[Bug 219453] tcpmd5 kernel module regression

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

Andrey V. Elsukov  changed:

   What|Removed |Added

 CC||a...@freebsd.org

--- Comment #4 from Andrey V. Elsukov  ---
(In reply to Marek Zarychta from comment #0)
> After upgrade from 11.0-STABLE r318137 to 11.1-PRERELEASE TCP MD5 signatures
> cannot be verified, so bird session cannot be established.
> Neither ISP, nor our side changed the configuration. Bird-1.6.3_1 was
> recompiled from port, but it doesn't fix the trouble.
> # netstat -sp tcp | grep signature
>   0 packets with matching signature received
>   4601 packets with bad signature received
>   42 times failed to make signature due to no SA
>   0 times unexpected signature received
>   30 times no signature provided by segment

There were no changes in stable/11 in TCP-MD5 code. So if it worked in r318137,
it should work. Do you use bird's "password" option to set SAs or are they set
via setkey(8)? There is patch for bird in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907
I sent it to bird's developer and port maintainer, but seems it is not
committed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 218907] tcpmd5 kernel module on STABLE/11 doesn't work with vultr bgp via bird

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907

Andrey V. Elsukov  changed:

   What|Removed |Added

 Attachment #182147|0   |1
is obsolete||

--- Comment #8 from Andrey V. Elsukov  ---
Created attachment 182826
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182826&action=edit
Proposed patch to net/bird port

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 218907] tcpmd5 kernel module on STABLE/11 doesn't work with vultr bgp via bird

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907

Andrey V. Elsukov  changed:

   What|Removed |Added

 Attachment #182826|0   |1
is obsolete||

--- Comment #9 from Andrey V. Elsukov  ---
Created attachment 182827
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182827&action=edit
Proposed patch to net/bird port

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 218907] tcpmd5 kernel module on STABLE/11 doesn't work with vultr bgp via bird

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907

Olivier Cochard  changed:

   What|Removed |Added

   Assignee|freebsd-bugs@FreeBSD.org|oliv...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219457] ZFS ARC eviction & system hangup

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219457

Fabian Keil  changed:

   What|Removed |Added

 CC||f...@fabiankeil.de

--- Comment #6 from Fabian Keil  ---
The procstat output suggests that you might be using geli for the swap device.

This is known to cause deadlocks under memory pressure:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209759

You could reduce vfs.zfs.deadman_synctime_ms to more quickly get
a panic when the system becomes unresponsive.

It would probably help to see the counters in vm_cnt.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219453] tcpmd5 kernel module regression

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

--- Comment #5 from Marek Zarychta  ---
(In reply to Andrey V. Elsukov from comment #4)
SAs are they set via setkey(8)from ipsec.conf config file.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219472] Out of bounds access in vlan

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219472

Bug ID: 219472
   Summary: Out of bounds access in vlan
   Product: Base System
   Version: CURRENT
  Hardware: Any
OS: Any
Status: New
  Severity: Affects Only Me
  Priority: ---
 Component: kern
  Assignee: freebsd-bugs@FreeBSD.org
  Reporter: ect...@gmail.com

This whole struct (`ifv_mib`) is user controllable through the
`IFDATA_LINKSPECIFIC` sysctl command:

https://github.com/freebsd/freebsd/blob/release/11.0.1/sys/net/if_mib.c#L117

case IFDATA_LINKSPECIFIC:
error = SYSCTL_OUT(req, ifp->if_linkmib, ifp->if_linkmiblen);
if (error || !req->newptr)
goto out;

error = SYSCTL_IN(req, ifp->if_linkmib, ifp->if_linkmiblen);
if (error)
goto out;
break;

In the case of `struct ifvlan`, the contained `if_linkmib` is a `struct
ifv_linkmib` containing a `uint16_t` called `ifvm_vid`:

https://github.com/freebsd/freebsd/blob/release/11.0.1/sys/net/if_vlan.c#L108

struct  ifvlan {
struct  ifvlantrunk *ifv_trunk;
struct  ifnet *ifv_ifp;
#define TRUNK(ifv)  ((ifv)->ifv_trunk)
#define PARENT(ifv) ((ifv)->ifv_trunk->parent)
void*ifv_cookie;
int ifv_pflags; /* special flags we have set on parent */
struct  ifv_linkmib {
int ifvm_encaplen;  /* encapsulation length */
int ifvm_mtufudge;  /* MTU fudged by this much */
int ifvm_mintu; /* min transmission unit */
uint16_t ifvm_proto;/* encapsulation ethertype */
uint16_t ifvm_tag;  /* tag to apply on packets leaving if
*/
uint16_t ifvm_vid;  /* VLAN ID */
uint8_t ifvm_pcp;   /* Priority Code Point (PCP). */
}   ifv_mib;
SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead;
#ifndef VLAN_ARRAY
LIST_ENTRY(ifvlan) ifv_list;
#endif
};
#define ifv_proto   ifv_mib.ifvm_proto
#define ifv_tag ifv_mib.ifvm_tag
#define ifv_vid ifv_mib.ifvm_vid
#define ifv_pcp ifv_mib.ifvm_pcp
#define ifv_encaplenifv_mib.ifvm_encaplen
#define ifv_mtufudgeifv_mib.ifvm_mtufudge
#define ifv_mintu   ifv_mib.ifvm_mintu

Thus, it follows that `ifv->ifv_vid` is a completely user controlled
`uint16_t`, through the `IFDATA_LINKSPECIFIC` `sysctl` name.

This value is used as an index to perform reads and writes on the `vlans` array
of size `0x1000` in multiple places.

https://github.com/freebsd/freebsd/blob/release/11.0.1/sys/net/if_vlan.c#L427

static __inline int
vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
{

if (trunk->vlans[ifv->ifv_vid] != NULL)
return EEXIST;
trunk->vlans[ifv->ifv_vid] = ifv;
trunk->refcnt++;

return (0);
}

static __inline int
vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
{

trunk->vlans[ifv->ifv_vid] = NULL;
trunk->refcnt--;

return (0);
}

...

However, this is a static array of size `VLAN_ARRAY_SIZE` (`0x1000`) elements:

https://github.com/freebsd/freebsd/blob/release/11.0.1/sys/net/ethernet.h#L86

#define EVL_VLID_MASK 0x0FFF

https://github.com/freebsd/freebsd/blob/release/11.0.1/sys/net/if_vlan.c#L89

struct ifvlantrunk {
struct  ifnet   *parent;/* parent interface of this trunk */
struct  rmlock  lock;
#ifdef VLAN_ARRAY
#define VLAN_ARRAY_SIZE (EVL_VLID_MASK + 1)
struct  ifvlan  *vlans[VLAN_ARRAY_SIZE]; /* static table */
#else
struct  ifvlanhead *hash;   /* dynamic hash-list table */
uint16_thmask;
uint16_thwidth;
#endif
int refcnt;
};

So, out of bounds access is possible if `ifv_vid` is set to a value greater
than `0xfff`.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219453] tcpmd5 kernel module regression

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

--- Comment #6 from Marek Zarychta  ---
(In reply to Andrey V. Elsukov from comment #4)
My previous reply was mistaken, so let me explain once again. SAs are set from
/etc/ipsec.conf and since the new IPSEC code was committed to STABLE I am
following a branch. A couple of successful world updates has been provided.
tcpmd5.ko module is loaded from /boot/loader.conf as well as some other
modules: 
# kldstat 
Id Refs AddressSize Name
 1   38 0x8020 1f32ac8  kernel
 21 0x82134000 313338   zfs.ko
 32 0x82448000 cb38 opensolaris.ko
 41 0x82455000 12530carp.ko
 51 0x82468000 161c8if_lagg.ko
 61 0x8247f000 18d0 accf_dns.ko
 71 0x82481000 66f0 ichwd.ko
 81 0x82488000 40c0 tcpmd5.ko
 91 0x8248d000 2af28ipsec.ko
101 0x82621000 106c5geom_eli.ko
111 0x82632000 58de fdescfs.ko
121 0x82638000 2839 pflog.ko
131 0x8263b000 34c2cpf.ko
141 0x8267 a0d  green_saver.ko
151 0x82671000 837a autofs.ko

Kernel config is quite simple:

include GENERIC
ident   MAXDATA

options EM_MULTIQUEUE
options IPSEC_SUPPORT
nooptions   IPSEC

This is a production machine and updates will be stalled, at least till 11.1
will be released.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 218818] autofs: Enhance RC scripts to take _flags

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218818

Glen Barber  changed:

   What|Removed |Added

   Assignee|freebsd-bugs@FreeBSD.org|tr...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 217949] [patch] make delete-old and WITHOUT_TFTP=true doesn't remove tftp-related files

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217949

Glen Barber  changed:

   What|Removed |Added

   Assignee|freebsd-bugs@FreeBSD.org|g...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 217949] [patch] make delete-old and WITHOUT_TFTP=true doesn't remove tftp-related files

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217949

Glen Barber  changed:

   What|Removed |Added

 Status|New |In Progress

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219464] [PATCH] linux_getrandom always returns 0

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219464

Dmitry Chagin  changed:

   What|Removed |Added

   Assignee|freebsd-bugs@FreeBSD.org|dcha...@freebsd.org
 Status|New |In Progress

--- Comment #2 from Dmitry Chagin  ---
take, my fault

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219453] tcpmd5 kernel module regression

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

--- Comment #7 from dgilb...@eicat.ca ---
What is the branch you are following?  I'm a little stuck here.  11-0-RELEASE
is broken because TCP_MD5 on IPv6 panics... so I can't go back to that
(misplaced patch that fixes it).  11-1-PRERELEASE is also broken.  At least it
doesn't panic.

I also use TCP-MD5 over vlans.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219453] tcpmd5 kernel module regression

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

--- Comment #8 from Marek Zarychta  ---
(In reply to dgilbert from comment #7)
I am using TCP-MD5 signatures only for IPv4 with vlans created atop of lagg
interface following 11.0-STABLE branch since march, just after r315514 when ae@
MFCed new IPSEC code.  The kernels had been always built with IPSEC_SUPPORT to
allow load TCP-MD5 as a module.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 219476] [i386] 11.1-PRERELEASE double panics due to low kern.kstack_pages default

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219476

Bug ID: 219476
   Summary: [i386] 11.1-PRERELEASE double panics due to low
kern.kstack_pages default
   Product: Base System
   Version: 11.0-STABLE
  Hardware: Any
OS: Any
Status: New
  Severity: Affects Some People
  Priority: ---
 Component: kern
  Assignee: freebsd-bugs@FreeBSD.org
  Reporter: eu...@freebsd.org

stable/11 got lots of kernel level code that abuses small default stack of i386
kernel threads: ZFS, IPSEC, SCTP, device drivers etc. Overflow of kernel stack
produces "double fault" panics.

kern.kstack_pages is loader tunnable now for i386. The system should be stable
out of the box, so we should increase default for kern.kstack_pages. Loader
tunnable can serve users of i386 systems that are unhappy with new default,
they can decrease it with /boot/loader.conf

Some examples:

* sys/netinet/sctp_pcb.c, function sctp_load_addresses_from_init() allocates
2184 bytes on stack (disassemble: sub $0x888,%esp);

* sys/netinet/sctp_auth.c: sctp_auth_get_cookie_params(): 1592 bytes on stack;

* src/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_eeprom.c:
ar9300_eeprom_restore_internal_address(): 2092 bytes on stack;

* sys/contrib/dev/ath/ath_hal/ar9300/ar9300_paprd.c: create_pa_curve(): 1416
bytes;

* sys/libkern/zlib.c: huft_build(): 1420 bytes;

And so on. Here is "top-list" for my home router custom kernel (1GB RAM, no
swap):

Bytes-on-stack  In-module
2184sctp_pcb.o
2092ar9300_eeprom.o
2080kern_linker.o
1664cryptosoft.o
1592sctp_auth.o
1536glxsb_hash.o
1420zlib.o
1416ar9300_paprd.o
1352scsi_da.o
1344nfs_nfsdport.o
1328vm_object.o
1312fortuna.o
1232cam_periph.o
1224zlib.o
1192cam_xpt.o
1192ata_da.o
1184cam_xpt.o
1168ata_da.o
1160sctp_output.o

Some of "network hot path" subroutines not shown here do abuse kernel stack
too, for example SHA256_Transform() from sys/crypto/sha2/sha256c.c that may be
actively used with IPSEC processing.

ae@'s https://reviews.freebsd.org/D10869 deals with IPSEC in part and helps in
my case, at least while there is no ZFS involved. However, it is impossible to
perform similar cleanup for each and every kernel subsystem in near future and
double panics with current defaults are bad too.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 216954] lib/libc/rpc/rpc_test:raw SIGSEGVs on ^/stable/10@r313498

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216954

--- Comment #3 from commit-h...@freebsd.org ---
A commit references this bug:

Author: ngie
Date: Tue May 23 19:45:31 UTC 2017
New revision: 318756
URL: https://svnweb.freebsd.org/changeset/base/318756

Log:
  :raw no longer SIGSEGVs on FreeBSD; revert the signal expectation

  This is a direct commit to ^/stable/10, since this expectation was only
  added to ^/stable/10's copy of t_raw.c.

  PR:   216954
  Sponsored by: Dell EMC Isilon

Changes:
  stable/10/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 216954] lib/libc/rpc/rpc_test:raw SIGSEGVs on ^/stable/10@r313498

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216954

Ngie Cooper  changed:

   What|Removed |Added

 Status|New |Closed
   Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org
 Resolution|--- |FIXED

--- Comment #4 from Ngie Cooper  ---
Confirmed fixed after recent back ports.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 217787] libsysdecode: Bogus rights when decoding cap_rights_t

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217787

--- Comment #5 from commit-h...@freebsd.org ---
A commit references this bug:

Author: jhb
Date: Wed May 24 00:36:27 UTC 2017
New revision: 318764
URL: https://svnweb.freebsd.org/changeset/base/318764

Log:
  MFC 315283:
  Fix sysdecode_cap_rights which currently prints bogus capability rights.

  PR:   217787

Changes:
_U  stable/11/
  stable/11/lib/libsysdecode/flags.c

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"