Date: Mon, 10 Apr 2017 16:19:37 +0200 From: peter.blok@bsd4all.org To: Ernie Luzar <luzar722@gmail.com> Cc: Pavel Timofeev <timp87@gmail.com>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-current <freebsd-current@freebsd.org> Subject: Re: VNET branch destiny Message-ID: <75BD8407-83AC-4383-912A-70083CED3FFD@bsd4all.org> In-Reply-To: <58EB8D98.5050904@gmail.com> References: <CAAoTqfuAvZfoC-j8JFTvrpxqFMM5DjxyDXgMhMZLj3DO2pCYTw@mail.gmail.com> <0136F3BE-4B47-4677-8D81-3FE0F5E67E79@lists.zabbadoz.net> <CAAoTqfvJ013NTQB75JeVCysfk-xk-hac-f73gXfvCt5bBo_QXA@mail.gmail.com> <CAAoTqfuQXvKAQNOwshY5mkt0dG7Z1jKC6Aae9TF4hum1aUrJsA@mail.gmail.com> <24B3E322-5B92-470D-A1D6-10DF8EF79490@bsd4all.org> <58EB8D98.5050904@gmail.com>
index | next in thread | previous in thread | raw e-mail
Well, in my case it panic’ed on 11-stable. I’m only using pf on the host, not in the jail. I’m using Devin Teske’s jng to create a netgraph bridge. It is my intention to use the netgrpah bridge with bhyve as well.
The panic (one-time) happened in pfioctl when I refreshed the rules. I suspect the problem is related to the following message when I stop the jail.
kernel: Freed UMA keg (pf table entries) was not empty (32 items). Lost -57 pages of memory.
Current does not display the UMA message. I’m still narrowing down what happens with the pf table entries. My suspicion is that the netgraph bridge which creates a ng_ether device which is handed over to the jail vnet, is causing this.
The panic happened on LIST_REMOVE in keg_fetch_slab
static uma_slab_t
keg_fetch_slab(uma_keg_t keg, uma_zone_t zone, int flags)
{
uma_slab_t slab;
int reserve;
mtx_assert(&keg->uk_lock, MA_OWNED);
slab = NULL;
reserve = 0;
if ((flags & M_USE_RESERVE) == 0)
reserve = keg->uk_reserve;
for (;;) {
/*
* Find a slab with some space. Prefer slabs that are partially
* used over those that are totally full. This helps to reduce
* fragmentation.
*/
if (keg->uk_free > reserve) {
if (!LIST_EMPTY(&keg->uk_part_slab)) {
slab = LIST_FIRST(&keg->uk_part_slab);
} else {
slab = LIST_FIRST(&keg->uk_free_slab);
LIST_REMOVE(slab, us_link);
LIST_INSERT_HEAD(&keg->uk_part_slab, slab,
us_link);
}
MPASS(slab->us_keg == keg);
return (slab);
}
KDB: stack backtrace:
#0 0xffffffff805df0e7 at kdb_backtrace+0x67
#1 0xffffffff8059d176 at vpanic+0x186
#2 0xffffffff8059cfe3 at panic+0x43
#3 0xffffffff808ebaa2 at trap_fatal+0x322
#4 0xffffffff808ebaf9 at trap_pfault+0x49
#5 0xffffffff808eb336 at trap+0x286
#6 0xffffffff808d1441 at calltrap+0x8
#7 0xffffffff808a871e at zone_fetch_slab+0x6e
#8 0xffffffff808a87cd at zone_import+0x4d
#9 0xffffffff808a4fc9 at uma_zalloc_arg+0x529
#10 0xffffffff80803214 at pfr_ina_define+0x584
#11 0xffffffff807f0734 at pfioctl+0x3364
#12 0xffffffff80469288 at devfs_ioctl_f+0x128
#13 0xffffffff805fa925 at kern_ioctl+0x255
#14 0xffffffff805fa65f at sys_ioctl+0x16f
#15 0xffffffff808ec604 at amd64_syscall+0x6c4
#16 0xffffffff808d172b at Xfast_syscall+0xfb
The panic is so far not reproducible.
> On 10 Apr 2017, at 15:50, Ernie Luzar <luzar722@gmail.com> wrote:
>
> peter.blok@bsd4all.org wrote:
>> There have been issues with pf if I recall correctly. I currently have issues with stable, pf and vnet. There is an issue with pf table entries when an interface is moved to a different vnet.
>> Does anyone no if there is a specific fix for this that hasn’t been ported to stable? I haven’t had the time to test this on current.
>> Peter
>
> PF was fixed in 11.0 to not panic when run on a host that has vimage compiled into the kernel. On 11.0 you can configure pf to run in a vnet jail but it really does not enforce any firewall rules because pf needs access to the kernel which jail(8) is blocking by design. As far as I know this is a show shopper that can not be fixed without a pf rewrite changing the way it works internally.
>
> This PR gives all the details
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212013
>
>
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75BD8407-83AC-4383-912A-70083CED3FFD>