Bug 193265 - Kernel page fault error with VIMAGE kernel r270837
Summary: Kernel page fault error with VIMAGE kernel r270837
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Hiroki Sato
URL:
Keywords:
: 175370 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-09-02 21:12 UTC by Hiroo Ono
Modified: 2014-12-07 22:35 UTC (History)
4 users (show)

See Also:


Attachments
add CURVNET_SET() and CURVNET_RESTORE() where necessary. (782 bytes, text/plain)
2014-09-02 21:12 UTC, Hiroo Ono
no flags Details
A revised patch to make hhook_run_socket() be vnet-aware and do a nhooks check. (2.10 KB, patch)
2014-09-04 22:39 UTC, Hiroki Sato
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hiroo Ono 2014-09-02 21:12:16 UTC
Created attachment 146696 [details]
add CURVNET_SET() and CURVNET_RESTORE() where necessary.

With VIMAGE enabled kernel, the system panics at running unbound.

Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713e5a0) locked @
/usr/local/poudriere/jails/head/usr/src/sys/kern/kern_event.c:2005
KDB: stack backtrace:
db_trace_self_wrapper(c11a69af,72656b2f,656b2f6e,655f6e72,746e6576,...)
at 0xc05296bd = db_trace_self_wrapper+0x2d/frame 0xe8f16710
kdb_backtrace(c11aaf80,0,c713e5a0,c119a9e8,7d5,...) at 0xc0b4b160 =
kdb_backtrace+0x30/frame 0xe8f16778
witness_warn(5,0,c136b0a0,76e2000,c1833d58,...) at 0xc0b68a52 =
witness_warn+0x402/frame 0xe8f167c8
trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75e1000,...) at 0xc102f46b =
trap_pfault+0x5b/frame 0xe8f16840
trap(e8f16988) at 0xc102edcf = trap+0x6cf/frame 0xe8f1697c
calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f1697c
--- trap 0xc, eip = 0xc0b9837d, esp = 0xe8f169c8, ebp = 0xe8f169f0 ---
filt_soread(c75d93f0,0,c119a9e8,48d,0,...) at 0xc0b9837d =
filt_soread+0x9d/frame 0xe8f169f0
kqueue_register(c6e2d310,1,1,4f5,0,...) at 0xc0ad1457 =
kqueue_register+0x807/frame 0xe8f16a68
kern_kevent(c6e2d310,7,1,40,e8f16c10,...) at 0xc0ad1ec2 =
kern_kevent+0x1f2/frame 0xe8f16bc0
sys_kevent(c6e2d310,e8f16cc8,c152a610,14,c11a4905,...) at 0xc0ad1bc1 =
sys_kevent+0x131/frame 0xe8f16c40
syscall(e8f16d08) at 0xc102fc4c = syscall+0x30c/frame 0xe8f16cfc
Xint0x80_syscall() at 0xc1017ce1 = Xint0x80_syscall+0x21/frame 0xe8f16cfc
--- syscall (363, FreeBSD ELF32, sys_kevent), eip = 0x2849ad3f, esp =
0xbfbfa224, ebp = 0xbfbfa288 ---

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x18
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0b9837d
stack pointer           = 0x28:0xe8f169c8
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 428 (unbound-anchor)

The page fault occurs at line 3268 of sys/kern/uipc_socket.c
----
3263            } else {
3264                    if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat)
3265                            return 1;
3266            }
3267
3268            if (V_socket_hhh[HHOOK_FILT_SOREAD]->hhh_nhooks > 0)
/* <-- HERE */
3269                    /* This hook returning non-zero indicates an
event, not error */
3270                    return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));

----

Attached patch to sys/kern/uipc_socket.c solved the problem.
The solution was suggested by Garrett Cooper <yaneurabeya at gmail.com> in
http://lists.freebsd.org/pipermail/freebsd-current/2014-September/051911.html
Comment 1 Hiroki Sato freebsd_committer 2014-09-04 22:39:25 UTC
Created attachment 146837 [details]
A revised patch to make hhook_run_socket() be vnet-aware and do a nhooks check.

A revised patch is attached.  Can you please give this a try and let me know if it works?
Comment 2 Hiroo Ono 2014-09-05 11:59:39 UTC
The patch worked. Thank you.
Comment 3 YAMAMOTO, Shigeru 2014-09-07 16:19:31 UTC
I test hrs's patch on FreeBSD/RaspberryPi.
A patch works fine.
Thanks.
Comment 4 commit-hook freebsd_committer 2014-09-08 09:04:51 UTC
A commit references this bug:

Author: hrs
Date: Mon Sep  8 09:04:22 UTC 2014
New revision: 271254
URL: http://svnweb.freebsd.org/changeset/base/271254

Log:
  - Make hhook_run_socket() vnet-aware instead of adding CURVNET_SET() around
    the function calls.
  - Fix a memory leak and stats in the case that hhook_run_socket() fails
    in soalloc().

  PR:	193265

Changes:
  head/sys/kern/uipc_socket.c
Comment 5 Hiroki Sato freebsd_committer 2014-09-08 09:09:12 UTC
Thank you for your testing.  I committed a slightly-modified version of the patch because there were some more issues in the original code.
Comment 6 Craig Rodrigues freebsd_committer 2014-12-07 22:35:22 UTC
*** Bug 175370 has been marked as a duplicate of this bug. ***