Date: Wed, 4 Jan 2006 16:40:50 +0300 (MSK) From: Alex Semenyaka <alex@semenyaka.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/91307: Spoil struct ifnet content in fwip initializing Message-ID: <200601041340.k04DeofX008913@snark.rinet.ru> Resent-Message-ID: <200601041350.k04Do3p1019024@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91307 >Category: kern >Synopsis: Spoil struct ifnet content in fwip initializing >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 04 13:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Alex Semenyaka >Release: FreeBSD 4.10-STABLE i386 >Organization: private >Environment: System: FreeBSD snark.rinet.ru 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Nov 26 21:44:43 MSK 2005 root@snark.rinet.ru:/usr/obj/usr/src/sys/SNARK amd64 >Description: During the initializing of fwip interface structure fw_com should be filled up with the proper values. The reference to that structure is kept in the structure ifnet. Unfortunatelly in the if_fwsubr.c instead of taking the reference to struct fw_com, the struct ifnet itself is used (with the proper type reduction though). To do it the macro IFP2FC() is used (instead of right macro IFP2FWC()). The IFP2FWC is defined globally (while IFP2FC is defined only in if_fwsubr.c, where it is used). On the i386 boxes the problem hides since the overwriten memory is not used in the output. But on amd64 box (due to different size of structures fields) the interface name becomes overwritten, so from 'fwip0' it changes to 'f^@ip0' (here ^@ is the character NUL) - couple of lines go with the name 'fwip0' while then name becomes 'f^@ip0'. But since illegal operation does occur on i386 boxes as well it may be a cause of different unclear problems. >How-To-Repeat: 1) Install FreeBSD on amd64 box. 2) Load fwip as the kernel module (or put it into the kernel config, recompile kernel and reboot) 3) Observe broken interface name in the kernel output to console. >Fix: Apply the patch below --- if_fwsubr.c.orig Sun Nov 27 14:52:01 2005 +++ if_fwsubr.c Sun Nov 27 15:45:15 2005 @@ -62,8 +62,6 @@ #include <netinet6/nd6.h> #endif -#define IFP2FC(IFP) ((struct fw_com *)IFP) - MALLOC_DEFINE(M_FWCOM, "fw_com", "firewire interface internals"); struct fw_hwaddr firewire_broadcastaddr = { @@ -79,7 +77,7 @@ firewire_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt0) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); int error, type; struct rtentry *rt = NULL; struct m_tag *mtag; @@ -499,7 +497,7 @@ void firewire_input(struct ifnet *ifp, struct mbuf *m, uint16_t src) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); union fw_encap *enc; int type, isr; @@ -667,7 +665,7 @@ struct sockaddr *sa; sa = (struct sockaddr *) & ifr->ifr_data; - bcopy(&IFP2FC(ifp)->fc_hwaddr, + bcopy(&IFP2FWC(ifp)->fc_hwaddr, (caddr_t) sa->sa_data, sizeof(struct fw_hwaddr)); } break; @@ -747,7 +745,7 @@ void firewire_ifattach(struct ifnet *ifp, struct fw_hwaddr *llc) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); struct ifaddr *ifa; struct sockaddr_dl *sdl; static const char* speeds[] = { @@ -794,7 +792,7 @@ void firewire_busreset(struct ifnet *ifp) { - struct fw_com *fc = IFP2FC(ifp); + struct fw_com *fc = IFP2FWC(ifp); struct fw_reass *r; struct mbuf *m; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601041340.k04DeofX008913>