Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 May 2006 10:25:14 -0500
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        sekes <gexlie@gmail.com>
Cc:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-current@freebsd.org
Subject:   Re: deadlock every 15-20 min
Message-ID:  <44674BDA.7040300@FreeBSD.org>
In-Reply-To: <53cc795f0605140348u769b6b0bkc62d28652b6b3ec3@mail.gmail.com>
References:  <53cc795f0605131026n2d9a5776jd75630e3f9505e55@mail.gmail.com>	<53cc795f0605131345t718d0ad7ia7792f2ed4446037@mail.gmail.com>	<20060514062825.W54242@maildrop.int.zabbadoz.net> <53cc795f0605140348u769b6b0bkc62d28652b6b3ec3@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help


This is very similar to the UID/GID filtering problem. What appears to 
be happening is on the inbound path, we pickup the pfil lock and attempt 
to pickup the inp info lock, while on the outbound path, we hold the inp 
info lock across ip_output which will try to pickup the pfil lock.

This problem is the result of a layering violation, in reality the 
firewall should not be picking up layer 4 related locks. Myself and a 
few others have been discussing this problem for quite some time now, 
and hopefully it won't be long before we can come up with a solution 
that will make everyone happy.

For now, you should be able to set debug.mpsafenet to  0 which will 
re-enable Giant in the network stack, in theory preventing the deadlock.

debug.mpsafenet=0

in your loader.conf

Let me know if this helps


sekes wrote:
> On 5/14/06, Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote:
>>
>> On Sun, 14 May 2006, sekes wrote:
>>
>> > lock order reversal:
>> > 1st 0xc2b8b090 inp (divinp) @
>> > /usr/src/sys/modules/ipdivert/../../netinet/ip_divert.c:336
>> > 2nd 0xc0a44db8 PFil hook read/write mutex (PFil hook read/write 
>> mutex) @
>> > /usr/src/sys/net/pfil.c:73
>>
>> looks almost the same as LOR #181:
>>         http://sources.zabbadoz.net/freebsd/lor.html#181
>> but without the div_output().
>>
>> -- 
>> Bjoern A. Zeeb                          bzeeb at Zabbadoz dot NeT
>>
>
> yes, it is similar to my situation. may i know when it could be fixed?
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to 
> "freebsd-current-unsubscribe@freebsd.org"
>
>
-- 
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44674BDA.7040300>