From owner-freebsd-net@freebsd.org  Tue Jul  4 18:23:54 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF696D978BD
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue,  4 Jul 2017 18:23:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id ADC0F837D3
 for <freebsd-net@FreeBSD.org>; Tue,  4 Jul 2017 18:23:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v64INsuL061266
 for <freebsd-net@FreeBSD.org>; Tue, 4 Jul 2017 18:23:54 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 220358] panic in tcp_lro_flush_all
Date: Tue, 04 Jul 2017 18:23:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: regression
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-220358-2472-cJp55Lj8yP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-220358-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-220358-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 18:23:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220358

--- Comment #22 from commit-hook@freebsd.org ---
A commit references this bug:

Author: hselasky
Date: Tue Jul  4 18:23:18 UTC 2017
New revision: 320652
URL: https://svnweb.freebsd.org/changeset/base/320652

Log:
  After r319722 two fields were left uninitialized when transforming a
  socket structure into a listening socket. This resulted in an invalid
  instruction fault for all 32-bit platforms.

  When INVARIANTS is set the union where the two uninitialized fields
  reside gets properly zeroed. This patch ensures the two uninitialized
  fields are zeroed when INVARIANTS is undefined.

  For 64-bit platforms this issue was not visible because so->sol_upcall
  which is uninitialized overlaps with so->so_rcv.sb_state which is
  already zero during soalloc();

  For 32-bit platforms this issue was visible and resulted in an invalid
  instruction fault, because so->sol_upcall overlaps with
  so->so_rcv.sb_sel which is always initialized to a valid data pointer
  during soalloc().

  Verifying the offset locations mentioned above are identical is left
  as an exercise to the reader.

  PR: 220452
  PR: 220358
  Reviewed by:  ae (network), gallatin
  Differential Revision:        https://reviews.freebsd.org/D11475
  Sponsored by: Mellanox Technologies

Changes:
  head/sys/kern/uipc_socket.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=