[Git][hardenedbsd/HardenedBSD][hardened/current/master] 3 commits: ifnet: Fix decreasing the vnet interface count

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch hardened/current/master at HardenedBSD / HardenedBSD


Commits:
8065ff63 by Zhenlei Huang at 2026-03-17T00:20:08+08:00
ifnet: Fix decreasing the vnet interface count

It should be decreased only when the interface has been successfully
removed from the "active" list.

This prevents vnet_if_return() from potential OOB writes to the
allocated memory "pending".

Reviewed by: kp, pouria
Fixes: a779388f8bb3 if: Protect V_ifnet in vnet_if_return()
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55873

- - - - -
e0731059 by Zhenlei Huang at 2026-03-17T01:03:05+08:00
ifnet: Remove unreachable code

The ioctls SIOCSIFVNET and SIOCSIFRVNET are for userland only. For
SIOCSIFVNET, if_vmove_loan(), the interface is obtained from current
VNET. For SIOCSIFRVNET, if_vmove_reclaim(), a valid child prison is
held before getting the interface. In both cases the VNET of the
obtained interfaces is stable, so there's no need to check it.

No functional change intended.

Reviewed by: glebius, jamie (for #jails)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55828

- - - - -
bbffe592 by HardenedBSD Sync Services at 2026-03-16T12:01:49-06:00
Merge branch 'freebsd/current/main' into hardened/current/master

- - - - -


1 changed file:

- sys/net/if.c


Changes:

=====================================
sys/net/if.c
=====================================
@@ -447,14 +447,14 @@ if_unlink_ifnet(struct ifnet *ifp, bool vmove)
CK_STAILQ_FOREACH(iter, &V_ifnet, if_link)
if (iter == ifp) {
CK_STAILQ_REMOVE(&V_ifnet, ifp, ifnet, if_link);
+#ifdef VIMAGE
+ curvnet->vnet_ifcnt--;
+#endif
if (!vmove)
ifp->if_flags |= IFF_DYING;
found = 1;
break;
}
-#ifdef VIMAGE
- curvnet->vnet_ifcnt--;
-#endif
IFNET_WUNLOCK();

return (found);
@@ -1188,7 +1188,6 @@ if_vmove_loan(struct thread *td, struct ifnet *ifp, char *ifname, int jid)
struct prison *pr;
struct ifnet *difp;
bool found;
- bool shutdown;

MPASS(ifindex_table[ifp->if_index].ife_ifnet == ifp);

@@ -1218,14 +1217,6 @@ if_vmove_loan(struct thread *td, struct ifnet *ifp, char *ifname, int jid)
}
sx_xlock(&ifnet_detach_sxlock);

- /* Make sure the VNET is stable. */
- shutdown = VNET_IS_SHUTTING_DOWN(ifp->if_vnet);
- if (shutdown) {
- sx_xunlock(&ifnet_detach_sxlock);
- prison_free(pr);
- return (EBUSY);
- }
-
found = if_unlink_ifnet(ifp, true);
if (! found) {
sx_xunlock(&ifnet_detach_sxlock);
@@ -1252,7 +1243,6 @@ if_vmove_reclaim(struct thread *td, char *ifname, int jid)
struct vnet *vnet_dst;
struct ifnet *ifp;
int found __diagused;
- bool shutdown;

/* Try to find the prison within our visibility. */
sx_slock(&allprison_lock);
@@ -1280,14 +1270,6 @@ if_vmove_reclaim(struct thread *td, char *ifname, int jid)
return (EEXIST);
}

- /* Make sure the VNET is stable. */
- shutdown = VNET_IS_SHUTTING_DOWN(ifp->if_vnet);
- if (shutdown) {
- CURVNET_RESTORE();
- prison_free(pr);
- return (EBUSY);
- }
-
/* Get interface back from child jail/vnet. */
found = if_unlink_ifnet(ifp, true);
MPASS(found);



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/8a7d86510dbcbca12e0972d69fc63d2ade5bf824...bbffe592592ce0c4bdcb6b742cbf3dbc31d540a5

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/8a7d86510dbcbca12e0972d69fc63d2ade5bf824...bbffe592592ce0c4bdcb6b742cbf3dbc31d540a5
You're receiving this email because of your account on git.hardenedbsd.org.