Page MenuHomeFreeBSD

[netgraph/epoch] fix panic on usage of ipfw ng node
AbandonedPublic

Authored by mizhka on Jan 13 2020, 6:04 PM.

Details

Reviewers
glebius
donner
Summary

Hi,

I use vnet jails with local NAT via ng_ipfw and ng_nat. After Oct'19 it starts panic due to lack of init/deinit of epoch in ng_ipfw code.

Here is panic stack trace:

(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:392
#2  0xffffffff804a04ab in db_dump (dummy=<optimized out>,
    dummy2=<optimized out>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:575
#3  0xffffffff804a025f in db_command (last_cmdp=<optimized out>,
    cmd_table=<optimized out>, dopager=1) at /usr/src/sys/ddb/db_command.c:482
#4  0xffffffff8049ffd4 in db_command_loop ()
    at /usr/src/sys/ddb/db_command.c:535
#5  0xffffffff804a328f in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/src/sys/ddb/db_main.c:252
#6  0xffffffff80c1ee9c in kdb_trap (type=3, code=0, tf=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:691
#7  0xffffffff8106ee8a in trap (frame=0xfffffe00b28e0890)
    at /usr/src/sys/amd64/amd64/trap.c:585
#8  <signal handler called>
#9  kdb_enter (why=0xffffffff811fa9cb "panic", msg=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:478
#10 0xffffffff80bd2cba in vpanic (fmt=<optimized out>, ap=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:897
#11 0xffffffff80bd2a33 in panic (
    fmt=0xffffffff81c78a48 <cnputs_mtx> "\360\365\033\201\377\377\377\377")
    at /usr/src/sys/kern/kern_shutdown.c:835
#12 0xffffffff80d774e0 in ip_input (m=0xfffff8002d5ef200)
    at /usr/src/sys/netinet/ip_input.c:460
#13 0xffffffff839d22d4 in ng_ipfw_rcvdata (hook=<optimized out>,
    item=<optimized out>) at /usr/src/sys/netgraph/ng_ipfw.c:257
#14 0xffffffff8302e993 in ng_apply_item (node=<optimized out>,
    item=0xfffff8013c3e4180, rw=0) at /usr/src/sys/netgraph/ng_base.c:2403
#15 0xffffffff83031d2a in ngthread (arg=<optimized out>)
    at /usr/src/sys/netgraph/ng_base.c:3434
#16 0xffffffff80b90774 in fork_exit (callout=0xffffffff83031b30 <ngthread>,
    arg=0x0, frame=0xfffffe00b28e0c00) at /usr/src/sys/kern/kern_fork.c:1059
#17 <signal handler called>
(kgdb)
Test Plan

This patch is trivial and solved issue at least for me.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

The structure of the whole function bugs me.
I'd expect a large switch(ip->ip_v) with thee cases: v4, v6 and default.
In each of the cases, I'd expect a

switch (ip->ip_v) {
case IPVERSION:
   NET_EPOCH_ENTER(et);
   if (r->info & IPFW_INFO_IN)
     ip_input(ip);
  else
     ret = ip_output(ip);
  NET_EPOCH_EXIT(et);
  return ret;

I'd prefer an accept from somebody more involved.

This revision is now accepted and ready to land.Jan 14 2020, 9:15 PM
glebius requested changes to this revision.Jan 15 2020, 3:00 AM

Sorry, that's my failure. The patch is wrong though. We should run all netgraph in epoch.

This revision now requires changes to proceed.Jan 15 2020, 3:00 AM

Sorry, that's my failure. The patch is wrong though. We should run all netgraph in epoch.

Ah, the big picture. Thank you.