From owner-freebsd-net@freebsd.org Fri Jul 12 13:51:40 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0F2D15CB229 for ; Fri, 12 Jul 2019 13:51:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 614AB71434 for ; Fri, 12 Jul 2019 13:51:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 2242515CB228; Fri, 12 Jul 2019 13:51:39 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBC5215CB225 for ; Fri, 12 Jul 2019 13:51:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 785027142F for ; Fri, 12 Jul 2019 13:51:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id A73F81EE90 for ; Fri, 12 Jul 2019 13:51:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x6CDpb2Z035842 for ; Fri, 12 Jul 2019 13:51:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x6CDpb6f035840 for net@FreeBSD.org; Fri, 12 Jul 2019 13:51:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 238642] netmap: fix kernel pointer printing in netmap_generic.c Date: Fri, 12 Jul 2019 13:51:37 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch, security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: aleksandr.fedorov@itglobal.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: vmaffione@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? mfc-stable12? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jul 2019 13:51:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238642 Aleksandr Fedorov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleksandr.fedorov@itglobal. | |com --- Comment #5 from Aleksandr Fedorov --- It seems something goes wrong. With with changes i saw a panic on CURRENT: root@current:~ # ifconfig vlan0 create up=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 root@current:~ # vale-ctl -a vale0:vlan0=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 Fatal trap 12: page fault while in kernel mode=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 cpuid =3D 2; apic id =3D 02=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 fault virtual address =3D 0x2a0=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 fault code =3D supervisor read data, page not present=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 instruction pointer =3D 0x20:0xffffffff80cb96cf=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 stack pointer =3D 0x28:0xfffffe008fa48da0 frame pointer =3D 0x28:0xfffffe008fa48da0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 665 (vale-ctl) trap number =3D 12 panic: page fault=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20 cpuid =3D 2=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 time =3D 1562949961=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 KDB: stack backtrace:=20=20 db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008fa48= a60 vpanic() at vpanic+0x19d/frame 0xfffffe008fa48ab0 panic() at panic+0x43/frame 0xfffffe008fa48b10 trap_fatal() at trap_fatal+0x39c/frame 0xfffffe008fa48b70 trap_pfault() at trap_pfault+0x62/frame 0xfffffe008fa48bc0 trap() at trap+0x2b4/frame 0xfffffe008fa48cd0 calltrap() at calltrap+0x8/frame 0xfffffe008fa48cd0 --- trap 0xc, rip =3D 0xffffffff80cb96cf, rsp =3D 0xfffffe008fa48da0, rbp = =3D 0xfffffe008fa48da0 --- strlen() at strlen+0x1f/frame 0xfffffe008fa48da0 kvprintf() at kvprintf+0xf79/frame 0xfffffe008fa48ec0 vprintf() at vprintf+0x81/frame 0xfffffe008fa48f90 printf() at printf+0x43/frame 0xfffffe008fa48ff0 generic_netmap_attach() at generic_netmap_attach+0x309/frame 0xfffffe008fa4= 9040 netmap_get_hw_na() at netmap_get_hw_na+0x81/frame 0xfffffe008fa49070 netmap_get_bdg_na() at netmap_get_bdg_na+0x213/frame 0xfffffe008fa49100 netmap_vale_attach() at netmap_vale_attach+0xe0/frame 0xfffffe008fa49140 netmap_ioctl() at netmap_ioctl+0x8a9/frame 0xfffffe008fa49200 netmap_ioctl_legacy() at netmap_ioctl_legacy+0x4fd/frame 0xfffffe008fa495b0 netmap_ioctl() at netmap_ioctl+0x16b/frame 0xfffffe008fa49670 freebsd_netmap_ioctl() at freebsd_netmap_ioctl+0x88/frame 0xfffffe008fa496b0 devfs_ioctl() at devfs_ioctl+0xca/frame 0xfffffe008fa49700 VOP_IOCTL_APV() at VOP_IOCTL_APV+0x63/frame 0xfffffe008fa49720 vn_ioctl() at vn_ioctl+0x13d/frame 0xfffffe008fa49830 devfs_ioctl_f() at devfs_ioctl_f+0x1f/frame 0xfffffe008fa49850 kern_ioctl() at kern_ioctl+0x28a/frame 0xfffffe008fa498c0 sys_ioctl() at sys_ioctl+0x15d/frame 0xfffffe008fa49990 amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe008fa49ab0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe008fa49ab0 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip =3D 0x80041631a, rsp =3D 0x7fffffffeab8, rbp =3D 0x7fffffffeb50 --- KDB: enter: panic [ thread pid 665 tid 100131 ] Stopped at kdb_enter+0x3b: movq $0,kdb_why db>=20 This happens due the fact that gna->prev equal zero. For example old output without this patch: root@current:~ # vale-ctl -a vale0:vlan0 792.670615 [1130] generic_netmap_attach Emulated adapter for vlan0 crea= ted (prev was 0) =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 ^^^^^^^!!!!! I don't know why, but this if evaluated as false: 1121 if (NM_NA_VALID(ifp)) { 1122 gna->prev =3D NA(ifp); /* save old na */ 1123 netmap_adapter_get(gna->prev); 1124 } And then: 1129 nm_prinf("Emulated adapter for %s created (prev was %s)", na->name, gna->prev->name); =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 ^^^^!!!! Null pointer dereference. --=20 You are receiving this mail because: You are on the CC list for the bug.=