Date: Sat, 10 Jul 2021 08:36:29 -0400 From: Karl Denninger <karl@denninger.net> To: Stefan Esser <se@freebsd.org>, stable@freebsd.org Subject: Re: [PATCH] Re: 12.2 Splay Tree ipfw potential panic source Message-ID: <e700a89c-c7d2-a4d2-44a7-dcd967fc3bae@denninger.net> In-Reply-To: <a06435bb-65c4-c645-031a-dc1bbf121b20@freebsd.org> References: <2e3dcd4d-c8e6-8381-0010-d0844c99901e@denninger.net> <20210708221134.GA32658@belenus.iks-jena.de> <a6a9c220-fee6-a0ea-7721-f88ff865a6a8@denninger.net> <CAFMmRNy9K-1mTDoqQhgdChWV5f_n4QhNesz%2B6xWywn_TQ43xng@mail.gmail.com> <ca5beb7c-db38-1d3c-0f3c-b1b6a12c311e@denninger.net> <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net> <dde6a01e-c41f-19be-593c-246eef11ea3b@freebsd.org> <a06435bb-65c4-c645-031a-dc1bbf121b20@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.
--------------ms030008070505090303090609
Content-Type: multipart/alternative;
boundary="------------552FAD09834F85E8D23772B0"
Content-Language: en-US
This is a multi-part message in MIME format.
--------------552FAD09834F85E8D23772B0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
On 7/10/2021 04:52, Stefan Esser wrote:
> Am 10.07.21 um 10:23 schrieb Stefan Esser:
>> Am 10.07.21 um 04:41 schrieb Karl Denninger:
>>> Ok, so I have good news and bad news.
>>>
>>> I have the trap and it is definitely in libalias which appears to com=
e about as
>>> a result of a NAT translation attempt.
>>>
>>> Fatal trap 18: integer divide fault while in kernel mode
>> [...]
>>> HouseKeeping() at HouseKeeping+0x1c/frame 0xfffffe0017b6b320
>> The divide by zero at one of the first instructions of HouseKeeping()
>> seems to be caused by this line:
>>
>> /sys/netinet/libalias/alias_db.c:1753:
>>
>> if (packets % packet_limit =3D=3D 0) {
>>
>> Seems that packet_limit can become zero, there ...
>>
>> At line 1780 within that function:
>>
>> if (now !=3D LibAliasTime) {
>> /* retry three times a second */
>> packet_limit =3D packets / 3;
>> packets =3D 0;
>> LibAliasTime =3D now;
>> }
>>
>> The static variable packet limit is divided by 3 without any
>> protection against going down to 0.
>>
>> A packet_limit of zero makes no sense (besides causing a divide
>> by zero abort), therefore this value should probably have a lower
>> limit of 1.
>>
>> Maybe that
>> packet_limit =3D packets / 3 + 1;
>>
>> would give an acceptably close result in all cases.
>>
>> Else enforce a minimum value of 1 after the division:
>>
>> packet_limit =3D packets / 3;
>> if (packet_limit =3D=3D 0)
>> packet_limit =3D 1;
>> Or just:
>> packet_limit =3D packets >=3D 3 ? packets / 3=
: 1;
>>
>> Regards, STefan
> I have just noticed that enforcing a lower limit of 1 is totally
> equivalent to testing for zero before performing the modulo operation.
>
> The attached patch should fix the panic and does not change the way
> packet_limit is calculated. Since the variable is immediately used
> in the modulo when not zero, the additional cost of the test for zero
> is extremely low, less than that of the other suggested changes.
>
> Maybe that increasing packet_limit by 1 is sensible, anyway, since at
> low packet rates it will result in 0 to 5 packets giving the same
> effect (the condition in line 1753 evaluates to true).
>
> Anyway, please try the attached patch, which will fix the divide by
> zero panic.
>
> Regards, STefan
>
> PS: Patch inline in case it is stripped by the mail-list:
>
> diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/ali=
as_db.c
> index c09ad4352ce4..d5dec0709cbe 100644
> --- a/sys/netinet/libalias/alias_db.c
> +++ b/sys/netinet/libalias/alias_db.c
> @@ -1769,7 +1769,7 @@ HouseKeeping(struct libalias *la)
> * Reduce the amount of house keeping work substantially by
> * sampling over the packets.
> */
> - if (packets % packet_limit =3D=3D 0) {
> + if (packet_limit =3D=3D 0 || packets % packet_limit =3D=3D 0) {=
> time_t now;
>
> #ifdef _KERNEL
>
>
> (Line numbers from -CURRENT, may be slightly off for stable/12.)
Compiling now; I have a roughly hour-long window before a blackout=20
period where I can't have that system crashing until late afternoon.=C2=A0=
If=20
I can get it loaded before then will advise but yeah, what you=20
identified would certainly do it if packet_limit became zero......
--=20
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
--------------552FAD09834F85E8D23772B0--
--------------ms030008070505090303090609
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
DdgwggagMIIEiKADAgECAhMA5EiKghDOXrvfxYxjITXYDdhIMA0GCSqGSIb3DQEBCwUAMIGL
MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJTmljZXZpbGxlMRkw
FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExITAf
BgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQTAeFw0xNzA4MTcxNjQyMTdaFw0yNzA4
MTUxNjQyMTdaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkwFwYDVQQKDBBD
dWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExJTAjBgNVBAMMHEN1
ZGEgU3lzdGVtcyBMTEMgMjAxNyBJbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQC1aJotNUI+W4jP7xQDO8L/b4XiF4Rss9O0B+3vMH7Njk85fZ052QhZpMVlpaaO+sCI
KqG3oNEbuOHzJB/NDJFnqh7ijBwhdWutdsq23Ux6TvxgakyMPpT6TRNEJzcBVQA0kpby1DVD
0EKSK/FrWWBiFmSxg7qUfmIq/mMzgE6epHktyRM3OGq3dbRdOUgfumWrqHXOrdJz06xE9NzY
vc9toqZnd79FUtE/nSZVm1VS3Grq7RKV65onvX3QOW4W1ldEHwggaZxgWGNiR/D4eosAGFxn
uYeWlKEC70c99Mp1giWux+7ur6hc2E+AaTGh+fGeijO5q40OGd+dNMgK8Es0nDRw81lRcl24
SWUEky9y8DArgIFlRd6d3ZYwgc1DMTWkTavx3ZpASp5TWih6yI8ACwboTvlUYeooMsPtNa9E
6UQ1nt7VEi5syjxnDltbEFoLYcXBcqhRhFETJe9CdenItAHAtOya3w5+fmC2j/xJz29og1KH
YqWHlo3Kswi9G77an+zh6nWkMuHs+03DU8DaOEWzZEav3lVD4u76bKRDTbhh0bMAk4eXriGL
h4MUoX3Imfcr6JoyheVrAdHDL/BixbMH1UUspeRuqQMQ5b2T6pabXP0oOB4FqldWiDgJBGRd
zWLgCYG8wPGJGYgHibl5rFiI5Ix3FQncipc6SdUzOQIDAQABo4IBCjCCAQYwHQYDVR0OBBYE
FF3AXsKnjdPND5+bxVECGKtc047PMIHABgNVHSMEgbgwgbWAFBu1oRhUMNEzjODolDka5k4Q
EDBioYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJ
TmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5
c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYIJAKxAy1WBo2kY
MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQCB5686UCBVIT52jO3sz9pKuhxuC2npi8ZvoBwt/IH9piPA15/CGF1XeXUdu2qmhOjHkVLN
gO7XB1G8CuluxofOIUce0aZGyB+vZ1ylHXlMeB0R82f5dz3/T7RQso55Y2Vog2Zb7PYTC5B9
oNy3ylsnNLzanYlcW3AAfzZcbxYuAdnuq0Im3EpGm8DoItUcf1pDezugKm/yKtNtY6sDyENj
tExZ377cYA3IdIwqn1Mh4OAT/Rmh8au2rZAo0+bMYBy9C11Ex0hQ8zWcvPZBDn4v4RtO8g+K
uQZQcJnO09LJNtw94W3d2mj4a7XrsKMnZKvm6W9BJIQ4Nmht4wXAtPQ1xA+QpxPTmsGAU0Cv
HmqVC7XC3qxFhaOrD2dsvOAK6Sn3MEpH/YrfYCX7a7cz5zW3DsJQ6o3pYfnnQz+hnwLlz4MK
17NIA0WOdAF9IbtQqarf44+PEyUbKtz1r0KGeGLs+VGdd2FLA0e7yuzxJDYcaBTVwqaHhU2/
Fna/jGU7BhrKHtJbb/XlLeFJ24yvuiYKpYWQSSyZu1R/gvZjHeGb344jGBsZdCDrdxtQQcVA
6OxsMAPSUPMrlg9LWELEEYnVulQJerWxpUecGH92O06wwmPgykkz//UmmgjVSh7ErNvL0lUY
UMfunYVO/O5hwhW+P4gviCXzBFeTtDZH259O7TCCBzAwggUYoAMCAQICEwCg0WvVwekjGFiO
62SckFwepz0wDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3Jp
ZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBD
QTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExMQyAyMDE3IEludCBDQTAeFw0xNzA4MTcyMTIx
MjBaFw0yMjA4MTYyMTIxMjBaMFcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkw
FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRswGQYDVQQDDBJrYXJsQGRlbm5pbmdlci5uZXQw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+HVSyxVtJhy3Ohs+PAGRuO//Dha9A
16l5FPATr6wude9zjX5f2lrkRyU8vhCXTZW7WbvWZKpcZ8r0dtZmiK9uF58Ec6hhvfkxJzbg
96WHBw5Fumd5ahZzuCJDtCAWW8R7/KN+zwzQf1+B3MVLmbaXAFBuKzySKhKMcHbK3/wjUYTg
y+3UK6v2SBrowvkUBC+jxNg3Wy12GsTXcUS/8FYIXgVVPgfZZrbJJb5HWOQpvvhILpPCD3xs
YJFNKEPltXKWHT7Qtc2HNqikgNwj8oqOb+PeZGMiWapsatKm8mxuOOGOEBhAoTVTwUHlMNTg
6QUCJtuWFCK38qOCyk9Haj+86lUU8RG6FkRXWgMbNQm1mWREQhw3axgGLSntjjnznJr5vsvX
SYR6c+XKLd5KQZcS6LL8FHYNjqVKHBYM+hDnrTZMqa20JLAF1YagutDiMRURU23iWS7bA9tM
cXcqkclTSDtFtxahRifXRI7Epq2GSKuEXe/1Tfb5CE8QsbCpGsfSwv2tZ/SpqVG08MdRiXxN
5tmZiQWo15IyWoeKOXl/hKxA9KPuDHngXX022b1ly+5ZOZbxBAZZMod4y4b4FiRUhRI97r9l
CxsP/EPHuuTIZ82BYhrhbtab8HuRo2ofne2TfAWY2BlA7ExM8XShMd9bRPZrNTokPQPUCWCg
CdIATQIDAQABo4IBzzCCAcswPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8v
b2NzcC5jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
oDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDMGCWCG
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFLElmNWeVgsBPe7O8NiBzjvjYnpRMIHKBgNVHSMEgcIwgb+AFF3AXsKnjdPND5+bxVEC
GKtc047PoYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UE
BwwJTmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRh
IFN5c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYITAORIioIQ
zl6738WMYyE12A3YSDAdBgNVHREEFjAUgRJrYXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcN
AQELBQADggIBAJXboPFBMLMtaiUt4KEtJCXlHO/3ZzIUIw/eobWFMdhe7M4+0u3te0sr77QR
dcPKR0UeHffvpth2Mb3h28WfN0FmJmLwJk+pOx4u6uO3O0E1jNXoKh8fVcL4KU79oEQyYkbu
2HwbXBU9HbldPOOZDnPLi0whi/sbFHdyd4/w/NmnPgzAsQNZ2BYT9uBNr+jZw4SsluQzXG1X
lFL/qCBoi1N2mqKPIepfGYF6drbr1RnXEJJsuD+NILLooTNf7PMgHPZ4VSWQXLNeFfygoOOK
FiO0qfxPKpDMA+FHa8yNjAJZAgdJX5Mm1kbqipvb+r/H1UAmrzGMbhmf1gConsT5f8KU4n3Q
IM2sOpTQe7BoVKlQM/fpQi6aBzu67M1iF1WtODpa5QUPvj1etaK+R3eYBzi4DIbCIWst8MdA
1+fEeKJFvMEZQONpkCwrJ+tJEuGQmjoQZgK1HeloepF0WDcviiho5FlgtAij+iBPtwMuuLiL
shAXA5afMX1hYM4l11JXntle12EQFP1r6wOUkpOdxceCcMVDEJBBCHW2ZmdEaXgAm1VU+fnQ
qS/wNw/S0X3RJT1qjr5uVlp2Y0auG/eG0jy6TT0KzTJeR9tLSDXprYkN2l/Qf7/nT6Q03qyE
QnnKiBXWAZXveafyU/zYa7t3PTWFQGgWoC4w6XqgPo4KV44OMYIFBzCCBQMCAQEwgZIwezEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM
TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM
QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBglghkgBZQMEAgMFAKCCAkUw
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwNzEwMTIzNjI5
WjBPBgkqhkiG9w0BCQQxQgRA/kfC70R8RdG2Keo47IDew6CEBuv9GFyI6mAi6P8Ww9Ke5il6
dtK3XsaHq6aECt+D9a8dIL8OLPNUIfgrYA63LDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFl
AwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGjBgkrBgEEAYI3EAQxgZUwgZIwezEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM
TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM
QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTCBpQYLKoZIhvcNAQkQAgsxgZWg
gZIwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lz
dGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0
ZW1zIExMQyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBgkqhkiG9w0BAQEF
AASCAgBxglnX99LdA7T2vi6OBuMcCjMsWc/h160ROvnOYJhJ0P/p1olTLVbyR5XpooGIpZNV
IaiTJmGA3HsaYM4VtDZt3x23PZ0vlrsGrhQ0EPW0SgpxKXfoAqEHphDn31dp4yT1Fz6E6iOW
uDXv6HoHYTvRRV5KgKv+MeNg5Rl0BX+DoGKSRp7YsraXBmXV9GbXxd4unHRdbaceIDJdZYVM
b37/huueCgGNhVAOQ7bzeBYNhPQxxclSVWPrrOUDQZ7eoMoLYw1wec0QPt2qYtRs8EyvVpIB
glsEyEDmhIYVzRkgJUOS8MoOpqYFo3sW45n/ricq1gV93Ytt4aVx1M0ajKPW9lEgx33n39bW
rZf+l+cPdq5VMuZN0lE9CUjOc0HGrOLu00YOKaziOgrBUABqDG5PJrh7TtrFyjpXPosk6m8A
n9e9rYkhLia6YXpuXyfVS3K6/huVUCSDpIah+cVXmIjnSFbwLlKNCnTJ0LrTptuEjrdglDWO
sU5fVhF6qfXmT0rX6cXtdNwOtYKW3Pbj4NSKCxhdHEtelDqNQxaf1sF+rr4xgOFWYo/ndlny
3C46daEWoZnqj1pZ6L08euTFZ/esK7EeqHmp/ADmWLjPJ/XM9A+yCeHjICWDhgFQzWhUVssQ
/NhG9tGXSHOAVKPalVyvSMBjB9rtBvtuA+Ic447b4gAAAAAAAA==
--------------ms030008070505090303090609--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e700a89c-c7d2-a4d2-44a7-dcd967fc3bae>