Re: kern/43185

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,guy%alum.mit.edu@localhost
Subject: Re: kern/43185
From: Antti Kantee <pooka%cs.hut.fi@localhost>
Date: Wed, 21 Apr 2010 10:55:02 +0000 (UTC)

The following reply was made to PR kern/43185; it has been noted by GNATS.

From: Antti Kantee <pooka%cs.hut.fi@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/43185
Date: Wed, 21 Apr 2010 13:50:37 +0300

 I can certainly get a crash by editing sys/rump/net/rumptest to use
 your example filter:
 
 Index: rumptest_net.c
 ===================================================================
 RCS file: /cvsroot/src/sys/rump/net/rumptest/rumptest_net.c,v
 retrieving revision 1.19
 diff -p -u -r1.19 rumptest_net.c
 --- rumptest_net.c      29 Jan 2010 12:34:17 -0000      1.19
 +++ rumptest_net.c      21 Apr 2010 10:47:36 -0000
 @@ -261,7 +261,13 @@ static void
  dobpfread(void)
  {
         struct bpf_program bpf_prog;
 -       struct bpf_insn bpf_ins;
 +       struct bpf_insn bpf_ins[] = {
 +            { 0x20, 0, 0, 0x00000000 },
 +            { 0x34, 0, 0, 0x00000000 },
 +            { 0x15, 0, 1, 0x00000002 },
 +            { 0x6, 0, 0, 0x00000060 },
 +            { 0x6, 0, 0, 0x00000000 },
 +       };
         struct bpf_hdr *bhdr;
         void *buf;
         struct ifreq ifr;
 @@ -311,12 +317,8 @@ dobpfread(void)
         if (rump_sys_ioctl(bpfd, BIOCSETIF, &ifr) == -1)
                 err(1, "BIOCSETIF");
  
 -       /* accept all packets up to 9000 bytes */
 -       memset(&bpf_ins, 0, sizeof(bpf_ins));
 -       bpf_ins.code = BPF_RET + BPF_K;
 -       bpf_ins.k = 9000;
 -       bpf_prog.bf_len = 1;
 -       bpf_prog.bf_insns = &bpf_ins;
 +       bpf_prog.bf_len = __arraycount(bpf_ins);
 +       bpf_prog.bf_insns = bpf_ins;
         if (rump_sys_ioctl(bpfd, BIOCSETF, &bpf_prog) == -1)
                 err(1, "BIOCSETF");
  
 
 And then running the program:
 
 pain-rustique:22:/sys/rump/net/rumptest> ./rumptest_net bpf
   mbuf count:
 total mbufs: 0
 connected
 Floating exception (core dumped)
 pain-rustique:23:/sys/rump/net/rumptest> gdb rumptest_net rumptest_net.core 
 GNU gdb 6.5
 [...]
 #0  0xbbafdbad in bpf_filter (pc=0xbb82c5b8, p=0xba1ff9b4 "", wirelen=280, 
     buflen=0)
     at /usr/allsrc/src/sys/rump/dev/lib/libbpf/../../../../net/bpf_filter.c:418
 418                             A /= pc->k;
 (gdb) 
 
 With bpf containing the suggested patch I get the expected result.
 
 pain-rustique:24:/sys/rump/net/rumptest> ./rumptest_net bpf
   mbuf count:
 total mbufs: 0
 connected
 rumptest_net: BIOCSETF: Invalid argument
 pain-rustique:25:/sys/rump/net/rumptest>

Prev by Date: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Next by Date: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Previous by Thread: kern/43186: multicast packets aren't received when PROMISC mode on fxp.
Next by Thread: PR/43185 CVS commit: src/tests/net
Indexes:

Home | Main Index | Thread Index | Old Index