kern/160541: [vimage][pf][patch] panic: userret: Returning on td
0xxxxxxxxx (pid xxxx, pftop) with vnet 0xxxxxxxxx set in pfioctl
Nikos Vassiliadis
nvass at gmx.com
Wed Sep 7 14:20:06 UTC 2011
>Number: 160541
>Category: kern
>Synopsis: [vimage][pf][patch] panic: userret: Returning on td 0xxxxxxxxx (pid xxxx, pftop) with vnet 0xxxxxxxxx set in pfioctl
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 07 14:20:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Nikos Vassiliadis
>Release: 9.0-CURRENT
>Organization:
>Environment:
FreeBSD lab.local 9.0-BETA2 FreeBSD 9.0-BETA2 #81 r225405M: Wed Sep 7 13:23:11 EEST 2011 root at lab.local:/usr/obj/usr/src/sys/LAB i386
>Description:
A VIMAGE kernel panics when certain pf IOCTLs are used. The
panic is triggered by pftop for example.
Unread portion of the kernel message buffer:
panic: userret: Returning on td 0xc3a0e2e0 (pid 1311, pftop) with vnet 0xc35a9000 set in pfioctl
cpuid = 0
KDB: enter: panic
Physical memory: 491 MB
Dumping 55 MB: 40 24 8
>How-To-Repeat:
build a VIMAGE kernel
build pftop port
kldload pf
run pftop and cycle through the views
the kernel will panic
>Fix:
For certain IOCTLs, CURVNET_RESTORE() is not called
upon return from pfioctl():/sys/contrib/pf/net/pf_ioctl.c
Patch attached with submission follows:
Index: sys/contrib/pf/net/pf_ioctl.c
===================================================================
--- sys/contrib/pf/net/pf_ioctl.c (revision 225405)
+++ sys/contrib/pf/net/pf_ioctl.c (working copy)
@@ -1517,9 +1517,11 @@
if (((struct pfioc_table *)addr)->pfrio_flags &
PFR_FLAG_DUMMY)
break; /* dummy operation ok */
- return (EPERM);
+ error = EPERM;
+ goto notpermitted;
default:
- return (EPERM);
+ error = EPERM;
+ goto notpermitted;
}
if (!(flags & FWRITE))
@@ -1564,14 +1566,18 @@
flags |= FWRITE; /* need write lock for dummy */
break; /* dummy operation ok */
}
- return (EACCES);
+ error = EACCES;
+ goto notpermitted;
case DIOCGETRULE:
if (((struct pfioc_rule *)addr)->action ==
- PF_GET_CLR_CNTR)
- return (EACCES);
+ PF_GET_CLR_CNTR) {
+ error = EACCES;
+ goto notpermitted;
+ }
break;
default:
- return (EACCES);
+ error = EACCES;
+ goto notpermitted;
}
if (flags & FWRITE)
@@ -3909,6 +3915,8 @@
rw_exit_read(&pf_consistency_lock);
#endif
+notpermitted:
+ /* EPERM and EACCES jump here */
CURVNET_RESTORE();
return (error);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list