Re: IPSEC crashes after r253088
On 23.07.2013 14:00, Andrey V. Elsukov wrote: Also, I already prepared patch to test. I've tested it on mips platform and it makes it working fine as before that change. I can succesfully boot system. Thank you for patching it. -- Pozdrawiam, Maciej Milewski ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: IPSEC crashes after r253088
On 7/23/13 8:00 PM, Andrey V. Elsukov wrote: On 23.07.2013 15:28, Andre Oppermann wrote: On 23.07.2013 09:28, Andrey V. Elsukov wrote: On 21.07.2013 00:43, Taku YAMAMOTO wrote: After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on booting into multi-user mode. The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with kernel stack overflow. where type is struct ipsecstat which is 12560 bytes of size (larger than 3 pages) of size when processing net.inet.ipsec.ipsecstats. Hi, Only few fields of struct ipsecstat is used, the rest fields are never updated. We can split it to several structures, or just remove unused fields. What is better? Not storing it on the stack? Also, I already prepared patch to test. 'both'.. one isn't supposed to have structures of any size on the stack in the kernel. At one stage the max was 64 bytes.. has grown since then obviously. *And* it could do with simplification. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: IPSEC crashes after r253088
On 23.07.2013 15:28, Andre Oppermann wrote: > On 23.07.2013 09:28, Andrey V. Elsukov wrote: >> On 21.07.2013 00:43, Taku YAMAMOTO wrote: >>> After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on >>> booting into multi-user mode. >>> >>> The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with >>> kernel stack overflow. >> >>> where type is struct ipsecstat which is 12560 bytes of size (larger than >>> 3 pages) of size when processing net.inet.ipsec.ipsecstats. >> >> Hi, >> >> Only few fields of struct ipsecstat is used, the rest fields are never >> updated. We can split it to several structures, or just remove unused >> fields. What is better? > > Not storing it on the stack? Also, I already prepared patch to test. -- WBR, Andrey V. Elsukov Index: sys/netinet/sctp_input.c === --- sys/netinet/sctp_input.c(revision 253562) +++ sys/netinet/sctp_input.c(working copy) @@ -5705,7 +5705,7 @@ sctp_common_input_processing(struct mbuf **mm, int #ifdef INET case AF_INET: if (ipsec4_in_reject(m, &inp->ip_inp.inp)) { - IPSECSTAT_INC(in_polvio); + IPSECSTAT_INC(ips_in_polvio); SCTP_STAT_INCR(sctps_hdrops); goto out; } @@ -5714,7 +5714,7 @@ sctp_common_input_processing(struct mbuf **mm, int #ifdef INET6 case AF_INET6: if (ipsec6_in_reject(m, &inp->ip_inp.inp)) { - IPSEC6STAT_INC(in_polvio); + IPSEC6STAT_INC(ips_in_polvio); SCTP_STAT_INCR(sctps_hdrops); goto out; } Index: sys/netinet/tcp_input.c === --- sys/netinet/tcp_input.c (revision 253562) +++ sys/netinet/tcp_input.c (working copy) @@ -899,12 +899,12 @@ findpcb: #ifdef IPSEC #ifdef INET6 if (isipv6 && ipsec6_in_reject(m, inp)) { - IPSEC6STAT_INC(in_polvio); + IPSEC6STAT_INC(ips_in_polvio); goto dropunlock; } else #endif /* INET6 */ if (ipsec4_in_reject(m, inp) != 0) { - IPSECSTAT_INC(in_polvio); + IPSECSTAT_INC(ips_in_polvio); goto dropunlock; } #endif /* IPSEC */ Index: sys/netinet/udp_usrreq.c === --- sys/netinet/udp_usrreq.c(revision 253562) +++ sys/netinet/udp_usrreq.c(working copy) @@ -282,7 +282,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struc /* Check AH/ESP integrity. */ if (ipsec4_in_reject(n, inp)) { m_freem(n); - IPSECSTAT_INC(in_polvio); + IPSECSTAT_INC(ips_in_polvio); return; } #ifdef IPSEC_NAT_T @@ -1294,7 +1294,7 @@ udp4_espdecap(struct inpcb *inp, struct mbuf *m, i if (minlen > m->m_pkthdr.len) minlen = m->m_pkthdr.len; if ((m = m_pullup(m, minlen)) == NULL) { - IPSECSTAT_INC(in_inval); + IPSECSTAT_INC(ips_in_inval); return (NULL); /* Bypass caller processing. */ } data = mtod(m, caddr_t);/* Points to ip header. */ @@ -1334,7 +1334,7 @@ udp4_espdecap(struct inpcb *inp, struct mbuf *m, i uint32_t spi; if (payload <= sizeof(struct esp)) { - IPSECSTAT_INC(in_inval); + IPSECSTAT_INC(ips_in_inval); m_freem(m); return (NULL); /* Discard. */ } @@ -1355,7 +1355,7 @@ udp4_espdecap(struct inpcb *inp, struct mbuf *m, i tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, 2 * sizeof(uint16_t), M_NOWAIT); if (tag == NULL) { - IPSECSTAT_INC(in_nomem); + IPSECSTAT_INC(ips_in_nomem); m_freem(m); return (NULL); /* Discard. */ } Index: sys/netinet6/ip6_forward.c === --- sys/netinet6/ip6_forward.c (revision 253562) +++ sys/netinet6/ip6_forward.c (working copy) @@ -120,7 +120,7 @@ ip6_forward(struct mbuf *m, int srcrt) * before forwarding packet actually. */ if (ipsec6_in_reject(m, NULL)) { - IPSEC6STAT_INC(in_polvio); + IPSEC6STAT_INC(ips_in_polvio); m_freem(m); return; } @@ -182,7 +182,7 @@ ip6_forward(struct mbuf *m, int srcrt) sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error); if (sp == NULL) { - IPSEC6STAT_INC(out_inval); + IPSEC6STAT_INC(ips_out_inval);
Re: IPSEC crashes after r253088
On 23.07.2013 15:28, Andre Oppermann wrote: > On 23.07.2013 09:28, Andrey V. Elsukov wrote: >> On 21.07.2013 00:43, Taku YAMAMOTO wrote: >>> After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on >>> booting into multi-user mode. >>> >>> The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with >>> kernel stack overflow. >> >>> where type is struct ipsecstat which is 12560 bytes of size (larger than >>> 3 pages) of size when processing net.inet.ipsec.ipsecstats. >> >> Hi, >> >> Only few fields of struct ipsecstat is used, the rest fields are never >> updated. We can split it to several structures, or just remove unused >> fields. What is better? > > Not storing it on the stack? It seems that only about 120 bytes are used from all 12 Kbytes. The old ipsecstat structure was concatenated with newipsecstat some time ago. And in fact, only fields of newipsecstat are used. I see no sense to just waste 12*ncpu Kbytes of memory. -- WBR, Andrey V. Elsukov ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: IPSEC crashes after r253088
On 23.07.2013 09:28, Andrey V. Elsukov wrote: On 21.07.2013 00:43, Taku YAMAMOTO wrote: After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on booting into multi-user mode. The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with kernel stack overflow. where type is struct ipsecstat which is 12560 bytes of size (larger than 3 pages) of size when processing net.inet.ipsec.ipsecstats. Hi, Only few fields of struct ipsecstat is used, the rest fields are never updated. We can split it to several structures, or just remove unused fields. What is better? Not storing it on the stack? -- Andre ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: IPSEC crashes after r253088
On 21.07.2013 00:43, Taku YAMAMOTO wrote: > After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on > booting into multi-user mode. > > The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with > kernel stack overflow. > where type is struct ipsecstat which is 12560 bytes of size (larger than > 3 pages) of size when processing net.inet.ipsec.ipsecstats. Hi, Only few fields of struct ipsecstat is used, the rest fields are never updated. We can split it to several structures, or just remove unused fields. What is better? -- WBR, Andrey V. Elsukov ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: IPSEC crashes after r253088
On 20.07.2013 22:43, Taku YAMAMOTO wrote: After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on booting into multi-user mode. The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with kernel stack overflow. The problem is what we have in sys/net/vnet.h: #define SYSCTL_VNET_PCPUSTAT(parent, nbr, name, type, array, desc) \ static int \ array##_sysctl(SYSCTL_HANDLER_ARGS) \ { \ type s; \ CTASSERT((sizeof(type) / sizeof(uint64_t)) == \ (sizeof(VNET(array)) / sizeof(counter_u64_t))); \ COUNTER_ARRAY_COPY(VNET(array), &s, sizeof(type) / sizeof(uint64_t));\ if (req->newptr)\ COUNTER_ARRAY_ZERO(VNET(array), \ sizeof(type) / sizeof(uint64_t)); \ return (SYSCTL_OUT(req, &s, sizeof(type))); \ } \ SYSCTL_VNET_PROC(parent, nbr, name, CTLTYPE_OPAQUE | CTLFLAG_RW, NULL, \ 0, array ## _sysctl, "I", desc) where type is struct ipsecstat which is 12560 bytes of size (larger than 3 pages) of size when processing net.inet.ipsec.ipsecstats. I can confirm. I've been hit by that problem on MIPS platform. -- Pozdrawiam, Maciej Milewski ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
IPSEC crashes after r253088
After r253088, systems with IPSEC and KSTACK_PAGES < 4 crashes on booting into multi-user mode. The crash is due to sysctl -a in /etc/rc.d/initrandom ended up with kernel stack overflow. The problem is what we have in sys/net/vnet.h: #define SYSCTL_VNET_PCPUSTAT(parent, nbr, name, type, array, desc) \ static int \ array##_sysctl(SYSCTL_HANDLER_ARGS) \ { \ type s; \ CTASSERT((sizeof(type) / sizeof(uint64_t)) == \ (sizeof(VNET(array)) / sizeof(counter_u64_t))); \ COUNTER_ARRAY_COPY(VNET(array), &s, sizeof(type) / sizeof(uint64_t));\ if (req->newptr)\ COUNTER_ARRAY_ZERO(VNET(array), \ sizeof(type) / sizeof(uint64_t)); \ return (SYSCTL_OUT(req, &s, sizeof(type))); \ } \ SYSCTL_VNET_PROC(parent, nbr, name, CTLTYPE_OPAQUE | CTLFLAG_RW, NULL, \ 0, array ## _sysctl, "I", desc) where type is struct ipsecstat which is 12560 bytes of size (larger than 3 pages) of size when processing net.inet.ipsec.ipsecstats. -- -|-__ YAMAMOTO, Taku | __ < - A chicken is an egg's way of producing more eggs. - ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"