[Bug 200210] adding vtnet to bridge results to kernel panic
Nikos Vassiliadis
nvass at gmx.com
Wed Jul 1 16:12:23 UTC 2015
Hi Kristof,
Thanks for fixing this! Could you MFC the fix?
On 06/13/15 22:39, bugzilla-noreply at freebsd.org wrote:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200210
>
> --- Comment #1 from commit-hook at freebsd.org ---
> A commit references this bug:
>
> Author: kp
> Date: Sat Jun 13 19:39:22 UTC 2015
> New revision: 284348
> URL: https://svnweb.freebsd.org/changeset/base/284348
>
> Log:
> Fix panic when adding vtnet interfaces to a bridge
>
> vtnet interfaces are always in promiscuous mode (at least if the
> VIRTIO_NET_F_CTRL_RX feature is not negotiated with the host). if_promisc()
> on
> a vtnet interface returned ENOTSUP although it has IFF_PROMISC set. This
> confused the bridge code. Instead we now accept all enable/disable
> promiscuous
> commands (and always keep IFF_PROMISC set).
>
> There are also two issues with the if_bridge error handling.
>
> If if_promisc() fails it uses bridge_delete_member() to clean up. This tries
> to
> disable promiscuous mode on the interface. That runs into an assert, because
> promiscuous mode was never set in the first place. (That's the panic reported
> in
> PR 200210.)
> We can only unset promiscuous mode if the interface actually is promiscuous.
> This goes against the reference counting done by if_promisc(), but only the
> first/last if_promic() calls can actually fail, so this is safe.
>
> A second issue is a double free of bif. It's already freed by
> bridge_delete_member().
>
> PR: 200210
> Differential Revision: https://reviews.freebsd.org/D2804
> Reviewed by: philip (mentor)
>
> Changes:
> head/sys/dev/virtio/network/if_vtnet.c
> head/sys/net/if_bridge.c
>
More information about the freebsd-net
mailing list