Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 Sep 2008 22:33:58 +0200
From:      Stefan Ehmann <shoesoft@gmx.net>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: ipfw: LOR/panic with uid rules
Message-ID:  <200809262233.59216.shoesoft@gmx.net>
In-Reply-To: <alpine.BSF.1.10.0809261913560.91429@fledge.watson.org>
References:  <200809231851.42849.shoesoft@gmx.net> <200809260408.35831.shoesoft@gmx.net> <alpine.BSF.1.10.0809261913560.91429@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday 26 September 2008 20:17:10 Robert Watson wrote:
> On Fri, 26 Sep 2008, Stefan Ehmann wrote:
> > lock order reversal:
> >
> > 1st 0xc4c9ee94 tcp_sc_head (tcp_sc_head) @
> > /usr/src/sys/kern/kern_mutex.c:137
> >
> > 2nd 0xc0e59fd8 PFil hook read/write mutex (PFil hook read/write mutex) @
> > /usr/src/sys/net/pfil.c:74
...
> I believe this is an accepted LOR to do with using an rwlock in this way in
> pfil.
>
> > #10 0xc07eccd6 in _rw_rlock (rw=0xc0e5acec, file=0xc103ceed
> > "/usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c", line=2020) at
> > /usr/src/sys/kern/kern_rwlock.c:283
> >
> > #11 0xc103b92a in ipfw_chk (args=0xc47328a8) at
> > /usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2020
>
> This surprises me -- can in principle we've passed down 'inp' so there
> should be no need to look it up.  In higher frames, 'inp' is definitely
> non-NULL, so what happened here?  Could you print out the values of the
> local variables in the check_uidgid() frame?  Especially, 'inp' and
> 'lookup'?
Something seems to be broken or I'm doing something wrong. I can't access the 
locals:

(kgdb) fr 11
#11 0xc103b92a in ipfw_chk (args=0xc47328a8)
    at /usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2020
2020                    INP_INFO_RLOCK(pi);
(kgdb) p inp
No symbol "inp" in current context.
(kgdb) p lookup
$1 = {int (struct nameidata *)} 0xc086acb0 <lookup>
(kgdb) p pi
No symbol "pi" in current context.


> > #12 0xc103c4c8 in ipfw_check_out (arg=0x0, m0=0xc47329cc, ifp=0xc4b0a000,
> > dir=2, inp=0xc50fe420) at
> > /usr/src/sys/modules/ipfw/../../netinet/ip_fw_pfil.c:253
>
> See non-NULL inp here.

-- 
Stefan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809262233.59216.shoesoft>