215122 – Try to change route default to IP out of range lock the system

Bug 215122 - Try to change route default to IP out of range lock the system

Summary: Try to change route default to IP out of range lock the system

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	11.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Andrey V. Elsukov

URL:
Keywords:	patch

Duplicates (1):	211602 (view as bug list)
Depends on:
Blocks:

Reported:	2016-12-07 16:26 UTC by Renato Botelho
Modified:	2017-06-20 06:00 UTC (History)
CC List:	8 users (show)

See Also:	215963

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renato Botelho freebsd_committer

2016-12-07 16:26:58 UTC

This issue was first reported on pfSense - https://redmine.pfsense.org/issues/6850 and it started to happen on pfSense 2.4, which is based on FreeBSD 11.0.

Really easy to reproduce, just run:

# route change -inet default <IP_OUT_OF_RANGE>

It'll lock the machine. After that I got serial console access and could login, but when I ran 'netstat -nr' it locked console too

Comment 1 Andrey V. Elsukov freebsd_committer

2016-12-07 18:20:09 UTC

With

Comment 2 Andrey V. Elsukov freebsd_committer

2016-12-07 18:23:09 UTC

The problem is that ifa_ifwithroute() called with acquired RIB_WLOCK, but since gateway is not in directly connect network it uses rtalloc1_fib() that acquires RIB_RLOCK.

Comment 3 Renato Botelho freebsd_committer

2016-12-08 19:30:27 UTC

loos@ pushed a fix on pfSense, we will test and report back results here.

https://github.com/pfsense/FreeBSD-src/commit/4627301691bb818abae4e82bda1a5ef38d52a68f

Comment 4 guyyur 2016-12-24 13:18:00 UTC

*** Bug 211602 has been marked as a duplicate of this bug. ***

Comment 5 Luiz Otavio O Souza,+55 (14) 99772-1255 freebsd_committer

2017-01-03 23:50:28 UTC

Can we revert r293829 and use RTF_RNH_LOCKED here ?

I wasn't aware of r293829 when I did the pfSense workaround.

Comment 6 Gleb Smirnoff freebsd_committer

2017-01-04 00:04:54 UTC

Let's allow Alexander to look at before reverting.

Comment 7 Marek Zarychta 2017-04-17 12:07:40 UTC

Changing a route for all fibs but fib 0 also locks the system. 

# route add default 127.0.0.1 -fib 1
add net default: gateway 127.0.0.1 fib 1
# route change default 127.0.0.2 -fib 1
Now the system is locked, it is possible to log in via ssh for some time, then machine loses network access.

When the route is deleted, then added again with new gateway the lock doesn't happen.

Comment 8 Marek Zarychta 2017-04-17 20:03:17 UTC

Affected system: 11.0-STABLE r317066 with default, GENERIC kernel.

Comment 9 commit-hook freebsd_committer

2017-06-13 10:52:54 UTC

A commit references this bug:

Author: ae
Date: Tue Jun 13 10:52:31 UTC 2017
New revision: 319895
URL: https://svnweb.freebsd.org/changeset/base/319895

Log:
  Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib()
  with acquired RIB lock.

  This fixes a possible panic due to trying to acquire RIB rlock when it is
  already exclusive locked.

  PR:		215963, 215122
  MFC after:	1 week
  Sponsored by:	Yandex LLC

Changes:
  head/sys/net/route.c
  head/sys/net/route.h

Comment 10 commit-hook freebsd_committer

2017-06-20 05:58:28 UTC

A commit references this bug:

Author: ae
Date: Tue Jun 20 05:57:28 UTC 2017
New revision: 320134
URL: https://svnweb.freebsd.org/changeset/base/320134

Log:
  MFC r319895:
    Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib()
    with acquired RIB lock.

    This fixes a possible panic due to trying to acquire RIB rlock when it is
    already exclusive locked.

    PR:		215963, 215122
    Sponsored by:	Yandex LLC
  Approved by:	re (delphij)

Changes:
_U  stable/11/
  stable/11/sys/net/route.c
  stable/11/sys/net/route.h