Date: Mon, 22 Oct 2018 17:51:28 -0700 From: "Kristof Provost" <kp@FreeBSD.org> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r339554 - head/sys/net Message-ID: <6FD6264C-06D6-40F4-8EED-B4B1AD950214@FreeBSD.org> In-Reply-To: <201810211824.w9LIOLuu094155@repo.freebsd.org> References: <201810211824.w9LIOLuu094155@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Oct 2018, at 11:24, Andrey V. Elsukov wrote: > Author: ae > Date: Sun Oct 21 18:24:20 2018 > New Revision: 339554 > URL: https://svnweb.freebsd.org/changeset/base/339554 > > Log: > Rework if_ipsec(4) to use epoch(9) instead of rmlock. > > * use CK_LIST and FNV hash to keep chains of softc; > * read access to softc is protected by epoch(); > * write access is protected by ipsec_ioctl_sx. Changing of softc > fields > is allowed only when softc is unlinked from CK_LIST chains. > * linking/unlinking of softc is allowed only when ipsec_ioctl_sx is > exclusive locked. > * the plain LIST of all softc is replaced by hash table that uses > ingress > address of tunnels as a key. > * added support for appearing/disappearing of ingress address > handling. > Now it is allowed configure non-local ingress IP address, and thus > the > problem with if_ipsec(4) configuration that happens on boot, when > ingress address is not yet configured, is solved. > > MFC after: 1 month > Sponsored by: Yandex LLC > Differential Revision: https://reviews.freebsd.org/D17190 > This panics during the pf tests. To reproduce: pkg install scapy kldload pf cd /usr/tests/sys/netpfil kyua test Fatal trap 9: general protection fault while in kernel mode cpuid = 3; apic id = 03 instruction pointer = 0x20:0xffffffff80ca7260 stack pointer = 0x28:0xfffffe00954c4650 frame pointer = 0x28:0xfffffe00954c4660 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 3204 (jail) [ thread pid 3204 tid 101409 ] Stopped at ipsec_srcaddr+0x40: cmpl $0,ll+0xb(%rbx) db> bt Tracing pid 3204 tid 101409 td 0xfffff80084239580 ipsec_srcaddr() at ipsec_srcaddr+0x40/frame 0xfffffe00954c4660 srcaddr_change_event() at srcaddr_change_event+0x14d/frame 0xfffffe00954c46c0 in_difaddr_ioctl() at in_difaddr_ioctl+0x41f/frame 0xfffffe00954c4720 in_ifscrub_all() at in_ifscrub_all+0x13d/frame 0xfffffe00954c47a0 ip_destroy() at ip_destroy+0xbd/frame 0xfffffe00954c47c0 vnet_destroy() at vnet_destroy+0x124/frame 0xfffffe00954c47f0 prison_deref() at prison_deref+0x29d/frame 0xfffffe00954c4830 sys_jail_remove() at sys_jail_remove+0x28a/frame 0xfffffe00954c4880 amd64_syscall() at amd64_syscall+0x278/frame 0xfffffe00954c49b0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00954c49b0 --- syscall (508, FreeBSD ELF64, sys_jail_remove), rip = 0x8003131ba, rsp = 0x7fffffffe828, rbp = 0x7fffffffe8b0 --- At that point %rbx is 0xdeadc0dedeadc0de, so presumably we’re trying to dereference something that’s been freed already. kgdb agrees. The softc has been freed: #0 __curthread () at ./machine/pcpu.h:230 #1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff804645db in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>) at /usr/src/sys/ddb/db_command.c:574 #3 0xffffffff804643a9 in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481 #4 0xffffffff80464124 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 #5 0xffffffff8046733f in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:252 #6 0xffffffff80be5987 in kdb_trap (type=9, code=0, tf=0xfffffe00954c4590) at /usr/src/sys/kern/subr_kdb.c:693 #7 0xffffffff81072f51 in trap_fatal (frame=0xfffffe00954c4590, eva=0) at /usr/src/sys/amd64/amd64/trap.c:921 #8 0xffffffff8107244d in trap (frame=0xfffffe00954c4590) at /usr/src/sys/amd64/amd64/trap.c:217 #9 <signal handler called> #10 ipsec_srcaddr (arg=<optimized out>, sa=0xfffff80023591298, event=<optimized out>) at /usr/src/sys/net/if_ipsec.c:784 #11 0xffffffff80d2de7d in srcaddr_change_event (arg=<optimized out>, ifp=0xfffff80057864800, ifa=0xfffff80023591200, event=1) at /usr/src/sys/netinet/ip_encap.c:181 #12 0xffffffff80d1ec4f in in_difaddr_ioctl (cmd=2149607705, data=<optimized out>, ifp=0xfffff80057864800, td=<optimized out>) at /usr/src/sys/netinet/in.c:651 #13 0xffffffff80d1f4cd in in_control (cmd=2149607705, ifp=<optimized out>, td=0xffffffff81b98600 <vnet_entry_ipsec4_srchtbl>, so=<optimized out>, data=<optimized out>) at /usr/src/sys/netinet/in.c:250 #14 in_ifscrub_all () at /usr/src/sys/netinet/in.c:935 #15 0xffffffff80d32dfd in ip_destroy (unused=<optimized out>) at /usr/src/sys/netinet/ip_input.c:398 #16 0xffffffff80ccd734 in vnet_sysuninit () at /usr/src/sys/net/vnet.c:597 #17 vnet_destroy (vnet=0xfffff80005d9c0c0) at /usr/src/sys/net/vnet.c:284 #18 0xffffffff80b64c0d in prison_deref (pr=0xffffffff81b0cc30 <prison0>, flags=23) at /usr/src/sys/kern/kern_jail.c:2634 #19 0xffffffff80b6620a in sys_jail_remove (td=<optimized out>, uap=<optimized out>) at /usr/src/sys/kern/kern_jail.c:2257 #20 0xffffffff81073b28 in syscallenter (td=0xfffff80084239580) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 #21 amd64_syscall (td=0xfffff80084239580, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1154 #22 <signal handler called> #23 0x00000008003131ba in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffe828 (kgdb) fr 10 #10 ipsec_srcaddr (arg=<optimized out>, sa=0xfffff80023591298, event=<optimized out>) at /usr/src/sys/net/if_ipsec.c:784 784 if (sc->family == 0) (kgdb) p sc $1 = (struct ipsec_softc *) 0xdeadc0dedeadc0de (kgdb) Best regards, Kristof From owner-svn-src-head@freebsd.org Tue Oct 23 01:56:53 2018 Return-Path: <owner-svn-src-head@freebsd.org> Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25DE5FF2998; Tue, 23 Oct 2018 01:56:53 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0A98817E0; Tue, 23 Oct 2018 01:56:52 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CB992F77; Tue, 23 Oct 2018 01:56:52 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9N1uqRp069018; Tue, 23 Oct 2018 01:56:52 GMT (envelope-from jhibbits@FreeBSD.org) Received: (from jhibbits@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9N1uqeo069016; Tue, 23 Oct 2018 01:56:52 GMT (envelope-from jhibbits@FreeBSD.org) Message-Id: <201810230156.w9N1uqeo069016@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhibbits set sender to jhibbits@FreeBSD.org using -f From: Justin Hibbits <jhibbits@FreeBSD.org> Date: Tue, 23 Oct 2018 01:56:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339632 - head/sys/dev/dpaa X-SVN-Group: head X-SVN-Commit-Author: jhibbits X-SVN-Commit-Paths: head/sys/dev/dpaa X-SVN-Commit-Revision: 339632 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current <svn-src-head.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>, <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>; List-Post: <mailto:svn-src-head@freebsd.org> List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>, <mailto:svn-src-head-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 23 Oct 2018 01:56:53 -0000 Author: jhibbits Date: Tue Oct 23 01:56:52 2018 New Revision: 339632 URL: https://svnweb.freebsd.org/changeset/base/339632 Log: dpaa: Mark BMan and QMan as earlier driver modules The BMan softc must exist when dtsec devices are created, else a NULL pointer is dereferenced. QMan likely as well. Until now, we have relied on order within the fdt parsing to attach correctly, but this obviously is not foolproof. Mark these as BUS_PASS_SUPPORTDEV so they're probed and attached explicitly before dtsec devices. Modified: head/sys/dev/dpaa/bman_fdt.c head/sys/dev/dpaa/qman_fdt.c Modified: head/sys/dev/dpaa/bman_fdt.c ============================================================================== --- head/sys/dev/dpaa/bman_fdt.c Tue Oct 23 01:42:43 2018 (r339631) +++ head/sys/dev/dpaa/bman_fdt.c Tue Oct 23 01:56:52 2018 (r339632) @@ -68,7 +68,8 @@ static driver_t bman_driver = { }; static devclass_t bman_devclass; -DRIVER_MODULE(bman, simplebus, bman_driver, bman_devclass, 0, 0); +EARLY_DRIVER_MODULE(bman, simplebus, bman_driver, bman_devclass, 0, 0, + BUS_PASS_SUPPORTDEV); static int bman_fdt_probe(device_t dev) Modified: head/sys/dev/dpaa/qman_fdt.c ============================================================================== --- head/sys/dev/dpaa/qman_fdt.c Tue Oct 23 01:42:43 2018 (r339631) +++ head/sys/dev/dpaa/qman_fdt.c Tue Oct 23 01:56:52 2018 (r339632) @@ -68,7 +68,8 @@ static driver_t qman_driver = { }; static devclass_t qman_devclass; -DRIVER_MODULE(qman, simplebus, qman_driver, qman_devclass, 0, 0); +EARLY_DRIVER_MODULE(qman, simplebus, qman_driver, qman_devclass, 0, 0, + BUS_PASS_SUPPORTDEV); static int qman_fdt_probe(device_t dev)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6FD6264C-06D6-40F4-8EED-B4B1AD950214>