From nobody Sat Jul 10 08:23:04 2021
X-Original-To: stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6FE75CFAE87
	for <stable@mlmmj.nyi.freebsd.org>; Sat, 10 Jul 2021 08:23:08 +0000 (UTC)
	(envelope-from se@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GMNMJ2YHkz3rhR;
	Sat, 10 Jul 2021 08:23:08 +0000 (UTC)
	(envelope-from se@freebsd.org)
Received: from Stefans-MBP-449.fritz.box (p200300cd5f098700843d0a051b030d69.dip0.t-ipconnect.de [IPv6:2003:cd:5f09:8700:843d:a05:1b03:d69])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate)
	(Authenticated sender: se/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id C12C52490B;
	Sat, 10 Jul 2021 08:23:07 +0000 (UTC)
	(envelope-from se@freebsd.org)
To: Karl Denninger <karl@denninger.net>, stable@freebsd.org
References: <2e3dcd4d-c8e6-8381-0010-d0844c99901e@denninger.net>
 <20210708221134.GA32658@belenus.iks-jena.de>
 <a6a9c220-fee6-a0ea-7721-f88ff865a6a8@denninger.net>
 <CAFMmRNy9K-1mTDoqQhgdChWV5f_n4QhNesz+6xWywn_TQ43xng@mail.gmail.com>
 <ca5beb7c-db38-1d3c-0f3c-b1b6a12c311e@denninger.net>
 <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
From: Stefan Esser <se@freebsd.org>
Subject: Re: 12.2 Splay Tree ipfw potential panic source
Message-ID: <dde6a01e-c41f-19be-593c-246eef11ea3b@freebsd.org>
Date: Sat, 10 Jul 2021 10:23:04 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.11.0
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
Sender: owner-freebsd-stable@freebsd.org
X-BeenThere: freebsd-stable@freebsd.org
MIME-Version: 1.0
In-Reply-To: <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL"
X-ThisMailContainsUnwantedMimeParts: N

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL
Content-Type: multipart/mixed; boundary="AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE";
 protected-headers="v1"
From: Stefan Esser <se@freebsd.org>
To: Karl Denninger <karl@denninger.net>, stable@freebsd.org
Message-ID: <dde6a01e-c41f-19be-593c-246eef11ea3b@freebsd.org>
Subject: Re: 12.2 Splay Tree ipfw potential panic source
References: <2e3dcd4d-c8e6-8381-0010-d0844c99901e@denninger.net>
 <20210708221134.GA32658@belenus.iks-jena.de>
 <a6a9c220-fee6-a0ea-7721-f88ff865a6a8@denninger.net>
 <CAFMmRNy9K-1mTDoqQhgdChWV5f_n4QhNesz+6xWywn_TQ43xng@mail.gmail.com>
 <ca5beb7c-db38-1d3c-0f3c-b1b6a12c311e@denninger.net>
 <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
In-Reply-To: <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>

--AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

Am 10.07.21 um 04:41 schrieb Karl Denninger:
> Ok, so I have good news and bad news.
>=20
> I have the trap and it is definitely in libalias which appears to come =
about as
> a result of a NAT translation attempt.
>=20
> Fatal trap 18: integer divide fault while in kernel mode
[...]
> HouseKeeping() at HouseKeeping+0x1c/frame 0xfffffe0017b6b320

The divide by zero at one of the first instructions of HouseKeeping()
seems to be caused by this line:

/sys/netinet/libalias/alias_db.c:1753:

        if (packets % packet_limit =3D=3D 0) {

Seems that packet_limit can become zero, there ...

At line 1780 within that function:

      		if (now !=3D LibAliasTime) {
                        /* retry three times a second */
                        packet_limit =3D packets / 3;
                        packets =3D 0;
                        LibAliasTime =3D now;
                }

The static variable packet limit is divided by 3 without any
protection against going down to 0.

A packet_limit of zero makes no sense (besides causing a divide
by zero abort), therefore this value should probably have a lower
limit of 1.

Maybe that
                        packet_limit =3D packets / 3 + 1;

would give an acceptably close result in all cases.

Else enforce a minimum value of 1 after the division:

                        packet_limit =3D packets / 3;
                        if (packet_limit =3D=3D 0)
                                packet_limit =3D 1;
Or just:
                        packet_limit =3D packets >=3D 3 ? packets / 3 : 1=
;

Regards, STefan


--AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE--

--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmDpWOgFAwAAAAAACgkQR+u171r99UTn
dwf/eBtEoBpv7yvsRGzHt6RL61JMIwlqxXOKltE6oaTGKSezGeWRga3IT2KS6g0ghuivvX4XR78I
3tPKWG+n1ylC+tkEkKbC0Aijilg2gy7rr1bM3GINbNL2U9cKTEIDVWqQWCUs+H44aA+jw9nqKhWe
UtKBO0GyoCFcSC22I0T27JmTT41icIeWSO34aQgRcoLeB8k+gk9Fz0ngGnqUuBuF40UuMOoRxAwr
8u539r6y1FvtnJ+s0vEZNXVvBYL61OPdDatEo1hh+956lAmCno993TSYJ2CXqlX/q199wXzmA8tn
p7Sgf/ejqCibbt4ML3cs1USvP8USHrW6ZYhRHTM+wQ==
=sO1Z
-----END PGP SIGNATURE-----

--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL--