From owner-freebsd-current@FreeBSD.ORG Sun May 14 15:25:22 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC91B16A4DB for ; Sun, 14 May 2006 15:25:22 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id EBA8743D55 for ; Sun, 14 May 2006 15:25:14 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 76056 invoked by uid 86); 14 May 2006 15:42:04 -0000 Received: from unknown (HELO ?127.0.0.1?) (204.112.0.37) by ems01.seccuris.com with SMTP; 14 May 2006 15:42:04 -0000 Message-ID: <44674BDA.7040300@FreeBSD.org> Date: Sun, 14 May 2006 10:25:14 -0500 From: "Christian S.J. Peron" User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) MIME-Version: 1.0 To: sekes References: <53cc795f0605131026n2d9a5776jd75630e3f9505e55@mail.gmail.com> <53cc795f0605131345t718d0ad7ia7792f2ed4446037@mail.gmail.com> <20060514062825.W54242@maildrop.int.zabbadoz.net> <53cc795f0605140348u769b6b0bkc62d28652b6b3ec3@mail.gmail.com> In-Reply-To: <53cc795f0605140348u769b6b0bkc62d28652b6b3ec3@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Bjoern A. Zeeb" , freebsd-current@freebsd.org Subject: Re: deadlock every 15-20 min X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2006 15:25:22 -0000 This is very similar to the UID/GID filtering problem. What appears to be happening is on the inbound path, we pickup the pfil lock and attempt to pickup the inp info lock, while on the outbound path, we hold the inp info lock across ip_output which will try to pickup the pfil lock. This problem is the result of a layering violation, in reality the firewall should not be picking up layer 4 related locks. Myself and a few others have been discussing this problem for quite some time now, and hopefully it won't be long before we can come up with a solution that will make everyone happy. For now, you should be able to set debug.mpsafenet to 0 which will re-enable Giant in the network stack, in theory preventing the deadlock. debug.mpsafenet=0 in your loader.conf Let me know if this helps sekes wrote: > On 5/14/06, Bjoern A. Zeeb wrote: >> >> On Sun, 14 May 2006, sekes wrote: >> >> > lock order reversal: >> > 1st 0xc2b8b090 inp (divinp) @ >> > /usr/src/sys/modules/ipdivert/../../netinet/ip_divert.c:336 >> > 2nd 0xc0a44db8 PFil hook read/write mutex (PFil hook read/write >> mutex) @ >> > /usr/src/sys/net/pfil.c:73 >> >> looks almost the same as LOR #181: >> http://sources.zabbadoz.net/freebsd/lor.html#181 >> but without the div_output(). >> >> -- >> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT >> > > yes, it is similar to my situation. may i know when it could be fixed? > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" > > -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer FreeBSD Security Team