From owner-freebsd-bugs@FreeBSD.ORG Wed Jan 4 13:50:05 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D32916A41F for ; Wed, 4 Jan 2006 13:50:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E16A043D55 for ; Wed, 4 Jan 2006 13:50:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k04Do35C019028 for ; Wed, 4 Jan 2006 13:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k04Do3p1019024; Wed, 4 Jan 2006 13:50:03 GMT (envelope-from gnats) Resent-Date: Wed, 4 Jan 2006 13:50:03 GMT Resent-Message-Id: <200601041350.k04Do3p1019024@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Alex Semenyaka Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06DC016A438 for ; Wed, 4 Jan 2006 13:40:57 +0000 (GMT) (envelope-from alexs@snark.rinet.ru) Received: from snark.rinet.ru (snark.rinet.ru [195.54.192.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 638C143D46 for ; Wed, 4 Jan 2006 13:40:55 +0000 (GMT) (envelope-from alexs@snark.rinet.ru) Received: from snark.rinet.ru (alexs@localhost [127.0.0.1]) by snark.rinet.ru (8.12.11/8.12.11) with ESMTP id k04Depxq008914 for ; Wed, 4 Jan 2006 16:40:52 +0300 (MSK) (envelope-from alexs@snark.rinet.ru) Received: (from alexs@localhost) by snark.rinet.ru (8.12.11/8.12.11/Submit) id k04DeofX008913; Wed, 4 Jan 2006 16:40:50 +0300 (MSK) (envelope-from alexs) Message-Id: <200601041340.k04DeofX008913@snark.rinet.ru> Date: Wed, 4 Jan 2006 16:40:50 +0300 (MSK) From: Alex Semenyaka To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/91307: Spoil struct ifnet content in fwip initializing X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex Semenyaka List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2006 13:50:05 -0000 >Number: 91307 >Category: kern >Synopsis: Spoil struct ifnet content in fwip initializing >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 04 13:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Alex Semenyaka >Release: FreeBSD 4.10-STABLE i386 >Organization: private >Environment: System: FreeBSD snark.rinet.ru 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Nov 26 21:44:43 MSK 2005 root@snark.rinet.ru:/usr/obj/usr/src/sys/SNARK amd64 >Description: During the initializing of fwip interface structure fw_com should be filled up with the proper values. The reference to that structure is kept in the structure ifnet. Unfortunatelly in the if_fwsubr.c instead of taking the reference to struct fw_com, the struct ifnet itself is used (with the proper type reduction though). To do it the macro IFP2FC() is used (instead of right macro IFP2FWC()). The IFP2FWC is defined globally (while IFP2FC is defined only in if_fwsubr.c, where it is used). On the i386 boxes the problem hides since the overwriten memory is not used in the output. But on amd64 box (due to different size of structures fields) the interface name becomes overwritten, so from 'fwip0' it changes to 'f^@ip0' (here ^@ is the character NUL) - couple of lines go with the name 'fwip0' while then name becomes 'f^@ip0'. But since illegal operation does occur on i386 boxes as well it may be a cause of different unclear problems. >How-To-Repeat: 1) Install FreeBSD on amd64 box. 2) Load fwip as the kernel module (or put it into the kernel config, recompile kernel and reboot) 3) Observe broken interface name in the kernel output to console. >Fix: Apply the patch below --- if_fwsubr.c.orig Sun Nov 27 14:52:01 2005 +++ if_fwsubr.c Sun Nov 27 15:45:15 2005 @@ -62,8 +62,6 @@ #include #endif -#define IFP2FC(IFP) ((struct fw_com *)IFP) - MALLOC_DEFINE(M_FWCOM, "fw_com", "firewire interface internals"); struct fw_hwaddr firewire_broadcastaddr = { @@ -79,7 +77,7 @@ firewire_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt0) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); int error, type; struct rtentry *rt = NULL; struct m_tag *mtag; @@ -499,7 +497,7 @@ void firewire_input(struct ifnet *ifp, struct mbuf *m, uint16_t src) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); union fw_encap *enc; int type, isr; @@ -667,7 +665,7 @@ struct sockaddr *sa; sa = (struct sockaddr *) & ifr->ifr_data; - bcopy(&IFP2FC(ifp)->fc_hwaddr, + bcopy(&IFP2FWC(ifp)->fc_hwaddr, (caddr_t) sa->sa_data, sizeof(struct fw_hwaddr)); } break; @@ -747,7 +745,7 @@ void firewire_ifattach(struct ifnet *ifp, struct fw_hwaddr *llc) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); struct ifaddr *ifa; struct sockaddr_dl *sdl; static const char* speeds[] = { @@ -794,7 +792,7 @@ void firewire_busreset(struct ifnet *ifp) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); struct fw_reass *r; struct mbuf *m; >Release-Note: >Audit-Trail: >Unformatted: