From nobody@FreeBSD.org  Thu Feb 17 16:32:12 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7915F16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Feb 2005 16:32:12 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4053743D1D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Feb 2005 16:32:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j1HGWBpN058163
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Feb 2005 16:32:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j1HGWBxg058162;
	Thu, 17 Feb 2005 16:32:11 GMT
	(envelope-from nobody)
Message-Id: <200502171632.j1HGWBxg058162@www.freebsd.org>
Date: Thu, 17 Feb 2005 16:32:11 GMT
From: Harald Schmalzbauer <harry@schmalzbauer.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pfctl panices the system when interface renaming is used
X-Send-Pr-Version: www-2.3

>Number:         77645
>Category:       kern
>Synopsis:       pfctl panices the system when interface renaming is used
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 17 16:40:21 GMT 2005
>Closed-Date:    Mon Mar 07 12:35:57 GMT 2005
>Last-Modified:  Mon Mar 07 12:35:57 GMT 2005
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 5.3-STABLE
>Organization:
>Environment:
System: FreeBSD phobos.mars.mable.de 5.3.8.k-KAEPTN FreeBSD 5.3.8.k-KAEPTN #3: S
at Feb 12 12:59:01 UTC 2005 root@phobos.mars.mable.de:/usr/obj/usr/src/sys/GA-6I
EML i386
>Description:
When interface renaming feature is used "pfctl -Fall -f/etc/pf.conf"
panics the machine. When disabling interface renaming everyting works
fine, also a single "pfctl -F nat|rule|state|...." doesn't cause the
panic with renamed interfaces, only "-Fall".
>How-To-Repeat:
      Rename network interfaces e.g. by putting these lines in /etc/rc.conf:
ifconfig_em2_name="LAN"
ifconfig_LAN="192.168.0.1 netmask 255.255.255.0"
Then enter the command 'pfctl -Fall -f /etc/pf.conf' and the machine will panic with the following trace:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xdeadc1d7
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc047e4b1
stack pointer           = 0x10:0xcc69a9b4
frame pointer           = 0x10:0xcc69a9b8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 37 (swi1: net)
[thread pid 37 tid 100033 ]
Stopped at      pf_state_compare_ext_gwy+0x11:  movzbl  0xf9(%ebx),%eax
db> trace
Tracing pid 37 tid 100033 td 0xc15154b0
pf_state_compare_ext_gwy(cc69aa10,deadc0de,c1783b00,cc69aa10,cc69a9e8) at pf_state_compare_ext_gwy+0x11
pf_state_tree_ext_gwy_RB_FIND(c1783bc4,cc69aa10,c1783b00,cc69ab64,cc69ab1c) at pf_state_tree_ext_gwy_RB_FIND+0x2c
pf_find_state_recurse(c1783b00,cc69aa10,1,608,c075d53e) at pf_find_state_recurse+0x82
pf_test_state_udp(cc69ab64,1,c1783b00,c18aca00,14) at pf_test_state_udp+0xf5
pf_test(1,c1585800,cc69ac54,0,c17510e0) at pf_test+0x617
pf_check_in(0,cc69ac54,c1585800,1,0) at pf_check_in+0x48
pfil_run_hooks(c0804020,cc69aca0,c1585800,1,0) at pfil_run_hooks+0xfb
ip_input(c18aca00,0,c077deb7,e6,c0803398) at ip_input+0x2a0
netisr_processqueue(c0803398,c07d90a0,1,c0774055,c1508cc0) at netisr_processqueue+0x8e
swi_net(0,0,c0772643,269,c07d90a0) at swi_net+0xe9
ithread_loop(c1526200,cc69ad48,c077243a,31e,0) at ithread_loop+0x172
fork_exit(c0565560,c1526200,cc69ad48) at fork_exit+0xc6
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcc69ad7c, ebp = 0 ---
>Fix:
      
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->mlaier 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Thu Feb 17 20:24:30 GMT 2005 
Responsible-Changed-Why:  
Take over.  Thanks for the report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77645 

From: Max Laier <max@love2party.net>
To: freebsd-gnats-submit@freebsd.org, harry@schmalzbauer.de
Cc:  
Subject: Re: kern/77645: pfctl panices the system when interface renaming is used
Date: Sun, 20 Feb 2005 19:13:29 +0100

 Please try the attached patch.  Also available from:
     http://people.freebsd.org/~mlaier/pf_if.c.diff
 
 -- 
   Max
 
 Index: sys/contrib/pf/net/pf_if.c
 ===================================================================
 RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf_if.c,v
 retrieving revision 1.8
 diff -u -r1.8 pf_if.c
 --- sys/contrib/pf/net/pf_if.c	17 Feb 2005 03:36:31 -0000	1.8
 +++ sys/contrib/pf/net/pf_if.c	20 Feb 2005 17:58:29 -0000
 @@ -849,10 +849,13 @@
  	int		 i, j, k, s;
  	struct pfi_kif	*q = p->pfik_parent;
  
 +#ifdef __FreeBSD__
 +	if ((p->pfik_flags & (PFI_IFLAG_ATTACHED | PFI_IFLAG_GROUP)) ||
 +	    ((p->pfik_rules > 0 || p->pfik_states > 0) &&
 +	     (p->pfik_flags & PFI_IFLAG_PLACEHOLDER) == 0))
 +#else
  	if ((p->pfik_flags & (PFI_IFLAG_ATTACHED | PFI_IFLAG_GROUP)) ||
  	    p->pfik_rules > 0 || p->pfik_states > 0)
 -#ifdef __FreeBSD__
 -		if (!(p->pfik_flags & PFI_IFLAG_PLACEHOLDER))
  #endif
  		return (0);
  
State-Changed-From-To: open->analyzed 
State-Changed-By: mlaier 
State-Changed-When: Sun Feb 20 18:36:58 GMT 2005 
State-Changed-Why:  
Patch for HEAD available.  Testing requested. 


Responsible-Changed-From-To: mlaier->pf 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Sun Feb 20 18:36:58 GMT 2005 
Responsible-Changed-Why:  
Patch for HEAD available.  Testing requested. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77645 
State-Changed-From-To: analyzed->patched 
State-Changed-By: mlaier 
State-Changed-When: Mon Feb 21 17:23:42 GMT 2005 
State-Changed-Why:  
Patch applied to current, MFC in 3 days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77645 
State-Changed-From-To: patched->closed 
State-Changed-By: mlaier 
State-Changed-When: Mon Mar 7 12:34:58 GMT 2005 
State-Changed-Why:  
This has been committed to RELENG_5 some time ago already.  It should no longer 
be a problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77645 
>Unformatted:
