Date: Tue, 2 Sep 2008 11:07:26 GMT From: Artis Caune <Artis.Caune@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/127042: [PATCH] pf recursion panic if interface group is the same as the new interface name Message-ID: <200809021107.m82B7Qqq079011@www.freebsd.org> Resent-Message-ID: <200809021110.m82BA1EV034975@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127042 >Category: kern >Synopsis: [PATCH] pf recursion panic if interface group is the same as the new interface name >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 02 11:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Artis Caune >Release: 7.0 >Organization: >Environment: >Description: On carp enabled kernels, there is interface group "carp" with all carpX interfaces as menbers. If I change name for any carpX interface to "carp", pf will panic with recursive call to pfi_kif_update(). #487 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #488 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #489 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #490 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #491 0xffffffff801d92dc in pfi_kif_update (kif=0xffffff0001ec4700) at /usr/src/sys/contrib/pf/net/pf_if.c:525 #492 0xffffffff801d9c0d in pfi_attach_ifnet_event (arg=Variable "arg" is not available. ) at /usr/src/sys/contrib/pf/net/pf_if.c:895 #493 0xffffffff8053f9f0 in ifhwioctl (cmd=Variable "cmd" is not available. ) at pcpu.h:194 #494 0xffffffff80541871 in if_detach (ifp=0xffffff0001f0d800) at /usr/src/sys/net/if.c:730 #495 0xffffffff804e11f2 in kern_ioctl (td=0xffffff00030e09f0, fd=3, com=2149607720, data=0xffffff0001ea28e0 "carp0") at file.h:266 #496 0xffffffff804e1519 in ioctl (td=0xffffff00030e09f0, uap=0xffffffffafaf7be0) at /usr/src/sys/kern/sys_generic.c:570 #497 0xffffffff80730514 in syscall (frame=0xffffffffafaf7c70) at /usr/src/sys/amd64/amd64/trap.c:841 #498 0xffffffff8071614b in Xpage () at /usr/src/sys/amd64/amd64/exception.S:228 #499 0x0000000800722cfc in ?? () >How-To-Repeat: # ifconfig em0 group externals # ifconfig em0 name externals or # ifconfig carp0 create # ifconfig carp0 name carp but the following works fine: # ifconfig em0 group externals # ifconfig fxp0 name externals >Fix: this patch will check: *) if group name already exists when renaming interface *) if interface already exists when adding interface to group Patch attached with submission follows: Index: sys/net/if.c =================================================================== --- sys/net/if.c (revision 182679) +++ sys/net/if.c (working copy) @@ -828,6 +828,9 @@ groupname[strlen(groupname) - 1] <= '9') return (EINVAL); + if (ifunit(groupname) != NULL) + return (EEXIST); + IFNET_WLOCK(); TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) if (!strcmp(ifgl->ifgl_group->ifg_group, groupname)) { @@ -1560,6 +1563,7 @@ char new_name[IFNAMSIZ]; struct ifaddr *ifa; struct sockaddr_dl *sdl; + struct ifg_group *ifg = NULL; ifr = (struct ifreq *)data; switch (cmd) { @@ -1671,6 +1675,14 @@ return (EINVAL); if (ifunit(new_name) != NULL) return (EEXIST); + + IFNET_RLOCK(); + TAILQ_FOREACH(ifg, &V_ifg_head, ifg_next) + if (!strcmp(ifg->ifg_group, groupname)) + IFNET_RUNLOCK(); + return (EEXIST); + } + IFNET_RUNLOCK(); /* Announce the departure of the interface. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809021107.m82B7Qqq079011>