From nobody Fri Dec 10 12:33:43 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1FD4618D32DC for ; Fri, 10 Dec 2021 12:33:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J9Vgq6bGVz3vXX for ; Fri, 10 Dec 2021 12:33:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6733D1A7CA for ; Fri, 10 Dec 2021 12:33:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1BACXhMp050695 for ; Fri, 10 Dec 2021 12:33:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1BACXhGo050694 for net@FreeBSD.org; Fri, 10 Dec 2021 12:33:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver Date: Fri, 10 Dec 2021 12:33:43 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.2-RELEASE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: avg@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639139624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Oq4KlU3qXPdAHdq8+YX61+pW9h76rvl5d2Is2a+hfQ8=; b=umzVcL0tT1IpJWcU65SG8mybCbsE5gRQoEHSwb52pdZszvapX+vINKx+hSaXSPT+pauqUZ vEKFQ+QJPuNJN2mq/cxcxfpYrJwYOFl5c+NS2GmAUeasvjt3dKIi1LrILw9bFsauhczjI3 Wlls+lsEJL8aG7qawUaMqba6rAJpju42blHmPoJS4Est4rwqGszHp3J7s02hZs90l4KWsm e2ueZPQkGoD8TtbTmgjeT8Owo5rtH2aJRamfVBQStjns8wz/x041gxVbadreVPIElASbvw v4sB/UCqQKYgVIgQcxi8UBitCoBvn0Kv0fbg4q4D4NP/zzhDsqC6WNMuGqU+iQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639139624; a=rsa-sha256; cv=none; b=eAZzlAVYpo7oiz+z3F5vp7Ku6RfvSKq5rT4dKRiqq4WbcWY6CQa85ZAKrgvGBGuLXgr1Kh mnTvnoIDd3D8PspELaxmz9qw8XBqB3aRip7rrelOhd90QvN9s0sq0+S2ITcAUfeFJfHYSv BReMA5qXlSoFlNzNpFip0ezrnVAZrBZCsgT7YUaeB4l4R11xxIkoWBW2HENYEZHGBrvKKL e1eFbsa+zMqvOAFynCYLG1TJ1Iiht/v8acWPFZOXJJi/yISQUW0oEXiQwzfnjR26kjho9p Cqm+9xXOEUd9Wmot59x6DnWWllrxWEgBxKwsVC0UtNi8jlvnA4tiTL/L8pecfw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259458 --- Comment #21 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D5f24d2a82c1fa6555e550dcda99d0c1aa= e1e44b3 commit 5f24d2a82c1fa6555e550dcda99d0c1aae1e44b3 Author: Andriy Gapon AuthorDate: 2021-11-19 07:56:30 +0000 Commit: Andriy Gapon CommitDate: 2021-12-10 12:32:37 +0000 iflib_stop: drain rx tasks to prevent any data races iflib_stop modifies iflib data structures that are used by _task_fn_rx, most prominently the free lists. So, iflib_stop has to ensure that the rx task threads are not active. This should help to fix a crash seen when iflib_if_ioctl (e.g., SIOCSIFCAP) is called while there is already traffic flowing. The crash has been seen on VMWare guests with vmxnet3 driver. My guess is that on physical hardware the couple of 1ms delays that iflib_stop has after disabling interrupts are enough for the queued work to be completed before any iflib state is touched. But on busy hypervisors the guests might not get enough CPU time to complete the work, thus there can be a race between the taskqueue threads and the work done to handle an ioctl, specifically in iflib_stop and iflib_init_locked. PR: 259458 (cherry picked from commit 1bfdb812c786ac2607a82633f9c84a5d16f54079) sys/net/iflib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=