From 4733ced31b52279ffbbb7a95a03079ab09f79d05 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 11 Apr 2024 15:08:18 +0000 Subject: [PATCH] Prevent changing interface loopback flag from userland. IFF_LOOPBACK is telling userland the behaviour of a specific driver, it is supposed to be static and permanent. Clearing the loopback flag on lo0 could lead to a kernel crash due to inconsistent multicast igmp group. Reported-by: syzbot+2f24ed6c8ddb2d6bb22c@syzkaller.appspotmail.com OK claudio@ deraadt@ --- sys/net/if.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/net/if.h b/sys/net/if.h index c32a15ed0e9..ae50958ee5a 100644 --- a/sys/net/if.h +++ b/sys/net/if.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if.h,v 1.215 2023/11/11 14:24:03 bluhm Exp $ */ +/* $OpenBSD: if.h,v 1.216 2024/04/11 15:08:18 bluhm Exp $ */ /* $NetBSD: if.h,v 1.23 1996/05/07 02:40:27 thorpej Exp $ */ /* @@ -219,7 +219,7 @@ struct if_status_description { /* flags set internally only: */ #define IFF_CANTCHANGE \ - (IFF_BROADCAST|IFF_POINTOPOINT|IFF_RUNNING|IFF_OACTIVE|\ + (IFF_BROADCAST|IFF_LOOPBACK|IFF_POINTOPOINT|IFF_RUNNING|IFF_OACTIVE|\ IFF_SIMPLEX|IFF_MULTICAST|IFF_ALLMULTI) #define IFXF_MPSAFE 0x1 /* [I] if_start is mpsafe */ -- 2.20.1