Date: Sat, 24 Jul 1999 01:29:05 +0300 From: Maxim Sobolev <sobomax@altavista.net> To: current@freebsd.org, brian@freebsd.org Subject: [Fwd: Tun interface related panic] Message-ID: <3798ECB1.2AE159E2@altavista.net>
next in thread | raw e-mail | index | archive | help
Hi folks,
It seems that in some specific conditions user level ppp (PPP Version
2.22 - $Date: 1999/06/23 16:48:19 $) trying to incorrectly write to the
tun device causing a panic if revision prior to 1.61 (current) or
1.51.2.1 (stable) of if_tun.c is used. In this tun revisions some belts
against this undesirable behavior has been introduced, but all oldest
kernels are potentially affected. In my conditions this was a 100%
reproducible crash (now it is less harmful - just a message like "Error:
ip_Input: deflink: wrote 0, got Input/output error" in the ppp log) but
someone using oldest kernel with this revision of ppp can got his
machine crashed. Following our last mailing related to this bug (it was
in the -stable list because I discovered this panic on my -stable box).
For more info look for the subject in the -stable list or contact me by
e-mail.
-Maxim
Alfred Perlstein wrote:
> On Fri, 23 Jul 1999, Maxim Sobolev wrote:
>
> > Alfred Perlstein wrote:
> >
> > > [Piece of debug print skipped....]
> > > oops, ok, I wasn't clear, I need to know the contents of the structs
> > > that those pointers point to, try this:
> > >
> > > print *uio
> > > print *top
> > > print **mp
> > >
> > > in, the meanwhile, try this patch:
> > >
> > > cvs diff: Diffing .
> > > Index: if_tun.c
> > > ===================================================================
> > > RCS file: /home/ncvs/src/sys/net/if_tun.c,v
> > > retrieving revision 1.51
> > > diff -u -r1.51 if_tun.c
> > > --- if_tun.c 1999/01/17 20:53:47 1.51
> > > +++ if_tun.c 1999/07/23 20:42:34
> > > @@ -521,7 +521,7 @@
> > >
> > > TUNDEBUG("%s%d: tunwrite\n", ifp->if_name, ifp->if_unit);
> > >
> > > - if (uio->uio_resid < 0 || uio->uio_resid > TUNMRU) {
> > > + if (uio->uio_resid <= 0 || uio->uio_resid > TUNMRU) {
> > > TUNDEBUG("%s%d: len=%d!\n", ifp->if_name, ifp->if_unit,
> > > uio->uio_resid);
> > > return EIO;
> > >
> > > please please tell me if it works for you so I can file a proper PR.
> >
> > Yeah! It works! It seems that I'm the one who have detected this problem because
> > I'm using latest ppp snapshot instead of standard one. I just tested ppp from
> > -stable and discovered that it doesn't make this panic (version of libalias doesn't
> > matter though). However it would be great if you can commit this patch because new
> > version of ppp have some really nice features on which I rely hardly. This also
> > rising a question to the Brian Somers or any other who can look and find what is
> > wrong with the current ppp (PPP Version 2.22 - $Date: 1999/06/23 16:48:19 $).
> > Anyway, to have some belts in the kernel should not make any harm. Following is the
> > ppp output which probably before your patch would kill my box (I never seen this
> > message before - so to speak..):
> >
> > TCP/IP: IN UDP: 208.147.89.229:18422 ---> 192.168.1.1:7070
> > Error: ip_Input: deflink: wrote 0, got Input/output error
>
> I don't work on ppp, you should be sure Brian is notified of this problem.
> I appreciate your help in tracking this down, the patch has been put into
> -stable and -current for it.
>
> >
> > If you still want to see prints, you can see it at the end of this message.
> > (kgdb) up
> > #5 0xc01630f9 in tunwrite (dev=13312, uio=0xc2d15f14, flag=1)
> > at ../../net/if_tun.c:559
> > 559 top->m_pkthdr.len = tlen;
> > (kgdb) print *uio
> > $1 = {uio_iov = 0xc2d15f0c, uio_iovcnt = 1, uio_offset = 38962, uio_resid = 0,
> > uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_procp = 0xc2cc32e0}
> > (kgdb) print *top
> > Cannot access memory at address 0x0.
> > (kgdb) print **mp
>
> perfect, they were extremely helpful in tracking down this problem, I
> assumed that uio->res_id was zero ( it was the only thing that made sense)
> however I just needed to verify.
>
> >
> > In the case if my assistance in debugging ppp will be necessary please let me know.
>
> Talk to Brian.
>
> hrm, also can you fix your mailer to wrap at 70 chars?
>
> -Alfred
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3798ECB1.2AE159E2>