NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/38577: options IPSEC crashes when execute netstat -s



>Number:         38577
>Category:       kern
>Synopsis:       options IPSEC crashes when execute netstat -s
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 04 05:55:00 +0000 2008
>Originator:     kay%gaia.kaynet.or.jp@localhost
>Release:        NetBSD 4.99.62
>Organization:
>Environment:
System: NetBSD gaia.kaynet.or.jp 4.99.60 NetBSD 4.99.62 (GAIA) #0: Wed Apr 23 
02:20:55 JST 2008 
root%gaia.kaynet.or.jp@localhost:/usr/src/obj.x86_64/sys/arch/amd64/compile/GAIA
 amd64
Architecture: x86_64
Machine: amd64
>Description:

allocate too large array on statck.

$NetBSD: ipsec.c,v 1.129 2008/04/23 06:09:05 thorpej Exp $
static int
sysctl_net_inet_ipsec_stats(SYSCTLFN_ARGS)
{
        netstat_sysctl_context ctx;
        uint64_t ipss[IPSEC_NSTATS];

        ctx.ctx_stat = ipsecstat_percpu;
        ctx.ctx_counters = ipss;
        ctx.ctx_ncounters = IPSEC_NSTATS;
        return (NETSTAT_SYSCTL(&ctx));
}

back trace:
sysctl_net_inet_ipsec_stats() at netbsd:sysctl_net_inet_ipsec_stats+0x19
sysctl_dispatch() at netbsd:sysctl_dispatch+0xd8
sys___sysctl() at netbsd:sys___sysctl+0xd4
syscall() at netbsd:syscall+0x9a

disassemble:
Dump of assembler code for function sysctl_net_inet_ipsec_stats:
0xffffffff801c1280 <sysctl_net_inet_ipsec_stats+0>:     push   %rbp
0xffffffff801c1281 <sysctl_net_inet_ipsec_stats+1>:     mov    %rdi,%r10
0xffffffff801c1284 <sysctl_net_inet_ipsec_stats+4>:     mov    %rsp,%rbp
0xffffffff801c1287 <sysctl_net_inet_ipsec_stats+7>:     sub    $0x30e0,%rsp
0xffffffff801c128e <sysctl_net_inet_ipsec_stats+14>:    mov    7264963(%rip),%r\
ax        # 0xffffffff808aed58 <ipsecstat_percpu>
0xffffffff801c1295 <sysctl_net_inet_ipsec_stats+21>:    lea    0xffffffffffffff\
e0(%rbp),%rdi
0xffffffff801c1299 <sysctl_net_inet_ipsec_stats+25>:    mov    %r9,(%rsp) <== 
here
0xffffffff801c129d <sysctl_net_inet_ipsec_stats+29>:    mov    %r8,%r9
0xffffffff801c12a0 <sysctl_net_inet_ipsec_stats+32>:    mov    %rcx,%r8
0xffffffff801c12a3 <sysctl_net_inet_ipsec_stats+35>:    mov    %rdx,%rcx
0xffffffff801c12a6 <sysctl_net_inet_ipsec_stats+38>:    mov    %esi,%edx
0xffffffff801c12a8 <sysctl_net_inet_ipsec_stats+40>:    mov    %rax,0xfffffffff\
fffffe0(%rbp)
0xffffffff801c12ac <sysctl_net_inet_ipsec_stats+44>:    lea    0xffffffffffffcf\
40(%rbp),%rax
0xffffffff801c12b3 <sysctl_net_inet_ipsec_stats+51>:    mov    %r10,%rsi
0xffffffff801c12b6 <sysctl_net_inet_ipsec_stats+54>:    movl   $0x614,0xfffffff\
ffffffff0(%rbp)
0xffffffff801c12bd <sysctl_net_inet_ipsec_stats+61>:    mov    %rax,0xfffffffff\
fffffe8(%rbp)
0xffffffff801c12c1 <sysctl_net_inet_ipsec_stats+65>:    mov    0x20(%rbp),%rax
0xffffffff801c12c5 <sysctl_net_inet_ipsec_stats+69>:    mov    %rax,0x18(%rsp)
0xffffffff801c12ca <sysctl_net_inet_ipsec_stats+74>:    mov    0x18(%rbp),%rax
0xffffffff801c12ce <sysctl_net_inet_ipsec_stats+78>:    mov    %rax,0x10(%rsp)
0xffffffff801c12d3 <sysctl_net_inet_ipsec_stats+83>:    mov    0x10(%rbp),%rax
0xffffffff801c12d7 <sysctl_net_inet_ipsec_stats+87>:    mov    %rax,0x8(%rsp)
0xffffffff801c12dc <sysctl_net_inet_ipsec_stats+92>:    callq  0xffffffff8042c5\
30 <netstat_sysctl>
0xffffffff801c12e1 <sysctl_net_inet_ipsec_stats+97>:    leaveq
0xffffffff801c12e2 <sysctl_net_inet_ipsec_stats+98>:    retq

>How-To-Repeat:
1. enable IPSEC in your kernel configuration file.
2. build kernel and boot it.
3. execute netstat -s
>Fix:
 grow kernel stack size or allocate uint64_t ipss[IPSEC_NSTATS] on heap.



Home | Main Index | Thread Index | Old Index