From owner-freebsd-stable@FreeBSD.ORG  Mon Sep 29 20:07:53 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 37BE9106568D
	for <stable@FreeBSD.org>; Mon, 29 Sep 2008 20:07:53 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 1064D8FC25
	for <stable@FreeBSD.org>; Mon, 29 Sep 2008 20:07:53 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTP id A0D4D46B53
	for <stable@FreeBSD.org>; Mon, 29 Sep 2008 16:07:52 -0400 (EDT)
Date: Mon, 29 Sep 2008 21:07:52 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: stable@FreeBSD.org
In-Reply-To: <alpine.BSF.1.10.0809272306300.20117@fledge.watson.org>
Message-ID: <alpine.BSF.1.10.0809292105400.24341@fledge.watson.org>
References: <alpine.BSF.1.10.0809272306300.20117@fledge.watson.org>
User-Agent: Alpine 1.10 (BSF 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: 
Subject: ipfw uid rules now believed fixed (was: Re: Warning: known
 instability using ipfw "uid" rules)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2008 20:07:53 -0000


On Sat, 27 Sep 2008, Robert Watson wrote:

> An FYI: In the past couple of days, presumably as testing of 7.x becomes 
> more widespread, I've seen several reports of instability resulting from 
> ipfw credential rules.  For those unfamiliar with them, these allow the 
> matching of packets in ipfw rules based on the credentials of the socket 
> that generated them, or the credentials of the socket that likely will 
> receive them.
>
> These problems are a side effect of elimating support for lock recursion on 
> inpcbinfo locks as part of the UDP performance optimization work for 7.1. 
> There are two minor TCP fixes, and a more serious ipfw bug fix, in the queue 
> to be MFC'd in the next couple of days.  Once they're fixed, please make 
> sure any further problems with deadlocks or panics involving ipfw rules are 
> brought to my attention.

I've now MFC'd two fixes to TCP and one fix to IPFW that appear to have 
resolved known reports of panics or deadlocks with ipfw uid/gid/jail rules. 
If you are a user of uid/gid/jail rules and have been experiencing stability 
problems, please let me know if they persist (or if you want, let me know that 
they are resolved).  If you're someone generally interested in testing out 
7.1, more testing of this feature would, of course, be welcome.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge