From owner-freebsd-pf@FreeBSD.ORG Tue Jul 17 22:04:44 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 73BD316A401 for ; Tue, 17 Jul 2007 22:04:44 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outG.internet-mail-service.net (outG.internet-mail-service.net [216.240.47.230]) by mx1.freebsd.org (Postfix) with ESMTP id 5943E13C461 for ; Tue, 17 Jul 2007 22:04:44 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 17 Jul 2007 14:52:06 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 45AB8125AE6; Tue, 17 Jul 2007 14:52:06 -0700 (PDT) Message-ID: <469D3A23.5000809@elischer.org> Date: Tue, 17 Jul 2007 14:52:35 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604) MIME-Version: 1.0 To: Max Laier References: <20070717131518.G1177@fledge.watson.org> <200707172342.39082.max@love2party.net> In-Reply-To: <200707172342.39082.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, Robert Watson , freebsd-pf@freebsd.org, freebsd-arch@freebsd.org Subject: Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2007 22:04:44 -0000 Max Laier wrote: > [ Excess CC-list ... testers needed!!! ] > > On Tuesday 17 July 2007, Robert Watson wrote: >> Dear all: >> >> This is a reminder e-mail that, in the very near future, Giant >> compatibility shims for network protocols will be removed. > > <...> > >> The *only* remaining case I am aware of where removing debug.mpsafenet >> presents an issue is credential-related firewall rules (uid, gid, >> jail). I'm am currently in an active e-mail discussion with the >> various firewall maintainers about how to address this issue; as the >> implementations of these rules violate the global lock order, deadlocks >> occur if debug.mpsafenet isn't set to 1, which causes Giant to act as a >> guard lock preventing parallel lock acquisition in the firewall. >> Hopefully we will have this resolved, in some form, soon. > > What we really need right now, is real understanding of the problem (if > there even is any). So we would like to ask everybody who is able to - > to stress test user/group rules (in pf) or uid/gid/jail rules (in ipfw) > with debug.mpsafenet=1 It is normal that (in an WITNESS enabled kernel) > you get a LOR similar to 14-17 and 32 from [1]. Everything different to > those should be reported. > > If you indeed get a deadlock, please let us know and provide as much > debugging information as you can. DDB's "ps", "show locks", "show > alllocks" would be perfect, but detailed information how to repeat would > be a good start to already. > > Thanks a lot! If you are unable to provoke a deadlock, please let us know > as well. Include a few setup details (ruleset, SMP, special sysctl > settings ...) so we can look for patterns. I've not seen a deadlock, only LOR warnings. > > [1] http://sources.zabbadoz.net/freebsd/lor.html >