kern/189219: using dummynet on sparc64 and configuring a pipe is an insta-panic

[David Cross]

>Number:         189219
>Category:       kern
>Synopsis:       using dummynet on sparc64 and configuring a pipe is an 
>insta-panic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 02 05:50:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     David Cross
>Release:        10.0
>Organization:
>Environment:
FreeBSD REDACTED 10.0-RELEASE FreeBSD 10.0-RELEASE #1: Sat Apr 26 00:00:39 EDT 
2014     root@REDACTED:/usr/obj/usr/src/sys/GWSPARC  sparc64
>Description:
enabling ipfw with dummynet and running ipfw pipe 1 config bw 100mbit panics 
the machine on an unaligned memory access
>How-To-Repeat:
spar64 machine + ipfw + dummynet, then run:
ipfw pipe 1 config bw 100mbit
>Fix:
A bit of a kludge, basically creates a new structure in memory to force align 
it, and then copies it all over (after verifying length)

--- src/sys/netpfil/ipfw/ip_dummynet.c.orig     2014-05-02 01:36:59.000000000 
-0400
+++ src/sys/netpfil/ipfw/ip_dummynet.c  2014-05-02 01:35:58.000000000 -0400
@@ -1210,15 +1210,18 @@
  * configure a link (and its FIFO instance)
  */
 static int
-config_link(struct dn_link *p, struct dn_id *arg)
+config_link(struct dn_link *op, struct dn_id *arg)
 {
+       struct dn_link np;
        int i;
 
-       if (p->oid.len != sizeof(*p)) {
-               D("invalid pipe len %d", p->oid.len);
+       bcopy(&(op->oid.len), &(np.oid.len), sizeof(np.oid.len));
+       if (np.oid.len != sizeof(np)) {
+               D("invalid pipe len %d", np.oid.len);
                return EINVAL;
        }
-       i = p->link_nr;
+       bcopy(op, &np, sizeof(np));
+       i = np.link_nr;
        if (i <= 0 || i >= DN_MAX_ID)
                return EINVAL;
        /*
@@ -1228,9 +1231,9 @@
         * qsize = slots/bytes
         * burst ???
         */
-       p->delay = (p->delay * hz) / 1000;
+       np.delay = (np.delay * hz) / 1000;
        /* Scale burst size: bytes -> bits * hz */
-       p->burst *= 8 * hz;
+       np.burst *= 8 * hz;
 
        DN_BH_WLOCK();
        /* do it twice, base link and FIFO link */
@@ -1247,15 +1250,15 @@
                s->profile = NULL;
            }
            /* copy all parameters */
-           s->link.oid = p->oid;
+           s->link.oid = np.oid;
            s->link.link_nr = i;
-           s->link.delay = p->delay;
-           if (s->link.bandwidth != p->bandwidth) {
+           s->link.delay = np.delay;
+           if (s->link.bandwidth != np.bandwidth) {
                /* XXX bandwidth changes, need to update red params */
-           s->link.bandwidth = p->bandwidth;
+           s->link.bandwidth = np.bandwidth;
                update_red(s);
            }
-           s->link.burst = p->burst;
+           s->link.burst = np.burst;
            schk_reset_credit(s);
        }
        dn_cfg.id++;


>Release-Note:
>Audit-Trail:
>Unformatted:
 >panic<
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"