From owner-freebsd-current@FreeBSD.ORG Thu Jan 9 15:07:22 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F285046A; Thu, 9 Jan 2014 15:07:21 +0000 (UTC) Received: from work.netasq.com (gwlille.netasq.com [91.212.116.1]) by mx1.freebsd.org (Postfix) with ESMTP id 556A71E3E; Thu, 9 Jan 2014 15:07:20 +0000 (UTC) Received: from work.netasq.com (localhost [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id 099F727052E8; Thu, 9 Jan 2014 16:07:13 +0100 (CET) Received: from pc-alex.localnet (unknown [10.2.0.1]) by work.netasq.com (Postfix) with ESMTP id C001A27052E0; Thu, 9 Jan 2014 16:07:12 +0100 (CET) From: Alexandre Martins To: freebsd-current@freebsd.org Subject: FreeBSD 10-RC4: Got crash in igb driver Date: Thu, 09 Jan 2014 16:06:09 +0100 Message-ID: <48005124.ny58tnLn4d@pc-alex> Organization: NETASQ User-Agent: KMail/4.10.5 (FreeBSD/9.2-RELEASE; KDE/4.10.5; amd64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1573738.aRmi9AzvI9"; micalg="sha1"; protocol="application/pkcs7-signature" Cc: jfv@freebsd.org, damien.deville@netasq.com, fabien.thomas@netasq.com X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 15:07:22 -0000 --nextPart1573738.aRmi9AzvI9 Content-Type: multipart/mixed; boundary="nextPart1535609.DhofbtuUmg" Content-Transfer-Encoding: 7Bit This is a multi-part message in MIME format. --nextPart1535609.DhofbtuUmg Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Dear, I experience some troubles with the igb device driver on FreeBSD 10-RC4. The kernel make a pagefault in the igb_tx_ctx_setup function when accessing to a IPv6 header. The network configuration is the following: - box acting as an IPv6 router - one interface with an IPv6 (igb0) - another interface with a vlan, and IPv6 on it (vlan0 on igb1) Vlan Hardware tagging is set on both interfaces. The packet that cause the crash come from igb0 and go to vlan0. After investigation, i see that the mbuf is split in two. The first one carry the ethernet header, the second, the IPv6 header and data payload. The split is due to the "m_copy" done in ip6_forward, that make the mbuf not writable and the "M_PREPEND" in ether_output that insert the new mbuf before the original one. The kernel crashes only if the newly allocated mbuf is at the end of a memory page, and no page is available after this one. So, it's extremly rare. I inserted a "KASSERT" into the function (see attached patch) to check this behavior, and it raises on every IPv6 forwarded packet to the vlan. The problem disapear if i remove hardware tagging. In the commit 256200, i see that pullups has been removed. May it be related ? Can you confirm the problem ? Best regards -- Alexandre Martins NETASQ -- We secure IT --nextPart1535609.DhofbtuUmg Content-Disposition: attachment; filename="bug.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="UTF-8"; name="bug.patch" --- sys/dev/e1000/if_igb.c.orig 2014-01-09 16:33:39.000000000 +0100 +++ sys/dev/e1000/if_igb.c 2014-01-09 16:36:31.000000000 +0100 @@ -3883,6 +3883,7 @@ type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_IPV4; break; case ETHERTYPE_IPV6: + KASSERT(ehdrlen + sizeof(struct ip6_hdr) <= mp->m_len, ("Ethernet and IPv6 header not contiguous")); ip6 = (struct ip6_hdr *)(mp->m_data + ehdrlen); ip_hlen = sizeof(struct ip6_hdr); /* XXX-BZ this will go badly in case of ext hdrs. */ --nextPart1535609.DhofbtuUmg-- --nextPart1573738.aRmi9AzvI9 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIErzCCBKsw ggOToAMCAQICCnDGsUgWa/KQbDQwDQYJKoZIhvcNAQEFBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYD VQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0g U2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MB4XDTEzMDIxNTE1NDk1N1oXDTE0MDIxNTE1NDk1N1owgdoxCzAJBgNVBAYT AkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMl TkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQDExFBbGV4YW5kcmUgTUFSVElOUzErMCkGCSqG SIb3DQEJARYcYWxleGFuZHJlLm1hcnRpbnNAbmV0YXNxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAL4/gp0+01ma1Hi1C9Zw7TY8nZPJTmB3HG5eX1e062tMm+0CrNcDwfMwmF8w g47zuFzkzTYy/d6/waoHbbCLsj1AM2kRQcWfuqglpgnSu7FdnIAE0dSAOS9Ni0uWDsFhRr3UUHq5 qnDzQXOrPXRMzMz1W8nqiyqXYfykrDrq0sjzaIj20BYA/6AlDSWs+XKid1EM3wOe40Kyl+1HWLsA MuY9CpQdAkQh4rJb6Sbgx57DXJ3INCSWjzZWYK0KAE0JF8XhP5zLGcvHI5Atm7gN8WiMZ+DFRM2z HIOlZ6zhp1VHSSbs+c64UJtGgt+cq7QvuyaIoqBP6rDHsLMPbjNR0w8CAwEAAaOBuTCBtjAdBgNV HQ4EFgQUyiEDfxLvYJqY+A8btt9sZFYPejYwHwYDVR0jBBgwFoAUJyrrHdlE2joXc2oJICDJJaj5 f7IwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCA+gwJwYDVR0RBCAwHoEcYWxleGFuZHJlLm1hcnRp bnNAbmV0YXNxLmNvbTARBglghkgBhvhCAQEEBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsG AQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQCaSZdSJKRujYP6KnfKcyYYlNNqRdIyQm16o4BIIeGG qxQGxAO/dzcQziNVQcE+G8RHTcuivayhOX/NRhIlYxyvTN+wWAbC5NQuul4eQzGrz4OxWfrfpm9S DnDbLfHf1qdjyvFkTM8Wgq21/oExphasFHdOxi/txN4099Be/BZpV8Fpqa0dKEirG2Wa3KfEn85A WaKnNs/k3x95gr/eeTt1NdlT7OqVYqnUdUlRmQVNvEi29wIQbfYi2WeZIGlpNh0PBthWdBaXzMKU U/pfjIzZhyP8E4ghUKz4uvmpA901Qj9LEhSYqOKWALRNOk/dCcNd0LV8S54te/vsFkDTHWvlMYIC UDCCAkwCAQEwgaAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxs ZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rp dml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgpwxrFIFmvykGw0 MAkGBSsOAwIaBQCggYcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN MTQwMTA5MTUwNjA5WjAjBgkqhkiG9w0BCQQxFgQUUQqZfEHLodZUaHhkio0QuKwS8gMwKAYJKoZI hvcNAQkPMRswGTALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDQYJKoZIhvcNAQEBBQAEgf8q0xlG VRGHNbkPjYAYbVoZ7MnpQCZW1oG33QKoRl7Wam5xkeXEEOn9gcnSk2Fdov7syUWXaEIQ1cZuA0Hf HW+zpx3M+PLaNZUTVRcJ4QhmyQHN3QW3EJud5J5jpJOQJyeYyz0r5ENYEnKTfsD5a2VVpmuerq6h tkqq2Ujm7ZWhHGNaUBk+Ht0IO4NysHKwZQERpYIWgtpUeqkPNitFe70Ddm3oxRRP8hk892tjj2tm j5gzbbOYFRVlpiCBsvYfg+MEE4D0raI50v7ZZmE2tPQHbg9btqKV8NcTXYBoagnAkA8yjjNYC5Ur sE00jVYT89UyOkJJAL4zpWspi+ZJj3oAAAAAAAA= --nextPart1573738.aRmi9AzvI9--