From owner-freebsd-stable@FreeBSD.ORG  Tue Feb  8 13:18:24 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6274316A4CE; Tue,  8 Feb 2005 13:18:24 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6F67243D2D; Tue,  8 Feb 2005 13:18:21 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CyVG0-0007tb-00; Tue, 08 Feb 2005 14:18:20 +0100
Received: from [217.83.7.20] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1CyVFz-00007l-00; Tue, 08 Feb 2005 14:18:20 +0100
From: Max Laier <max@love2party.net>
To: freebsd-stable@freebsd.org
Date: Tue, 8 Feb 2005 14:18:06 +0100
User-Agent: KMail/1.7.2
References: <Pine.NEB.3.96L.1050108165119.43829D-100000@fledge.watson.org>
	<200501081824.49235.max@love2party.net> <200502071652.43030@harrymail>
In-Reply-To: <200502071652.43030@harrymail>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1758176.z3CxIh58ot";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200502081418.14813.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
cc: Emanuel Strobl <emanuel.strobl@gmx.net>
cc: Robert Watson <rwatson@freebsd.org>
Subject: Re: machine locks with PF (without using user dependent rules)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2005 13:18:24 -0000

--nextPart1758176.z3CxIh58ot
Content-Type: multipart/mixed;
  boundary="Boundary-01=_QwLCCttys9ADC69"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_QwLCCttys9ADC69
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 07 February 2005 16:52, Emanuel Strobl wrote:
> Resuming work on this, I managed to get a remote console to the box and
> here's what I get with today's RELENG_5 and the following command, also I
> need to set debug.mpsafenet to 0 otherwise my ruleset doesn't work (do wh=
at
> it should do and does when set to 0 but not when default 1):
> pfctl -F all -f /etc/pf.conf
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   =3D 0xdeadc1d7
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x8:0xc047ac48
> stack pointer           =3D 0x10:0xd0a44728
> frame pointer           =3D 0x10:0xd0a44730
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                         =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> current process         =3D 1053 (sshd)
> [thread pid 1053 tid 100081 ]
> Stopped at      pf_state_compare_lan_ext+0x18:  movzbl  0xf9(%esi),%eax
> db> trace
> Tracing pid 1053 tid 100081 td 0xc177e190
> pf_state_compare_lan_ext(c176ca00,d0a447d8,d0a44758,c047c095,c176cac0) at
> pf_state_compare_lan_ext+0x18
> pf_state_tree_lan_ext_RB_FIND(c176cac0,d0a447d8,0,c176ca00,d0a448e4) at
> pf_state_tree_lan_ext_RB_FIND+0x29
> pf_find_state_recurse(c176ca00,d0a447d8,0,da7a0000,c0586400) at
> pf_find_state_recurse+0x45
> pf_test_state_tcp(d0a4492c,2,c176ca00,c1746b00,14) at
> pf_test_state_tcp+0xb0 pf_test(2,c1586000,d0a44a1c,c19ff168,c1756720) at
> pf_test+0x981
> pf_check_out(0,d0a44a1c,c1586000,2,c19ff168) at pf_check_out+0x4e
> pfil_run_hooks(c07f05a0,d0a44aa8,c1586000,2,c19ff168) at
> pfil_run_hooks+0x15b ip_output(c1746b00,0,d0a44a74,0,0) at ip_output+0x3ef
> tcp_output(c1a02710,c1744900,c076ed93,280,0) at tcp_output+0x984
> tcp_usr_send(c1b5fdec,0,c1744900,0,0) at tcp_usr_send+0x239
> sosend(c1b5fdec,0,d0a44c84,c1744900,0) at sosend+0x62b
> soo_write(c1c5c264,d0a44c84,c1b0f680,0,c177e190) at soo_write+0x49
> dofilewrite(5,8081000,a0,ffffffff,ffffffff) at dofilewrite+0xac
> write(c177e190,d0a44d14,c,431,3) at write+0x77
> syscall(2f,2f,2f,8071d88,a0) at syscall+0x137
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (4, FreeBSD ELF32, write), eip =3D 0x282ef73f, esp =3D 0xbfbf=
ddfc,
> ebp =3D0xbfbfde18 ---
>
> Tell me how I can help, I'll later hand in the trace of the slef-lock when
> debug.mpsafenet is 1.

Do you have pfsync compiled in?  Is it up?  If that's the case, can you try=
 to=20
reproduce with a kernel without "device pfsync", please?  Can you also plea=
se=20
try the attached diff and see if it turns up anything - though I certainly=
=20
doubt that.  Really except to see pfsync being the culprit here.  Tell me i=
f=20
removeing it helps.  Thanks.

I'm a bit busy these days so I can't do extensive testing myself.  It'd be =
a=20
great help if you could verify that I am looking at the right thing.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--Boundary-01=_QwLCCttys9ADC69
Content-Type: text/x-diff;
  charset="iso-8859-1";
  name="pfassert.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="pfassert.diff"

Index: pf.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf.c,v
retrieving revision 1.26
diff -u -r1.26 pf.c
=2D-- pf.c	20 Jan 2005 18:07:35 -0000	1.26
+++ pf.c	8 Feb 2005 13:10:32 -0000
@@ -862,6 +862,7 @@
 {
 	 struct pf_src_node		*cur, *next;
=20
+	 PF_ASSERT(MA_OWNED);
 	 for (cur =3D RB_MIN(pf_src_tree, &tree_src_tracking); cur; cur =3D next)=
 {
 		 next =3D RB_NEXT(pf_src_tree, &tree_src_tracking, cur);
=20
@@ -889,6 +890,7 @@
 {
 	u_int32_t timeout;
=20
+	PF_ASSERT(MA_OWNED);
 	if (s->src_node !=3D NULL) {
 		if (--s->src_node->states <=3D 0) {
 			timeout =3D s->rule.ptr->timeout[PFTM_SRC_NODE];
@@ -923,6 +925,7 @@
 {
 	struct pf_state		*cur, *next;
=20
+	PF_ASSERT(MA_OWNED);
 	for (cur =3D RB_MIN(pf_state_tree_id, &tree_id);
 	    cur; cur =3D next) {
 		next =3D RB_NEXT(pf_state_tree_id, &tree_id, cur);

--Boundary-01=_QwLCCttys9ADC69--

--nextPart1758176.z3CxIh58ot
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCCLwWXyyEoT62BG0RApMdAJ48brxdFukP/WmwxykBwRELHzUdoACfZteP
mk5dxqknKX2AgTnTaCt0bFI=
=/wFc
-----END PGP SIGNATURE-----

--nextPart1758176.z3CxIh58ot--