Bug 187381 - [panic] pfsync: memory address not aligned
Summary: [panic] pfsync: memory address not aligned
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: sparc64 (show other bugs)
Version: 10.0-STABLE
Hardware: Any Any
: Normal Affects Only Me
Assignee: Gleb Smirnoff
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-08 20:40 UTC by lytboris
Modified: 2014-08-22 13:40 UTC (History)
2 users (show)

See Also:

Attachments
Workable fix (2.17 KB, patch)
2014-06-29 16:43 UTC, lytboris 		no flags Details | Diff
revised patch (2.35 KB, patch)
2014-07-10 09:54 UTC, Gleb Smirnoff 		no flags Details | Diff
revised patch (2.35 KB, patch)
2014-07-10 12:18 UTC, Gleb Smirnoff 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description lytboris 2014-03-08 20:40:00 UTC 
An unligned memory access is possible in the following part of code:
====sys/netpfil/pf/if_pfsync.c, ~450 line==================
        if (PF_ANEQ(&sp->key[PF_SK_WIRE].addr[0],
            &sp->key[PF_SK_STACK].addr[0], sp->af) ||
            PF_ANEQ(&sp->key[PF_SK_WIRE].addr[1],
            &sp->key[PF_SK_STACK].addr[1], sp->af) ||
            sp->key[PF_SK_WIRE].port[0] != sp->key[PF_SK_STACK].port[0] ||
            sp->key[PF_SK_WIRE].port[1] != sp->key[PF_SK_STACK].port[1]) {
                sks = uma_zalloc(V_pf_state_key_z, M_NOWAIT);
                if (sks == NULL)
                        goto cleanup;
        } else
                sks = skw;
==========================================================
once &sp->key[PF_SK_WIRE].addr is not an 32-bit aligned address (PF_ANEQ operates with uint32)

How-To-Repeat: Setup a pfsync link between sparc64-based routers and wait some time until the problem is triggered.
Comment 1 lytboris 2014-06-29 16:43:11 UTC 
Created attachment 144257 [details]
Workable fix
Comment 2 Gleb Smirnoff freebsd_committer freebsd_triage 2014-07-10 09:54:23 UTC 
Created attachment 144551 [details]
revised patch

Thanks, Boris!

Can you please test revised version of the patch? I am about to commit it.
Comment 3 lytboris 2014-07-10 11:57:08 UTC 
/usr/src/sys/netpfil/pf/if_pfsync.c: In function 'pfsync_state_import':
/usr/src/sys/netpfil/pf/if_pfsync.c:458: error: incompatible types in assignment
/usr/src/sys/netpfil/pf/if_pfsync.c:459: error: incompatible types in assignment
*** Error code 1
Comment 4 Gleb Smirnoff freebsd_committer freebsd_triage 2014-07-10 12:18:09 UTC 
Created attachment 144553 [details]
revised patch

sorry, corrected patch attached
Comment 5 lytboris 2014-07-10 12:37:04 UTC 
Corrected one works fine.
Comment 6 commit-hook freebsd_committer freebsd_triage 2014-07-10 12:42:51 UTC 
A commit references this bug:

Author: glebius
Date: Thu Jul 10 12:41:58 UTC 2014
New revision: 268492
URL: http://svnweb.freebsd.org/changeset/base/268492

Log:
  On machines with strict alignment copy pfsync_state_key from packet
  on stack to avoid unaligned access.

  PR:		187381
  Submitted by:	Lytochkin Boris <lytboris gmail.com>

Changes:
  head/sys/netpfil/pf/if_pfsync.c
Comment 7 commit-hook freebsd_committer freebsd_triage 2014-08-22 13:40:28 UTC 
A commit references this bug:

Author: glebius
Date: Fri Aug 22 13:39:56 UTC 2014
New revision: 270328
URL: http://svnweb.freebsd.org/changeset/base/270328

Log:
  Merge r268492:
    On machines with strict alignment copy pfsync_state_key from packet
    on stack to avoid unaligned access.

  PR:	187381

Changes:
_U  stable/10/
  stable/10/sys/netpfil/pf/if_pfsync.c