Date: Fri, 2 May 2014 05:40:01 GMT From: David Cross <david@dcrosstech.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/189219: using dummynet on sparc64 and configuring a pipe is an insta-panic Message-ID: <201405020540.s425e1IM040758@cgiserv.freebsd.org> Resent-Message-ID: <201405020550.s425o0Yp016207@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 189219
>Category: kern
>Synopsis: using dummynet on sparc64 and configuring a pipe is an insta-panic
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 02 05:50:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: David Cross
>Release: 10.0
>Organization:
>Environment:
FreeBSD REDACTED 10.0-RELEASE FreeBSD 10.0-RELEASE #1: Sat Apr 26 00:00:39 EDT 2014 root@REDACTED:/usr/obj/usr/src/sys/GWSPARC sparc64
>Description:
enabling ipfw with dummynet and running ipfw pipe 1 config bw 100mbit panics the machine on an unaligned memory access
>How-To-Repeat:
spar64 machine + ipfw + dummynet, then run:
ipfw pipe 1 config bw 100mbit
>Fix:
A bit of a kludge, basically creates a new structure in memory to force align it, and then copies it all over (after verifying length)
--- src/sys/netpfil/ipfw/ip_dummynet.c.orig 2014-05-02 01:36:59.000000000 -0400
+++ src/sys/netpfil/ipfw/ip_dummynet.c 2014-05-02 01:35:58.000000000 -0400
@@ -1210,15 +1210,18 @@
* configure a link (and its FIFO instance)
*/
static int
-config_link(struct dn_link *p, struct dn_id *arg)
+config_link(struct dn_link *op, struct dn_id *arg)
{
+ struct dn_link np;
int i;
- if (p->oid.len != sizeof(*p)) {
- D("invalid pipe len %d", p->oid.len);
+ bcopy(&(op->oid.len), &(np.oid.len), sizeof(np.oid.len));
+ if (np.oid.len != sizeof(np)) {
+ D("invalid pipe len %d", np.oid.len);
return EINVAL;
}
- i = p->link_nr;
+ bcopy(op, &np, sizeof(np));
+ i = np.link_nr;
if (i <= 0 || i >= DN_MAX_ID)
return EINVAL;
/*
@@ -1228,9 +1231,9 @@
* qsize = slots/bytes
* burst ???
*/
- p->delay = (p->delay * hz) / 1000;
+ np.delay = (np.delay * hz) / 1000;
/* Scale burst size: bytes -> bits * hz */
- p->burst *= 8 * hz;
+ np.burst *= 8 * hz;
DN_BH_WLOCK();
/* do it twice, base link and FIFO link */
@@ -1247,15 +1250,15 @@
s->profile = NULL;
}
/* copy all parameters */
- s->link.oid = p->oid;
+ s->link.oid = np.oid;
s->link.link_nr = i;
- s->link.delay = p->delay;
- if (s->link.bandwidth != p->bandwidth) {
+ s->link.delay = np.delay;
+ if (s->link.bandwidth != np.bandwidth) {
/* XXX bandwidth changes, need to update red params */
- s->link.bandwidth = p->bandwidth;
+ s->link.bandwidth = np.bandwidth;
update_red(s);
}
- s->link.burst = p->burst;
+ s->link.burst = np.burst;
schk_reset_credit(s);
}
dn_cfg.id++;
>Release-Note:
>Audit-Trail:
>Unformatted:
>panic<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405020540.s425e1IM040758>