From dgilbert@office.tor.velocet.net  Fri Jun 30 06:39:47 2000
Return-Path: <dgilbert@office.tor.velocet.net>
Received: from sabre.velocet.net (sabre.velocet.net [198.96.118.66])
	by hub.freebsd.org (Postfix) with ESMTP id DE02637BA55
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 30 Jun 2000 06:39:46 -0700 (PDT)
	(envelope-from dgilbert@office.tor.velocet.net)
Received: from office.tor.velocet.net (trooper.velocet.net [216.126.82.226])
	by sabre.velocet.net (Postfix) with ESMTP id E4A7F137F1A
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 30 Jun 2000 09:39:41 -0400 (EDT)
Received: (from dgilbert@localhost)
	by office.tor.velocet.net (8.9.3/8.9.3) id JAA79483;
	Fri, 30 Jun 2000 09:39:14 -0400 (EDT)
	(envelope-from dgilbert)
Message-Id: <200006301339.JAA79483@office.tor.velocet.net>
Date: Fri, 30 Jun 2000 09:39:14 -0400 (EDT)
From: dgilbert@velocet.ca
Sender: dgilbert@office.tor.velocet.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Damn!  who do I hit for this :).
X-Send-Pr-Version: 3.2

>Number:         19603
>Category:       kern
>Synopsis:       20 ethernet interfaces not compatible with option BRIDGE
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    luigi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 30 06:40:01 PDT 2000
>Closed-Date:    Sun Feb 17 16:27:13 PST 2002
>Last-Modified:  Sun Feb 17 16:28:49 PST 2002
>Originator:     David Gilbert
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
Velocet Communications
>Environment:

Freebsd-4.0-STABLE as of recently, but this appears to affect all
branches of the stable and CURRENT tree.

>Description:

With 20 dc interfaces in my machine and "option BRIDGE" in the kernel,
I was crashing whenever I typed ifconfig -a... and about once a day
otherwise.  This was stack smashing for some reason

>How-To-Repeat:

option BRIDGE in a kernel and 20 interfaces (it would appear any
type of ethernet interface will do) in the kernel.

(I'm guessing that bridging doesn't work with vlans?  sigh.
 would be nice).

>Fix:

I'm not 100% happy with this fix.  The bdg_stats structure is used in:

SYSCTL_STRUCT(_net_link_ether, PF_BDG, bdgstats,
        CTLFLAG_RD, &bdg_stats , bdg_stats, "bridge statistics");

and I'm not sure how to handle that.  The most eggregarious error, 
however, is that BDG_MAX_PORTS was defined and the status structure
was still defined with a constant 16 entries (not only that, but
absolutely no bounds checking was done, *ever*).

It would seem smart that this should be dynamic.  I thought about
that... and I just completely don't know what SYSCTL_STRUCT does ...

But even if I did, it would only be half the job to allocate things
here --- you really need to think about what happens when devices
come or leave (leaving is fine, I suppose).  Besides cardbus, we
have hotswap PCI to worry about :).

--- bridge.h.orig	Fri Jun 30 09:24:59 2000
+++ bridge.h	Fri Jun 30 09:25:13 2000
@@ -92,7 +92,7 @@
 } ;
 
 struct bdg_stats {
-    struct bdg_port_stat s[16];
+    struct bdg_port_stat s[BDG_MAX_PORTS];
 } ;
 
 
--- bridge.c.orig	Fri Jun 30 09:24:37 2000
+++ bridge.c	Fri Jun 30 09:25:13 2000
@@ -440,6 +440,9 @@
     eth_addr = bdg_addresses ;
 
     printf("BRIDGE 990810, have %d interfaces\n", if_index);
+    if(if_index > BDG_MAX_PORTS)
+        panic("bdginit: too many ports, raise BDG_MAX_PORTS");
+    
     for (i = 0 , ifp = ifnet.tqh_first ; i < if_index ;
 		i++, ifp = ifp->if_link.tqe_next)
 	if (ifp->if_type == IFT_ETHER) { /* ethernet ? */


>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: dgilbert@velocet.ca
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, luigi@FreeBSD.org
Subject: Re: kern/19603: Damn! who do I hit for this :). 
Date: Fri, 30 Jun 2000 15:48:34 +0200

 On Fri, 30 Jun 2000 09:39:14 -0400, dgilbert@velocet.ca wrote:
 
 > With 20 dc interfaces in my machine and "option BRIDGE" in the kernel,
 > I was crashing whenever I typed ifconfig -a... and about once a day
 > otherwise.  This was stack smashing for some reason
 
 I think that this is Luigi's domain, but I don't want to assign the PR
 to him when I'm not sure.
 
 Luigi, wanna take this one? :-)
 
 Ciao,
 Sheldon.
 

From: Luigi Rizzo <luigi@info.iet.unipi.it>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: dgilbert@velocet.ca, FreeBSD-gnats-submit@FreeBSD.ORG,
	luigi@FreeBSD.ORG
Subject: Re: kern/19603: Damn! who do I hit for this :).
Date: Fri, 30 Jun 2000 16:00:32 +0200 (CEST)

 > 
 > 
 > On Fri, 30 Jun 2000 09:39:14 -0400, dgilbert@velocet.ca wrote:
 > 
 > > With 20 dc interfaces in my machine and "option BRIDGE" in the kernel,
 > > I was crashing whenever I typed ifconfig -a... and about once a day
 > > otherwise.  This was stack smashing for some reason
 > 
 > I think that this is Luigi's domain, but I don't want to assign the PR
 > to him when I'm not sure.
 > 
 > Luigi, wanna take this one? :-)
 
 i don't think this is related to bridging, there are no bridging
 hooks in ifconfig. To confirm this i would remove
 the "option BRIDGE" from the kernel and check if ifconfig -a
 still kills the system.
 
 A quick look at the ifconfig code seems to suggest that it could
 be the sysctl interface ?
 
 	cheers
 	luigi
 -----------------------------------+-------------------------------------
   Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
   http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
   TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
   Mobile   +39-347-0373137
 -----------------------------------+-------------------------------------
 
Responsible-Changed-From-To: freebsd-bugs->luigi 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Fri Jun 30 07:05:23 PDT 2000 
Responsible-Changed-Why:  
Luigi is, after all, the right person for the job. :-) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19603 

From: David Gilbert <dgilbert@velocet.ca>
To: Luigi Rizzo <luigi@info.iet.unipi.it>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>, dgilbert@velocet.ca,
	FreeBSD-gnats-submit@FreeBSD.ORG, luigi@FreeBSD.ORG
Subject: Re: kern/19603: Damn! who do I hit for this :).
Date: Fri, 30 Jun 2000 10:01:36 -0400 (EDT)

 >>>>> "Luigi" == Luigi Rizzo <luigi@info.iet.unipi.it> writes:
 
 Luigi> i don't think this is related to bridging, there are no
 Luigi> bridging hooks in ifconfig. To confirm this i would remove the
 Luigi> "option BRIDGE" from the kernel and check if ifconfig -a still
 Luigi> kills the system.
 
 Luigi> A quick look at the ifconfig code seems to suggest that it
 Luigi> could be the sysctl interface ?
 
 already verified six ways from sunday.  "option BRIDGE" in the kernel
 makes it crash when ifconfig -a runs.
 
 I have a box you can log into and test (with a serial console, even).
 
 But... I've been working on this for three days.  I'm positive.
 
 Dave.
 
 -- 
 ============================================================================
 |David Gilbert, Velocet Communications.       | Two things can only be     |
 |Mail:       dgilbert@velocet.net             |  equal if and only if they |
 |http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
 =========================================================GLO================
 

From: Luigi Rizzo <luigi@info.iet.unipi.it>
To: David Gilbert <dgilbert@velocet.ca>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
	FreeBSD-gnats-submit@FreeBSD.ORG, luigi@FreeBSD.ORG
Subject: Re: kern/19603: Damn! who do I hit for this :).
Date: Fri, 30 Jun 2000 16:04:37 +0200 (CEST)

 > already verified six ways from sunday.  "option BRIDGE" in the kernel
 > makes it crash when ifconfig -a runs.
 
 and i saw your email about struct bdg_stats being too small... sorry!
 
 	cheers
 	luigi
 -----------------------------------+-------------------------------------
   Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
   http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
   TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
   Mobile   +39-347-0373137
 -----------------------------------+-------------------------------------
 
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Sun Feb 17 16:27:13 PST 2002 
State-Changed-Why:  
Fixed by a recent comment by upping the number of supported 
interfaces to 128, and making sure at runtime that the 
limit is not exceeded when creating new interfaces (pccards 
vlan and the like). 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19603 
>Unformatted:
