Date: Sun, 21 Apr 96 23:13 MET DST From: torstenb@ramsey.tlk.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/1152: bpf buffer >16384 bytes cause kernel panic Message-ID: <m0uB6Ra-0005FaC@ramsey.tlk.com> Resent-Message-ID: <199604212210.PAA10696@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1152
>Category: kern
>Synopsis: bpf buffer >16384 cause kernel panic during close()
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Apr 21 15:10:01 PDT 1996
>Last-Modified:
>Originator: Torsten Blum
>Organization:
No Organization ;)
>Release: FreeBSD 2.2-CURRENT i386
>Environment:
FreeBSD ramsey.tlk.com 2.2-CURRENT FreeBSD 2.2-CURRENT #23: Thu Apr 11 19:49:10 MET DST 1996 torstenb@ramsey.tlk.com:/usr/src/sys/compile/RAMSEY i386
>Description:
The system panics after closing an bpf device:
panic: unwire: page not in pmap
syncing disk...
(and then it locks up)
This only happens
- if the bpf buffer is >16384 bytes
- an interface has been attached
>How-To-Repeat:
open an bpf device, set buffersize to 16385 bytes, attach an interface
(lo0 or ed0 for example) and close() the device.
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <net/if.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
void main(void)
{
struct ifreq iface;
u_int l=16385;
int fd;
if ((fd = open("/dev/bpf0", O_RDONLY, 0)) < 0) {
perror("open");
exit(1);
}
if (ioctl(fd,BIOCSBLEN,&l) < 0) {
perror("ioctl");
exit(1);
}
bzero(&iface,sizeof(iface));
strcpy(iface.ifr_name,"lo0");
if (ioctl(fd,BIOCSETIF,&iface) < 0) {
perror("ioctl");
exit(1);
}
close(fd);
}
>Fix:
Unfortunately I don't have time to fix that bug ;(
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0uB6Ra-0005FaC>