From nobody@FreeBSD.org  Mon Mar 27 17:33:28 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5DFD516A423
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Mar 2006 17:33:28 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 727A143D68
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Mar 2006 17:33:15 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k2RHXEuw060157
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Mar 2006 17:33:14 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k2RHXEOx060135;
	Mon, 27 Mar 2006 17:33:14 GMT
	(envelope-from nobody)
Message-Id: <200603271733.k2RHXEOx060135@www.freebsd.org>
Date: Mon, 27 Mar 2006 17:33:14 GMT
From: Mats Palmgren <mats.palmgren@bredband.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FAST_IPSEC kernel crash on amd64
X-Send-Pr-Version: www-2.3

>Number:         95008
>Category:       amd64
>Synopsis:       [patch] FAST_IPSEC kernel crash on amd64
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 27 17:40:22 GMT 2006
>Closed-Date:    Sat Apr 08 13:09:31 GMT 2006
>Last-Modified:  Sun Apr  9 14:20:19 GMT 2006
>Originator:     Mats Palmgren
>Release:        RELENG_6
>Organization:
>Environment:
>Description:
I think the problem is that ip4_input() is declared as a
varargs function but the caller encap4_input() thinks it's not.
Fixing the signature fixed the crash anyway.

Note that the last valid frame is "encap4_input()" below.


Fatal trap 1: privileged instruction fault while in kernel mode
instruction pointer     = 0x8:0xffffffff8049bfde
stack pointer           = 0x10:0xffffffff95817810
frame pointer           = 0x10:0xffffffff95817920
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi1: net)
trap number             = 1
panic: privileged instruction fault
KDB: stack backtrace:
panic() at panic+0x1d5
trap_fatal() at trap_fatal+0x298
trap() at trap+0x17b
calltrap() at calltrap+0x5
--- trap 0x1, rip = 0xffffffff8049bfde, rsp = 0xffffffff95817810, rbp =
0xffffffff95817920 ---
ipcomp_output_cb() at ipcomp_output_cb+0x1ee
encap4_input() at encap4_input+0x1e9
ip_input() at ip_input+0x5cb
netisr_processqueue() at netisr_processqueue+0x78
swi_net() at swi_net+0x138
ithread_loop() at ithread_loop+0x162
fork_exit() at fork_exit+0x86
fork_trampoline() at fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xffffffff95817d00, rbp = 0 ---
Uptime: 8h6m26s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 319
303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:172
172     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:172
#1  0xffffffff803b330d in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff803b3977 in panic (fmt=0xffffff001ed45be0 "@C&#65533;036") at
/usr/src/sys/kern/kern_shutdown.c:555
#3  0xffffffff8054f678 in trap_fatal (frame=0x1, eva=18446742974715157472) at
/usr/src/sys/amd64/amd64/trap.c:660
#4  0xffffffff8054fbcb in trap (frame=
      {tf_rdi = -1099138710528, tf_rsi = -2142650404, tf_rdx = -1786677168,
tf_rcx = -1786676944, tf_r8 = 640, tf_r9 = 160, tf_rax = -1099009056191, tf_rbx
= -1786676993, tf_rbp = -1786676960, tf_r10 = -1098994394144, tf_r11 = 224,
tf_r12 = -1099138710528, tf_r13 = 20, tf_r14 = -1786676672, tf_r15 =
-1099000037952, tf_trapno = 1, tf_addr = 0, tf_flags = 942615917012933828,
tf_err = 0, tf_rip = -2142650402, tf_cs = 8, tf_rflags = 68227, tf_rsp =
-1786677216, tf_ss = 16}) at
/usr/src/sys/amd64/amd64/trap.c:469
#5  0xffffffff8053d94b in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:168
#6  0xffffffff8049bfde in ipcomp_output_cb (crp=0xffffff001e7e3dc0) at
/usr/src/sys/netipsec/xform_ipcomp.c:599
#7  0xffffffff80468f59 in encap4_input (m=0xffffffff80770340, off=372917248) at
/usr/src/sys/netinet/ip_encap.c:214
#8  0xffffffff8046cf9b in ip_input (m=0xffffff00163a4400) at
/usr/src/sys/netinet/ip_input.c:1073
#9  0xffffffff8043cfd8 in netisr_processqueue (ni=0xffffffff807de0d0) at
/usr/src/sys/net/netisr.c:236
#10 0xffffffff8043d298 in swi_net (dummy=0xffffff00163a4400) at
/usr/src/sys/net/netisr.c:349
#11 0xffffffff80398fa2 in ithread_loop (arg=0xffffff000001e080) at
/usr/src/sys/kern/kern_intr.c:672
#12 0xffffffff80397a96 in fork_exit (callout=0xffffffff80398e40 <ithread_loop>,
arg=0xffffff000001e080, frame=0xffffffff95817c50)
    at /usr/src/sys/kern/kern_fork.c:789
#13 0xffffffff8053dcae in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:394
#14 0x0000000000000000 in ?? ()
Previous frame identical to this frame (corrupt stack?)
(kgdb) fr 7
#7  0xffffffff80468f59 in encap4_input (m=0xffffffff80770340, off=372917248) at
/usr/src/sys/netinet/ip_encap.c:214
214                             (*psw->pr_input)(m, off);


>How-To-Repeat:
Build a custom kernel with FAST_IPSEC enabled for amd64.
Setup a VPN, send a packet to or from the amd64 box through the tunnel.

>Fix:
Index: sys/netipsec/xform.h
===================================================================
RCS file: /cvs/cvsroot/project/imos/src/sys/netipsec/xform.h,v
retrieving revision 1.2
diff -8 -p -u -r1.2 xform.h
--- sys/netipsec/xform.h	9 Feb 2006 12:16:16 -0000	1.2
+++ sys/netipsec/xform.h	25 Mar 2006 05:19:42 -0000
@@ -101,17 +101,17 @@ struct xformsw {
 #ifdef _KERNEL
 extern void xform_register(struct xformsw*);
 extern int xform_init(struct secasvar *sav, int xftype);
 
 struct cryptoini;
 
 /* XF_IP4 */
 extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
-extern	void ip4_input(struct mbuf *m, ...);
+extern	void ip4_input(struct mbuf *m, int);
 extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
 			struct mbuf **, int, int);
 
 /* XF_AH */
 extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
 extern int ah_zeroize(struct secasvar *sav);
 extern struct auth_hash *ah_algorithm_lookup(int alg);
 extern size_t ah_hdrsiz(struct secasvar *);
Index: sys/netipsec/xform_ipip.c
===================================================================
RCS file: /cvs/cvsroot/project/imos/src/sys/netipsec/xform_ipip.c,v
retrieving revision 1.2
diff -8 -p -u -r1.2 xform_ipip.c
--- sys/netipsec/xform_ipip.c	5 Dec 2005 19:59:03 -0000	1.2
+++ sys/netipsec/xform_ipip.c	25 Mar 2006 05:48:41 -0000
@@ -124,34 +124,27 @@ ip4_input6(struct mbuf **m, int *offp, i
 }
 #endif /* INET6 */
 
 #ifdef INET
 /*
  * Really only a wrapper for ipip_input(), for use with IPv4.
  */
 void
-ip4_input(struct mbuf *m, ...)
+ip4_input(struct mbuf *m, int iphlen)
 {
-	va_list ap;
-	int iphlen;
-
 #if 0
 	/* If we do not accept IP-in-IP explicitly, drop.  */
 	if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
 		DPRINTF(("%s: dropped due to policy\n", __func__));
 		ipipstat.ipips_pdrops++;
 		m_freem(m);
 		return;
 	}
 #endif
-	va_start(ap, m);
-	iphlen = va_arg(ap, int);
-	va_end(ap);
-
 	_ipip_input(m, iphlen, NULL);
 }
 #endif /* INET */
 
 /*
  * ipip_input gets called when we receive an IP{46} encapsulated packet,
  * either because we got it at a real interface, or because AH or ESP
  * were being used in tunnel mode (in which case the rcvif element will
@@ -633,34 +626,34 @@ ipe4_input(struct mbuf *m, struct secasv
 }
 
 static struct xformsw ipe4_xformsw = {
 	XF_IP4,		0,		"IPv4 Simple Encapsulation",
 	ipe4_init,	ipe4_zeroize,	ipe4_input,	ipip_output,
 };
 
 extern struct domain inetdomain;
-static struct ipprotosw ipe4_protosw[] = {
+static struct protosw ipe4_protosw =
 { SOCK_RAW,	&inetdomain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
-  (pr_in_input_t*) ip4_input,
+  ip4_input,
 		0, 		0,		rip_ctloutput,
   0,
   0,		0,		0,		0,
   &rip_usrreqs
-},
+};
 #ifdef INET6
+static struct ip6protosw ipe6_protosw =
 { SOCK_RAW,	&inetdomain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
-  (pr_in_input_t*) ip4_input,
+  ip4_input6,
 		0,	 	0,		rip_ctloutput,
   0,
   0,		0,		0,		0,
   &rip_usrreqs
-}
-#endif
 };
+#endif
 
 /*
  * Check the encapsulated packet to see if we want it
  */
 static int
 ipe4_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
 {
 	/*
@@ -674,16 +667,16 @@ ipe4_encapcheck(const struct mbuf *m, in
 
 static void
 ipe4_attach(void)
 {
 	xform_register(&ipe4_xformsw);
 	/* attach to encapsulation framework */
 	/* XXX save return cookie for detach on module remove */
 	(void) encap_attach_func(AF_INET, -1,
-		ipe4_encapcheck, (struct protosw*) &ipe4_protosw[0], NULL);
+		ipe4_encapcheck, &ipe4_protosw, NULL);
 #ifdef INET6
 	(void) encap_attach_func(AF_INET6, -1,
-		ipe4_encapcheck, (struct protosw*) &ipe4_protosw[1], NULL);
+		ipe4_encapcheck, (struct protosw*) &ipe6_protosw, NULL);
 #endif
 }
 SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipe4_attach, NULL);
 #endif	/* FAST_IPSEC */

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Mon Mar 27 17:53:39 UTC 2006 
Responsible-Changed-Why:  
I'll investigate. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95008 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc: Mats Palmgren <mats.palmgren@bredband.net>
Subject: Re: amd64/95008: FAST_IPSEC kernel crash on amd64
Date: Thu, 30 Mar 2006 10:08:20 +0000 (UTC)

 Could you try following patch (which only has minor
 changes to yours) and report back if it's ok as soon
 as possible so I can try to get it into HEAD and 6.1.
 
 Thanks a lot.
 
 You can also (temporary) download the patch from
 http://sources.zabbadoz.net/freebsd/patchset/amd64-varargs-netipsec-xform-ip-protosw.diff
 
 
 ! 
 ! From PR amd64/95008 : [patch] FAST_IPSEC kernel crash on amd64
 ! with minor modifications.
 ! 
 Index: xform.h
 ===================================================================
 RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/xform.h,v
 retrieving revision 1.2
 diff -u -p -r1.2 xform.h
 --- xform.h	7 Jan 2005 01:45:46 -0000	1.2
 +++ xform.h	30 Mar 2006 10:02:00 -0000
 @@ -105,7 +105,7 @@ struct cryptoini;
 
   /* XF_IP4 */
   extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
 -extern	void ip4_input(struct mbuf *m, ...);
 +extern	void ip4_input(struct mbuf *m, int);
   extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
   			struct mbuf **, int, int);
 
 Index: xform_ipip.c
 ===================================================================
 RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/xform_ipip.c,v
 retrieving revision 1.11
 diff -u -p -r1.11 xform_ipip.c
 --- xform_ipip.c	7 Jan 2005 01:45:46 -0000	1.11
 +++ xform_ipip.c	30 Mar 2006 10:02:00 -0000
 @@ -61,7 +61,6 @@
   #include <netinet/ip_ecn.h>
   #include <netinet/ip_var.h>
   #include <netinet/ip_encap.h>
 -#include <netinet/ipprotosw.h>
 
   #include <netipsec/ipsec.h>
   #include <netipsec/xform.h>
 @@ -129,11 +128,8 @@ ip4_input6(struct mbuf **m, int *offp, i
    * Really only a wrapper for ipip_input(), for use with IPv4.
    */
   void
 -ip4_input(struct mbuf *m, ...)
 +ip4_input(struct mbuf *m, int off)
   {
 -	va_list ap;
 -	int iphlen;
 -
   #if 0
   	/* If we do not accept IP-in-IP explicitly, drop.  */
   	if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
 @@ -143,11 +139,7 @@ ip4_input(struct mbuf *m, ...)
   		return;
   	}
   #endif
 -	va_start(ap, m);
 -	iphlen = va_arg(ap, int);
 -	va_end(ap);
 -
 -	_ipip_input(m, iphlen, NULL);
 +	_ipip_input(m, off, NULL);
   }
   #endif /* INET */
 
 @@ -638,24 +630,24 @@ static struct xformsw ipe4_xformsw = {
   };
 
   extern struct domain inetdomain;
 -static struct ipprotosw ipe4_protosw[] = {
 +static struct protosw ipe4_protosw =
   { SOCK_RAW,	&inetdomain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 -  (pr_in_input_t*) ip4_input,
 +  ip4_input,
   		0, 		0,		rip_ctloutput,
     0,
     0,		0,		0,		0,
     &rip_usrreqs
 -},
 +};
   #ifdef INET6
 +static struct ip6protosw ipe6_protosw =
   { SOCK_RAW,	&inetdomain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 -  (pr_in_input_t*) ip4_input,
 +  ip4_input6,
   		0,	 	0,		rip_ctloutput,
     0,
     0,		0,		0,		0,
     &rip_usrreqs
 -}
 -#endif
   };
 +#endif
 
   /*
    * Check the encapsulated packet to see if we want it
 @@ -679,10 +671,10 @@ ipe4_attach(void)
   	/* attach to encapsulation framework */
   	/* XXX save return cookie for detach on module remove */
   	(void) encap_attach_func(AF_INET, -1,
 -		ipe4_encapcheck, (struct protosw*) &ipe4_protosw[0], NULL);
 +		ipe4_encapcheck, &ipe4_protosw, NULL);
   #ifdef INET6
   	(void) encap_attach_func(AF_INET6, -1,
 -		ipe4_encapcheck, (struct protosw*) &ipe4_protosw[1], NULL);
 +		ipe4_encapcheck, (struct protosw *)&ipe6_protosw, NULL);
   #endif
   }
   SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipe4_attach, NULL);
 

From: Mats Palmgren <mats.palmgren@bredband.net>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: amd64/95008: FAST_IPSEC kernel crash on amd64
Date: Thu, 30 Mar 2006 16:22:52 +0200

 I compiled a new kernel with your fix and tested
 it with VPN traffic. It worked fine.
 
 Thanks,
 Mats Palmgren
 
 
 Bjoern A. Zeeb wrote:
 > Could you try following patch (which only has minor
 > changes to yours) and report back if it's ok as soon
 > as possible so I can try to get it into HEAD and 6.1.
 > 
 > Thanks a lot.
 > 
 > You can also (temporary) download the patch from
 > http://sources.zabbadoz.net/freebsd/patchset/amd64-varargs-netipsec-xform-ip-protosw.diff 
 > 
 > 
 > 
 > ! ! From PR amd64/95008 : [patch] FAST_IPSEC kernel crash on amd64
 > ! with minor modifications.
 > ! Index: xform.h
 > ===================================================================
 > RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/xform.h,v
 > retrieving revision 1.2
 > diff -u -p -r1.2 xform.h
 > --- xform.h    7 Jan 2005 01:45:46 -0000    1.2
 > +++ xform.h    30 Mar 2006 10:02:00 -0000
 > @@ -105,7 +105,7 @@ struct cryptoini;
 > 
 >  /* XF_IP4 */
 >  extern    int ip4_input6(struct mbuf **m, int *offp, int proto);
 > -extern    void ip4_input(struct mbuf *m, ...);
 > +extern    void ip4_input(struct mbuf *m, int);
 >  extern    int ipip_output(struct mbuf *, struct ipsecrequest *,
 >              struct mbuf **, int, int);
 > 
 > Index: xform_ipip.c
 > ===================================================================
 > RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/xform_ipip.c,v
 > retrieving revision 1.11
 > diff -u -p -r1.11 xform_ipip.c
 > --- xform_ipip.c    7 Jan 2005 01:45:46 -0000    1.11
 > +++ xform_ipip.c    30 Mar 2006 10:02:00 -0000
 > @@ -61,7 +61,6 @@
 >  #include <netinet/ip_ecn.h>
 >  #include <netinet/ip_var.h>
 >  #include <netinet/ip_encap.h>
 > -#include <netinet/ipprotosw.h>
 > 
 >  #include <netipsec/ipsec.h>
 >  #include <netipsec/xform.h>
 > @@ -129,11 +128,8 @@ ip4_input6(struct mbuf **m, int *offp, i
 >   * Really only a wrapper for ipip_input(), for use with IPv4.
 >   */
 >  void
 > -ip4_input(struct mbuf *m, ...)
 > +ip4_input(struct mbuf *m, int off)
 >  {
 > -    va_list ap;
 > -    int iphlen;
 > -
 >  #if 0
 >      /* If we do not accept IP-in-IP explicitly, drop.  */
 >      if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
 > @@ -143,11 +139,7 @@ ip4_input(struct mbuf *m, ...)
 >          return;
 >      }
 >  #endif
 > -    va_start(ap, m);
 > -    iphlen = va_arg(ap, int);
 > -    va_end(ap);
 > -
 > -    _ipip_input(m, iphlen, NULL);
 > +    _ipip_input(m, off, NULL);
 >  }
 >  #endif /* INET */
 > 
 > @@ -638,24 +630,24 @@ static struct xformsw ipe4_xformsw = {
 >  };
 > 
 >  extern struct domain inetdomain;
 > -static struct ipprotosw ipe4_protosw[] = {
 > +static struct protosw ipe4_protosw =
 >  { SOCK_RAW,    &inetdomain,    IPPROTO_IPV4,    
 > PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 > -  (pr_in_input_t*) ip4_input,
 > +  ip4_input,
 >          0,         0,        rip_ctloutput,
 >    0,
 >    0,        0,        0,        0,
 >    &rip_usrreqs
 > -},
 > +};
 >  #ifdef INET6
 > +static struct ip6protosw ipe6_protosw =
 >  { SOCK_RAW,    &inetdomain,    IPPROTO_IPV6,    
 > PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 > -  (pr_in_input_t*) ip4_input,
 > +  ip4_input6,
 >          0,         0,        rip_ctloutput,
 >    0,
 >    0,        0,        0,        0,
 >    &rip_usrreqs
 > -}
 > -#endif
 >  };
 > +#endif
 > 
 >  /*
 >   * Check the encapsulated packet to see if we want it
 > @@ -679,10 +671,10 @@ ipe4_attach(void)
 >      /* attach to encapsulation framework */
 >      /* XXX save return cookie for detach on module remove */
 >      (void) encap_attach_func(AF_INET, -1,
 > -        ipe4_encapcheck, (struct protosw*) &ipe4_protosw[0], NULL);
 > +        ipe4_encapcheck, &ipe4_protosw, NULL);
 >  #ifdef INET6
 >      (void) encap_attach_func(AF_INET6, -1,
 > -        ipe4_encapcheck, (struct protosw*) &ipe4_protosw[1], NULL);
 > +        ipe4_encapcheck, (struct protosw *)&ipe6_protosw, NULL);
 >  #endif
 >  }
 >  SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, 
 > ipe4_attach, NULL);
 > 
 
State-Changed-From-To: open->patched 
State-Changed-By: bz 
State-Changed-When: Thu Mar 30 19:01:53 UTC 2006 
State-Changed-Why:  
patch committed to HEAD: 
http://docs.freebsd.org/cgi/mid.cgi?200603301857.k2UIv46o066136 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95008 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Sat Apr 8 13:08:56 UTC 2006 
State-Changed-Why:  
Patch was MFCed to RELENG_6 some days ago. 
Thanks for reporting and testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95008 

From: Michael Vince <mv@thebeastie.org>
To: Mats Palmgren <mats.palmgren@bredband.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: amd64/95008: FAST_IPSEC kernel crash on amd64
Date: Mon, 10 Apr 2006 00:13:25 +1000

 Mats Palmgren wrote:
 
 >>Number:         95008
 >>Category:       amd64
 >>Synopsis:       FAST_IPSEC kernel crash on amd64
 >>Confidential:   no
 >>Severity:       critical
 >>Priority:       high
 >>Responsible:    freebsd-amd64
 >>State:          open
 >>Quarter:        
 >>Keywords:       
 >>Date-Required:
 >>Class:          sw-bug
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Mon Mar 27 17:40:22 GMT 2006
 >>Closed-Date:
 >>Last-Modified:
 >>Originator:     Mats Palmgren
 >>Release:        RELENG_6
 >>Organization:
 >>Environment:
 >>Description:
 >>    
 >>
 >I think the problem is that ip4_input() is declared as a
 >varargs function but the caller encap4_input() thinks it's not.
 >Fixing the signature fixed the crash anyway.
 >
 >Note that the last valid frame is "encap4_input()" below.
 >
 >  
 >
 Believe it or not if you have Intel EMT64 cpus the FAST_IPSEC runs fine 
 on 6stable on a AMD64 kernel since around late last year.
 I can't get true AMD64 cpus to run FAST_IPSEC they panic every time but 
 my Dells with EMT64 are just fine.
 
 Mike
 
 
>Unformatted:
