Bug 148050

Summary: 9.0-CURRENT panic when tcpdump ipfw0 and net.inet.ip.fw.verbose=0
Product: Base System Reporter: Oleg Ginzburg <oleg.ginzburg>
Component: kernAssignee: Gleb Smirnoff <glebius>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 9.0-CURRENT   
Hardware: Any   
OS: Any   

Description Oleg Ginzburg 2010-06-21 22:30:01 UTC 
kernel make panic with messages:

panic: page fault
panic: bufwrite : buffer is not busy?

when IPFIREWALL_VERBOSE disable, ipfw have log options and tcpdump looking to ipfw0 interface

I've producible this problem on amd64 and i386 (both 9.0-CURRENT)

How-To-Repeat: kldload ipfw
sysctl -w net.inet.ip.fw.verbose=0
ipfw add 1 count log ip from any to any
tcpdump -n -i ipfw0 &
ping -c1 localhost
Comment 1 Gleb Smirnoff freebsd_committer freebsd_triage 2010-07-08 13:35:11 UTC 
State Changed
From-To: open->patched

Fixed in head/.
Comment 2 Gleb Smirnoff freebsd_committer freebsd_triage 2010-07-08 13:35:11 UTC 
Responsible Changed
From-To: freebsd-bugs->glebius

Fixed in head/.
Comment 3 dfilter service freebsd_committer freebsd_triage 2010-07-08 14:07:54 UTC 
Author: glebius
Date: Thu Jul  8 13:07:40 2010
New Revision: 209797
URL: http://svn.freebsd.org/changeset/base/209797

Log:
  Since r209216 bpf(4) searches for mbuf_tags(9) and thus will not work with
  a stub m_hdr instead of a full mbuf.
  
  PR:		kern/148050

Modified:
  head/sys/netinet/ipfw/ip_fw_log.c

Modified: head/sys/netinet/ipfw/ip_fw_log.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw_log.c	Thu Jul  8 12:21:25 2010	(r209796)
+++ head/sys/netinet/ipfw/ip_fw_log.c	Thu Jul  8 13:07:40 2010	(r209797)
@@ -152,22 +152,24 @@ ipfw_log(struct ip_fw *f, u_int hlen, st
 
 	if (V_fw_verbose == 0) {
 #ifndef WITHOUT_BPF
-		struct m_hdr mh;
+		struct mbuf m0;
 
 		if (log_if == NULL || log_if->if_bpf == NULL)
 			return;
+
 		/* BPF treats the "mbuf" as read-only */
-		mh.mh_next = m;
-		mh.mh_len = ETHER_HDR_LEN;
+		bzero(&m0, sizeof(struct mbuf));
+		m0.m_hdr.mh_next = m;
+		m0.m_hdr.mh_len = ETHER_HDR_LEN;
 		if (args->eh) { /* layer2, use orig hdr */
-			mh.mh_data = (char *)args->eh;
+			m0.m_hdr.mh_data = (char *)args->eh;
 		} else {
 			/* add fake header. Later we will store
 			 * more info in the header
 			 */
-			mh.mh_data = "DDDDDDSSSSSS\x08\x00";
+			m0.m_hdr.mh_data = "DDDDDDSSSSSS\x08\x00";
 		}
-		BPF_MTAP(log_if, (struct mbuf *)&mh);
+		BPF_MTAP(log_if, &m0);
 #endif /* !WITHOUT_BPF */
 		return;
 	}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 4 Gleb Smirnoff freebsd_committer freebsd_triage 2010-09-16 16:01:16 UTC 
State Changed
From-To: patched->closed

Merged to stable/8.