From nobody@FreeBSD.org  Wed Feb  1 22:40:35 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABA3E10656D0
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Feb 2012 22:40:35 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 9AC2A8FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Feb 2012 22:40:35 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q11MeZFR053614
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 1 Feb 2012 22:40:35 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q11MeZXL053613;
	Wed, 1 Feb 2012 22:40:35 GMT
	(envelope-from nobody)
Message-Id: <201202012240.q11MeZXL053613@red.freebsd.org>
Date: Wed, 1 Feb 2012 22:40:35 GMT
From: Nikos Vassiliadis <nvass@gmx.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: VIMAGE + carp panics the kernel
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         164696
>Category:       kern
>Synopsis:       [netinet] [patch] [panic] VIMAGE + carp panics the kernel
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 01 22:50:07 UTC 2012
>Closed-Date:    Wed Feb 08 13:39:46 UTC 2012
>Last-Modified:  Wed Feb 08 13:39:46 UTC 2012
>Originator:     Nikos Vassiliadis
>Release:        FreeBSD 10.0-CURRENT
>Organization:
>Environment:
FreeBSD lab.local 10.0-CURRENT FreeBSD 10.0-CURRENT #112 r230875: Wed Feb  1 21:40:59 EET 2012     root@lab.local:/usr/obj/usr/src/sys/LAB  i386

>Description:
Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel.

#4  0xc051ce3d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
#5  0xc0a99226 in kdb_trap (type=12, code=0, tf=0xc49a3b18)
    at /usr/src/sys/kern/subr_kdb.c:629
#6  0xc0e1a30f in trap_fatal (frame=0xc49a3b18, eva=24)
    at /usr/src/sys/i386/i386/trap.c:966
#7  0xc0e1ada3 in trap (frame=0xc49a3b18) at /usr/src/sys/i386/i386/trap.c:352
#8  0xc0e03b0c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#9  0xc7abefd0 in carp_send_ad_locked (sc=0xc500a600)
    at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:777
#10 0xc7abf984 in carp_master_down_locked (sc=0xc500a600)
    at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:1119
#11 0xc7abfc4f in carp_master_down (v=0xc500a600)
    at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:1104
#12 0xc0a78aa2 in softclock (arg=0xc119e5c0)
    at /usr/src/sys/kern/kern_timeout.c:571
#13 0xc0a382f5 in intr_event_execute_handlers (p=0xc4deb588, ie=0xc4e2d280)
    at /usr/src/sys/kern/kern_intr.c:1257

>How-To-Repeat:
Build a VIMAGE kernel.
Create and 'up' a carp address.
>Fix:
The attached patch fixes the panic. It doesn't virtualize carp(4), that is, only carp instances in vnet0 work.

Patch attached with submission follows:

Index: sys/netinet/ip_carp.c
===================================================================
--- sys/netinet/ip_carp.c	(revision 230875)
+++ sys/netinet/ip_carp.c	(working copy)
@@ -734,6 +734,8 @@
 	struct mbuf *m;
 	int len, advskew;
 
+	CURVNET_SET(sc->sc_carpdev->if_vnet);
+
 	CARP_LOCK_ASSERT(sc);
 
 	advskew = DEMOTE_ADVSKEW(sc);
@@ -761,6 +763,7 @@
 			/* XXX maybe less ? */
 			callout_reset(&sc->sc_ad_tmo, tvtohz(&tv),
 			    carp_send_ad, sc);
+			CURVNET_RESTORE();
 			return;
 		}
 		len = sizeof(*ip) + sizeof(ch);
@@ -793,8 +796,10 @@
 
 		ch_ptr = (struct carp_header *)(&ip[1]);
 		bcopy(&ch, ch_ptr, sizeof(ch));
-		if (carp_prepare_ad(m, sc, ch_ptr))
+		if (carp_prepare_ad(m, sc, ch_ptr)) {
+			CURVNET_RESTORE();
 			return;
+		}
 
 		m->m_data += sizeof(*ip);
 		ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip));
@@ -832,6 +837,7 @@
 			/* XXX maybe less ? */
 			callout_reset(&sc->sc_ad_tmo, tvtohz(&tv),
 			    carp_send_ad, sc);
+			CURVNET_RESTORE();
 			return;
 		}
 		len = sizeof(*ip6) + sizeof(ch);
@@ -864,13 +870,16 @@
 		if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) {
 			m_freem(m);
 			CARP_DEBUG("%s: in6_setscope failed\n", __func__);
+			CURVNET_RESTORE();
 			return;
 		}
 
 		ch_ptr = (struct carp_header *)(&ip6[1]);
 		bcopy(&ch, ch_ptr, sizeof(ch));
-		if (carp_prepare_ad(m, sc, ch_ptr))
+		if (carp_prepare_ad(m, sc, ch_ptr)) {
+			CURVNET_RESTORE();
 			return;
+		}
 
 		m->m_data += sizeof(*ip6);
 		ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip6));


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Feb 1 23:59:08 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164696 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Nikos Vassiliadis <nvass@gmx.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/164696: VIMAGE + carp panics the kernel
Date: Mon, 6 Feb 2012 15:47:41 +0400

 --TakKZr9L6Hm6aLOc
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 
   Hi, Nikos!
 
 On Wed, Feb 01, 2012 at 10:40:35PM +0000, Nikos Vassiliadis wrote:
 N> >Description:
 N> Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel.
 
 Can you please test another patch, that is attached?
 
 -- 
 Totus tuus, Glebius.
 
 --TakKZr9L6Hm6aLOc
 Content-Type: text/x-diff; charset=koi8-r
 Content-Disposition: attachment; filename="164696.diff"
 
 Index: ip_carp.c
 ===================================================================
 --- ip_carp.c	(revision 231067)
 +++ ip_carp.c	(working copy)
 @@ -707,19 +707,24 @@
  	LIST_FOREACH(sc, &carp_list, sc_next)
  		if (sc->sc_state == MASTER) {
  			CARP_LOCK(sc);
 +			CURVNET_SET(sc->sc_carpdev->if_vnet);
  			carp_send_ad_locked(sc);
 +			CURVNET_RESTORE();
  			CARP_UNLOCK(sc);
  		}
  	mtx_unlock(&carp_mtx);
  }
  
 +/* Send a periodic advertisement, executed in callout context. */
  static void
  carp_send_ad(void *v)
  {
  	struct carp_softc *sc = v;
  
  	CARP_LOCK_ASSERT(sc);
 +	CURVNET_SET(sc->sc_carpdev->if_vnet);
  	carp_send_ad_locked(sc);
 +	CURVNET_RESTORE();
  	CARP_UNLOCK(sc);
  }
  
 @@ -1090,6 +1095,7 @@
  	return (0);
  }
  
 +/* Master down timeout event, executed in callout context. */
  static void
  carp_master_down(void *v)
  {
 @@ -1097,12 +1103,14 @@
  
  	CARP_LOCK_ASSERT(sc);
  
 +	CURVNET_SET(sc->sc_carpdev->if_vnet);
  	if (sc->sc_state == BACKUP) {
  		CARP_LOG("VHID %u@%s: BACKUP -> MASTER (master down)\n",
  		    sc->sc_vhid,
  		    sc->sc_carpdev->if_xname);
  		carp_master_down_locked(sc);
  	}
 +	CURVNET_RESTORE();
  
  	CARP_UNLOCK(sc);
  }
 
 --TakKZr9L6Hm6aLOc--

From: Nikos Vassiliadis <nvass@gmx.com>
To: Gleb Smirnoff <glebius@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/164696: VIMAGE + carp panics the kernel
Date: Tue, 07 Feb 2012 10:46:57 +0200

 On 2/6/2012 1:47 PM, Gleb Smirnoff wrote:
 >    Hi, Nikos!
 >
 > On Wed, Feb 01, 2012 at 10:40:35PM +0000, Nikos Vassiliadis wrote:
 > N>  >Description:
 > N>  Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel.
 >
 > Can you please test another patch, that is attached?
 >
 
 Yes, it works. Please, commit it.
 
 Thanks!
State-Changed-From-To: open->closed 
State-Changed-By: glebius 
State-Changed-When: Wed Feb 8 13:38:23 UTC 2012 
State-Changed-Why:  
Fixed. 


Responsible-Changed-From-To: freebsd-net->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Wed Feb 8 13:38:23 UTC 2012 
Responsible-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164696 
>Unformatted:
