From owner-freebsd-bugs@FreeBSD.ORG Tue Mar 21 03:39:25 2006 Return-Path: X-Original-To: freebsd-bugs@freebsd.org Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ECAF16A41F for ; Tue, 21 Mar 2006 03:39:25 +0000 (UTC) (envelope-from zhouyi04@ios.cn) Received: from abyss.iscas.cn (abyss.iscas.cn [159.226.5.55]) by mx1.FreeBSD.org (Postfix) with SMTP id 5B7E743D62 for ; Tue, 21 Mar 2006 03:39:09 +0000 (GMT) (envelope-from zhouyi04@ios.cn) Received: (qmail 16710 invoked by uid 502); 21 Mar 2006 03:22:29 -0000 Received: from zhouyi04@ios.cn by abyss.iscas.cn by uid 0 with qmail-scanner-1.22 (hbedv: 6.24.0.7/6.24.0.69. spamassassin: 2.63. Clear:RC:0(159.226.5.225):SA:0(-99.1/9.0):. Processed in 0.294855 secs); 21 Mar 2006 03:22:29 -0000 Received: from unknown (HELO zzy.H.qngy.gscas) (zhouyi04@159.226.5.225) by abyss.iscas.cn with SMTP; 21 Mar 2006 03:22:29 -0000 Date: Tue, 21 Mar 2006 11:36:25 +0800 From: zhouyi zhou To: freebsd-bugs@freebsd.org Message-Id: <20060321113625.7550a6e3.zhouyi04@ios.cn> Organization: Institute of Software X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on abyss.iscas.cn X-Spam-Status: No, hits=-99.1 required=9.0 tests=FROM_ENDS_IN_NUMS, USER_IN_WHITELIST autolearn=no version=2.63 X-Spam-Level: Subject: Resolving FreeBSD MAC Framework and IPSEC confliction X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 03:39:25 -0000 High, every one FreeBSD release 5.4 to 6.0 exists serious bugs, when IPSEC and MAC configured togethor (the system will crash). The reason is follows: 277 m_move_pkthdr(struct mbuf *to, struct mbuf *from) 278 { 279 280 #if 0 281 /* see below for why these are not enabled */ 282 M_ASSERTPKTHDR(to); 283 /* Note: with MAC, this may not be a good assertion. */ 284 KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags), 285 ("m_move_pkthdr: to has tags")); 286 #endif 287 #ifdef MAC 288 /* 289 * XXXMAC: It could be this should also occur for non-MAC? 290 */ 291 if (to->m_flags & M_PKTHDR) 292 m_tag_delete_chain(to, NULL); 293 #endif 294 to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT); 295 if ((to->m_flags & M_EXT) == 0) 296 to->m_data = to->m_pktdat; 297 to->m_pkthdr = from->m_pkthdr; /* especially tags */ 298 SLIST_INIT(&from->m_pkthdr.tags); /* purge tags from src */ 299 from->m_flags &= ~M_PKTHDR; 300 } What if on line 292, the mbufs to and from point to the same tag list? The method to resolve: 1ˇ˘simply comments out line 292 2ˇ˘compare if mbufs to and from point to the same tag list Sincerely yours Zhouyi Zhou Ma Yong Wu Xinsong Institute of Software Chinese Academy of Sciences