13992 Cdiff usr/src/uts/common/io/dld/dld

Print this page

13992 VNIC in Zone loses access to properties


*** 20,29 ****
--- 20,30 ----
   */
  /*
   * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
   * Copyright 2015, Joyent Inc.
   * Copyright (c) 2017, Joyent, Inc.
+  * Copyright 2025 MNX Cloud, Inc.
   */
  
  /*
   * Data-Link Driver
   */
*** 622,631 ****
--- 623,660 ----
                  magp->dig_count = mac_addr_factory_num(mh) + 1;
          return (err);
  }
  
  /*
+  * Sometimes DLDIOC_GETMACPROP (and in the future, possibly DLDIOC_SETMACPROP)
+  * may be allowed to be accessed by the zone that is assigned the datalink
+  * device, as opposed to the zone that created the device.
+  */
+ static boolean_t
+ dld_macprop_assigned_zone_exception(zoneid_t zoneid, dls_dl_handle_t dlh,
+     dld_ioc_macprop_t *kprop, boolean_t set)
+ {
+         /*
+          * No exceptions for setting! No exceptions unless the zoneid is
+          * the assigned zone.
+          */
+         if (set || zoneid != dls_devnet_getzid(dlh))
+                 return (B_FALSE);
+ 
+         /*
+          * The current list of read-only exceptions are enumerated below.
+          */
+         switch (kprop->pr_num) {
+         case MAC_PROP_MTU:
+         case MAC_PROP_STATUS:
+                 return (B_TRUE);
+         default:
+                 return (B_FALSE);
+         }
+ }
+ 
+ /*
   * DLDIOC_SET/GETMACPROP
   */
  static int
  drv_ioc_prop_common(dld_ioc_macprop_t *prop, intptr_t arg, boolean_t set,
      cred_t *cred, int mode)
*** 677,690 ****
                  goto done;
          if ((err = dls_link_hold(dls_devnet_mac(dlh), &dlp)) != 0)
                  goto done;
  
          /*
!          * Don't allow a process to get or set properties of a link if that
!          * link doesn't belong to that zone.
           */
!         if (zoneid != dls_devnet_getownerzid(dlh)) {
                  err = ENOENT;
                  goto done;
          }
  
          if (!mac_prop_check_size(kprop->pr_num, kprop->pr_valsize,
--- 706,724 ----
                  goto done;
          if ((err = dls_link_hold(dls_devnet_mac(dlh), &dlp)) != 0)
                  goto done;
  
          /*
!          * In general, don't allow a process to get or set properties of a
!          * link if that link doesn't belong to that zone.
!          *
!          * There are exceptions however, if the dlh's *assigned* zone (as
!          * determined by dls_devnet_getzid()) is the one calling here.  See
!          * the local function dld_macprop_assigned_zone_exception() above.
           */
!         if (zoneid != dls_devnet_getownerzid(dlh) &&
!             !dld_macprop_assigned_zone_exception(zoneid, dlh, kprop, set)) {
                  err = ENOENT;
                  goto done;
          }
  
          if (!mac_prop_check_size(kprop->pr_num, kprop->pr_valsize,