Bug 255069 - net.link.ether.ipfw=1 leads to kernel panic under 13.0-RELEASE amd64
Summary: net.link.ether.ipfw=1 leads to kernel panic under 13.0-RELEASE amd64
Status: Closed DUPLICATE of bug 254015
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 13.0-STABLE
Hardware: amd64 Any
: --- Affects Some People
Assignee: Mark Johnston
URL:
Keywords: panic, regression
Depends on:
Blocks:
 
Reported: 2021-04-14 22:13 UTC by Niels Bakker
Modified: 2021-06-29 20:24 UTC (History)
6 users (show)

See Also:


Attachments
/var/crash/core.txt.5 scrubbed of private information like IPs, MACs (116.43 KB, text/plain)
2021-04-14 22:13 UTC, Niels Bakker
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Niels Bakker 2021-04-14 22:13:38 UTC
Created attachment 224119 [details]
/var/crash/core.txt.5 scrubbed of private information like IPs, MACs

Upgrading from 12.2-RELEASE-p4 to 13.0-RELEASE made the kernel crash minutes after boot if /etc/sysctl.conf contained the line "net.link.ether.ipfw=1". No ipfw rule has a layer2 clause. Before the kernel panic there may be several SIGSEGV's of other processes.
Comment 1 Daniel Austin 2021-04-15 18:23:54 UTC
I can confirm that I have seen this behaviour too (disabling net.link.ether.ipfw fixes this) - I didn't get a coredump though so was hard to debug.
Comment 2 Daniel Austin 2021-04-15 18:29:14 UTC
not sure if it's helpful but... i tried enabling net.link.ether.ipfw=1 a few minutes after things had booted and settled which caused my networking to stop after about 20-30 seconds, and bge0 to watchdog timeout and reset repeatedly (never recovering until a reboot)

My setup is a HP Microserver Gen8 using the onboard bge0/1 NICs, generic kernel, ipfw (with nat), pppoe on bge1.
Comment 3 Andrey V. Elsukov freebsd_committer 2021-04-16 08:50:36 UTC
I tried to enable it on my notebook with 14.0-CURRENT, it doesn't panic, but something bad happened - XFCE partially hanged. I'll try to debug this at this weekend.
Comment 4 Mark Johnston freebsd_committer 2021-06-14 21:03:02 UTC
Please try the patch here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256439#c29
Comment 5 Niels Bakker 2021-06-14 21:33:39 UTC
(In reply to Mark Johnston from comment #4)

No more immediate kernel panic after applying the linked 2-line patch. Testing a bit further:

# sysctl net.link.ether.ipfw
net.link.ether.ipfw: 1

# ipfw show | tail -4
65432  501522  180857015 count ip from any to any layer2
65433  501518  180855463 skipto 65435 ip from any to any layer2
65434  377670  361839394 count ip from any to any
65535  879187  542694857 allow ip from any to any

# expr 501522 + 377670
879192

('ipfw zero' isn't atomic so the numbers don't align perfectly)
Comment 6 commit-hook freebsd_committer 2021-06-16 14:02:38 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=bc6a2267fffeafd3946637607a74cfd639398f9d

commit bc6a2267fffeafd3946637607a74cfd639398f9d
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-06-16 13:46:56 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-06-16 13:46:56 +0000

    ipfw: Update the pfil mbuf pointer in ipfw_check_frame()

    ipfw_chk() might call m_pullup() and thus can change the mbuf chain
    head.  In this case, the new chain head has to be returned to the pfil
    hook caller, otherwise the pfil hook caller is left with a dangling
    pointer.

    Note that this affects only the link-layer hooks installed when the
    net.link.ether.ipfw sysctl is set to 1.

    PR:             256439, 254015, 255069, 255104
    Fixes:          f355cb3e6
    Reviewed by:    ae
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D30764

 sys/netpfil/ipfw/ip_fw_pfil.c | 2 ++
 1 file changed, 2 insertions(+)
Comment 7 commit-hook freebsd_committer 2021-06-19 14:09:33 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ed1acef3fe3053b418ce3e41036ccf24957253a4

commit ed1acef3fe3053b418ce3e41036ccf24957253a4
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-06-16 13:46:56 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-06-19 14:08:49 +0000

    ipfw: Update the pfil mbuf pointer in ipfw_check_frame()

    ipfw_chk() might call m_pullup() and thus can change the mbuf chain
    head.  In this case, the new chain head has to be returned to the pfil
    hook caller, otherwise the pfil hook caller is left with a dangling
    pointer.

    Note that this affects only the link-layer hooks installed when the
    net.link.ether.ipfw sysctl is set to 1.

    PR:             256439, 254015, 255069, 255104
    Fixes:          f355cb3e6
    Reviewed by:    ae
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit bc6a2267fffeafd3946637607a74cfd639398f9d)

 sys/netpfil/ipfw/ip_fw_pfil.c | 2 ++
 1 file changed, 2 insertions(+)
Comment 8 Mark Johnston freebsd_committer 2021-06-21 14:16:55 UTC
(In reply to Niels Bakker from comment #5)
Thanks for testing.
Comment 9 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-26 02:50:01 UTC

*** This bug has been marked as a duplicate of bug 254015 ***
Comment 10 commit-hook freebsd_committer 2021-06-29 20:24:18 UTC
A commit in branch releng/13.0 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4647d115ff849534c9d6712cc2da32509721e20e

commit 4647d115ff849534c9d6712cc2da32509721e20e
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-06-16 13:46:56 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-06-29 17:09:43 +0000

    ipfw: Update the pfil mbuf pointer in ipfw_check_frame()

    ipfw_chk() might call m_pullup() and thus can change the mbuf chain
    head.  In this case, the new chain head has to be returned to the pfil
    hook caller, otherwise the pfil hook caller is left with a dangling
    pointer.

    Note that this affects only the link-layer hooks installed when the
    net.link.ether.ipfw sysctl is set to 1.

    Approved by:    so
    Security:       EN-21:21.ipfw
    PR:             256439, 254015, 255069, 255104
    Fixes:          f355cb3e6
    Reviewed by:    ae
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit bc6a2267fffeafd3946637607a74cfd639398f9d)
    (cherry picked from commit ed1acef3fe3053b418ce3e41036ccf24957253a4)

 sys/netpfil/ipfw/ip_fw_pfil.c | 2 ++
 1 file changed, 2 insertions(+)