ipfw: LOR/panic with uid rules
Ben Kaduk
minimarmot at gmail.com
Tue Sep 23 18:47:17 UTC 2008
On Tue, Sep 23, 2008 at 12:51 PM, Stefan Ehmann <shoesoft at gmx.net> wrote:
> Hello,
>
> Also posted about this problem recently in stable at . But got no replies there.
> So I tried on a recent CURRENT but the problem persists:
>
> ipfw rules using uid are causing a deadlock.
> eg. allow ip from any to any uid root
> A simple HTTP fetch triggers this problem nearly instantly.
>
> For me, this problem existed in 6.x with PREEMPTION enabled. It was fixed in
> 7.0. But in RELENG_7 and head it's back. This is a single processor i386
> machine.
>
I don't think this was ever guaranteed to work. See this post by
Robert Watson to freebsd-hackers:
http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/025930.html
Perhaps the biggest problem is that there's a stack-layering violation inherent
in this sort of rule; Robert's message has more detail.
Nonetheless, it might be interesting if you had the time to track down
a particular set of changes that caused the problem to return.
-Ben Kaduk
More information about the freebsd-current
mailing list