On Sat, Dec 04, 2021 at 10:41:02AM +0100, Hrvoje Popovski wrote:
> r620-2# uvm_fault(0xffffffff8229d4e0, 0x137, 0, 2) -> e
> kernel: page fault trap, code=0
> Stopped at ipsp_spd_lookup+0xa2f: movq %rax,0(%rcx)
> TID PID UID PRFLAGS PFLAGS CPU COMMAND
> 419237 67407 0 0x14000 0x200 0 softnet
> *157694 94649 0 0x14000 0x200 2K softnet
> ipsp_spd_lookup(fffffd80a4139800,2,14,2,0,0,5b815d966b14b44b,fffffd80a4139800)
> at ipsp_spd_lookup+0xa2f
Thanks a lot for the test. It crashes here:
/home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:414
cdc: 48 03 0a add (%rdx),%rcx
* cdf: 48 89 01 mov %rax,(%rcx)
ce2: 49 8b 80 30 01 00 00 mov 0x130(%r8),%rax
ce9: 49 8b 88 38 01 00 00 mov 0x138(%r8),%rcx
cf0: 48 89 01 mov %rax,(%rcx)
cf3: 49 c7 80 38 01 00 00 movq $0xffffffffffffffff,0x138(%r8)
cfa: ff ff ff ff
cfe: 49 c7 80 30 01 00 00 movq $0xffffffffffffffff,0x130(%r8)
d05: ff ff ff ff
/home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:416
nomatchout:
/* Cached TDB was not good. */
* TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
ipo_tdb_next);
tdb_unref(ipo->ipo_tdb);
ipo->ipo_tdb = NULL;
ipo->ipo_last_searched = 0;
So mvs@'s concerns are correct, my IPsec workaround is not sufficient.
I want to avoid another rwlock in the input path. Maybe I can throw
some mutexes into IPsec to make it work.
bluhm
> ip_output_ipsec_lookup(fffffd80a4139800,14,0,ffff800022c60228,0) at
> ip_output_ipsec_lookup+0x4c
> ip_output(fffffd80a4139800,0,ffff800022c603e8,1,0,0,3ada3367ffb43fe1) at
> ip_output+0x39d
> ip_forward(fffffd80a4139800,ffff800000087048,fffffd8394511078,0) at
> ip_forward+0x26a
> ip_input_if(ffff800022c60528,ffff800022c60534,4,0,ffff800000087048) at
> ip_input_if+0x353
> ipv4_input(ffff800000087048,fffffd80a4139800) at ipv4_input+0x39
> ether_input(ffff800000087048,fffffd80a4139800) at ether_input+0x3aa
> if_input_process(ffff800000087048,ffff800022c60618) at if_input_process+0x92
> ifiq_process(ffff800000087458) at ifiq_process+0x69
> taskq_thread(ffff80000002f080) at taskq_thread+0x81
> end trace frame: 0x0, count: 5
