From nobody@FreeBSD.org  Wed Jan  6 22:58:05 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2B78610656AD
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  6 Jan 2010 22:58:05 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1AEB18FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  6 Jan 2010 22:58:05 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o06Mw4Ib064803
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 6 Jan 2010 22:58:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o06Mw4KO064802;
	Wed, 6 Jan 2010 22:58:04 GMT
	(envelope-from nobody)
Message-Id: <201001062258.o06Mw4KO064802@www.freebsd.org>
Date: Wed, 6 Jan 2010 22:58:04 GMT
From: Michael Moll <kvedulv@kvedulv.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: rtadvd triggers kernel panic when started for a hardware WLAN interface
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         142392
>Category:       kern
>Synopsis:       [panic] rtadvd(8) triggers kernel panic when started for a hardware WLAN interface
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    syrinx
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 06 23:00:11 UTC 2010
>Closed-Date:    Sun Jan 31 11:36:48 UTC 2010
>Last-Modified:  Sun Jan 31 11:40:03 UTC 2010
>Originator:     Michael Moll
>Release:        8.0-RELEASE
>Organization:
>Environment:
FreeBSD geode.kvedulv.de 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Wed Jan  6 23:12:22 CET 2010     root@buildhost.kvedulv.de:/usr/obj/usr/src/sys/GEODE_DB  i386
>Description:
When upgrading from 7.2 to 8.0 I experienced a panic, before changing the interface for rtadvd from ath0 to wlan0:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x8
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0776c20
stack pointer           = 0x28:0xcd0f9064
frame pointer           = 0x28:0xcd0f90dc
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1662 (rtadvd)
[thread pid 1662 tid 100084 ]
Stopped at      bcmp+0x14:      repe cmpsl      (%esi),%es:(%edi)
db> bt
Tracing pid 1662 tid 100084 td 0xc24ac240
bcmp(c20b2800,cd0f9178,c24cc400,cd0f9168,0) at bcmp+0x14
ip6_setmoptions(c23e1e9c) at ip6_setmoptions+0xb3d
ip6_ctloutput(c24d0000) at ip6_ctloutput+0x55c
sosetopt(c24d0000,cd0f9c44,1,29,c,...) at sosetopt+0x2a
kern_setsockopt(c24ac240,4,29,c,bfbfece0,...) at kern_setsockopt+0x99
setsockopt(c24ac240,cd0f9cf8,c07e41dc,c24ac240,292,...) at setsockopt+0x1e
syscall(cd0f9d38) at syscall+0x194
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (105, FreeBSD ELF32, setsockopt), eip = 0x281363b7, esp = 0xbfbfe41c, ebp = 0xbfbfed08 ---

When using wlan0 as interface everything is fine, but this may bite other people when upgrading to 8.
>How-To-Repeat:
I can easily reproduce this with "rtadvd ath0".
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jan 7 00:08:19 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 
Responsible-Changed-From-To: freebsd-net->syrinx 
Responsible-Changed-By: remko 
Responsible-Changed-When: Sun Jan 24 10:52:33 UTC 2010 
Responsible-Changed-Why:  
Shteryana has a patch, assign to her. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/142392: commit references a PR
Date: Sun, 24 Jan 2010 16:18:13 +0000 (UTC)

 Author: syrinx
 Date: Sun Jan 24 16:17:58 2010
 New Revision: 202935
 URL: http://svn.freebsd.org/changeset/base/202935
 
 Log:
   While flushing the multicast filter of an interface, do not zero the relevant
   ifmultiaddr structures' reference to the parent interface, unless the parent
   interface is really detaching. While here, program only link layer multicast
   filters to a wlan's hardware parent interface.
   
   PR:		kern/142391, kern/142392
   Reviewed by:	sam, rpaolo, bms
   MFC after:	1 week
 
 Modified:
   head/sys/net/if.c
   head/sys/net/if_var.h
   head/sys/net80211/ieee80211_ioctl.c
 
 Modified: head/sys/net/if.c
 ==============================================================================
 --- head/sys/net/if.c	Sun Jan 24 15:12:27 2010	(r202934)
 +++ head/sys/net/if.c	Sun Jan 24 16:17:58 2010	(r202935)
 @@ -740,9 +740,10 @@ if_purgeaddrs(struct ifnet *ifp)
  }
  
  /*
 - * Remove any multicast network addresses from an interface.
 + * Remove any multicast network addresses from an interface when an ifnet
 + * is going away.
   */
 -void
 +static void
  if_purgemaddrs(struct ifnet *ifp)
  {
  	struct ifmultiaddr *ifma;
 @@ -2940,6 +2941,22 @@ if_delmulti(struct ifnet *ifp, struct so
  }
  
  /*
 + * Delete all multicast group membership for an interface.
 + * Should be used to quickly flush all multicast filters.
 + */
 +void
 +if_delallmulti(struct ifnet *ifp)
 +{
 +	struct ifmultiaddr *ifma;
 +	struct ifmultiaddr *next;
 +
 +	IF_ADDR_LOCK(ifp);
 +	TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next)
 +		if_delmulti_locked(ifp, ifma, 0);
 +	IF_ADDR_UNLOCK(ifp);
 +}
 +
 +/*
   * Delete a multicast group membership by group membership pointer.
   * Network-layer protocol domains must use this routine.
   *
 
 Modified: head/sys/net/if_var.h
 ==============================================================================
 --- head/sys/net/if_var.h	Sun Jan 24 15:12:27 2010	(r202934)
 +++ head/sys/net/if_var.h	Sun Jan 24 16:17:58 2010	(r202935)
 @@ -833,7 +833,7 @@ void	if_delmulti_ifma(struct ifmultiaddr
  void	if_detach(struct ifnet *);
  void	if_vmove(struct ifnet *, struct vnet *);
  void	if_purgeaddrs(struct ifnet *);
 -void	if_purgemaddrs(struct ifnet *);
 +void	if_delallmulti(struct ifnet *);
  void	if_down(struct ifnet *);
  struct ifmultiaddr *
  	if_findmulti(struct ifnet *, struct sockaddr *);
 
 Modified: head/sys/net80211/ieee80211_ioctl.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_ioctl.c	Sun Jan 24 15:12:27 2010	(r202934)
 +++ head/sys/net80211/ieee80211_ioctl.c	Sun Jan 24 16:17:58 2010	(r202935)
 @@ -3199,15 +3199,18 @@ ieee80211_ioctl_updatemulti(struct ieee8
  	void *ioctl;
  
  	IEEE80211_LOCK(ic);
 -	if_purgemaddrs(parent);
 +	if_delallmulti(parent);
  	ioctl = parent->if_ioctl;	/* XXX WAR if_allmulti */
  	parent->if_ioctl = NULL;
  	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
  		struct ifnet *ifp = vap->iv_ifp;
  		struct ifmultiaddr *ifma;
  
 -		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link)
 +		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
 +			if (ifma->ifma_addr->sa_family != AF_LINK)
 +				continue;
  			(void) if_addmulti(parent, ifma->ifma_addr, NULL);
 +		}
  	}
  	parent->if_ioctl = ioctl;
  	ieee80211_runtask(ic, &ic->ic_mcast_task);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: syrinx 
State-Changed-When: Sun Jan 24 16:23:32 UTC 2010 
State-Changed-Why:  
Patch commited to CURRENT 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 
State-Changed-From-To: patched->closed 
State-Changed-By: syrinx 
State-Changed-When: Sun Jan 31 11:36:05 UTC 2010 
State-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/142392: commit references a PR
Date: Sun, 31 Jan 2010 11:30:39 +0000 (UTC)

 Author: syrinx
 Date: Sun Jan 31 11:30:28 2010
 New Revision: 203274
 URL: http://svn.freebsd.org/changeset/base/203274
 
 Log:
   MFC r202935:
   While flushing the multicast filter of an interface, do not zero the relevant
   ifmultiaddr structures' reference to the parent interface, unless the parent
   interface is really detaching. While here, program only link layer multicast
   filters to a wlan's hardware parent interface.
   
   PR:		kern/142391, kern/142392
   Reviewed by:	sam, rpaulo, bms
 
 Modified:
   stable/8/sys/net/if.c
   stable/8/sys/net/if_var.h
   stable/8/sys/net80211/ieee80211_ioctl.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
   stable/8/sys/dev/xen/xenpci/   (props changed)
 
 Modified: stable/8/sys/net/if.c
 ==============================================================================
 --- stable/8/sys/net/if.c	Sun Jan 31 11:20:27 2010	(r203273)
 +++ stable/8/sys/net/if.c	Sun Jan 31 11:30:28 2010	(r203274)
 @@ -773,9 +773,10 @@ if_purgeaddrs(struct ifnet *ifp)
  }
  
  /*
 - * Remove any multicast network addresses from an interface.
 + * Remove any multicast network addresses from an interface when an ifnet
 + * is going away.
   */
 -void
 +static void
  if_purgemaddrs(struct ifnet *ifp)
  {
  	struct ifmultiaddr *ifma;
 @@ -3005,6 +3006,22 @@ if_delmulti(struct ifnet *ifp, struct so
  }
  
  /*
 + * Delete all multicast group membership for an interface.
 + * Should be used to quickly flush all multicast filters.
 + */
 +void
 +if_delallmulti(struct ifnet *ifp)
 +{
 +	struct ifmultiaddr *ifma;
 +	struct ifmultiaddr *next;
 +
 +	IF_ADDR_LOCK(ifp);
 +	TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next)
 +		if_delmulti_locked(ifp, ifma, 0);
 +	IF_ADDR_UNLOCK(ifp);
 +}
 +
 +/*
   * Delete a multicast group membership by group membership pointer.
   * Network-layer protocol domains must use this routine.
   *
 
 Modified: stable/8/sys/net/if_var.h
 ==============================================================================
 --- stable/8/sys/net/if_var.h	Sun Jan 31 11:20:27 2010	(r203273)
 +++ stable/8/sys/net/if_var.h	Sun Jan 31 11:30:28 2010	(r203274)
 @@ -832,7 +832,7 @@ void	if_delmulti_ifma(struct ifmultiaddr
  void	if_detach(struct ifnet *);
  void	if_vmove(struct ifnet *, struct vnet *);
  void	if_purgeaddrs(struct ifnet *);
 -void	if_purgemaddrs(struct ifnet *);
 +void	if_delallmulti(struct ifnet *);
  void	if_down(struct ifnet *);
  struct ifmultiaddr *
  	if_findmulti(struct ifnet *, struct sockaddr *);
 
 Modified: stable/8/sys/net80211/ieee80211_ioctl.c
 ==============================================================================
 --- stable/8/sys/net80211/ieee80211_ioctl.c	Sun Jan 31 11:20:27 2010	(r203273)
 +++ stable/8/sys/net80211/ieee80211_ioctl.c	Sun Jan 31 11:30:28 2010	(r203274)
 @@ -3199,15 +3199,18 @@ ieee80211_ioctl_updatemulti(struct ieee8
  	void *ioctl;
  
  	IEEE80211_LOCK(ic);
 -	if_purgemaddrs(parent);
 +	if_delallmulti(parent);
  	ioctl = parent->if_ioctl;	/* XXX WAR if_allmulti */
  	parent->if_ioctl = NULL;
  	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
  		struct ifnet *ifp = vap->iv_ifp;
  		struct ifmultiaddr *ifma;
  
 -		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link)
 +		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
 +			if (ifma->ifma_addr->sa_family != AF_LINK)
 +				continue;
  			(void) if_addmulti(parent, ifma->ifma_addr, NULL);
 +		}
  	}
  	parent->if_ioctl = ioctl;
  	ieee80211_runtask(ic, &ic->ic_mcast_task);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
