int jid)
struct prison *pr;
struct ifnet *difp;
bool found;
- bool shutdown;

MPASS(ifindex_table[ifp->if_index].ife_ifnet == ifp);

@@ -1218,14 +1217,6 @@ if_vmove_loan(struct thread *td, struct ifnet *ifp, char *ifname, int jid)
}
sx_xlock(&ifnet_detach_sxlock);

- /* Make sure the VNET is stable. */
- shutdown = VNET_IS_SHUTTING_DOWN(ifp->if_vnet);
- if (shutdown) {
- sx_xunlock(&ifnet_detach_sxlock);
- prison_free(pr);
- return (EBUSY);
- }
-
found = if_unlink_ifnet(ifp, true);
if (! found) {
sx_xunlock(&ifnet_detach_sxlock);
@@ -1252,7 +1243,6 @@ if_vmove_reclaim(struct thread *td, char *ifname, int jid)
struct vnet *vnet_dst;
struct ifnet *ifp;
int found __diagused;
- bool shutdown;

/* Try to find the prison within our visibility. */
sx_slock(&allprison_lock);
@@ -1280,14 +1270,6 @@ if_vmove_reclaim(struct thread *td, char *ifname, int jid)
return (EEXIST);
}

- /* Make sure the VNET is stable. */
- shutdown = VNET_IS_SHUTTING_DOWN(ifp->if_vnet);
- if (shutdown) {
- CURVNET_RESTORE();
- prison_free(pr);
- return (EBUSY);
- }
-
/* Get interface back from child jail/vnet. */
found = if_unlink_ifnet(ifp, true);
MPASS(found);



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/33e0568d30a687b3bbd3f00fd9b323ff031e39a2...e0731059af912a27d0f842959218946b1daaa7d1

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/33e0568d30a687b3bbd3f00fd9b323ff031e39a2...e0731059af912a27d0f842959218946b1daaa7d1
You're receiving this email because of your account on git.hardenedbsd.org.