Bug 276526

Summary: if_wg: Add missing bpfdetach() in wg_clone_destroy()
Product: Base System Reporter: Aaron LI <aly>
Component: kernAssignee: Kyle Evans <kevans>
Status: Closed FIXED    
Severity: Affects Some People CC: kevans, net
Priority: --- Flags: kevans: mfc-stable14+
kevans: mfc-stable13+
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Aaron LI 2024-01-22 14:26:19 UTC 
bpfattach() is called in wg_clone_create(), but the bpfdetach() is missing from wg_close_destroy().  Add the missing bpfdetach().


--- if_wg.c.orig	2024-01-18 21:53:04.264212683 +0800
+++ if_wg.c	2024-01-22 08:20:13.232534082 +0800
@@ -2876,6 +2884,7 @@ wg_clone_destroy(struct if_clone *ifc, i
 
 	if (cred != NULL)
 		crfree(cred);
+	bpfdetach(sc->sc_ifp);
 	if_detach(sc->sc_ifp);
 	if_free(sc->sc_ifp);
Comment 1 Kyle Evans freebsd_committer freebsd_triage 2024-01-22 16:17:56 UTC 
Excellent catch
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-01-22 16:23:29 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=43be2d7aaf25b719aec8f49aab110c0061f1edec

commit 43be2d7aaf25b719aec8f49aab110c0061f1edec
Author:     Aaron LI <aly@aaronly.me>
AuthorDate: 2024-01-22 16:18:56 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-22 16:22:44 +0000

    wg: detach bpf upon destroy as well

    bpfattach() is called in wg_clone_create(), but the bpfdetach() is
    missing from wg_close_destroy().  Add the missing bpfdetach() to avoid
    leaking both the associated bpf bits as well as the ifnet that bpf will
    hold a reference to.

    PR:             276526
    MFC after:      3 days

 sys/dev/wg/if_wg.c | 1 +
 1 file changed, 1 insertion(+)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-01-30 05:39:44 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=3deeb70f7f70e5fbabde85efc7ea603cde915f6a

commit 3deeb70f7f70e5fbabde85efc7ea603cde915f6a
Author:     Aaron LI <aly@aaronly.me>
AuthorDate: 2024-01-22 16:18:56 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-30 05:38:01 +0000

    wg: detach bpf upon destroy as well

    bpfattach() is called in wg_clone_create(), but the bpfdetach() is
    missing from wg_close_destroy().  Add the missing bpfdetach() to avoid
    leaking both the associated bpf bits as well as the ifnet that bpf will
    hold a reference to.

    PR:             276526

    (cherry picked from commit 43be2d7aaf25b719aec8f49aab110c0061f1edec)

 sys/dev/wg/if_wg.c | 1 +
 1 file changed, 1 insertion(+)
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-01-30 05:39:48 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=c0c932b27f9551742daa84b02967f3021fbfef52

commit c0c932b27f9551742daa84b02967f3021fbfef52
Author:     Aaron LI <aly@aaronly.me>
AuthorDate: 2024-01-22 16:18:56 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-30 05:37:36 +0000

    wg: detach bpf upon destroy as well

    bpfattach() is called in wg_clone_create(), but the bpfdetach() is
    missing from wg_close_destroy().  Add the missing bpfdetach() to avoid
    leaking both the associated bpf bits as well as the ifnet that bpf will
    hold a reference to.

    PR:             276526

    (cherry picked from commit 43be2d7aaf25b719aec8f49aab110c0061f1edec)

 sys/dev/wg/if_wg.c | 1 +
 1 file changed, 1 insertion(+)
Comment 5 Kyle Evans freebsd_committer freebsd_triage 2024-01-30 05:47:41 UTC 
MFC'd to all supported branches; thanks!