From owner-freebsd-net@FreeBSD.ORG  Thu Apr 23 19:30:04 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46AEF106566B
	for <freebsd-net@hub.freebsd.org>; Thu, 23 Apr 2009 19:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 351E58FC1F
	for <freebsd-net@hub.freebsd.org>; Thu, 23 Apr 2009 19:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3NJU3r5076401
	for <freebsd-net@freefall.freebsd.org>; Thu, 23 Apr 2009 19:30:03 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3NJU3me076397;
	Thu, 23 Apr 2009 19:30:03 GMT (envelope-from gnats)
Date: Thu, 23 Apr 2009 19:30:03 GMT
Message-Id: <200904231930.n3NJU3me076397@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: Mikolaj Golub <to.my.trociny@gmail.com>
Cc: 
Subject: Re: kern/132734: panic in net/if_mib.c
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Mikolaj Golub <to.my.trociny@gmail.com>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 19:30:04 -0000

The following reply was made to PR kern/132734; it has been noted by GNATS.

From: Mikolaj Golub <to.my.trociny@gmail.com>
To: Alexey Illarionov <littlesavage@orionet.ru>
Cc: bug-followup@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org>
Subject: Re: kern/132734: panic in net/if_mib.c
Date: Thu, 23 Apr 2009 22:29:36 +0300

 SVN rev 191435 on 2009-04-23 18:23:08Z by rwatson
 
 Merge r191434 from stable/7 to releng/7.2:
 
   In sysctl_ifdata(), query the ifnet pointer using the index only
   once, rather than querying it, validating it, and then re-querying
   it without validating it.  This may avoid a NULL pointer
   dereference and resulting kernel page fault if an interface is
   being deleted while bsnmp or other tools are querying data on the
   interface.
 
   The full fix, to properly refcount the interface for the duration
   of the sysctl, is in 8.x, but is considered too high-risk for
   7.2, so instead will appear in 7.3 (if all goes well).
 
 So, Alexey, can you try upgrading to the latest stable/7 or releng/7.2 or
 apply attached patch to see if this tweak at least eliminates the instant
 panic?
 
 --- if_mib.c	(revision 191424)
 +++ if_mib.c	(working copy)
 @@ -82,11 +82,9 @@
  		return EINVAL;
 
  	if (name[0] <= 0 || name[0] > if_index ||
 -	    ifnet_byindex(name[0]) == NULL)
 +	    (ifp = ifnet_byindex(name[0])) == NULL)
  		return ENOENT;
 
 -	ifp = ifnet_byindex(name[0]);
 -
  	switch(name[1]) {
  	default:
  		return ENOENT;