From owner-freebsd-bugs@FreeBSD.ORG Tue Sep 2 11:10:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 193A2106566C for ; Tue, 2 Sep 2008 11:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E6BE08FC13 for ; Tue, 2 Sep 2008 11:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m82BA1kY034976 for ; Tue, 2 Sep 2008 11:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m82BA1EV034975; Tue, 2 Sep 2008 11:10:01 GMT (envelope-from gnats) Resent-Date: Tue, 2 Sep 2008 11:10:01 GMT Resent-Message-Id: <200809021110.m82BA1EV034975@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Artis Caune Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80B3D1065673 for ; Tue, 2 Sep 2008 11:07:26 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 6A3BD8FC18 for ; Tue, 2 Sep 2008 11:07:26 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m82B7QRt079012 for ; Tue, 2 Sep 2008 11:07:26 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m82B7Qqq079011; Tue, 2 Sep 2008 11:07:26 GMT (envelope-from nobody) Message-Id: <200809021107.m82B7Qqq079011@www.freebsd.org> Date: Tue, 2 Sep 2008 11:07:26 GMT From: Artis Caune To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/127042: [PATCH] pf recursion panic if interface group is the same as the new interface name X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Sep 2008 11:10:02 -0000 >Number: 127042 >Category: kern >Synopsis: [PATCH] pf recursion panic if interface group is the same as the new interface name >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 02 11:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Artis Caune >Release: 7.0 >Organization: >Environment: >Description: On carp enabled kernels, there is interface group "carp" with all carpX interfaces as menbers. If I change name for any carpX interface to "carp", pf will panic with recursive call to pfi_kif_update(). #487 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #488 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #489 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #490 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #491 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #492 0xffffffff801d9c0d in pfi_attach_ifnet_event (arg=Variable "arg" is not available. ) at /usr/src/sys/contrib/pf/net/pf_if.c:895 #493 0xffffffff8053f9f0 in ifhwioctl (cmd=Variable "cmd" is not available. ) at pcpu.h:194 #494 0xffffffff80541871 in if_detach (ifp=0xffffff0001f0d800) at /usr/src/sys/net/if.c:730 #495 0xffffffff804e11f2 in kern_ioctl (td=0xffffff00030e09f0, fd=3, com=2149607720, data=0xffffff0001ea28e0 "carp0") at file.h:266 #496 0xffffffff804e1519 in ioctl (td=0xffffff00030e09f0, uap=0xffffffffafaf7be0) at /usr/src/sys/kern/sys_generic.c:570 #497 0xffffffff80730514 in syscall (frame=0xffffffffafaf7c70) at /usr/src/sys/amd64/amd64/trap.c:841 #498 0xffffffff8071614b in Xpage () at /usr/src/sys/amd64/amd64/exception.S:228 #499 0x0000000800722cfc in ?? () >How-To-Repeat: # ifconfig em0 group externals # ifconfig em0 name externals or # ifconfig carp0 create # ifconfig carp0 name carp but the following works fine: # ifconfig em0 group externals # ifconfig fxp0 name externals >Fix: this patch will check: *) if group name already exists when renaming interface *) if interface already exists when adding interface to group Patch attached with submission follows: Index: sys/net/if.c =================================================================== --- sys/net/if.c (revision 182679) +++ sys/net/if.c (working copy) @@ -828,6 +828,9 @@ groupname[strlen(groupname) - 1] <= '9') return (EINVAL); + if (ifunit(groupname) != NULL) + return (EEXIST); + IFNET_WLOCK(); TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) if (!strcmp(ifgl->ifgl_group->ifg_group, groupname)) { @@ -1560,6 +1563,7 @@ char new_name[IFNAMSIZ]; struct ifaddr *ifa; struct sockaddr_dl *sdl; + struct ifg_group *ifg = NULL; ifr = (struct ifreq *)data; switch (cmd) { @@ -1671,6 +1675,14 @@ return (EINVAL); if (ifunit(new_name) != NULL) return (EEXIST); + + IFNET_RLOCK(); + TAILQ_FOREACH(ifg, &V_ifg_head, ifg_next) + if (!strcmp(ifg->ifg_group, groupname)) + IFNET_RUNLOCK(); + return (EEXIST); + } + IFNET_RUNLOCK(); /* Announce the departure of the interface. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); >Release-Note: >Audit-Trail: >Unformatted: