NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > OpenBSD Security> 2007-03

Re: 4.0-stable panic with pppoe(4)

From: Can Erkin Acar (canacareee.metu.edu.tr)
Date: Wed Mar 28 2007 - 11:46:19 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2007-03-28 Tamas TEVESZ wrote:
> ok, so i'm not *entirely* sure it's with pppoe(4), but as far as i can
> put bits and pieces together, it's always happening after "ifconfig
> pppoe0 down; ifconfig pppoe0 destroy" and then either "sh
> /etc/netstart pppoe0" or (the second case) starting ppp(8).
[snip]

This is fixed post 4.0 in v1.152 of sys/net/if.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if.c
The patch is not in -stable though.

You could:
* Try not to destroy the interface, which triggers the bug.
* Use a snapshot
* Update to 4.1 when it comes out,
* Apply the change manually (see below)

Can

Index: if.c
===================================================================
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.149
diff -u -p -u -p -r1.149 if.c
--- if.c 29 Aug 2006 17:19:43 -0000 1.149
+++ if.c 28 Mar 2007 16:16:20 -0000
-568,10 +568,8 do { \

         /*
          * Deallocate private resources.
- * XXX should consult refcnt and use IFAFREE
          */
- for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa;
- ifa = TAILQ_FIRST(&ifp->if_addrlist)) {
+ while ((ifa = TAILQ_FIRST(&ifp->if_addrlist)) != NULL) {
                 TAILQ_REMOVE(&ifp->if_addrlist, ifa, ifa_list);
#ifdef INET
                 if (ifa->ifa_addr->sa_family == AF_INET)
-582,7 +580,7 do { \
                 if (ifa == ifnet_addrs[ifp->if_index])
                         continue;

- free(ifa, M_IFADDR);
+ IFAFREE(ifa);
         }

         for (ifg = TAILQ_FIRST(&ifp->if_groups); ifg;
-591,7 +589,7 do { \

         if_free_sadl(ifp);

- free(ifnet_addrs[ifp->if_index], M_IFADDR);
+ IFAFREE(ifnet_addrs[ifp->if_index]);
         ifnet_addrs[ifp->if_index] = NULL;

         free(ifp->if_addrhooks, M_TEMP);
-1001,9 +999,9 link_rtrequest(int cmd, struct rtentry *
             ((ifp = ifa->ifa_ifp) == 0) || ((dst = rt_key(rt)) == 0))
                 return;
         if ((ifa = ifaof_ifpforaddr(dst, ifp)) != NULL) {
+ ifa->ifa_refcnt++;
                 IFAFREE(rt->rt_ifa);
                 rt->rt_ifa = ifa;
- ifa->ifa_refcnt++;
                 if (ifa->ifa_rtrequest && ifa->ifa_rtrequest != link_rtrequest)
                         ifa->ifa_rtrequest(cmd, rt, info);
         }

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]