On Sun, Jun 21, 2020 at 08:51:53PM +0200, Hrvoje Popovski wrote:
> Hi all,
>
> with today's snapshot from 21-Jun-2020 09:34
> OpenBSD 6.7-current (GENERIC.MP) #286: Sun Jun 21 08:51:29 MDT 2020
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> if i do "ifconfig vlan" i'm getting assert
> x3550m4# ifconfig vlan
> vlan100: flags=8splassert: vlan_ioctl: want 2 have 0
> Starting stack trace...
> vlan_ioctl(ffff800000bb4800,c02069d3,ffff800021f6f5d0) at vlan_ioctl+0x65
> ifioctl(fffffd8785005668,c02069d3,ffff800021f6f5d0,ffff800021ffb130) at
> ifioctl+0x91c
> soo_ioctl(fffffd8784e6d630,c02069d3,ffff800021f6f5d0,ffff800021ffb130)
> at soo_ioctl+0x171
> sys_ioctl(ffff800021ffb130,ffff800021f6f6e0,ffff800021f6f740) at
> sys_ioctl+0x2df
> syscall(ffff800021f6f7b0) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7ffffe53d0, count: 251
> End of stack trace.
>
>
> with ifconfig bridge0 up everything seems fine but ifconfig bridge0
> destroy and ifconfig after that get me panic ..
>
> x3550m4# ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> msplassert: vlan_ioctl:
> want 2 have 0
> Starting stack trace...
> vlan_ioctl(ffff800000bb4800,c02069d3,ffff800021f6f510) at vlan_ioctl+0x65
> ifioctl(fffffd8785005668,c02069d3,ffff800021f6f510,ffff800021ffb130) at
> ifioctl+0x91c
> soo_ioctl(fffffd8784e6d630,c02069d3,ffff800021f6f510,ffff800021ffb130)
> at soo_ioctl+0x171
> sys_ioctl(ffff800021ffb130,ffff800021f6f620,ffff800021f6f680) at
> sys_ioctl+0x2df
> syscall(ffff800021f6f6f0) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7ffffddd20, count: 251
> End of stack trace.
> tu 32768
> indexpanic: netlock: lock not held
> Stopped at db_enter+0x10: popq %rbp
> TID PID UID PRFLAGS PFLAGS CPU COMMAND
> *505095 3193 0 0x3 0 3K ifconfig
> db_enter() at db_enter+0x10
> panic(ffffffff81dbfaab) at panic+0x128
> rw_exit_write(ffffffff820e6138) at rw_exit_write+0xb5
> bridge_ioctl(ffff800001754000,c02069d3,ffff800021f6f510) at
> bridge_ioctl+0x42
> ifioctl(fffffd8785005668,c02069d3,ffff800021f6f510,ffff800021ffb130) at
> ifioctl+0x91c
> soo_ioctl(fffffd8784e6d630,c02069d3,ffff800021f6f510,ffff800021ffb130)
> at soo_ioctl+0x171
> sys_ioctl(ffff800021ffb130,ffff800021f6f620,ffff800021f6f680) at
> sys_ioctl+0x2df
> syscall(ffff800021f6f6f0) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7ffffddd20, count: 6
> https://www.openbsd.org/ddb.html describes the minimum info required in
> bugreports. Insufficient info makes it difficult to find and fix bugs.
>
This crashes are because of wg(4) calling the interface ioctl handler
without holding the netlock() this is not allowed.
As a quick fix this diff may work.
--
:wq Claudio
Index: net/if.c
===================================================================
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.609
diff -u -p -r1.609 if.c
--- net/if.c 22 Jun 2020 03:07:57 -0000 1.609
+++ net/if.c 22 Jun 2020 09:06:42 -0000
@@ -2220,13 +2221,6 @@ ifioctl(struct socket *so, u_long cmd, c
break;
/* don't take NET_LOCK because i2c reads take a long time */
- error = ((*ifp->if_ioctl)(ifp, cmd, data));
- break;
- case SIOCSWG:
- case SIOCGWG:
- /* Don't take NET_LOCK to allow wg(4) to continue to send and
- * receive packets while we're loading a large number of
- * peers. wg(4) uses its own lock to serialise access. */
error = ((*ifp->if_ioctl)(ifp, cmd, data));
break;
Index: net/if_wg.c
===================================================================
RCS file: /cvs/src/sys/net/if_wg.c,v
retrieving revision 1.3
diff -u -p -r1.3 if_wg.c
--- net/if_wg.c 21 Jun 2020 12:11:26 -0000 1.3
+++ net/if_wg.c 22 Jun 2020 09:06:37 -0000
@@ -2450,10 +2450,14 @@ wg_ioctl(struct ifnet *ifp, u_long cmd,
switch (cmd) {
case SIOCSWG:
+ NET_UNLOCK();
ret = wg_ioctl_set(sc, (struct wg_data_io *) data);
+ NET_LOCK();
break;
case SIOCGWG:
+ NET_UNLOCK();
ret = wg_ioctl_get(sc, (struct wg_data_io *) data);
+ NET_LOCK();
break;
/* Interface IOCTLs */
case SIOCSIFADDR:
