Bug 192426 - [bpf] [panic] [patch]: Kernel panic when using BPF
Summary: [bpf] [panic] [patch]: Kernel panic when using BPF
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.0-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Andrey V. Elsukov
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2014-08-06 10:01 UTC by Robert Clipsham
Modified: 2015-03-19 13:35 UTC (History)
3 users (show)

See Also:


Attachments
Core dump (62.13 KB, text/plain)
2014-08-06 10:05 UTC, Robert Clipsham
no flags Details
Minimal test case to reproduce the kernel panic (792 bytes, text/plain)
2014-08-07 13:01 UTC, Robert Clipsham
no flags Details
Quick fix which prevents panic (279 bytes, patch)
2014-08-07 15:43 UTC, Robert Clipsham
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clipsham 2014-08-06 10:01:59 UTC

    
Comment 1 Robert Clipsham 2014-08-06 10:04:12 UTC
When using BPF, I consistently get a kernel panic. I have attached the core.txt.0 file that was generated. If there is anything more I can do to help track this down please ask.

Sorry this was initially empty, I hit enter in the wrong place and ended up submitting it.
Comment 2 Robert Clipsham 2014-08-06 10:05:51 UTC
Created attachment 145415 [details]
Core dump
Comment 3 Robert Clipsham 2014-08-06 10:22:09 UTC
Running this binary is what reproduces the panic for me. Usage as follows:
----
$ sudo chmod g+rw /dev/bpf
$ RUST_TEST_TASKS=1 ./pnet
----
Within seconds, the kernel will panic. All networking should be done on the loopback interface, but just in case it might be best to run this offline. Obviously it will panic the machine too.

Binary can be found here (4.5meg, too large to upload as an attachment):
http://octarineparrot.com/assets/pnet
Comment 4 Robert Clipsham 2014-08-07 12:03:02 UTC
The panic only seems to occur when using the loopback interface. I will try and narrow this down further if possible.
Comment 5 Robert Clipsham 2014-08-07 13:01:57 UTC
Created attachment 145446 [details]
Minimal test case to reproduce the kernel panic

This is a minimal test case which reproduces the kernel panic. It only happens when using the loopback interface, setting the pseudo header to AF_INET, and using BIOCFEEDBACK.
Comment 6 Robert Clipsham 2014-08-07 15:43:21 UTC
Created attachment 145448 [details]
Quick fix which prevents panic

This patch prevents the kernel panic. It is probably not the correct solution, but it does work.
Comment 7 Mark Linimon freebsd_committer freebsd_triage 2014-08-10 01:34:52 UTC
Over to maintainers.
Comment 8 commit-hook freebsd_committer 2015-03-12 14:56:08 UTC
A commit references this bug:

Author: ae
Date: Thu Mar 12 14:55:34 UTC 2015
New revision: 279920
URL: https://svnweb.freebsd.org/changeset/base/279920

Log:
  Add if_input_default() method, that will be used for if_input
  initialization, when no input method specified before if_attach().

  This prevents panics when if_input() method called directly e.g.
  from bpf(4) code.

  PR:		192426
  Reviewed by:	glebius
  MFC after:	1 week

Changes:
  head/sys/net/if.c
Comment 9 commit-hook freebsd_committer 2015-03-19 13:10:32 UTC
A commit references this bug:

Author: ae
Date: Thu Mar 19 13:10:10 UTC 2015
New revision: 280256
URL: https://svnweb.freebsd.org/changeset/base/280256

Log:
  MFC r279920:
    Add if_input_default() method, that will be used for if_input
    initialization, when no input method specified before if_attach().

    This prevents panics when if_input() method called directly e.g.
    from bpf(4) code.

    PR:		192426

Changes:
_U  stable/10/
  stable/10/sys/net/if.c
Comment 10 commit-hook freebsd_committer 2015-03-19 13:33:36 UTC
A commit references this bug:

Author: ae
Date: Thu Mar 19 13:33:17 UTC 2015
New revision: 280257
URL: https://svnweb.freebsd.org/changeset/base/280257

Log:
  MFC r279920:
    Add if_input_default() method, that will be used for if_input
    initialization, when no input method specified before if_attach().

    This prevents panics when if_input() method called directly e.g.
    from bpf(4) code.

    PR:		192426

Changes:
_U  stable/9/sys/
_U  stable/9/sys/net/
  stable/9/sys/net/if.c
Comment 11 Andrey V. Elsukov freebsd_committer 2015-03-19 13:35:14 UTC
Fixed in head/, stable/10 and stable/9. Thanks!