[SOLVED] 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication

2020-12-01 Thread Michael Grimm 
Hi,

I finally managed to solve this issue: the MTU of all bridged network 
interfaces had to be reduced from 1500 down to 1490. (The external interface 
was on 1490 already.)

I still don't understand why these patches of commit 367740 could cause this, 
and I do not have the knowledge to understand it.

Anyway, I just wanted to let you know.

Regards,
Michael


> On 22. Nov 2020, at 14:37, Michael Grimm  wrote:
> 
> Hi,
> 
> I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot 
> IMAP and a recent postfix SMTP server. Authentication is forced via TLS/SSL 
> for both services (ports 587 and 993). Setup is as follows:
> 
>   extIF0/pf/NAT <—> epairXa (bridge0) epairXb <-> jail
> 
> A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6 
> (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients 
> running at macOS 10.15.7 (Catalina). Strange.
> 
> Findings at macOS 10.14.6 (examplified for IMAP):
> 
> 1)mac$ nc -4vw 1 mail.xyz.zzz 993
>   found 0 associations
>   found 1 connections:
>   1:  flags=82
>   outif en0
>   src 1.2.3.4 port 49583
>   dst 11.22.33.44 port 993
>   rank info not available
>   TCP aux info available
> 
>   Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded!
> 
> 2)mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug
>   CONNECTED(0005)
>   write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes => 200 (0xC8))
>    - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 ...2 
>   0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90   ..`8.4.p……v.
>   0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30   
> .7.7.po..`.0
>   0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39   
> .,.(.$...k.9
>   0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d   ….
>   0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23   
> .=.5./.+.'.#
>   0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c   
> ...g.3...E..
>   0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04   .<./...A……..
>   0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00   ….
>   0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d   .6..
>   00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01   .#……….
>   00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed   ….
>   00c0 - 03 01 03 03 02 01 02 03-  
> 
>   hanging at that stage forever 
>   (and client complaining of its inability to authenticate and reports 
> timeout after 60 seconds)
> 
> 
> I did identify commit 367740 being responsible for that:
> 
>   mike>   svn up -r 367740
>   Updating '.':
>   Usys/netinet/ip_fastfwd.c
>   Usys/netinet/ip_input.c
>   Usys/netinet/ip_var.h
>U   .
>   Updated to revision 367740.
> 
> 
> Any Ideas, especially why clients at different OS behave different?
> 
> FYI: I do have no access to AVM's push service, and very limited access to 
> the macOS 10.14.6 computer.
> 
> Thanks in advance and with kind regards,
> Michael
> 
> P.S. How may I update a local svn copy and simultaneously omit commit 367740 
> from being applied, or how may I revert commit 367740, only?
> 
> 
> ___
> freebsd-...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

r360843 leads to kernel crash...

2020-12-01 Thread Alexandre Snarskii 


Hi!

Long story short: looks like r360843 can lead to kernel panic at disk
initialization in 11.4-STABLE (12-STABLE shall be affected too, however,
this is not tested). 

Long story longer: after routine upgrade from 11.2-STABLE to 11.4-STABLE,
host panics during disc initialization. Hardware: Dell R530, onboard
PERC adapter with two drives exported to system as JBOD / SYSPD:

mfi0 Adapter:
Product Name: PERC H730 Mini
   Serial Number: 83M024U
Firmware: 25.5.5.0005

mfi0 Configuration: 0 arrays, 0 volumes, 0 spares

mfi0 Physical Drives:
 0 (  447G) JBOD  SATA E1:S0
 1 (  447G) JBOD  SATA E1:S1

(zfs mirror is no worse than perc one).

=== console log starts (a bit garbled by other devices init) 
mfisyspd0 numa-domain 0 on mfi0
mfisyspd0: 457862MB (937703088 sectors) SYSPD volume (deviceid: 0)
mfisyspd0:  SYSPD volume attached
mfi0: DJA NA XXX SYSPDIO


ses0 at ahciem0 bus 0 scbus4 target 0 lun 0
Fatal trap 12: page fault while in kernel mode
uhub0: ses0:  SEMB S-E-S 2.00 device
ses0: SEMB SES Device
cpuid = 18;  on usbus0
apic id = 18
ses1 at ahciem1 bus 0 scbus11 target 0 lun 0
ses1: uhub1:  on usbus1
fault virtual address   = 0x0
 SEMB S-E-S 2.00 device
ses1: SEMB SES Device
fault code  = supervisor read data, page not present
instruction pointer = 0x20:0x803daacb
pass1 at ahcich9 bus 0 scbus10 target 0 lun 0
pass1:  Removable CD-ROM SCSI device
stack pointer   = 0x28:0xfe07c2f457f0
frame pointer   = 0x28:0xfe07c2f45820
pass1: Serial Number JD6H1PLC0084O50KOA00
pass1: 150.000MB/s transfers (SATA 1.x, UDMA6, ATAPI 12bytes, PIO 8192bytes)
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
ses1: pass1 in 'Slot 05', SATA Slot: scbus10 target 0
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 13 (g_down)
trap number = 12
panic: page fault
cpuid = 18
KDB: stack backtrace:
#0 0x805e5a45 at kdb_backtrace+0x65
#1 0x8059fd7e at vpanic+0x15e
#2 0x8059fc13 at panic+0x43
#3 0x80861515 at trap_fatal+0x365
#4 0x80861569 at trap_pfault+0x49
#5 0x80860c1e at trap+0x27e
#6 0x808427af at calltrap+0x8
#7 0x803d39f8 at mfi_send_frame+0x28
#8 0x803d395f at mfi_data_cb+0x2bf
#9 0x805de0be at bus_dmamap_load_bio+0xae
#10 0x803d351e at mfi_mapcmd+0xae
#11 0x803d292b at mfi_startio+0xeb
#12 0x803d8a39 at mfi_syspd_strategy+0x99
#13 0x804f8c99 at g_disk_start+0x369
#14 0x804fc3c3 at g_io_schedule_down+0x173
#15 0x804fcc5c at g_down_procbody+0x6c
#16 0x8056b0de at fork_exit+0x7e
#17 0x808437ce at fork_trampoline+0xe
Uptime: 1s
= console log ends 

this line from log

mfi0: DJA NA XXX SYSPDIO

suggests that instead of proceeding to initializing req_desc (line :
https://svnweb.freebsd.org/base/stable/11/sys/dev/mfi/mfi_tbolt.c?revision=360843=markup#l1110)
code just prints this message and continues to MFI_WRITE (line 1141) with
req_desc initialized to NULL (line 1093).

Manual rollback of mentioned patch leads to following warning
during compilation:

cc -target x86_64-unknown-freebsd11.4 --sysroot=/usr/obj/usr/src/tmp 
-B/usr/obj/usr/src/tmp/usr/bin -c -O2 -pipe -fno-strict-aliasing  -g -nostdinc  
-I. -I/usr/src/sys -I/usr/src/sys/contrib/libfdt -D_KERNEL 
-DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h  -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer -MD  -MF.depend.mfi_tbolt.o -MTmfi_tbolt.o 
-mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float  
-fno-asynchronous-unwind-tables -ffreestanding -fwrapv -fstack-protector 
-gdwarf-2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef 
-Wno-pointer-sign -D__printf__=__freebsd_kprintf__ -Wmissing-include-dirs 
-fdiagnostics-show-option -Wno-unknown-pragmas -Wno-error-tautological-compare 
-Wno-error-empty-body -Wno-error-parentheses-equality 
-Wno-error-unused-function -Wno-error-pointer-sign 
-Wno-error-shift-negative-value -Wno-address-of-packed-member  -mno-aes 
-mno-avx  -std=iso9899:1999 -Werror  /us
 r/src/sys/dev/mfi/mfi_tbolt.c
/usr/src/sys/dev/mfi/mfi_tbolt.c:1110:22: warning: overlapping comparisons
  always evaluate to true [-Wtautological-overlap-compare]
if (cdb[0] != 0x28 || cdb[0] != 0x2A) {
~~~^
1 warning generated.

however, system boots and works just fine (all variands of cdb[0] now
translated to correct req_desc).

Attempt to return error in case of cdb[0] in 0x28/0x2A leads to numerous
read errors in console log and inability to boot (geom thinks that gpart
is broken, zfs is unable to find pool), so this is not the option:

[..]
mfisyspd0 numa-domain 0 on mfi0
mfisyspd0: 457862MB (937703088 sectors)