From owner-cvs-src@FreeBSD.ORG Thu Aug 3 18:58:38 2006 Return-Path: X-Original-To: cvs-src@freebsd.org Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90DEA16A4E0; Thu, 3 Aug 2006 18:58:38 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5805243D5F; Thu, 3 Aug 2006 18:58:30 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k73Iw2Te099270; Thu, 3 Aug 2006 14:58:03 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: Yar Tikhiy Date: Thu, 3 Aug 2006 14:58:00 -0400 User-Agent: KMail/1.9.1 References: <200608030959.k739x9N6007207@repoman.freebsd.org> <44D22E2F.4070307@errno.com> <20060803180854.GI97316@comp.chem.msu.su> In-Reply-To: <20060803180854.GI97316@comp.chem.msu.su> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200608031458.01134.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Thu, 03 Aug 2006 14:58:03 -0400 (EDT) X-Virus-Scanned: ClamAV 0.87.1/1634/Wed Aug 2 18:32:49 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx Cc: Sam Leffler , src-committers@freebsd.org, cvs-all@freebsd.org, cvs-src@freebsd.org Subject: Re: cvs commit: src/sys/net if_vlan.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Aug 2006 18:58:38 -0000 On Thursday 03 August 2006 14:08, Yar Tikhiy wrote: > On Thu, Aug 03, 2006 at 10:11:11AM -0700, Sam Leffler wrote: > > Yar Tikhiy wrote: > > > yar 2006-08-03 09:59:09 UTC > > > > > > FreeBSD src repository > > > > > > Modified files: > > > sys/net if_vlan.c > > > Log: > > > Should vlan_input() ever be called with ifp pointing to a non-Ethernet > > > interface, do not just assign -1 to tag because it breaks the logic of > > > the code to follow. The better way is to handle this case as an unsupported > > > protocol and return unless INVARIANTS is in effect and we can panic. > > > Panic is good there because the scenario can happen only because of a > > > coding error elsewhere. > > > > > > We also should show the interface name in the panic message for easier > > > debugging of the problem, should it ever emerge. > > > > Introducing a panic in a place where you can trivially recover is bad > > regardless of why you got there. Many people run production systems > > with INVARIANTS turned on. Is it now possible to send a "packet of > > death" by exploiting this code path? > > No nastygram can ever achieve this; only FreeBSD commiters possess > the ability to :-) > > The panic can never be reached unless one manages to attach a vlan > interface to a non-Ethernet physical interface in advance, which > is totally prohibited by the code at the beginning of vlan_config(); > and vlan_config() is the only way to attach a vlan interface to a > physical interface. > > I.e., it will take a developer breaking the logic in /sys/net to > make the code path expoloitable. > > OTOH, you are right that we can at least attempt to recover from > the situation. Perhaps it's time to introduce a common macro or > function that emits a message on the console and then just calls > kdb_backtrace() instead of dumping core and halting the system? > So users will be able to post the stack traces to the lists and > thus help to spot the possible bugs w/o having to go through panics. > I'm unsure if sticking raw kdb_backtrace() calls in such places > is a good idea, so I'm suggesting a wrapper function or macro. > It is to be used in "can absolutely never happen" cases that are > not fatal, like the one under discussion. kdb_backtrace() is the wrapper function around other internals. :) -- John Baldwin