From owner-freebsd-current@freebsd.org Tue Oct 6 15:01:40 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 62C6F434E46 for ; Tue, 6 Oct 2020 15:01:40 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5LJz1zrtz4ZCq for ; Tue, 6 Oct 2020 15:01:39 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x735.google.com with SMTP id s4so2686987qkf.7 for ; Tue, 06 Oct 2020 08:01:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=UcH2Fu5QK8IzmfNIKHdUAA1cbZFa7cDwulgfWRdQ1Og=; b=La7El/270Rpa//QI8XcCvGrmXOEM8VPvLItKSVHYtqE8088w9QXXVAXLQonG3shU4y roEKbkw4dZrdFP+9Xtv5ozBT955rIr1nxV7RVztzhG+aHMU9uBGnrm8fgGqb62aHU7WJ dEyY2inQVluBJORRdjBlYDoC412UnEmr6Mfw9f75mw1IlSuL+kMfQLZXtV2YSmS2eVnb zLYM4IVT30EjdxQr/FJ+49EqnPHOIC9qU1tCINC8UgLWBzEaeJ0vTeWcTzY2ldyZeTVJ G/72gulgWjxM613f3Dtm38Y+ylxmgLOjpQxxJu9a/ySTZrOKXoYvlRFYf1APDCfABpSl OO8A== X-Gm-Message-State: AOAM532lvK9I1y73lMOTvp6UKj+XOQysHrQYokTR3c6SK8JWk4J1fkhb VwPt+D+zG04v/81TPNGfXti/cw== X-Google-Smtp-Source: ABdhPJyTj/oICaKmnOeK5hppINTN3OEjJRuyzZ4todwZ4GIWXpkjziSKCYhSBGpFlCpI9M53wCbK8A== X-Received: by 2002:a05:620a:109a:: with SMTP id g26mr5497478qkk.400.1601996497304; Tue, 06 Oct 2020 08:01:37 -0700 (PDT) Received: from mutt-hbsd ([38.140.209.220]) by smtp.gmail.com with ESMTPSA id e9sm2662595qkb.8.2020.10.06.08.01.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Oct 2020 08:01:35 -0700 (PDT) Date: Tue, 6 Oct 2020 11:01:33 -0400 From: Shawn Webb To: Kristof Provost Cc: Alexander Leidinger , FreeBSD Current Subject: Re: iflib/bridge kernel panic Message-ID: <20201006150133.3kjvnpiclxq2b6ae@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA References: <58CADEBB-64FD-414E-AB19-E4F8D3CABCA5@FreeBSD.org> <20200921121627.3dovpumnl6xub3kn@mutt-hbsd> <7FE1F106-2CEE-4692-95D0-14C5229ED768@FreeBSD.org> <20200928124531.Horde.0EjsBzIG5ktLzby_tFcoPPS@webmail.leidinger.net> <33903BFF-4158-4CD9-AD79-360BCD81F1C9@FreeBSD.org> <20200928164410.Horde.mYBkuEeD_Q6xgnKnwNomv7P@webmail.leidinger.net> <6A5EFCFA-C0DC-4DEF-834B-2F9E4FCC8812@FreeBSD.org> <20200929213615.5gpupobj2ylgv2yr@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5pwl3374zgqbh2vz" Content-Disposition: inline In-Reply-To: <20200929213615.5gpupobj2ylgv2yr@mutt-hbsd> X-Rspamd-Queue-Id: 4C5LJz1zrtz4ZCq X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; NEURAL_HAM_LONG(-1.05)[-1.046]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; NEURAL_HAM_SHORT(-0.46)[-0.462]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::735:from]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 15:01:40 -0000 --5pwl3374zgqbh2vz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 29, 2020 at 05:36:15PM -0400, Shawn Webb wrote: > On Tue, Sep 29, 2020 at 11:20:44PM +0200, Kristof Provost wrote: > >=20 > >=20 > > On 28 Sep 2020, at 16:44, Alexander Leidinger wrote: > >=20 > > > Quoting Kristof Provost (from Mon, 28 Sep 2020 13:53= :16 > > > +0200): > > >=20 > > > > On 28 Sep 2020, at 12:45, Alexander Leidinger wrote: > > > > > Quoting Kristof Provost (from Sun, 27 Sep 2020 > > > > > 17:51:32 +0200): > > > > > > Here???s an early version of a task queue based approach: http:= //people.freebsd.org/~kp/0001-bridge-Cope-with-if_ioctl-s-that-sleep.patch > > > > > >=20 > > > > > > That still needs to be cleaned up, but this should resolve > > > > > > the sleep issue and the LOR. > > > > >=20 > > > > > There are some issues... seems like inside a jail I can't ping > > > > > systems outside of the hardware. > > > > >=20 > > > > > Bridge setup: > > > > > - member jail A > > > > > - member jail B > > > > > - member external_if of host > > > > >=20 > > > > > If I ping the router from the host, it works. If I ping from one > > > > > jail to another, it works. If I ping from the jail to the IP of > > > > > the external_if, it works. If I ping from a jail to the router, > > > > > I do not get a response. > > > > >=20 > > > > Can you check for 'failed ifpromisc' error messages in dmesg? And > > > > verify that all bridge member interfaces are in promiscuous mode? > > >=20 > > > I have a panic for you...: > > > - startup still in progress =3D 22 jails in startup, somewhere after= a > > > few jails started the panic happened > > > - tcpdump was running on the external interface > > > - a ping to a jail IP from another system was running, the first ping > > > went through, then it paniced > > >=20 > > > First regarding your questions about promisc mode: no error, but the > > > promisc mode is directly disabled again on all interfaces. > > >=20 > > I think I see why you had issues with the promiscuous setting. I???ve > > updated the patch to be even more horrific than it was before. > >=20 > > I can???t explain the panic, and the backtrace also doesn???t appear to= be > > directly related to this patch. Not sure what???s going on with that. >=20 > I should have time to test the new patch this weekend. ${LIFE} is > keeping me busy the past few weeks. I'm gonna add an event in my > calendar to remind me to test the patch. heh. Sorry for the delay. I rebuilt with the new patch this morning. Looking good on all fronts, including LORs. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --5pwl3374zgqbh2vz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl98hsoACgkQ/y5nonf4 4fpx0Q//UCL//+dyyQjmaHJBF9iorsDzK+fxpPfvRVfss7x7FIRxpq+Khjw22Mmc cVKEH0rHoPKhSAppZbAeit0Wfa4VtDG/2OWDLLV+lmHYSdNuIk9Hx4z07Had0knx WanEyqs5kqWLQVt2zWdBlLQF1WkrHNB1cam98CD9JgP5ZNXfeDVazaC1qaY1SQeP 1EP06IZ3MnN43l5kgybjYeVmeu/Zvhbi1WW88CDEy+5+Zw9ssXhjmG0DQDk8/EGT kwnl7ZHRUNXVJB8GSjxGxNjxaksAki8bqXNqSbl2D7Ou/uIopuVB2hMVB3d7g5aK DnGYD6pJHf2ncWItXTk5/eRyfrtO5urRvAhaa3lP1bZacUej+QJ9VG4JR23ZHC5F c2Q/uCraDjNOLSfgg4VKWjF3Gw9d4hyORIu971SF1bLqOGEjLb4MvgeRkVFNkgxk 4v7UKzwlU7+b18z9ll6JIHSwZ6ll2iiqpJ5A7jCHgIpIPQ1izUCUMljKa9s4b0BM JzwvCNt1pARVby9rpJGFtwnJERieOnjizOhmU9wVw2S10y7dmAdWynGGFLNFcLQT dHNLxMr17DJemorNcOABzblxZW5qUhvy8lxxxOxVqWUTZI8etvf10l7rJe4lp68V mf4dyR9vtdZTUsGNDb2yICZDcQ7EADoNS/P88r6WfK85pBBWXlg= =sVFy -----END PGP SIGNATURE----- --5pwl3374zgqbh2vz--