From owner-freebsd-net@freebsd.org Wed Jul 1 21:21:55 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EAF7D992F4B for ; Wed, 1 Jul 2015 21:21:55 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B36F52612 for ; Wed, 1 Jul 2015 21:21:55 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.0.2.164] (94-224-12-229.access.telenet.be [94.224.12.229]) by venus.codepro.be (Postfix) with ESMTPSA id C9A318455; Wed, 1 Jul 2015 23:21:52 +0200 (CEST) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Subject: Re: [Bug 200210] adding vtnet to bridge results to kernel panic From: Kristof Provost In-Reply-To: <55941147.7040601@gmx.com> Date: Wed, 1 Jul 2015 23:22:22 +0200 Cc: freebsd-net@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <55941147.7040601@gmx.com> To: Nikos Vassiliadis X-Mailer: Apple Mail (2.2102) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2015 21:21:56 -0000 Done in r285016. Regards, Kristof > On 01 Jul 2015, at 18:11, Nikos Vassiliadis wrote: >=20 > Hi Kristof, >=20 > Thanks for fixing this! Could you MFC the fix? >=20 > On 06/13/15 22:39, bugzilla-noreply@freebsd.org wrote: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200210 >>=20 >> --- Comment #1 from commit-hook@freebsd.org --- >> A commit references this bug: >>=20 >> Author: kp >> Date: Sat Jun 13 19:39:22 UTC 2015 >> New revision: 284348 >> URL: https://svnweb.freebsd.org/changeset/base/284348 >>=20 >> Log: >> Fix panic when adding vtnet interfaces to a bridge >>=20 >> vtnet interfaces are always in promiscuous mode (at least if the >> VIRTIO_NET_F_CTRL_RX feature is not negotiated with the host). = if_promisc() >> on >> a vtnet interface returned ENOTSUP although it has IFF_PROMISC set. = This >> confused the bridge code. Instead we now accept all enable/disable >> promiscuous >> commands (and always keep IFF_PROMISC set). >>=20 >> There are also two issues with the if_bridge error handling. >>=20 >> If if_promisc() fails it uses bridge_delete_member() to clean up. = This tries >> to >> disable promiscuous mode on the interface. That runs into an = assert, because >> promiscuous mode was never set in the first place. (That's the = panic reported >> in >> PR 200210.) >> We can only unset promiscuous mode if the interface actually is = promiscuous. >> This goes against the reference counting done by if_promisc(), but = only the >> first/last if_promic() calls can actually fail, so this is safe. >>=20 >> A second issue is a double free of bif. It's already freed by >> bridge_delete_member(). >>=20 >> PR: 200210 >> Differential Revision: https://reviews.freebsd.org/D2804 >> Reviewed by: philip (mentor) >>=20 >> Changes: >> head/sys/dev/virtio/network/if_vtnet.c >> head/sys/net/if_bridge.c >>=20 >=20