kern/38668: fast_ipsec, ipv6 ans socket locking doesn't play well together

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38668: fast_ipsec, ipv6 ans socket locking doesn't play well together
From: degroote%netbsd.org@localhost
Date: Thu, 15 May 2008 20:05:01 +0000 (UTC)

>Number:         38668
>Category:       kern
>Synopsis:       fast_ipsec, ipv6 ans socket locking doesn't play well together
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 15 20:05:00 +0000 2008
>Originator:     A. Degroote
>Release:        4.99.62
>Organization:
>Environment:
GENERIC + FAST_IPSEC 4.99.62
>Description:
When I was hacking fast_ipsec, I notice that current fast_ipsec in ipv6 doesn't 
work well. It panics when receiving the first packet cyphered.

Some other points. In ipv4, it works well. It fails for ipv6, in tcp/udp/icmp. 

Traceback for the panic :

panic: kernel diagnostic assertion "solocked(sb->sb_so)" failed: file 
"/home/zul/netbsd-dev/src/sys/sys/socketvar.h", line 335
Stopped in pid 0.24 (system) at netbsd:breakpoint+0x4:  popl    %ebp
db{0}> bt
breakpoint(c0ab509b,c68c0a18,c0ae2400,4,6d8,c0a1dc14,4,0,2c,0) at netbsd:breakpo
int+0x4
panic(c0ac5688,c0a1398c,c0a170bb,c0a170d0,14f,28,c68c0bdc,c015b6d7,c0a1398c,c0a1
70d0) at netbsd:panic+0x1b0
__kernassert(c0a1398c,c0a170d0,14f,c0a170bb,2c,0,c68c0a9c,c051ed3b,c0f7080c,c0ae
05c0) at netbsd:__kernassert+0x39
tcp_input(c0f21b00,28,6,1,c10820c0,c0f742e8,c68c0c7c,c01b4560,c68c0c84,c68c0c8c)
 at netbsd:tcp_input+0x1d37
tcp6_input(c68c0c84,c68c0c8c,6,c68c0c6f,c604ec40,c70ea000,32,0,6,c68c0c84) at ne
tbsd:tcp6_input+0x9a
ipsec6_common_input_cb(c0f21b00,c105f080,28,6,0,c0a1f91c,1f6,c011296d,51,a6c834c
7) at netbsd:ipsec6_common_input_cb+0x160
esp_input_cb(c106febc,c0b82cb0,c604e780,c604ec40,c604ec40,c0113920,0,c01002e1,c6
04ec40,0) at netbsd:esp_input_cb+0x68b
cryptoret(c604ec40,0,c01002cd,0,c01002cd,0,0,0,0,0) at netbsd:cryptoret+0x80

>How-To-Repeat:
Set up an host with fast_ipsec + ipv6. Try to communicate with another host. 

For this test, I use something like that to setup the host (but it is not 
really relevant IHMO).

#!/bin/sh

A=
B=

# Clean SPD
setkey -FP

# Clean SAD
setkey -F

# Ipcomp policy
#
setkey -c << EOF

add $A $B esp 0xabd9da39 -E aes-cbc 0xb341aa065c3850edd6a61e150d6a5fd3 -A 
hmac-sha256 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8;

add $B $A esp 0xc9dbb83d -E aes-cbc 0xf7795f6bdd697a43a4d28dcf1b79062d -A 
hmac-sha256 0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6;

add $A $B ipcomp 1004 -m transport -C deflate;
add $B $A ipcomp 1005 -m transport -C deflate;

spdadd $A $B any -P in ipsec ipcomp/transport//use esp/transport//require;
spdadd $B $A any -P out ipsec ipcomp/transport//use esp/transport//require;
EOF

>Fix:
Don't know

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: kern/38669: NFS deadlock?
Previous by Thread: bin/38667: cpuctl does not properly deal with AMD Phenom
Next by Thread: kern/38669: NFS deadlock?
Indexes:

Home | Main Index | Thread Index | Old Index