Re: IPv6/NDP/IPsec breakage in -current

2016-10-13 Thread Markus Friedl 

> Am 13.10.2016 um 13:06 schrieb Christian Weisgerber :
> 
>> After the second m_makespace():
>> 
>>+--+-+  +--+  ++-+
>>| IPv6 | ESP |  | IPv6 |  | ICMPv6 | ESP |
>>+--+-+  +--+  ++-+
>> 
>> With m_inject(), it would instead be something like this:
>> 
>>+--++-+  +--+  +
>>| IPv6 || ESP |  | IPv6 |  | ICMPv6  ...
>>+--++-+  +--+  +
> 
> Found it.  It's this snippet of nd6_ns_output() that handles those
> mbuf chains differently:
> 
>454 if (ln && ln->ln_hold) {
>455 hip6 = mtod(ln->ln_hold, struct ip6_hdr *);
>456 /* XXX pullup? */
>457 if (sizeof(*hip6) < ln->ln_hold->m_len)
>458 saddr6 = >ip6_src;
>459 else
>460 saddr6 = NULL;
>461 } else
>462 saddr6 = NULL;
> 
> Did this only ever work by accident?

ok, to get it right, the following is the difference:

with m_inject() the first mbuf always contains the 40 byte ipv6 header
while with m_makespace() it also contains the ESP header.

so with m_inject() the ln_hold->m_len is 40 and since this is
exactly the size of hip6, the code falls back to saddr6 = NULL.

IMHO the code should use <= and not <:
   if (sizeof(*hip6) <=  ln->ln_hold->m_len)
but then your example will also fail with the old m_inject() code.

If this intended address selection is indeed correct then we 
need to figure out if a bypass flow for NDP is necessary, or
if NDP should always bypass IPsec (but what about bringing NDP over IPsec?)

With IPv4 this problem does not exist, because ARP packet are not IP
packets, so they are not matched by the IPsec flow.

-m

Re: OpenBSD 5.8-current kernel panic triggered by find on ntfs mount

2016-10-13 Thread Mikolaj Kucharski 
Hi,

I had finally chance to test this again on:

OpenBSD 6.0-current (GENERIC.MP) #2220: Wed Oct 12 20:06:45 MDT 2016
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP

and this problem does not occur anymore. Multiple find(1) commands on
NTFS mount work reliably and doesn't trigger kernel panic like before.

Thanks. Current dmesg inluded at the end of this email.

On Tue, Aug 25, 2015 at 08:45:57PM +0100, miko...@kucharski.name wrote:
> >Synopsis:find on ntfs mount triggers kernel panic
> >Category:kernel
> >Environment:
>   System  : OpenBSD 5.8
>   Details : OpenBSD 5.8-current (GENERIC.MP) #1131: Tue Aug 25 
> 06:34:01 MDT 2015
>
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
> 
>   Architecture: OpenBSD.i386
>   Machine : i386
> >Description:
> Executing find on ntfs mount point results in panic. Find executed over ssh,
> here is tail of the output from remote machine:
> 
> /home/wd0j/Windows/winsxs/Manifests/x86_e06d60e77c6609654b3e6b5f824be3fe_b03f5f7f11d50a3a_6.0.6001.18111_none_3ab8d9104875320f.manifest
> /home/wd0j/Windows/winsxs/Manifests/x86_e07f7a84fef1df7bc69de25c3b0b73b7_31bf3856ad364e35_6.0.6002.22468_none_990a608aa514e04d.manifest
> /home/wd0j/Windows/winsxs/Manifests/x86_e07ffe83cc403ffa00d0ababce873343_31bf3856ad364e35_6.0.6001.18000_none_439da59f6241ad11.manifest
> /home/wd0j/Windows/winsxs/Manifests/x86_e0818432c4b4645be82d8c1135e0ae34_31bf3856ad364e35_6.0.6002.22343_none_6815f48e62f99ba2.manifest
> /home/wd0j/Windows/winsxs/Manifests/x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.20656_none_080515a8e399e5cpacket_wri
> te_wait: Connection to 192.168.1.26: Broken pipe
> 
> 
> Here is trace hand written from the glass console (there could be typos):
> 
> ddb{0}> trace
> ntfs_ntrele(efff5544,937d6511,4,d5317200,0) at ntfs_ntrele+0x9
> ntfs_ntvattrrele(d5317200,d546e600,d5317200,0,0) at ntfs_ntvattrrele+0x14
> ntfs_readattr_plain(d4c73a00,d546e600,a0,d09b95aa,0) at 
> ntfs_readattr_plain+Ox186
> ntfs_readattr(d4c73a00,d546e600,a0,d09b95aa,0) at ntfs_readattr+0x124
> ntfs_ntreaddir(d4c73a00,d546e680,a0,f5477e68,da8fd178) at ntfs_ntreaddir+0x19c
> ntfs_readdir(f5477e98,da8fd178,f5477eac,d03f6bdb,da8fc13c) at 
> ntfs_readdir+0xfe
> VOP_READDIR(daa5e24c,f5477edc,dab3c5a0,f5477f04,f5477f80) at VOP_READDIR+0x3f
> sys_getdents(da8fd178,f5477f60,f5477f80,0,da8fd178) at sys_getdents+0x129
> syscall() at syscall+0x3cb
> --- syscall (number 0) ---
> 0x202:
> ddb{0}>
> 
> 
> 
> >How-To-Repeat:
>   mount -r /dev/wd0j /home/wd0j
>   find /home/wd0j
>   panic is triggered around /Windows/winsxs/Manifests directory
> >Fix:
>   none
> 
> 
> dmesg:
> OpenBSD 5.8-current (GENERIC.MP) #1131: Tue Aug 25 06:34:01 MDT 2015
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
...


OpenBSD 6.0-current (GENERIC.MP) #2220: Wed Oct 12 20:06:45 MDT 2016
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
real mem  = 3219210240 (3070MB)
avail mem = 3144921088 (2999MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 11/15/07, BIOS32 rev. 0 @ 0xfd330, SMBIOS rev. 2.4 @ 
0xdc010 (28 entries)
bios0: vendor Phoenix Technologies LTD version "V1.24" date 11/15/2007
bios0: Acer Aspire 9420
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC HPET MCFG TCPA SLIC APIC BOOT SSDT SSDT SSDT SSDT 
SSDT
acpi0: wakeup devices LID0(S3) SLPB(S3) HDEF(S3) LANE(S5) PXS5(S4) PXS6(S4) 
USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) LANC(S5) MODM(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 2 pa 0xfec28000, version ff, 256 pins
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEGP)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 3 (RP02)
acpiprt4 at acpi0: bus 5 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)