Date: Wed, 1 Jul 2015 23:22:22 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Nikos Vassiliadis <nvass@gmx.com> Cc: freebsd-net@FreeBSD.org Subject: Re: [Bug 200210] adding vtnet to bridge results to kernel panic Message-ID: <E5D81802-10B6-43AB-81EE-FBCFEBDE52CA@FreeBSD.org> In-Reply-To: <55941147.7040601@gmx.com> References: <bug-200210-2472@https.bugs.freebsd.org/bugzilla/> <bug-200210-2472-8d8NU2b3tN@https.bugs.freebsd.org/bugzilla/> <55941147.7040601@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Done in r285016. Regards, Kristof > On 01 Jul 2015, at 18:11, Nikos Vassiliadis <nvass@gmx.com> wrote: >=20 > Hi Kristof, >=20 > Thanks for fixing this! Could you MFC the fix? >=20 > On 06/13/15 22:39, bugzilla-noreply@freebsd.org wrote: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200210 >>=20 >> --- Comment #1 from commit-hook@freebsd.org --- >> A commit references this bug: >>=20 >> Author: kp >> Date: Sat Jun 13 19:39:22 UTC 2015 >> New revision: 284348 >> URL: https://svnweb.freebsd.org/changeset/base/284348 >>=20 >> Log: >> Fix panic when adding vtnet interfaces to a bridge >>=20 >> vtnet interfaces are always in promiscuous mode (at least if the >> VIRTIO_NET_F_CTRL_RX feature is not negotiated with the host). = if_promisc() >> on >> a vtnet interface returned ENOTSUP although it has IFF_PROMISC set. = This >> confused the bridge code. Instead we now accept all enable/disable >> promiscuous >> commands (and always keep IFF_PROMISC set). >>=20 >> There are also two issues with the if_bridge error handling. >>=20 >> If if_promisc() fails it uses bridge_delete_member() to clean up. = This tries >> to >> disable promiscuous mode on the interface. That runs into an = assert, because >> promiscuous mode was never set in the first place. (That's the = panic reported >> in >> PR 200210.) >> We can only unset promiscuous mode if the interface actually is = promiscuous. >> This goes against the reference counting done by if_promisc(), but = only the >> first/last if_promic() calls can actually fail, so this is safe. >>=20 >> A second issue is a double free of bif. It's already freed by >> bridge_delete_member(). >>=20 >> PR: 200210 >> Differential Revision: https://reviews.freebsd.org/D2804 >> Reviewed by: philip (mentor) >>=20 >> Changes: >> head/sys/dev/virtio/network/if_vtnet.c >> head/sys/net/if_bridge.c >>=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E5D81802-10B6-43AB-81EE-FBCFEBDE52CA>