Date: Sun, 29 May 2016 21:39:01 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize Message-ID: <bug-209475-17777-zIWGvRmonf@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-209475-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-209475-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475 --- Comment #4 from fehmi noyan isi <fnoyanisi@yahoo.com> --- Hi, In this forum post [1] from David, there is a bit of discussion about this PR (apart from the original question). Would checking the requested amount of memory by malloc(9) against the available RAM (obtained via sysctl hw.physmem) be a good approach to avoid this problem? To test this, I setup two identical VMs (in fact, VM2 is the copied & renamed version of VM1 bhyve image) with 512MB of RAM, running FreeBSD-CURRENT, single CPU core. VM1 has the pf.c that comes with the FreeBSD-CURRENT source, whereas VM2 has a patched version of the file, which performs a sanity check on the requested memory by malloc(9) against the RAM size. If the requested memory is more than the available memory, ph_hashsize is set to PF_HASHSIZ, which 32768. On both VMs, I set net.pf.states_hashsize to 2147483648 (way more than the RAM on the VM) via /boot/loader.conf. pf(4) is loaded with service(8) command. With this configuration on each VM, VM1 fails to start pf(4), whereas VM2 is successful to load the kernel module with net.pf.states_hashsize set to 32768. VM1 ---------------------------------------------------------- vm1 # uname -a FreeBSD test-pf 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r297692: Fri Apr 8 03:07:13 UTC 2016 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 vm1 # cat /boot/loader.conf net.pf.states_hashsize: 2147483648 vm1 # sysctl hw.realmem hw.realmem: 536870912 vm1 # kldstat Id Refs Address Size Name 1 3 0xffffffff80200000 1ee2bc0 kernel vm1 # service pf onestart Enabling pfKernel page fault with the following non-sleepable locks held: exclusive rw pf rulesets (pf rulesets) r = 0 (0xffffffff822466e0) locked @ /usr/src/sys/modules/pf/../../netpfil/pf/pf_ioctl.c:2901 stack backtrace: #0 0xffffffff80a91a90 at witness_debugger+0x70 #1 0xffffffff80a92d77 at witness_warn+0x3d7 #2 0xffffffff80e92817 at trap_pfault+0x57 #3 0xffffffff80e91ea4 at trap+0x284 #4 0xffffffff80e71ea7 at calltrap+0x8 #5 0xffffffff8090b646 at devfs_ioctl_f+0x156 #6 0xffffffff80a97106 at kern_ioctl+0x246 #7 0xffffffff80a96e51 at sys_ioctl+0x171 #8 0xffffffff80e92f6b at amd64_syscall+0x2db #9 0xffffffff80e7218b at Xfast_syscall+0xfb Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8223001f stack pointer = 0x28:0xfffffe002b724310 frame pointer = 0x28:0xfffffe002b724800 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 635 (pfctl) [ thread pid 635 tid 100074 ] Stopped at pfioctl+0x4ef: movq (%rdi),%rsi db> VM2 ---------------------------------------------------------- vm2 # uname -a FreeBSD test-pf 11.0-CURRENT FreeBSD 11.0-CURRENT #2: Sun May 29 12:06:57 NZST 2016 test@test-pf:/usr/obj/usr/src/sys/GENERIC amd64 vm2 # cat /boot/loader.conf net.pf.states_hashsize="2147483648" vm2 # sysctl hw.realmem hw.realmem: 536870912 vm2 # kldstat Id Refs Address Size Name 1 1 0xffffffff80200000 1ee2bc0 kernel vm2 # service pf onestart Enabling pf. vm2 # kldstat Id Refs Address Size Name 1 3 0xffffffff80200000 1ee2bc0 kernel 2 1 0xffffffff82219000 34c30 pf.ko [1] https://forums.freebsd.org/threads/56250/ -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-209475-17777-zIWGvRmonf>