fixes for ipfw and pf lock ordering issues

Max Laier max at love2party.net
Tue Sep 28 17:56:15 PDT 2004 

On Tuesday 28 September 2004 20:01, Wiktor Niesiobedzki wrote:
> On Fri, Sep 24, 2004 at 10:37:54PM +0000, Christian S.J. Peron wrote:
> > Good day folks, we need some beta testers
>
> Hi, as an author of LOR reports I feel obliged to test this patch. I was
> running it for a 2 days and intended to report, that for me everything
> works ok, when an panic occured. Regretably, I do not have actual panic
> message, but the trace looks as follows:
> pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at
> pf_socket_lookup+0x22
> pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648
> pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d
> pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d
> pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at
> pfil_run_hooks+0xeb ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630
> tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed
> tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3
> tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39
> ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0
> netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at
> netisr_processqueu
> e+0x8e
> swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9
> ithread_loop(c10de480,cbb24d48,c05f990f,31f,1000000) at ithread_loop+0x172
> fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0x1, eip = 0, esp = 0xcbb24d7c, ebp = 0 ---
> db>
>
> db> show locks
> exclusive sleep mutex inp (tcpinp) r = 0 (0xc1527630) locked @
> /usr/src/sys/neti
> net/tcp_input.c:737
> exclusive sleep mutex tcp r = 0 (0xc066de6c) locked @
> /usr/src/sys/netinet/tcp_i
> nput.c:611
> db>
>
> (gdb) l *pf_socket_lookup+0x22
> 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414).
> 2409    #endif
> 2410            struct inpcb            *inp;
> 2411
> 2412    #ifdef __FreeBSD__
> 2413            if (inp_arg != NULL) {
> 2414                    *uid = inp_arg->inp_socket->so_cred->cr_uid;
> 2415                    *gid = inp_arg->inp_socket->so_cred->cr_groups[0];
> 2416                    return (1);
> 2417            }
> 2418    #endif

This should read:

>         *uid = UID_MAX;
>         *gid = GID_MAX;
> #ifdef __FreeBSD__
>         if (inp_arg != NULL) {
>                 if (inp_arg->inp_socket) {
>                         *uid = inp_arg->inp_socket->so_cred->cr_uid;
>                         *gid = inp_arg->inp_socket->so_cred->cr_groups[0];
>                         return (1);
>                 } else
>                         return (0);
>         }
> #endif

now. Thanks for testing, I will post an updated patch the other day.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040929/17d75e8f/attachment.bin

More information about the freebsd-ipfw mailing list