Re: Frequently crashing/hanging on FreeBSD 11

Tue, 22 Aug 2017 08:58:00 -0700 

> Am 13.07.2017 um 11:32 schrieb Axel Rau <axel....@chaos1.de>:
> 
> Hungs show all threads in select (TlsThread).
> We failed to get a backtrace via lldb on crash.
> 
> This happens with both release 3.2.0 and recent PGP sig patch from github.
> 
> The server is running in a FreeBSD jail in secure mode.

It seems that this FreeBSD security patch made the problem(s) happen less often 
(:

--- sys/kern/sys_socket.c.orig
+++ sys/kern/sys_socket.c
@@ -675,6 +675,7 @@
 {
        struct kaiocb *job;
 
+       CURVNET_SET(so->so_vnet);
        SOCKBUF_LOCK(sb);
        while (!TAILQ_EMPTY(&sb->sb_aiojobq) && soaio_ready(so, sb)) {
                job = TAILQ_FIRST(&sb->sb_aiojobq);
@@ -698,6 +699,7 @@
        ACCEPT_LOCK();
        SOCK_LOCK(so);
        sorele(so);
+       CURVNET_RESTORE();
 }
 
 void

vnet implements the network separation of jails.

Setting server-processes to 3 helped further to reduce the problem.

Axel

PS: 
=============================================================================
FreeBSD-EN-17:07.vnet                                           Errata Notice
                                                          The FreeBSD Project

Topic:          VNET kernel panic with asynchronous I/O

Category:       core
Module:         kernel
Announced:      2017-08-10
Credits:        Kristof Provost
Affects:        FreeBSD 11.0 and later.
Corrected:      2017-07-28 18:09:41 UTC (stable/11, 11.1-STABLE)
                2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1)
                2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

POSIX asynchronous I/O permits applications to request asynchronous
completion of I/O requests.  VNET permits systems to be configured
with multiple instances of the in-kernel network stack.

II.  Problem Description

The implementation of POSIX asynchronous I/O for sockets completes I/O
requests in a pool of dedicated worker threads.  The VNET feature requires
threads to explicitly select an active instance of the network stack before
performing network operations.  The function used to complete asynchronous
I/O requests was not setting a network stack instance before completing I/O
requests.

III. Impact

Using POSIX asynchronous I/O with sockets in a VNET-enabled kernel will
panic.

IV.  Workaround

No workaround is available, but systems that do not enable VNET via a
custom kernel are not affected.
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius

Reply via email to