From owner-freebsd-virtualization@FreeBSD.ORG Mon Jul 2 11:07:25 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 128271065670 for ; Mon, 2 Jul 2012 11:07:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EFB328FC27 for ; Mon, 2 Jul 2012 11:07:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q62B7OZI012789 for ; Mon, 2 Jul 2012 11:07:24 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q62B7Ot8012787 for freebsd-virtualization@FreeBSD.org; Mon, 2 Jul 2012 11:07:24 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Jul 2012 11:07:24 GMT Message-Id: <201207021107.q62B7Ot8012787@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-virtualization@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 11:07:25 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/167551 virtualization[vimage] Fatal trap 12 jails, vimage, ifconfig destroy o kern/165252 virtualization[vimage] [pf] [panic] kernel panics with VIMAGE and PF o kern/161094 virtualization[vimage] [pf] [panic] kernel panic with pf + VIMAGE wh o kern/160541 virtualization[vimage][pf][patch] panic: userret: Returning on td 0x o kern/160496 virtualization[vimage] [pf] [patch] kernel panic with pf + VIMAGE f kern/152047 virtualization[vimage] [panic] TUN\TAP under jail with vimage crashe o kern/148155 virtualization[vimage] [pf] Kernel panic with PF/IPFilter + VIMAGE k a kern/147950 virtualization[vimage] [carp] VIMAGE + CARP = kernel crash s kern/143808 virtualization[pf] pf does not work inside jail a kern/141696 virtualization[rum] [vimage] [panic] rum(4)+ vimage = kernel panic 10 problems total. From owner-freebsd-virtualization@FreeBSD.ORG Tue Jul 3 17:45:41 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 158B51065670 for ; Tue, 3 Jul 2012 17:45:41 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id F11228FC19 for ; Tue, 3 Jul 2012 17:45:40 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id D03981B27B; Tue, 3 Jul 2012 10:45:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1341337540; bh=Ugbov3lCVodmFDlsNp+LT6uxgIGkTPdVDFriJhelErA=; h=Date:From:Reply-To:To:CC:Subject; b=Q5zcVddTeH1Pwo5t1rDv3wAHzsOzV0SPGkht0GbePpIm356g0ArQ1lTPHhsUUltOI 2FO+u/AIZbp/L0whO01noPM3+mDCgTzbPQcma3CpQYX/YAd1E24ETJEgsE+pS/S9hJ 1gTi3+hjCw0i0ALsZDoUUFuaUoi79rj+RWg8+sjg= Message-ID: <4FF32FC4.6020701@delphij.net> Date: Tue, 03 Jul 2012 10:45:40 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: freebsd-virtualization@FreeBSD.org X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: d@delphij.net Subject: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 17:45:41 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I've talked with bz@ briefly about this and we think it's better to put this to a mailing list. Here is what I have seen on 8.2-RELEASE (with a few local patches). When doing "jail -r ", after a while, a GPF happens here, in sys/net/vnet.c: /* * Destroy a virtual network stack. */ void vnet_destroy(struct vnet *vnet) { struct ifnet *ifp, *nifp; [...] /* Return all inherited interfaces to their parent vnets. */ TAILQ_FOREACH_SAFE(ifp, &V_ifnet, if_link, nifp) { - ---> if (ifp->if_home_vnet != ifp->if_vnet) if_vmove(ifp, ifp->if_home_vnet); } Where I saw %esi and %edi as "0xdeadc0de", so my understanding is that there is an use-after-free somewhere. I'm still trying to track this bug down. In this configuration we used bridge and epair to communicate with the jail. Teardown of the bridge would bring the underlying interface down and up, not sure if that's related though. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP8y/EAAoJEG80Jeu8UPuzsEkIAMIzkMu2r4YIJEg7eu24JUP1 LFDMLnDtzGz9N2OnMQbB8x5PwR+hOlWPqJkHwgj3Fh6x+uYVMxchcXCA+79htLdQ dv8zWRtqmYTFFk6KpB4DvdeAtN9TFjtqLpVOiC9Umu/sMj4iXVd/At6+VVbhGIJA Uzig4q1Skgt5PhfTDJQ+qqlOu4lQH+/U5+CC2fZbp8jGM3QY8UWPkAct6XiNJnEH WmTsgwli8PPZcqp+hPR10Ca69JMZ2czC7U8KqM4tP2SY35Msw55GdlkI54rVkBy4 2AxQfr//NCilxdo1vDTLRQbWD9hUdSUiom0HJIEIHuwIsKzRz1CHSqlZ0KgR9ss= =MRPu -----END PGP SIGNATURE----- From owner-freebsd-virtualization@FreeBSD.ORG Wed Jul 4 07:01:04 2012 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B790C106566B for ; Wed, 4 Jul 2012 07:01:04 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 43BAE8FC0A for ; Wed, 4 Jul 2012 07:01:04 +0000 (UTC) Received: by werp13 with SMTP id p13so3345835wer.13 for ; Wed, 04 Jul 2012 00:01:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:organization:references:sender:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=Uc1nm5wx1Z4ZRufn9/VoUqMh2DNJyweY204TLgmL+jY=; b=R3afQadB3oWFMdM2Wx3wCIzuhVOUX5gxH5jh0POTGTPIjX0hN69aXnqhp/jbQfl8uJ dYhHnyfmyMVnlgatfIYky3L4nV35xKgLb/CIpQjD8eb48nI9+ZXjpbIpfH21xdSrBkFZ hcKWFNXZWiQANSEW1H4e7QXYEmvCwu7CK1lwzBVV8Ph7WAp12gnoehJoH6eHKNS2uzD5 8fUf7aPjTXHqJZ3evUrhP7+IfZXtfap15/92HURc7WjxUx0DHPWYjwqDiSi+I4rMLnlr yMyczeqS00Epgret054uGFXDdHFDBEieCLRh1wbX/qnIl3c0iVP5LcMtXNIZ561vfkcG uJrg== Received: by 10.180.107.103 with SMTP id hb7mr31206620wib.3.1341385263202; Wed, 04 Jul 2012 00:01:03 -0700 (PDT) Received: from localhost ([188.230.122.226]) by mx.google.com with ESMTPS id e9sm23709086wiw.10.2012.07.04.00.01.01 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 04 Jul 2012 00:01:01 -0700 (PDT) From: Mikolaj Golub To: d@delphij.net Organization: TOA Ukraine References: <4FF32FC4.6020701@delphij.net> Sender: Mikolaj Golub Date: Wed, 04 Jul 2012 10:00:59 +0300 In-Reply-To: <4FF32FC4.6020701@delphij.net> (Xin Li's message of "Tue, 03 Jul 2012 10:45:40 -0700") Message-ID: <86wr2kau38.fsf@in138.ua3> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-virtualization@FreeBSD.org Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 07:01:04 -0000 On Tue, 03 Jul 2012 10:45:40 -0700 Xin Li wrote: XL> Hi, XL> I've talked with bz@ briefly about this and we think it's better to XL> put this to a mailing list. XL> Here is what I have seen on 8.2-RELEASE (with a few local patches). XL> When doing "jail -r ", after a while, a GPF happens here, in XL> sys/net/vnet.c: XL> /* XL> * Destroy a virtual network stack. XL> */ XL> void XL> vnet_destroy(struct vnet *vnet) XL> { XL> struct ifnet *ifp, *nifp; XL> [...] XL> /* Return all inherited interfaces to their parent vnets. */ XL> TAILQ_FOREACH_SAFE(ifp, &V_ifnet, if_link, nifp) { XL> ---> if (ifp->if_home_vnet != ifp->if_vnet) XL> if_vmove(ifp, ifp->if_home_vnet); XL> } XL> Where I saw %esi and %edi as "0xdeadc0de", so my understanding is that XL> there is an use-after-free somewhere. I'm still trying to track this XL> bug down. XL> In this configuration we used bridge and epair to communicate with the XL> jail. Teardown of the bridge would bring the underlying interface XL> down and up, not sure if that's related though. Is this observed after destroying epair? There is an issue with epair: on destroy, when epair_clone_destroy() calls ether_ifdetach() for its second half it does not switch to its vnet and if_detach_internal() can't find the interface and just returns. As a result V_ifnet list is left with dead reference. http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000628.html Here is an updated patch against CURRENT: http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch -- Mikolaj Golub From owner-freebsd-virtualization@FreeBSD.ORG Thu Jul 5 19:18:36 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31678106564A; Thu, 5 Jul 2012 19:18:36 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 14ABA8FC0A; Thu, 5 Jul 2012 19:18:36 +0000 (UTC) Received: from delta.delphij.net (unknown [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id E18811B0A0; Thu, 5 Jul 2012 12:18:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1341515915; bh=XRvBYzrccyzSBvKIXXiTkB9oIxjQgOjDA+mxpcDe6RQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=mkFPiC/e7JphELVpYxIe3aWJWP33go69v6wL1ZoxiEVZu2shf50a2rRNn1Fq2WSRg Zi8ue0p2uRG2XRLZfJsBRRv6FA26MTRdiXMt+UlV0RLiwLp2CGUNeZMK6hqYaTs9uW 2944cYkkYbVJfJacI318ny9iz/oFQLefYdw4xBPM= Message-ID: <4FF5E87C.2020908@delphij.net> Date: Thu, 05 Jul 2012 12:18:20 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Mikolaj Golub References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> In-Reply-To: <86wr2kau38.fsf@in138.ua3> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: d@delphij.net, freebsd-virtualization@FreeBSD.org Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 19:18:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Mikolaj, On 07/04/12 00:00, Mikolaj Golub wrote: > Is this observed after destroying epair? There is an issue with > epair: on destroy, when epair_clone_destroy() calls > ether_ifdetach() for its second half it does not switch to its vnet > and if_detach_internal() can't find the interface and just returns. > As a result V_ifnet list is left with dead reference. Yes. > http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000628.html > > Here is an updated patch against CURRENT: > > http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch Your > patch did fixed the problem, thanks! Are you going to commit it against -HEAD and then MFC after a while? Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP9eh8AAoJEG80Jeu8UPuzrKQH/3HT/qdW1r8a/sS9XSVK1OFZ u5M1GUUsrfCpcEYcn1YMgfJKvicy2H56OCHUNwEHfJkngqAvVZD0nZu+dcS7UTQZ djWHnkealtKg+57jG/FdL+tt8wViq8anYN2I0UUqGqne/tVHkbS9VY0KTr1b9JRv CNkBMKEJ3ii7eWNft+8c8cRXlOOFbGGuYVOdE8vVB7YDTOkeCGwwbJaLNXheMyld yNYc4ZNLD8f/TUuxKvbN4Ee514SfvjWsJa9CgiGWTD4u74Brml3zSUGWdWChINqV uZ14VYzIPmXiPAD1fqidSPPJQ0QpAy1sdwSVnKOkoQ5/zbZzKUXoNGCB+K0z460= =qZ5q -----END PGP SIGNATURE----- From owner-freebsd-virtualization@FreeBSD.ORG Thu Jul 5 19:54:03 2012 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 349CD1065670; Thu, 5 Jul 2012 19:54:03 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 7FAD48FC0A; Thu, 5 Jul 2012 19:54:02 +0000 (UTC) Received: by wibhm11 with SMTP id hm11so29867wib.13 for ; Thu, 05 Jul 2012 12:54:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:references:x-comment-to:sender:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=a5/gNkxgRE5rLe/4iIKCRwd8wKtrJ4JNqCCD84MqWGU=; b=LnXoPnNlPd2rEv8jP4COVo4p5V3GxzJJaX98l8O9Mc4GPCBR8kNDAq5OPuL5mBtTZZ hqrDVidn9pd0mjTmdRqB4jAM3qMjsi//Qgfaft1aDVIN+h7/bWs3PLZMoM9qKJu1VWHy hzZ6OBnVX9+F6W8pXZ6H/MFTCXhI9xz/LDJ09vuTBxOlgyBDDxkFh3QHrtdwQKArwKSl 3sIxjEY/416DDTp0VxGTiIL/apMCWRQAje9/YTQebS9MVKlYkKBTpDRxm4uDU/pdhX3L ie74oO5v78geJ9nrF1hN/2QYm/MqMwG4voATa0ihTLe3TzuhLb9TKleAL8Ml/ElQFsUc A3pw== Received: by 10.216.144.69 with SMTP id m47mr9654014wej.86.1341518041630; Thu, 05 Jul 2012 12:54:01 -0700 (PDT) Received: from localhost ([95.69.175.25]) by mx.google.com with ESMTPS id y2sm1707546wix.7.2012.07.05.12.53.59 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 05 Jul 2012 12:54:00 -0700 (PDT) From: Mikolaj Golub To: d@delphij.net References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> <4FF5E87C.2020908@delphij.net> X-Comment-To: Xin Li Sender: Mikolaj Golub Date: Thu, 05 Jul 2012 22:53:58 +0300 In-Reply-To: <4FF5E87C.2020908@delphij.net> (Xin Li's message of "Thu, 05 Jul 2012 12:18:20 -0700") Message-ID: <86r4sqasrt.fsf@kopusha.home.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Bjoern A. Zeeb" , freebsd-virtualization@FreeBSD.org Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 19:54:03 -0000 On Thu, 05 Jul 2012 12:18:20 -0700 Xin Li wrote: XL> Hi, Mikolaj, XL> On 07/04/12 00:00, Mikolaj Golub wrote: >> Is this observed after destroying epair? There is an issue with >> epair: on destroy, when epair_clone_destroy() calls >> ether_ifdetach() for its second half it does not switch to its vnet >> and if_detach_internal() can't find the interface and just returns. >> As a result V_ifnet list is left with dead reference. XL> Yes. >> http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000628.html >> >> Here is an updated patch against CURRENT: >> >> http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch XL> Your >> XL> patch did fixed the problem, thanks! Are you going to commit it XL> against -HEAD and then MFC after a while? I would like Bjoern review it before me committing, or at least tell he does not mind, if he does not have time to review -) -- Mikolaj Golub From owner-freebsd-virtualization@FreeBSD.ORG Thu Jul 5 20:21:55 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC6DE1065672; Thu, 5 Jul 2012 20:21:55 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 7A03A8FC0A; Thu, 5 Jul 2012 20:21:55 +0000 (UTC) Received: from dhcp-128-232-134-16.eduroam.csx.cam.ac.uk (dhcp-128-232-134-16.eduroam.csx.cam.ac.uk [128.232.134.16]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPSA id E98B825D3A0F; Thu, 5 Jul 2012 20:21:53 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <86r4sqasrt.fsf@kopusha.home.net> Date: Thu, 5 Jul 2012 20:21:53 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net> References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> <4FF5E87C.2020908@delphij.net> <86r4sqasrt.fsf@kopusha.home.net> To: Mikolaj Golub X-Mailer: Apple Mail (2.1084) Cc: d@delphij.net, FreeBSD virtualization mailing list Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 20:21:55 -0000 On 5. Jul 2012, at 19:53 , Mikolaj Golub wrote: >=20 > On Thu, 05 Jul 2012 12:18:20 -0700 Xin Li wrote: >=20 > XL> Hi, Mikolaj, >=20 > XL> On 07/04/12 00:00, Mikolaj Golub wrote: >>> Is this observed after destroying epair? There is an issue with >>> epair: on destroy, when epair_clone_destroy() calls >>> ether_ifdetach() for its second half it does not switch to its vnet >>> and if_detach_internal() can't find the interface and just returns. >>> As a result V_ifnet list is left with dead reference. >=20 > XL> Yes. >=20 >>> = http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000= 628.html >>>=20 >>> Here is an updated patch against CURRENT: >>>=20 >>> = http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch >=20 > XL> Your >>>=20 > XL> patch did fixed the problem, thanks! Are you going to commit it > XL> against -HEAD and then MFC after a while? >=20 > I would like Bjoern review it before me committing, or at least tell = he does > not mind, if he does not have time to review -) To me the patch looks wrong; I am wondering if someone broke some other = central assumptions but given I cannot currently spend time on this and if it = fixes things feel free to go ahead. /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! From owner-freebsd-virtualization@FreeBSD.ORG Fri Jul 6 05:53:22 2012 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 939931065676 for ; Fri, 6 Jul 2012 05:53:22 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 208A78FC0C for ; Fri, 6 Jul 2012 05:53:21 +0000 (UTC) Received: by werp13 with SMTP id p13so5631930wer.13 for ; Thu, 05 Jul 2012 22:53:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:organization:references:sender:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=NkqngIlHEy5LWmaGMnG75fD5aS0rQ6bp05z5XkXZd/g=; b=AmYVlMiTKaF7JO+zmMIe5dbCtx6vskhNWOD6bl9fmG7k9okWa20Np/rpdwODFZS/iL 8aqpoR/IKd87tUIHrT9mmHeKecfsxunmFGWmY4lKu7A5/a7l0/ev6bj5L8yBAzuQIGPH 7nGjJ3wjYFCfdrhpZzhkasoqvwFw8Z1aSJGmmP65A1u7KSmYuyJ0aDJ/YS5IPvG2DXL2 V/NZfNzeBnipYu70UombMAw7D+PG+8h88TUn3h5QGPxf0AeroOHmdWsRQA2PIzHsjcFV MsNty9gM38pMAjD3Wdqpw1FcMEG5uiPRW2s7Nt/IrInM24ErKmh76M+9o6haEE0tlvrh XB9w== Received: by 10.180.106.97 with SMTP id gt1mr4890988wib.5.1341554001169; Thu, 05 Jul 2012 22:53:21 -0700 (PDT) Received: from localhost ([188.230.122.226]) by mx.google.com with ESMTPS id e9sm6169125wiw.10.2012.07.05.22.53.18 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 05 Jul 2012 22:53:19 -0700 (PDT) From: Mikolaj Golub To: "Bjoern A. Zeeb" Organization: TOA Ukraine References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> <4FF5E87C.2020908@delphij.net> <86r4sqasrt.fsf@kopusha.home.net> <672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net> Sender: Mikolaj Golub Date: Fri, 06 Jul 2012 08:53:17 +0300 In-Reply-To: <672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net> (Bjoern A. Zeeb's message of "Thu, 5 Jul 2012 20:21:53 +0000") Message-ID: <86zk7da10y.fsf@in138.ua3> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: d@delphij.net, FreeBSD virtualization mailing list Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 05:53:22 -0000 On Thu, 5 Jul 2012 20:21:53 +0000 Bjoern A. Zeeb wrote: BAZ> On 5. Jul 2012, at 19:53 , Mikolaj Golub wrote: >> >> On Thu, 05 Jul 2012 12:18:20 -0700 Xin Li wrote: >> >> XL> Hi, Mikolaj, >> >> XL> On 07/04/12 00:00, Mikolaj Golub wrote: >>>> Is this observed after destroying epair? There is an issue with >>>> epair: on destroy, when epair_clone_destroy() calls >>>> ether_ifdetach() for its second half it does not switch to its vnet >>>> and if_detach_internal() can't find the interface and just returns. >>>> As a result V_ifnet list is left with dead reference. >> >> XL> Yes. >> >>>> http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000628.html >>>> >>>> Here is an updated patch against CURRENT: >>>> >>>> http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch >> >> XL> Your >>>> >> XL> patch did fixed the problem, thanks! Are you going to commit it >> XL> against -HEAD and then MFC after a while? >> >> I would like Bjoern review it before me committing, or at least tell he does >> not mind, if he does not have time to review -) BAZ> To me the patch looks wrong; I am wondering if someone broke some other central BAZ> assumptions but given I cannot currently spend time on this and if it fixes things BAZ> feel free to go ahead. If you told what looks wrong I could try to dig at that direction and might be back with a better solution, instead of committing a presumably wrong fix. -- Mikolaj Golub From owner-freebsd-virtualization@FreeBSD.ORG Sat Jul 7 03:10:34 2012 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 704121065670 for ; Sat, 7 Jul 2012 03:10:34 +0000 (UTC) (envelope-from sean@chittenden.org) Received: from mail01.lax1.stackjet.com (mon01.lax1.stackjet.com [174.136.104.178]) by mx1.freebsd.org (Postfix) with ESMTP id 53AF58FC08 for ; Sat, 7 Jul 2012 03:10:34 +0000 (UTC) Received: from [172.23.13.6] (unknown [64.191.195.250]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: sean@chittenden.org) by mail01.lax1.stackjet.com (Postfix) with ESMTPSA id 400EE3E8BA3 for ; Fri, 6 Jul 2012 20:10:28 -0700 (PDT) From: Sean Chittenden Content-Type: multipart/signed; boundary="Apple-Mail=_00853354-EA96-4F14-B491-95AA0BCDEDDB"; protocol="application/pgp-signature"; micalg=pgp-sha1 Date: Fri, 6 Jul 2012 20:10:25 -0700 Message-Id: <6B5453AF-2700-46AA-B948-F8184681C90E@chittenden.org> To: freebsd-virtualization@freebsd.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) Subject: kern/160496 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2012 03:10:34 -0000 --Apple-Mail=_00853354-EA96-4F14-B491-95AA0BCDEDDB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Howdy. Is there any reason that someone can't shepherd kern/160496 in to = SVN? This seems like a reasonably easy fix and basic patch. -sc -- Sean Chittenden sean@chittenden.org --Apple-Mail=_00853354-EA96-4F14-B491-95AA0BCDEDDB Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iEYEARECAAYFAk/3qKIACgkQTrydwWwuXhYOFQCdGzMzXwr4F03JhbKl/dZ0jMAD 2scAoKZjyliLZM3NLPtrEn45DnsD6/tg =vbmU -----END PGP SIGNATURE----- --Apple-Mail=_00853354-EA96-4F14-B491-95AA0BCDEDDB-- From owner-freebsd-virtualization@FreeBSD.ORG Sat Jul 7 20:38:27 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AC92C1065672; Sat, 7 Jul 2012 20:38:27 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 00AA58FC0C; Sat, 7 Jul 2012 20:38:27 +0000 (UTC) Received: from dhcp-128-232-132-170.eduroam.csx.cam.ac.uk (dhcp-128-232-132-170.eduroam.csx.cam.ac.uk [128.232.132.170]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPSA id 0F91025D39FD; Sat, 7 Jul 2012 20:38:24 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <86zk7da10y.fsf@in138.ua3> Date: Sat, 7 Jul 2012 20:38:23 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4FF32FC4.6020701@delphij.net> <86wr2kau38.fsf@in138.ua3> <4FF5E87C.2020908@delphij.net> <86r4sqasrt.fsf@kopusha.home.net> <672D93D3-D4B1-432E-AE53-98E6C05B8BE4@lists.zabbadoz.net> <86zk7da10y.fsf@in138.ua3> To: Mikolaj Golub X-Mailer: Apple Mail (2.1084) Cc: d@delphij.net, FreeBSD virtualization mailing list Subject: Re: GPF when doing jail -r, possibly an use-after-free X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2012 20:38:27 -0000 On 6. Jul 2012, at 05:53 , Mikolaj Golub wrote: >=20 > On Thu, 5 Jul 2012 20:21:53 +0000 Bjoern A. Zeeb wrote: >=20 > BAZ> On 5. Jul 2012, at 19:53 , Mikolaj Golub wrote: >=20 >>>=20 >>> On Thu, 05 Jul 2012 12:18:20 -0700 Xin Li wrote: >>>=20 >>> XL> Hi, Mikolaj, >>>=20 >>> XL> On 07/04/12 00:00, Mikolaj Golub wrote: >>>>> Is this observed after destroying epair? There is an issue with >>>>> epair: on destroy, when epair_clone_destroy() calls >>>>> ether_ifdetach() for its second half it does not switch to its = vnet >>>>> and if_detach_internal() can't find the interface and just = returns. >>>>> As a result V_ifnet list is left with dead reference. >>>=20 >>> XL> Yes. >>>=20 >>>>> = http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-January/000= 628.html >>>>>=20 >>>>> Here is an updated patch against CURRENT: >>>>>=20 >>>>> = http://people.freebsd.org/~trociny/if_epair.c.epair_clone_destroy.1.patch >>>=20 >>> XL> Your >>>>>=20 >>> XL> patch did fixed the problem, thanks! Are you going to commit it >>> XL> against -HEAD and then MFC after a while? >>>=20 >>> I would like Bjoern review it before me committing, or at least tell = he does >>> not mind, if he does not have time to review -) >=20 > BAZ> To me the patch looks wrong; I am wondering if someone broke some = other central > BAZ> assumptions but given I cannot currently spend time on this and = if it fixes things > BAZ> feel free to go ahead. >=20 > If you told what looks wrong I could try to dig at that direction and = might be > back with a better solution, instead of committing a presumably wrong = fix. sorry; vnet.c:vnet_destroy() should dtrt already wrt to interfaces = moving to parents and being detached. /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!