From owner-svn-src-head@freebsd.org Tue Oct 23 00:51:35 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FF5FFEAE19; Tue, 23 Oct 2018 00:51:35 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48A6C7C165; Tue, 23 Oct 2018 00:51:35 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.codepro.be", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 172FD1D67B; Tue, 23 Oct 2018 00:51:35 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [169.254.84.164] (unknown [IPv6:2601:647:4780:2b90:81f2:183d:1ba5:9b61]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 7B4C015597; Tue, 23 Oct 2018 02:51:31 +0200 (CEST) From: "Kristof Provost" To: "Andrey V. Elsukov" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r339554 - head/sys/net Date: Mon, 22 Oct 2018 17:51:28 -0700 X-Mailer: MailMate (2.0BETAr6123) Message-ID: <6FD6264C-06D6-40F4-8EED-B4B1AD950214@FreeBSD.org> In-Reply-To: <201810211824.w9LIOLuu094155@repo.freebsd.org> References: <201810211824.w9LIOLuu094155@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 00:51:35 -0000 On 21 Oct 2018, at 11:24, Andrey V. Elsukov wrote: > Author: ae > Date: Sun Oct 21 18:24:20 2018 > New Revision: 339554 > URL: https://svnweb.freebsd.org/changeset/base/339554 > > Log: > Rework if_ipsec(4) to use epoch(9) instead of rmlock. > > * use CK_LIST and FNV hash to keep chains of softc; > * read access to softc is protected by epoch(); > * write access is protected by ipsec_ioctl_sx. Changing of softc > fields > is allowed only when softc is unlinked from CK_LIST chains. > * linking/unlinking of softc is allowed only when ipsec_ioctl_sx is > exclusive locked. > * the plain LIST of all softc is replaced by hash table that uses > ingress > address of tunnels as a key. > * added support for appearing/disappearing of ingress address > handling. > Now it is allowed configure non-local ingress IP address, and thus > the > problem with if_ipsec(4) configuration that happens on boot, when > ingress address is not yet configured, is solved. > > MFC after: 1 month > Sponsored by: Yandex LLC > Differential Revision: https://reviews.freebsd.org/D17190 > This panics during the pf tests. To reproduce: pkg install scapy kldload pf cd /usr/tests/sys/netpfil kyua test Fatal trap 9: general protection fault while in kernel mode cpuid = 3; apic id = 03 instruction pointer = 0x20:0xffffffff80ca7260 stack pointer = 0x28:0xfffffe00954c4650 frame pointer = 0x28:0xfffffe00954c4660 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 3204 (jail) [ thread pid 3204 tid 101409 ] Stopped at ipsec_srcaddr+0x40: cmpl $0,ll+0xb(%rbx) db> bt Tracing pid 3204 tid 101409 td 0xfffff80084239580 ipsec_srcaddr() at ipsec_srcaddr+0x40/frame 0xfffffe00954c4660 srcaddr_change_event() at srcaddr_change_event+0x14d/frame 0xfffffe00954c46c0 in_difaddr_ioctl() at in_difaddr_ioctl+0x41f/frame 0xfffffe00954c4720 in_ifscrub_all() at in_ifscrub_all+0x13d/frame 0xfffffe00954c47a0 ip_destroy() at ip_destroy+0xbd/frame 0xfffffe00954c47c0 vnet_destroy() at vnet_destroy+0x124/frame 0xfffffe00954c47f0 prison_deref() at prison_deref+0x29d/frame 0xfffffe00954c4830 sys_jail_remove() at sys_jail_remove+0x28a/frame 0xfffffe00954c4880 amd64_syscall() at amd64_syscall+0x278/frame 0xfffffe00954c49b0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00954c49b0 --- syscall (508, FreeBSD ELF64, sys_jail_remove), rip = 0x8003131ba, rsp = 0x7fffffffe828, rbp = 0x7fffffffe8b0 --- At that point %rbx is 0xdeadc0dedeadc0de, so presumably we’re trying to dereference something that’s been freed already. kgdb agrees. The softc has been freed: #0 __curthread () at ./machine/pcpu.h:230 #1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff804645db in db_dump (dummy=, dummy2=, dummy3=, dummy4=) at /usr/src/sys/ddb/db_command.c:574 #3 0xffffffff804643a9 in db_command (last_cmdp=, cmd_table=, dopager=) at /usr/src/sys/ddb/db_command.c:481 #4 0xffffffff80464124 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 #5 0xffffffff8046733f in db_trap (type=, code=) at /usr/src/sys/ddb/db_main.c:252 #6 0xffffffff80be5987 in kdb_trap (type=9, code=0, tf=0xfffffe00954c4590) at /usr/src/sys/kern/subr_kdb.c:693 #7 0xffffffff81072f51 in trap_fatal (frame=0xfffffe00954c4590, eva=0) at /usr/src/sys/amd64/amd64/trap.c:921 #8 0xffffffff8107244d in trap (frame=0xfffffe00954c4590) at /usr/src/sys/amd64/amd64/trap.c:217 #9 #10 ipsec_srcaddr (arg=, sa=0xfffff80023591298, event=) at /usr/src/sys/net/if_ipsec.c:784 #11 0xffffffff80d2de7d in srcaddr_change_event (arg=, ifp=0xfffff80057864800, ifa=0xfffff80023591200, event=1) at /usr/src/sys/netinet/ip_encap.c:181 #12 0xffffffff80d1ec4f in in_difaddr_ioctl (cmd=2149607705, data=, ifp=0xfffff80057864800, td=) at /usr/src/sys/netinet/in.c:651 #13 0xffffffff80d1f4cd in in_control (cmd=2149607705, ifp=, td=0xffffffff81b98600 , so=, data=) at /usr/src/sys/netinet/in.c:250 #14 in_ifscrub_all () at /usr/src/sys/netinet/in.c:935 #15 0xffffffff80d32dfd in ip_destroy (unused=) at /usr/src/sys/netinet/ip_input.c:398 #16 0xffffffff80ccd734 in vnet_sysuninit () at /usr/src/sys/net/vnet.c:597 #17 vnet_destroy (vnet=0xfffff80005d9c0c0) at /usr/src/sys/net/vnet.c:284 #18 0xffffffff80b64c0d in prison_deref (pr=0xffffffff81b0cc30 , flags=23) at /usr/src/sys/kern/kern_jail.c:2634 #19 0xffffffff80b6620a in sys_jail_remove (td=, uap=) at /usr/src/sys/kern/kern_jail.c:2257 #20 0xffffffff81073b28 in syscallenter (td=0xfffff80084239580) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 #21 amd64_syscall (td=0xfffff80084239580, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1154 #22 #23 0x00000008003131ba in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffe828 (kgdb) fr 10 #10 ipsec_srcaddr (arg=, sa=0xfffff80023591298, event=) at /usr/src/sys/net/if_ipsec.c:784 784 if (sc->family == 0) (kgdb) p sc $1 = (struct ipsec_softc *) 0xdeadc0dedeadc0de (kgdb) Best regards, Kristof From owner-svn-src-head@freebsd.org Tue Oct 23 01:56:53 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25DE5FF2998; Tue, 23 Oct 2018 01:56:53 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0A98817E0; Tue, 23 Oct 2018 01:56:52 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CB992F77; Tue, 23 Oct 2018 01:56:52 +0000 (UTC) (envelope-from jhibbits@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9N1uqRp069018; Tue, 23 Oct 2018 01:56:52 GMT (envelope-from jhibbits@FreeBSD.org) Received: (from jhibbits@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9N1uqeo069016; Tue, 23 Oct 2018 01:56:52 GMT (envelope-from jhibbits@FreeBSD.org) Message-Id: <201810230156.w9N1uqeo069016@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhibbits set sender to jhibbits@FreeBSD.org using -f From: Justin Hibbits Date: Tue, 23 Oct 2018 01:56:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339632 - head/sys/dev/dpaa X-SVN-Group: head X-SVN-Commit-Author: jhibbits X-SVN-Commit-Paths: head/sys/dev/dpaa X-SVN-Commit-Revision: 339632 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 01:56:53 -0000 Author: jhibbits Date: Tue Oct 23 01:56:52 2018 New Revision: 339632 URL: https://svnweb.freebsd.org/changeset/base/339632 Log: dpaa: Mark BMan and QMan as earlier driver modules The BMan softc must exist when dtsec devices are created, else a NULL pointer is dereferenced. QMan likely as well. Until now, we have relied on order within the fdt parsing to attach correctly, but this obviously is not foolproof. Mark these as BUS_PASS_SUPPORTDEV so they're probed and attached explicitly before dtsec devices. Modified: head/sys/dev/dpaa/bman_fdt.c head/sys/dev/dpaa/qman_fdt.c Modified: head/sys/dev/dpaa/bman_fdt.c ============================================================================== --- head/sys/dev/dpaa/bman_fdt.c Tue Oct 23 01:42:43 2018 (r339631) +++ head/sys/dev/dpaa/bman_fdt.c Tue Oct 23 01:56:52 2018 (r339632) @@ -68,7 +68,8 @@ static driver_t bman_driver = { }; static devclass_t bman_devclass; -DRIVER_MODULE(bman, simplebus, bman_driver, bman_devclass, 0, 0); +EARLY_DRIVER_MODULE(bman, simplebus, bman_driver, bman_devclass, 0, 0, + BUS_PASS_SUPPORTDEV); static int bman_fdt_probe(device_t dev) Modified: head/sys/dev/dpaa/qman_fdt.c ============================================================================== --- head/sys/dev/dpaa/qman_fdt.c Tue Oct 23 01:42:43 2018 (r339631) +++ head/sys/dev/dpaa/qman_fdt.c Tue Oct 23 01:56:52 2018 (r339632) @@ -68,7 +68,8 @@ static driver_t qman_driver = { }; static devclass_t qman_devclass; -DRIVER_MODULE(qman, simplebus, qman_driver, qman_devclass, 0, 0); +EARLY_DRIVER_MODULE(qman, simplebus, qman_driver, qman_devclass, 0, 0, + BUS_PASS_SUPPORTDEV); static int qman_fdt_probe(device_t dev)