169565 – [patch] emulators/virtualbox-ose-kmod vboxnetadp kernel panic on unload

Bug 169565 - [patch] emulators/virtualbox-ose-kmod vboxnetadp kernel panic on unload

Summary: [patch] emulators/virtualbox-ose-kmod vboxnetadp kernel panic on unload

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Virtualbox Team (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-30 10:40 UTC by Thomas Eberhardt
Modified:	2012-07-25 20:21 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Eberhardt 2012-06-30 10:40:10 UTC

I'm getting consistent kernel panics on unload of vboxnetadp. Started at around beginning of May 2012.

Fix: 

Looking at patch-src-VBox-HostDrivers-VBoxNetAdp-freebsd-VBoxNetAdp-freebsd.c in the port, i found something fishy:

@@ -286,7 +304,9 @@ void vboxNetAdpOsDestroy(PVBOXNETADP pTh
 {
     struct ifnet *ifp;
 
+    VBOXCURVNET_SET(ifp->if_vnet);
     ifp = pThis->u.s.ifp;
     ether_ifdetach(ifp);
     if_free(ifp);
+    VBOXCURVNET_RESTORE();
 }

looks like ifp is being used uninitialized. I changed this part of the patch to:

@@ -286,7 +304,8 @@ void vboxNetAdpOsDestroy(PVBOXNETADP pTh
 {
-    struct ifnet *ifp;
+    struct ifnet *ifp = pThis->u.s.ifp;

-    ifp = pThis->u.s.ifp;
+    VBOXCURVNET_SET(ifp->if_vnet);
     ether_ifdetach(ifp);
     if_free(ifp);
+    VBOXCURVNET_RESTORE();
 }

After this change the kernel panics stopped.
How-To-Repeat: kldload vboxnetadp
kldunload vboxnetadp

Comment 1 Edwin Groothuis freebsd_committer

2012-06-30 10:40:20 UTC

Responsible Changed
From-To: freebsd-ports-bugs->vbox

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 Thomas Eberhardt 2012-07-02 11:43:15 UTC

(I wasn't getting any e-mail followups about my bug report. Just read =
about it in the mailing list
archives)

I'm placing the patch in the public domain (i hope that is the correct =
phrase, since
i have no clue about IP laws. Otherwise just send it upstream under the =
MIT License).

Stack trace from my serial console:

Fatal trap 12: page fault while in kernel mode
cpuid =3D 3; apic id =3D 03
fault virtual address	=3D 0x12
fault code		=3D supervisor read data, page not present
instruction pointer	=3D 0x20:0xffffffff81220394
stack pointer	        =3D 0x28:0xffffff868631a870
frame pointer	        =3D 0x28:0xffffff868631a8a0
code segment		=3D base rx0, limit 0xfffff, type 0x1b
			=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	=3D interrupt enabled, resume, IOPL =3D 0
current process		=3D 2202 (kldunload)
trap number		=3D 12
panic: page fault
cpuid =3D 3
KDB: stack backtrace:
#0 0xffffffff805397c6 at kdb_backtrace+0x66
#1 0xffffffff8050391d at panic+0x1cd
#2 0xffffffff807818e0 at trap_fatal+0x290
#3 0xffffffff80781c1d at trap_pfault+0x1ed
#4 0xffffffff8078223e at trap+0x3ce
#5 0xffffffff8076c7cf at calltrap+0x8
#6 0xffffffff8122067d at vboxNetAdpDestroy+0x2d
#7 0xffffffff812206cc at vboxNetAdpShutdown+0x1c
#8 0xffffffff81220093 at VBoxNetAdpFreeBSDModuleEvent+0x63
#9 0xffffffff804f08e9 at module_unload+0x49
#10 0xffffffff804e78c8 at linker_file_unload+0x178
#11 0xffffffff804e84da at kern_kldunload+0x11a
#12 0xffffffff80781186 at amd64_syscall+0x546
#13 0xffffffff8076cab7 at Xfast_syscall+0xf7

Comment 3 Thomas Eberhardt 2012-07-03 18:53:37 UTC

sorry forgot to cc freebsd-port-bugs. i posted a followup to the bug report.

Comment 4 dfilter service freebsd_committer

2012-07-25 20:16:02 UTC

Author: decke
Date: Wed Jul 25 19:15:14 2012
New Revision: 301528
URL: http://svn.freebsd.org/changeset/ports/301528

Log:
  - Fix panic at unload of vboxnetadp
  - Bump PORTREVISION
  
  PR:		ports/169565
  Submitted by:	Thomas Eberhardt <sneakywumpus@googlemail.com>
  Obtained from:	virtualbox r41199

Modified:
  head/emulators/virtualbox-ose-kmod/Makefile   (contents, props changed)
  head/emulators/virtualbox-ose-kmod/files/patch-src-VBox-HostDrivers-VBoxNetAdp-freebsd-VBoxNetAdp-freebsd.c   (contents, props changed)

Modified: head/emulators/virtualbox-ose-kmod/Makefile
==============================================================================
--- head/emulators/virtualbox-ose-kmod/Makefile	Wed Jul 25 19:12:39 2012	(r301527)
+++ head/emulators/virtualbox-ose-kmod/Makefile	Wed Jul 25 19:15:14 2012	(r301528)
@@ -7,6 +7,7 @@
 
 PORTNAME=	virtualbox-ose
 DISTVERSION=	4.1.18
+PORTREVISION=	1
 CATEGORIES=	emulators kld
 MASTER_SITES=	http://tmp.chruetertee.ch/ \
 		http://freebsd.unixfreunde.de/sources/ \

Modified: head/emulators/virtualbox-ose-kmod/files/patch-src-VBox-HostDrivers-VBoxNetAdp-freebsd-VBoxNetAdp-freebsd.c
==============================================================================
--- head/emulators/virtualbox-ose-kmod/files/patch-src-VBox-HostDrivers-VBoxNetAdp-freebsd-VBoxNetAdp-freebsd.c	Wed Jul 25 19:12:39 2012	(r301527)
+++ head/emulators/virtualbox-ose-kmod/files/patch-src-VBox-HostDrivers-VBoxNetAdp-freebsd-VBoxNetAdp-freebsd.c	Wed Jul 25 19:15:14 2012	(r301528)
@@ -2,8 +2,8 @@ This patch adds support for VIMAGE to VB
 also fixes that panic.
 
 Submitted by:	Mikolaj Golub <trociny at freebsd.org>
---- src/VBox/HostDrivers/VBoxNetAdp/freebsd/VBoxNetAdp-freebsd.c	2012-03-13 15:15:44.000000000 +0200
-+++ src/VBox/HostDrivers/VBoxNetAdp/freebsd/VBoxNetAdp-freebsd.c	2012-04-01 13:23:58.000000000 +0300
+--- src/VBox/HostDrivers/VBoxNetAdp/freebsd/VBoxNetAdp-freebsd.c.orig	2012-06-20 15:17:03.000000000 +0200
++++ src/VBox/HostDrivers/VBoxNetAdp/freebsd/VBoxNetAdp-freebsd.c	2012-07-25 18:30:13.695891353 +0200
 @@ -68,6 +68,22 @@
  #define VBOXNETADP_OS_SPECFIC 1
  #include "../VBoxNetAdpInternal.h"
@@ -27,7 +27,7 @@ Submitted by:	Mikolaj Golub <trociny at 
  static int VBoxNetAdpFreeBSDCtrlioctl(struct cdev *, u_long, caddr_t, int flags,
      struct thread *);
  static struct cdevsw vboxnetadp_cdevsw =
-@@ -260,6 +276,7 @@ int vboxNetAdpOsCreate(PVBOXNETADP pThis
+@@ -260,6 +276,7 @@
  {
      struct ifnet *ifp;
  
@@ -35,7 +35,7 @@ Submitted by:	Mikolaj Golub <trociny at 
      ifp = if_alloc(IFT_ETHER);
      if (ifp == NULL)
          return VERR_NO_MEMORY;
-@@ -279,6 +296,7 @@ int vboxNetAdpOsCreate(PVBOXNETADP pThis
+@@ -279,6 +296,7 @@
  
      strncpy(pThis->szName, ifp->if_xname, VBOXNETADP_MAX_NAME_LEN);
      pThis->u.s.ifp = ifp;
@@ -43,12 +43,11 @@ Submitted by:	Mikolaj Golub <trociny at 
      return 0;
  }
  
-@@ -286,7 +304,9 @@ void vboxNetAdpOsDestroy(PVBOXNETADP pTh
- {
+@@ -287,6 +305,8 @@
      struct ifnet *ifp;
  
-+    VBOXCURVNET_SET(ifp->if_vnet);
      ifp = pThis->u.s.ifp;
++    VBOXCURVNET_SET(ifp->if_vnet);
      ether_ifdetach(ifp);
      if_free(ifp);
 +    VBOXCURVNET_RESTORE();
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

Comment 5 Bernhard Froehlich freebsd_committer

2012-07-25 20:21:32 UTC

State Changed
From-To: open->closed

Committed. Thanks!