From owner-freebsd-current Fri Jul 23 15:28:48 1999 Delivered-To: freebsd-current@freebsd.org Received: from ipt2.iptelecom.net.ua (ipt2.iptelecom.net.ua [212.42.68.2]) by hub.freebsd.org (Postfix) with ESMTP id 23CC115751; Fri, 23 Jul 1999 15:28:31 -0700 (PDT) (envelope-from sobomax@altavista.net) Received: from altavista.net (dialup2-16.iptelecom.net.ua [212.42.68.207]) by ipt2.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id BAA28325; Sat, 24 Jul 1999 01:32:03 +0300 (EEST) Message-ID: <3798ECB1.2AE159E2@altavista.net> Date: Sat, 24 Jul 1999 01:29:05 +0300 From: Maxim Sobolev X-Mailer: Mozilla 4.6 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: current@freebsd.org, brian@freebsd.org Subject: [Fwd: Tun interface related panic] Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi folks, It seems that in some specific conditions user level ppp (PPP Version 2.22 - $Date: 1999/06/23 16:48:19 $) trying to incorrectly write to the tun device causing a panic if revision prior to 1.61 (current) or 1.51.2.1 (stable) of if_tun.c is used. In this tun revisions some belts against this undesirable behavior has been introduced, but all oldest kernels are potentially affected. In my conditions this was a 100% reproducible crash (now it is less harmful - just a message like "Error: ip_Input: deflink: wrote 0, got Input/output error" in the ppp log) but someone using oldest kernel with this revision of ppp can got his machine crashed. Following our last mailing related to this bug (it was in the -stable list because I discovered this panic on my -stable box). For more info look for the subject in the -stable list or contact me by e-mail. -Maxim Alfred Perlstein wrote: > On Fri, 23 Jul 1999, Maxim Sobolev wrote: > > > Alfred Perlstein wrote: > > > > > [Piece of debug print skipped....] > > > oops, ok, I wasn't clear, I need to know the contents of the structs > > > that those pointers point to, try this: > > > > > > print *uio > > > print *top > > > print **mp > > > > > > in, the meanwhile, try this patch: > > > > > > cvs diff: Diffing . > > > Index: if_tun.c > > > =================================================================== > > > RCS file: /home/ncvs/src/sys/net/if_tun.c,v > > > retrieving revision 1.51 > > > diff -u -r1.51 if_tun.c > > > --- if_tun.c 1999/01/17 20:53:47 1.51 > > > +++ if_tun.c 1999/07/23 20:42:34 > > > @@ -521,7 +521,7 @@ > > > > > > TUNDEBUG("%s%d: tunwrite\n", ifp->if_name, ifp->if_unit); > > > > > > - if (uio->uio_resid < 0 || uio->uio_resid > TUNMRU) { > > > + if (uio->uio_resid <= 0 || uio->uio_resid > TUNMRU) { > > > TUNDEBUG("%s%d: len=%d!\n", ifp->if_name, ifp->if_unit, > > > uio->uio_resid); > > > return EIO; > > > > > > please please tell me if it works for you so I can file a proper PR. > > > > Yeah! It works! It seems that I'm the one who have detected this problem because > > I'm using latest ppp snapshot instead of standard one. I just tested ppp from > > -stable and discovered that it doesn't make this panic (version of libalias doesn't > > matter though). However it would be great if you can commit this patch because new > > version of ppp have some really nice features on which I rely hardly. This also > > rising a question to the Brian Somers or any other who can look and find what is > > wrong with the current ppp (PPP Version 2.22 - $Date: 1999/06/23 16:48:19 $). > > Anyway, to have some belts in the kernel should not make any harm. Following is the > > ppp output which probably before your patch would kill my box (I never seen this > > message before - so to speak..): > > > > TCP/IP: IN UDP: 208.147.89.229:18422 ---> 192.168.1.1:7070 > > Error: ip_Input: deflink: wrote 0, got Input/output error > > I don't work on ppp, you should be sure Brian is notified of this problem. > I appreciate your help in tracking this down, the patch has been put into > -stable and -current for it. > > > > > If you still want to see prints, you can see it at the end of this message. > > (kgdb) up > > #5 0xc01630f9 in tunwrite (dev=13312, uio=0xc2d15f14, flag=1) > > at ../../net/if_tun.c:559 > > 559 top->m_pkthdr.len = tlen; > > (kgdb) print *uio > > $1 = {uio_iov = 0xc2d15f0c, uio_iovcnt = 1, uio_offset = 38962, uio_resid = 0, > > uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_procp = 0xc2cc32e0} > > (kgdb) print *top > > Cannot access memory at address 0x0. > > (kgdb) print **mp > > perfect, they were extremely helpful in tracking down this problem, I > assumed that uio->res_id was zero ( it was the only thing that made sense) > however I just needed to verify. > > > > > In the case if my assistance in debugging ppp will be necessary please let me know. > > Talk to Brian. > > hrm, also can you fix your mailer to wrap at 70 chars? > > -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message