From pa4dan@Bliksem.VEHosting.nl  Wed Jul  6 13:02:21 2011
Return-Path: <pa4dan@Bliksem.VEHosting.nl>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC5F91065670
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  6 Jul 2011 13:02:20 +0000 (UTC)
	(envelope-from pa4dan@Bliksem.VEHosting.nl)
Received: from Bliksem.VEHosting.nl (Bliksem6.VEHosting.nl [IPv6:2001:1af8:2100:b020::141])
	by mx1.freebsd.org (Postfix) with ESMTP id 786B78FC1A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  6 Jul 2011 13:02:20 +0000 (UTC)
Received: from vitsch.nl (localhost [127.0.0.1])
	by Bliksem.VEHosting.nl (8.13.8/8.13.8) with SMTP id p66D2H5B039150;
	Wed, 6 Jul 2011 15:02:18 +0200 (CEST)
	(envelope-from pa4dan@Bliksem.VEHosting.nl)
Received: (from pa4dan@localhost)
	by Bliksem.VEHosting.nl (8.13.8/8.13.8/Submit) id p66D15Y5039119;
	Wed, 6 Jul 2011 15:01:05 +0200 (CEST)
	(envelope-from pa4dan)
Message-Id: <201107061301.p66D15Y5039119@Bliksem.VEHosting.nl>
Date: Wed, 6 Jul 2011 15:01:05 +0200 (CEST)
From: "Daan Vreeken [PA4DAN]" <pa4dan@Bliksem.VEHosting.nl>
Reply-To: "Daan Vreeken [PA4DAN]" <pa4dan@Bliksem.VEHosting.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] [if_tap] Add VIMAGE support to if_tap
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         158686
>Category:       kern
>Synopsis:       [vimage] [tap] [patch] Add VIMAGE support to if_tap
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-virtualization
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 06 13:10:01 UTC 2011
>Closed-Date:    Sat Jun 16 07:27:41 UTC 2012
>Last-Modified:  Tue Jun 19 10:00:24 UTC 2012
>Originator:     Daan Vreeken [PA4DAN]
>Release:        FreeBSD 9.0-CURRENT amd64
>Organization:
Vitsch Electronics - http://Vitsch.nl/
>Environment:
System: FreeBSD RacebeestV3.VEHosting.LAN 9.0-CURRENT FreeBSD 9.0-CURRENT #9 r219581M: Mon Jul  4 22:10:19 CEST 2011     root@RacebeestV3.VEHosting.LAN:/usr/obj/mnt/2/sys/Multimedia  amd64


	
>Description:

When using a kernel with 'options VIMAGE', using (and closing) a /dev/tap*
device will crash the kernel.

	
>How-To-Repeat:

o Create a kernel with 'options VIMAGE' and 'device tap'
o Start an application that uses /dev/tap* device(s)
o Stop the application and see the crash

	
>Fix:

The following patch is based on similar changes that were made to if_tun.c
and prevents the panic :



Index: sys/net/if_tap.c
===================================================================
--- sys/net/if_tap.c	(revision 222928)
+++ sys/net/if_tap.c	(working copy)
@@ -42,6 +42,7 @@
 #include <sys/conf.h>
 #include <sys/fcntl.h>
 #include <sys/filio.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
@@ -64,8 +65,9 @@
 #include <net/if.h>
 #include <net/if_clone.h>
 #include <net/if_dl.h>
+#include <net/if_types.h>
 #include <net/route.h>
-#include <net/if_types.h>
+#include <net/vnet.h>
 
 #include <netinet/in.h>
 
@@ -214,6 +216,7 @@
 	KASSERT(!(tp->tap_flags & TAP_OPEN),
 		("%s flags is out of sync", ifp->if_xname));
 
+	CURVNET_SET(ifp->if_vnet);
 	knlist_destroy(&tp->tap_rsel.si_note);
 	destroy_dev(tp->tap_dev);
 	ether_ifdetach(ifp);
@@ -221,6 +224,7 @@
 
 	mtx_destroy(&tp->tap_mtx);
 	free(tp, M_TAP);
+	CURVNET_RESTORE();
 }
 
 static void
@@ -362,6 +366,7 @@
 	if (unit == -1)
 		append_unit = 1;
 
+	CURVNET_SET(CRED_TO_VNET(cred));
 	/* find any existing device, or allocate new unit number */
 	i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
 	if (i) {
@@ -380,6 +385,7 @@
 	}
 
 	if_clone_create(name, namelen, NULL);
+	CURVNET_RESTORE();
 } /* tapclone */
 
 
@@ -520,6 +526,7 @@
 
 	/* junk all pending output */
 	mtx_lock(&tp->tap_mtx);
+	CURVNET_SET(ifp->if_vnet);
 	IF_DRAIN(&ifp->if_snd);
 
 	/*
@@ -543,6 +550,8 @@
 	}
 
 	if_link_state_change(ifp, LINK_STATE_DOWN);
+	CURVNET_RESTORE();
+
 	funsetown(&tp->tap_sigio);
 	selwakeuppri(&tp->tap_rsel, PZERO+1);
 	KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
@@ -944,7 +953,12 @@
 	}
 
 	/* Pass packet up to parent. */
+	CURVNET_SET(ifp->if_vnet);
+#if __FreeBSD_version > 900038
+	M_SETFIB(m, ifp->if_fib);
+#endif
 	(*ifp->if_input)(ifp, m);
+	CURVNET_RESTORE();
 	ifp->if_ipackets ++; /* ibytes are counted in parent */
 
 	return (0);




This diff file can also be found here:
 http://www.vitsch.nl/patches/
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jul 6 19:19:24 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158686 
Responsible-Changed-From-To: freebsd-net->freebsd-virtualization 
Responsible-Changed-By: bz 
Responsible-Changed-When: Thu Jul 7 22:08:42 UTC 2011 
Responsible-Changed-Why:  
Re-assign 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158686 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/158686: commit references a PR
Date: Thu,  7 Jun 2012 19:47:02 +0000 (UTC)

 Author: trociny
 Date: Thu Jun  7 19:46:46 2012
 New Revision: 236724
 URL: http://svn.freebsd.org/changeset/base/236724
 
 Log:
   Add VIMAGE support to if_tap.
   
   PR:		kern/152047, kern/158686
   Submitted by:	Daan Vreeken <pa4dan Bliksem.VEHosting.nl>
   MFC after:	1 week
 
 Modified:
   head/sys/net/if_tap.c
 
 Modified: head/sys/net/if_tap.c
 ==============================================================================
 --- head/sys/net/if_tap.c	Thu Jun  7 19:19:12 2012	(r236723)
 +++ head/sys/net/if_tap.c	Thu Jun  7 19:46:46 2012	(r236724)
 @@ -42,6 +42,7 @@
  #include <sys/conf.h>
  #include <sys/fcntl.h>
  #include <sys/filio.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
  #include <sys/malloc.h>
  #include <sys/mbuf.h>
 @@ -66,6 +67,7 @@
  #include <net/if_dl.h>
  #include <net/route.h>
  #include <net/if_types.h>
 +#include <net/vnet.h>
  
  #include <netinet/in.h>
  
 @@ -214,6 +216,7 @@ tap_destroy(struct tap_softc *tp)
  	KASSERT(!(tp->tap_flags & TAP_OPEN),
  		("%s flags is out of sync", ifp->if_xname));
  
 +	CURVNET_SET(ifp->if_vnet);
  	seldrain(&tp->tap_rsel);
  	knlist_destroy(&tp->tap_rsel.si_note);
  	destroy_dev(tp->tap_dev);
 @@ -222,6 +225,7 @@ tap_destroy(struct tap_softc *tp)
  
  	mtx_destroy(&tp->tap_mtx);
  	free(tp, M_TAP);
 +	CURVNET_RESTORE();
  }
  
  static void
 @@ -363,6 +367,7 @@ tapclone(void *arg, struct ucred *cred, 
  	if (unit == -1)
  		append_unit = 1;
  
 +	CURVNET_SET(CRED_TO_VNET(cred));
  	/* find any existing device, or allocate new unit number */
  	i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
  	if (i) {
 @@ -381,6 +386,7 @@ tapclone(void *arg, struct ucred *cred, 
  	}
  
  	if_clone_create(name, namelen, NULL);
 +	CURVNET_RESTORE();
  } /* tapclone */
  
  
 @@ -521,6 +527,7 @@ tapclose(struct cdev *dev, int foo, int 
  
  	/* junk all pending output */
  	mtx_lock(&tp->tap_mtx);
 +	CURVNET_SET(ifp->if_vnet);
  	IF_DRAIN(&ifp->if_snd);
  
  	/*
 @@ -544,6 +551,8 @@ tapclose(struct cdev *dev, int foo, int 
  	}
  
  	if_link_state_change(ifp, LINK_STATE_DOWN);
 +	CURVNET_RESTORE();
 +
  	funsetown(&tp->tap_sigio);
  	selwakeuppri(&tp->tap_rsel, PZERO+1);
  	KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
 @@ -945,7 +954,9 @@ tapwrite(struct cdev *dev, struct uio *u
  	}
  
  	/* Pass packet up to parent. */
 +	CURVNET_SET(ifp->if_vnet);
  	(*ifp->if_input)(ifp, m);
 +	CURVNET_RESTORE();
  	ifp->if_ipackets ++; /* ibytes are counted in parent */
  
  	return (0);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/158686: commit references a PR
Date: Fri, 15 Jun 2012 20:25:55 +0000 (UTC)

 Author: trociny
 Date: Fri Jun 15 20:25:44 2012
 New Revision: 237144
 URL: http://svn.freebsd.org/changeset/base/237144
 
 Log:
   MFC 236724, 236725:
   
   MFC 236724:
   
   Add VIMAGE support to if_tap.
   
   PR:		kern/152047, kern/158686
   Submitted by:	Daan Vreeken <pa4dan Bliksem.VEHosting.nl>
   
   MFC 236725:
   
   Sort includes.
   
   Submitted by:	Daan Vreeken <pa4dan Bliksem.VEHosting.nl>
 
 Modified:
   stable/9/sys/net/if_tap.c
 Directory Properties:
   stable/9/sys/   (props changed)
 
 Modified: stable/9/sys/net/if_tap.c
 ==============================================================================
 --- stable/9/sys/net/if_tap.c	Fri Jun 15 20:08:13 2012	(r237143)
 +++ stable/9/sys/net/if_tap.c	Fri Jun 15 20:25:44 2012	(r237144)
 @@ -42,6 +42,7 @@
  #include <sys/conf.h>
  #include <sys/fcntl.h>
  #include <sys/filio.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
  #include <sys/malloc.h>
  #include <sys/mbuf.h>
 @@ -64,8 +65,9 @@
  #include <net/if.h>
  #include <net/if_clone.h>
  #include <net/if_dl.h>
 -#include <net/route.h>
  #include <net/if_types.h>
 +#include <net/route.h>
 +#include <net/vnet.h>
  
  #include <netinet/in.h>
  
 @@ -214,6 +216,7 @@ tap_destroy(struct tap_softc *tp)
  	KASSERT(!(tp->tap_flags & TAP_OPEN),
  		("%s flags is out of sync", ifp->if_xname));
  
 +	CURVNET_SET(ifp->if_vnet);
  	seldrain(&tp->tap_rsel);
  	knlist_destroy(&tp->tap_rsel.si_note);
  	destroy_dev(tp->tap_dev);
 @@ -222,6 +225,7 @@ tap_destroy(struct tap_softc *tp)
  
  	mtx_destroy(&tp->tap_mtx);
  	free(tp, M_TAP);
 +	CURVNET_RESTORE();
  }
  
  static void
 @@ -363,6 +367,7 @@ tapclone(void *arg, struct ucred *cred, 
  	if (unit == -1)
  		append_unit = 1;
  
 +	CURVNET_SET(CRED_TO_VNET(cred));
  	/* find any existing device, or allocate new unit number */
  	i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
  	if (i) {
 @@ -381,6 +386,7 @@ tapclone(void *arg, struct ucred *cred, 
  	}
  
  	if_clone_create(name, namelen, NULL);
 +	CURVNET_RESTORE();
  } /* tapclone */
  
  
 @@ -521,6 +527,7 @@ tapclose(struct cdev *dev, int foo, int 
  
  	/* junk all pending output */
  	mtx_lock(&tp->tap_mtx);
 +	CURVNET_SET(ifp->if_vnet);
  	IF_DRAIN(&ifp->if_snd);
  
  	/*
 @@ -544,6 +551,8 @@ tapclose(struct cdev *dev, int foo, int 
  	}
  
  	if_link_state_change(ifp, LINK_STATE_DOWN);
 +	CURVNET_RESTORE();
 +
  	funsetown(&tp->tap_sigio);
  	selwakeuppri(&tp->tap_rsel, PZERO+1);
  	KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
 @@ -945,7 +954,9 @@ tapwrite(struct cdev *dev, struct uio *u
  	}
  
  	/* Pass packet up to parent. */
 +	CURVNET_SET(ifp->if_vnet);
  	(*ifp->if_input)(ifp, m);
 +	CURVNET_RESTORE();
  	ifp->if_ipackets ++; /* ibytes are counted in parent */
  
  	return (0);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/158686: commit references a PR
Date: Fri, 15 Jun 2012 20:27:30 +0000 (UTC)

 Author: trociny
 Date: Fri Jun 15 20:27:15 2012
 New Revision: 237145
 URL: http://svn.freebsd.org/changeset/base/237145
 
 Log:
   MFC 236724, 236725:
   
   MFC 236724:
   
   Add VIMAGE support to if_tap.
   
   PR:		kern/152047, kern/158686
   Submitted by:	Daan Vreeken <pa4dan Bliksem.VEHosting.nl>
   
   MFC 236725:
   
   Sort includes.
   
   Submitted by:	Daan Vreeken <pa4dan Bliksem.VEHosting.nl>
 
 Modified:
   stable/8/sys/net/if_tap.c
 Directory Properties:
   stable/8/sys/   (props changed)
 
 Modified: stable/8/sys/net/if_tap.c
 ==============================================================================
 --- stable/8/sys/net/if_tap.c	Fri Jun 15 20:25:44 2012	(r237144)
 +++ stable/8/sys/net/if_tap.c	Fri Jun 15 20:27:15 2012	(r237145)
 @@ -42,6 +42,7 @@
  #include <sys/conf.h>
  #include <sys/fcntl.h>
  #include <sys/filio.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
  #include <sys/malloc.h>
  #include <sys/mbuf.h>
 @@ -64,8 +65,9 @@
  #include <net/if.h>
  #include <net/if_clone.h>
  #include <net/if_dl.h>
 -#include <net/route.h>
  #include <net/if_types.h>
 +#include <net/route.h>
 +#include <net/vnet.h>
  
  #include <netinet/in.h>
  
 @@ -214,6 +216,7 @@ tap_destroy(struct tap_softc *tp)
  	KASSERT(!(tp->tap_flags & TAP_OPEN),
  		("%s flags is out of sync", ifp->if_xname));
  
 +	CURVNET_SET(ifp->if_vnet);
  	seldrain(&tp->tap_rsel);
  	knlist_destroy(&tp->tap_rsel.si_note);
  	destroy_dev(tp->tap_dev);
 @@ -222,6 +225,7 @@ tap_destroy(struct tap_softc *tp)
  
  	mtx_destroy(&tp->tap_mtx);
  	free(tp, M_TAP);
 +	CURVNET_RESTORE();
  }
  
  static void
 @@ -363,6 +367,7 @@ tapclone(void *arg, struct ucred *cred, 
  	if (unit == -1)
  		append_unit = 1;
  
 +	CURVNET_SET(CRED_TO_VNET(cred));
  	/* find any existing device, or allocate new unit number */
  	i = clone_create(&tapclones, &tap_cdevsw, &unit, dev, extra);
  	if (i) {
 @@ -381,6 +386,7 @@ tapclone(void *arg, struct ucred *cred, 
  	}
  
  	if_clone_create(name, namelen, NULL);
 +	CURVNET_RESTORE();
  } /* tapclone */
  
  
 @@ -521,6 +527,7 @@ tapclose(struct cdev *dev, int foo, int 
  
  	/* junk all pending output */
  	mtx_lock(&tp->tap_mtx);
 +	CURVNET_SET(ifp->if_vnet);
  	IF_DRAIN(&ifp->if_snd);
  
  	/*
 @@ -544,6 +551,8 @@ tapclose(struct cdev *dev, int foo, int 
  	}
  
  	if_link_state_change(ifp, LINK_STATE_DOWN);
 +	CURVNET_RESTORE();
 +
  	funsetown(&tp->tap_sigio);
  	selwakeuppri(&tp->tap_rsel, PZERO+1);
  	KNOTE_LOCKED(&tp->tap_rsel.si_note, 0);
 @@ -945,7 +954,9 @@ tapwrite(struct cdev *dev, struct uio *u
  	}
  
  	/* Pass packet up to parent. */
 +	CURVNET_SET(ifp->if_vnet);
  	(*ifp->if_input)(ifp, m);
 +	CURVNET_RESTORE();
  	ifp->if_ipackets ++; /* ibytes are counted in parent */
  
  	return (0);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: trociny 
State-Changed-When: Sat Jun 16 07:26:59 UTC 2012 
State-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158686 

From: Mikolaj Golub <trociny@freebsd.org>
To: "Daan Vreeken \[PA4DAN\]" <pa4dan@Bliksem.VEHosting.nl>
Cc: bug-followup@FreeBSD.org, Alexander V. Chernikov <melifaro@freebsd.org>
Subject: Re: kern/158686: [vimage] [tap] [patch] Add VIMAGE support to if_tap
Date: Sat, 16 Jun 2012 10:25:26 +0300

 Hi Daan,
 
 The patch is committed. Thank you!
 
 Note, I have not committed the "FIB" part of the patch though because I am not
 sure it was supposed to be done in this way. Your change looks reasonable for
 me, as it looks like without it mbufs of all incoming packets are not tagged
 on tap interface. On the other hand I don't see examples in kernel where tag
 is set before if_input() call (only before netisr_queue() or netisr_dispatch()).
 if_input() is actually ether_input(). May be it is supposed to just add this tag
 in ether_input()?
 
 I cc Alexander Chernikov, who is the author of the original patch that added
 mbuf tagging of incoming packets (r223741), and close this pr as the vimage
 part is fixed.
 
 -- 
 Mikolaj Golub

From: Daan Vreeken <Daan@vitsch.nl>
To: Mikolaj Golub <trociny@freebsd.org>
Cc: bug-followup@freebsd.org, "Alexander V. Chernikov" <melifaro@freebsd.org>
Subject: Re: kern/158686: [vimage] [tap] [patch] Add VIMAGE support to if_tap
Date: Tue, 19 Jun 2012 11:06:26 +0200

 Hi Mikolaj,
 
 On Saturday 16 June 2012 09:25:26 Mikolaj Golub wrote:
 > Hi Daan,
 >
 > The patch is committed. Thank you!
 
 Thanks for the commit!
 
 > Note, I have not committed the "FIB" part of the patch though because I am
 > not sure it was supposed to be done in this way. Your change looks
 > reasonable for me, as it looks like without it mbufs of all incoming
 > packets are not tagged on tap interface. On the other hand I don't see
 > examples in kernel where tag is set before if_input() call (only before
 > netisr_queue() or netisr_dispatch()). if_input() is actually ether_input().
 > May be it is supposed to just add this tag in ether_input()?
 >
 > I cc Alexander Chernikov, who is the author of the original patch that
 > added mbuf tagging of incoming packets (r223741), and close this pr as the
 > vimage part is fixed.
 
 I don't have a working test setup or use case at this moment where we use 
 multiple FIBs in combination with tap(4), but if I remember correctly, the 
 kernel would instantly panic upon receiving the first packet through the 
 interface without the call to M_SETFIB().
 
 If I run in to this again I'll submit a separate PR for this problem.
 
 
 Thanks,
 -- 
 Daan Vreeken
 Vitsch Electronics
 http://Vitsch.nl
 http://VitschVPN.nl
 tel: +31-(0)40-7113050
 KvK nr: 17174380

From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
To: Daan Vreeken <Daan@vitsch.nl>
Cc: Mikolaj Golub <trociny@freebsd.org>, bug-followup@freebsd.org
Subject: Re: kern/158686: [vimage] [tap] [patch] Add VIMAGE support to if_tap
Date: Tue, 19 Jun 2012 13:52:59 +0400

 > I don't have a working test setup or use case at this moment where we use
 > multiple FIBs in combination with tap(4), but if I remember correctly, the
 > kernel would instantly panic upon receiving the first packet through the
 > interface without the call to M_SETFIB().
 It is quite strange since M_SETFIB does nothing more than setting 4 bits 
 in mbuf flags which are zero by default (fib 0).
 >
 > If I run in to this again I'll submit a separate PR for this problem.
 Can you please drop e-mail to me if this happens?
>Unformatted:
