page fault in ifunit()

Olivier Piras freebsd at oprs.eu
Tue Nov 3 16:42:38 UTC 2020 

Hi,

I'm getting page fault errors on CURRENT while trying to get a pointer to
an ifnet instance with ifunit().
My code is running as a KLD, I've attached a stripped down version that
reproduces the issue (just load the module, brace yourself, and open
/dev/test).
The weird thing is that the page fault only seems to occur on DEVFS
operations (test_dev_open() in that instance). The very same call to
ifunit() works as expected in the init part of the module.

Apparently someone ran into the same problem a couple of years ago [1].
Unfortunately they didn't follow up on the issue.

[2] leads me to believe that it has something to do with VNET, so I tried
to play with CURVNET_SET() / CURVNET_RESTORE() in an effort to set a
context for the current VNET instance, to no avail (I have to admit it was
mostly a shot in the dark though, as VNET isn't something I'm particularly
familiar with).

I'm having a hard time figuring out why the problem only occurs in the
context of DEVFS operations; I'm currently reading up on VNET.
Any pointers would be greatly appreciated.

Regards,
  -Olivier.

[1]
http://freebsd.1045724.x6.nabble.com/Page-fault-inside-ifunit-ref-FreeBSD12-0-CURRENT-td6254170.html
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176992
-------------- next part --------------
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address   = 0x28
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80cbbeee
stack pointer           = 0x28:0xfffffe00248b6630
frame pointer           = 0x28:0xfffffe00248b6660
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2123 (cat)
trap number             = 12
panic: page fault
cpuid = 2
time = 1604415042
KDB: stack backtrace:
#0 0xffffffff80c0b0c5 at kdb_backtrace+0x65
#1 0xffffffff80bbf1bb at vpanic+0x17b
#2 0xffffffff80bbf033 at panic+0x43
#3 0xffffffff81090911 at trap_fatal+0x391
#4 0xffffffff8109096f at trap_pfault+0x4f
#5 0xffffffff8108ffb6 at trap+0x286
#6 0xffffffff81067b48 at calltrap+0x8
#7 0xffffffff8283e2c2 at test_dev_open+0x22
#8 0xffffffff80a78b50 at devfs_open+0x120
#9 0xffffffff81247695 at VOP_OPEN_APV+0x75
#10 0xffffffff80c9de17 at vn_open_vnode+0x1b7
#11 0xffffffff80c9da63 at vn_open_cred+0x3a3
#12 0xffffffff80c95e13 at kern_openat+0x213
#13 0xffffffff810914c7 at amd64_syscall+0x387
#14 0xffffffff8106846e at fast_syscall_common+0xf8
Uptime: 20m26s
Dumping 284 out of 3878 MB:..6%..12%..23%..34%..45%..51%..62%..74%..85%..96%

__curthread () at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/include/pcpu_aux.h:55
55      /usr/home/oprs/git/freebsd/stable/12/sys/amd64/include/pcpu_aux.h: No such file or directory.
(kgdb) bt
#0  __curthread () at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/kern_shutdown.c:371
#2  0xffffffff80bbedd5 in kern_reboot (howto=260) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/kern_shutdown.c:451
#3  0xffffffff80bbf213 in vpanic (fmt=<optimized out>, ap=<optimized out>) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/kern_shutdown.c:880
#4  0xffffffff80bbf033 in panic (fmt=<unavailable>) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/kern_shutdown.c:807
#5  0xffffffff81090911 in trap_fatal (frame=0xfffffe00248b6570, eva=40) at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/amd64/trap.c:921
#6  0xffffffff8109096f in trap_pfault (frame=0xfffffe00248b6570, usermode=<optimized out>, signo=<optimized out>, ucode=<optimized out>)
    at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/amd64/trap.c:739
#7  0xffffffff8108ffb6 in trap (frame=0xfffffe00248b6570) at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/amd64/trap.c:405
#8  <signal handler called>
#9  0xffffffff80cbbeee in ifunit (name=0xffffffff8283e4bf "em0") at /usr/home/oprs/git/freebsd/stable/12/sys/net/if.c:2482
#10 0xffffffff8283e2c2 in test_dev_open () from ./test_dev.ko
#11 0xffffffff80a78b50 in devfs_open (ap=0xfffffe00248b6780) at /usr/home/oprs/git/freebsd/stable/12/sys/fs/devfs/devfs_vnops.c:1141
#12 0xffffffff81247695 in VOP_OPEN_APV (vop=0xffffffff81af5f10 <devfs_specops>, a=0xfffffe00248b6780) at vnode_if.c:467
#13 0xffffffff80c9de17 in VOP_OPEN (vp=0xfffff8002eab95a0, mode=1, cred=0xfffff80004427700, td=<optimized out>, fp=0xfffff8000447edc0) at ./vnode_if.h:196
#14 vn_open_vnode (vp=0xfffff8002eab95a0, fmode=1, cred=0xfffff80004427700, td=<optimized out>, fp=0xfffff8000447edc0)
    at /usr/home/oprs/git/freebsd/stable/12/sys/kern/vfs_vnops.c:394
#15 0xffffffff80c9da63 in vn_open_cred (ndp=0xfffffe00248b6958, flagp=0xfffffe00248b6a94, cmode=0, vn_open_flags=<optimized out>, cred=0xfffff80004427700,
    fp=0xfffff8000447edc0) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/vfs_vnops.c:301
#16 0xffffffff80c95e13 in kern_openat (td=0xfffff80004586000, fd=-100, path=0x7fffffffee6c <error: Cannot access memory at address 0x7fffffffee6c>,
    pathseg=UIO_USERSPACE, flags=1, mode=<optimized out>) at /usr/home/oprs/git/freebsd/stable/12/sys/kern/vfs_syscalls.c:1114
#17 0xffffffff810914c7 in syscallenter (td=0xfffff80004586000)
    at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/amd64/../../kern/subr_syscall.c:144
#18 amd64_syscall (td=0xfffff80004586000, traced=0) at /usr/home/oprs/git/freebsd/stable/12/sys/amd64/amd64/trap.c:1163
#19 <signal handler called>
#20 0x000000080039791a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe608
(kgdb)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 64 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20201103/a98c9f32/attachment.obj>

More information about the freebsd-hackers mailing list