Date: Sat, 10 Jul 2021 10:23:04 +0200 From: Stefan Esser <se@freebsd.org> To: Karl Denninger <karl@denninger.net>, stable@freebsd.org Subject: Re: 12.2 Splay Tree ipfw potential panic source Message-ID: <dde6a01e-c41f-19be-593c-246eef11ea3b@freebsd.org> In-Reply-To: <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net> References: <2e3dcd4d-c8e6-8381-0010-d0844c99901e@denninger.net> <20210708221134.GA32658@belenus.iks-jena.de> <a6a9c220-fee6-a0ea-7721-f88ff865a6a8@denninger.net> <CAFMmRNy9K-1mTDoqQhgdChWV5f_n4QhNesz%2B6xWywn_TQ43xng@mail.gmail.com> <ca5beb7c-db38-1d3c-0f3c-b1b6a12c311e@denninger.net> <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL
Content-Type: multipart/mixed; boundary="AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE";
protected-headers="v1"
From: Stefan Esser <se@freebsd.org>
To: Karl Denninger <karl@denninger.net>, stable@freebsd.org
Message-ID: <dde6a01e-c41f-19be-593c-246eef11ea3b@freebsd.org>
Subject: Re: 12.2 Splay Tree ipfw potential panic source
References: <2e3dcd4d-c8e6-8381-0010-d0844c99901e@denninger.net>
<20210708221134.GA32658@belenus.iks-jena.de>
<a6a9c220-fee6-a0ea-7721-f88ff865a6a8@denninger.net>
<CAFMmRNy9K-1mTDoqQhgdChWV5f_n4QhNesz+6xWywn_TQ43xng@mail.gmail.com>
<ca5beb7c-db38-1d3c-0f3c-b1b6a12c311e@denninger.net>
<7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
In-Reply-To: <7bfda38b-cf81-d8be-7691-e18946e6b56e@denninger.net>
--AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Am 10.07.21 um 04:41 schrieb Karl Denninger:
> Ok, so I have good news and bad news.
>=20
> I have the trap and it is definitely in libalias which appears to come =
about as
> a result of a NAT translation attempt.
>=20
> Fatal trap 18: integer divide fault while in kernel mode
[...]
> HouseKeeping() at HouseKeeping+0x1c/frame 0xfffffe0017b6b320
The divide by zero at one of the first instructions of HouseKeeping()
seems to be caused by this line:
/sys/netinet/libalias/alias_db.c:1753:
if (packets % packet_limit =3D=3D 0) {
Seems that packet_limit can become zero, there ...
At line 1780 within that function:
if (now !=3D LibAliasTime) {
/* retry three times a second */
packet_limit =3D packets / 3;
packets =3D 0;
LibAliasTime =3D now;
}
The static variable packet limit is divided by 3 without any
protection against going down to 0.
A packet_limit of zero makes no sense (besides causing a divide
by zero abort), therefore this value should probably have a lower
limit of 1.
Maybe that
packet_limit =3D packets / 3 + 1;
would give an acceptably close result in all cases.
Else enforce a minimum value of 1 after the division:
packet_limit =3D packets / 3;
if (packet_limit =3D=3D 0)
packet_limit =3D 1;
Or just:
packet_limit =3D packets >=3D 3 ? packets / 3 : 1=
;
Regards, STefan
--AfG0Ry9dlrnkfcr2T0uWIqA9mHH9XwLIE--
--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmDpWOgFAwAAAAAACgkQR+u171r99UTn
dwf/eBtEoBpv7yvsRGzHt6RL61JMIwlqxXOKltE6oaTGKSezGeWRga3IT2KS6g0ghuivvX4XR78I
3tPKWG+n1ylC+tkEkKbC0Aijilg2gy7rr1bM3GINbNL2U9cKTEIDVWqQWCUs+H44aA+jw9nqKhWe
UtKBO0GyoCFcSC22I0T27JmTT41icIeWSO34aQgRcoLeB8k+gk9Fz0ngGnqUuBuF40UuMOoRxAwr
8u539r6y1FvtnJ+s0vEZNXVvBYL61OPdDatEo1hh+956lAmCno993TSYJ2CXqlX/q199wXzmA8tn
p7Sgf/ejqCibbt4ML3cs1USvP8USHrW6ZYhRHTM+wQ==
=sO1Z
-----END PGP SIGNATURE-----
--W1eXtNstIDZ7j46JgX9A1af8FiCTdxjuL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dde6a01e-c41f-19be-593c-246eef11ea3b>