Date: Sat, 25 Aug 2018 00:47:59 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Matthew Macy" <mmacy@freebsd.org> Cc: "Shawn Webb" <shawn.webb@hardenedbsd.org>, freebsd-current@freebsd.org Subject: Re: ifnet use after free Message-ID: <7A724399-B264-41A9-B85F-A49D3B0B4730@FreeBSD.org> In-Reply-To: <CAPrugNqiX5udzOchu=yBAEEqnkK-LAZZhTW4poen13Gguc1Xng@mail.gmail.com> References: <20180824221955.7hkftov25otk6bjc@mutt-hbsd> <CAPrugNqiX5udzOchu=yBAEEqnkK-LAZZhTW4poen13Gguc1Xng@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Aug 2018, at 0:26, Matthew Macy wrote: > On Fri, Aug 24, 2018 at 15:25 Shawn Webb <shawn.webb@hardenedbsd.org> > wrote: > >> Hey All, >> >> Somewhere in the last month or so, a use after free was introduced. I >> don't have the time right now to bisect the commits and figure out >> which commit introduced the breakage. Attached is the core.txt (which >> seems nonsensical because the dump is reporting on a different >> thread). If the core.txt gets scrubbed, I've posted it here: >> https://gist.github.com/796ea88cec19a1fd2a85f4913482286a >> > > Do you have any guidance on how to reproduce? The hardenedbsd rev > isn’t > useful - the svn commit that it’s based against is what is needed. > For what it’s worth, it’s not a hardenedbsd thing. I’ve been chasing the same one (same offset, same allocation size, same most recent user). Something gets set to zero/NULL. 8 bytes on amd64, so presumably a pointer. I currently only trigger it on a development branch, but I’ll see if I can clean that up into something I can share tomorrow. In my test scenario it happens after shutdown of a vnet jail with a few interfaces in it (including a pfsync interface which will disappear with the jail), and new jails are started. It’s pretty reliable. At a guess something’s wrong with the delayed cleanup of ifnets and vnet shutdown. Regards, Kristof From owner-freebsd-current@freebsd.org Fri Aug 24 23:07:37 2018 Return-Path: <owner-freebsd-current@freebsd.org> Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14DFB1096DB8; Fri, 24 Aug 2018 23:07:37 +0000 (UTC) (envelope-from gurenchan@gmail.com) Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A4997B967; Fri, 24 Aug 2018 23:07:36 +0000 (UTC) (envelope-from gurenchan@gmail.com) Received: by mail-io0-x230.google.com with SMTP id y12-v6so8393836ioj.13; Fri, 24 Aug 2018 16:07:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1Q+cZBmamAqw2iXZXTEVQQt7zvDkozLQHEc3H/sgujo=; b=A+BukvShRLJs3dvh1hLPLEITXMk0KQJ4TA91LTMlyl4By3Q0rxglQ0lgKV6WJsMCY5 s5H1D+ZnBarY9regso4fkq15X7WqcX+yFSr91YyodbeEkjt3iOZWZrHKS5D/z6OieNBb xE7kdWoQoEUUlvzqimXNCRdTeUOdBPNg0excAt3wKD1Tn20yGknUIQkW1IMKHJmnlzMy L7vifjaAkDBVFERjd2kJ7DKUBIj645K+pCsoAGYA64aKPtGeyIV9KhegJmcI1RBm0Jm5 HyYyVUz45jTy3z+pVrXqc3JRb1SyOmV3wMBW7ZRQrreFwM/Z+BKB9vWVWGriBCws3QLg SZJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1Q+cZBmamAqw2iXZXTEVQQt7zvDkozLQHEc3H/sgujo=; b=Lb1rX3SbkQ8TK2FkCPICog2C8jU18gVl1zDQHfG1Z3hWEROWfGnq+ZD4/dC3e9/Bol trJPe9sU1oFurZDto+QuqdSbZolYYiQNcgAtEIk/5h4Hs6NWN5XKliAUtHJWH6Jzzokh M6SL6Fqk2geronyGrvD+y2ipOevFmFqSGuUOwuTY1fzeO8EFpOYKgisgWVOwJNxYxJxb rLddbyeoFLM+J2iMjrz2Djut3LP6kiF7cayqaqBkkw8oWYbMNdohThO44a9pvI+rs3V5 CYvXhnspuHBWIlrqnb7qPt0YE2H0xWh3665+ZdOcNxPGwtsZn+yOYHK1GRy68N8slfmL Xlpg== X-Gm-Message-State: APzg51AjFC/9pXMCRy1uMpN33wbrXCIw8u5OTWnt173VtKaOY23/WkZb 6/TddITT3pqcxrp1uCCMnITromjhB2ke98YqrL8= X-Google-Smtp-Source: ANB0VdaOKLtvJS6FVDBBeIdQpZAWgt/7gLzxm9fp89XX6QGyE6Fc1/S61QTcywTe9Cv8bS2OG7KaMWFBf2cKKtEdklU= X-Received: by 2002:a5e:890c:: with SMTP id k12-v6mr2780762ioj.136.1535152055929; Fri, 24 Aug 2018 16:07:35 -0700 (PDT) MIME-Version: 1.0 References: <CAPrugNr9wN63ANjTYzyrHRegr9KTk_OSTLfrt+hktCnfKX=_mg@mail.gmail.com> <20180824215302.ivfna55jtrtc5trg@freebsd480.station> <CAPrugNqV6k2QTuiLerAKLB_hV1hkZNi4MLNqKU7MtVnMhMfPQw@mail.gmail.com> <CANCZdfp2rf=5e-qTV=-4yFrLPugn0UhtYovXdesJWbRWAjdGTg@mail.gmail.com> In-Reply-To: <CANCZdfp2rf=5e-qTV=-4yFrLPugn0UhtYovXdesJWbRWAjdGTg@mail.gmail.com> From: blubee blubeeme <gurenchan@gmail.com> Date: Sat, 25 Aug 2018 07:07:24 +0800 Message-ID: <CALM2mEmJVqfeERTL4AWw7cY3YfPUY6TFw==1hzBqsDJNDde_Uw@mail.gmail.com> Subject: Re: drm / drm2 removal in 12 To: Warner Losh <imp@bsdimp.com> Cc: mmacy@freebsd.org, aliovx@gmail.com, FreeBSD current <freebsd-current@freebsd.org>, freebsd-stable@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>; List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 24 Aug 2018 23:07:37 -0000 On Sat, Aug 25, 2018 at 6:26 AM Warner Losh <imp@bsdimp.com> wrote: > On Fri, Aug 24, 2018 at 4:20 PM Matthew Macy <mmacy@freebsd.org> wrote: > > > On Fri, Aug 24, 2018 at 14:53 Ali <aliovx@gmail.com> wrote: > > > > > On Tue, Aug 21, 2018 at 06:54:54PM -0700, Matthew Macy wrote: > > > > Just in case anyone misses the change to UPDATING: > > > > > > > > 20180821: > > > > drm and drm2 have been removed. Users on powerpc, 32-bit > > > hardware, > > > > or with GPUs predating Radeon and i915 will need to install > the > > > > graphics/drm-legacy-kmod. All other users should be able to > use > > > > one of the LinuxKPI-based ports: graphics/drm-stable-kmod, > > > > graphics/drm-next-kmod, graphics/drm-devel-kmod. > > > > Note that this applies only to 12. > > > > > > I see that The removal of drm and drm2 has been reverted on svn. Coul= d > > > you please kindly share the reasons behind the re-inclusion? > > > > > > > > > I can=E2=80=99t really give the blow by blow of internal project drama,= but the > > gist of it is that =E2=80=9Cbest practices=E2=80=9D (which are not yet = actually > documented > > anywhere that I=E2=80=99ve seen) were not followed with regards to the > deprecation > > process. Warner and others believe that we can address the objectives o= f > > the drm removal (improving the user experience and communicating that > > drm/drm2 are _completely_ unsupported apart from continuing to compile) > > through less disruptive means. > > > > Just so. > > Our only continued frustration is that we were never given any guidance b= y > > RE or core on said =E2=80=9Cbest practices=E2=80=9D when the discussion= was taking place > in > > May and then those groups behaved as if this were a surprise when the > > removal happened. I=E2=80=99m cautiously optimistic that this well expe= dite > > improving communications on those matters. > > > > All the problems that are exposed by this aren't technical. This one is > social, but no less important. > > Warner > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org= " > I've been watching this debacle for quite some time now and I'd just like to ask why the rush? The graphics team is working very hard to destroy the stability of FreeBSD just so that they can force their uncooked work down users throats. The Linuxkpi is unstable at best, alpha level software that's constantly in need of someone to go and fix something on FreeBSD because Linux devs decided to make some changes or implement a new feature. This project: https://wiki.freebsd.org/Use%20linuxkpi%20in%20DRM Goals - Move DRM headers to a similar location as Linux - Use kmalloc() instead of malloc(9) - Use kref - Use idr and get rid of drm_gem_names.c - Use PCI API - Use Linux locking primitives is garbage, if you want to use develop Linux code and use Linux then go do that on Linux. Are these guys insane and please avoid the nonsense about you're doing this in your spare time. If you cannot devote the resources to do something right then don't do it at all. Keep that stuff in to yourself or anyone crazy enough to follow those steps to get it up and running, you guys cannot expect to contaminate the entire FreeBSD project for this mess. This is nonsense and I hope that more people who see it as such would say so and stop having these guys forcing this crap; it's maintenance hell who will maintain it if they decide to leave? Best, Owen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7A724399-B264-41A9-B85F-A49D3B0B4730>