On Sat, Dec 04, 2021 at 10:41:02AM +0100, Hrvoje Popovski wrote:
> r620-2# uvm_fault(0xffffffff8229d4e0, 0x137, 0, 2) -> e
> kernel: page fault trap, code=0
> Stopped at      ipsp_spd_lookup+0xa2f:  movq    %rax,0(%rcx)
>     TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
>  419237  67407      0     0x14000      0x200    0  softnet
> *157694  94649      0     0x14000      0x200    2K softnet
> ipsp_spd_lookup(fffffd80a4139800,2,14,2,0,0,5b815d966b14b44b,fffffd80a4139800)
> at ipsp_spd_lookup+0xa2f

Thanks a lot for the test.  It crashes here:

/home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:414
     cdc:       48 03 0a                add    (%rdx),%rcx
*    cdf:       48 89 01                mov    %rax,(%rcx)
     ce2:       49 8b 80 30 01 00 00    mov    0x130(%r8),%rax
     ce9:       49 8b 88 38 01 00 00    mov    0x138(%r8),%rcx
     cf0:       48 89 01                mov    %rax,(%rcx)
     cf3:       49 c7 80 38 01 00 00    movq   $0xffffffffffffffff,0x138(%r8)
     cfa:       ff ff ff ff 
     cfe:       49 c7 80 30 01 00 00    movq   $0xffffffffffffffff,0x130(%r8)
     d05:       ff ff ff ff 
/home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:416

  nomatchout:
                        /* Cached TDB was not good. */
*                       TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
                            ipo_tdb_next);
                        tdb_unref(ipo->ipo_tdb);
                        ipo->ipo_tdb = NULL;
                        ipo->ipo_last_searched = 0;

So mvs@'s concerns are correct, my IPsec workaround is not sufficient.
I want to avoid another rwlock in the input path.  Maybe I can throw
some mutexes into IPsec to make it work.

bluhm

> ip_output_ipsec_lookup(fffffd80a4139800,14,0,ffff800022c60228,0) at
> ip_output_ipsec_lookup+0x4c
> ip_output(fffffd80a4139800,0,ffff800022c603e8,1,0,0,3ada3367ffb43fe1) at
> ip_output+0x39d
> ip_forward(fffffd80a4139800,ffff800000087048,fffffd8394511078,0) at
> ip_forward+0x26a
> ip_input_if(ffff800022c60528,ffff800022c60534,4,0,ffff800000087048) at
> ip_input_if+0x353
> ipv4_input(ffff800000087048,fffffd80a4139800) at ipv4_input+0x39
> ether_input(ffff800000087048,fffffd80a4139800) at ether_input+0x3aa
> if_input_process(ffff800000087048,ffff800022c60618) at if_input_process+0x92
> ifiq_process(ffff800000087458) at ifiq_process+0x69
> taskq_thread(ffff80000002f080) at taskq_thread+0x81
> end trace frame: 0x0, count: 5

Reply via email to