NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/38577: options IPSEC crashes when execute netstat -s
>Number: 38577
>Category: kern
>Synopsis: options IPSEC crashes when execute netstat -s
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 04 05:55:00 +0000 2008
>Originator: kay%gaia.kaynet.or.jp@localhost
>Release: NetBSD 4.99.62
>Organization:
>Environment:
System: NetBSD gaia.kaynet.or.jp 4.99.60 NetBSD 4.99.62 (GAIA) #0: Wed Apr 23
02:20:55 JST 2008
root%gaia.kaynet.or.jp@localhost:/usr/src/obj.x86_64/sys/arch/amd64/compile/GAIA
amd64
Architecture: x86_64
Machine: amd64
>Description:
allocate too large array on statck.
$NetBSD: ipsec.c,v 1.129 2008/04/23 06:09:05 thorpej Exp $
static int
sysctl_net_inet_ipsec_stats(SYSCTLFN_ARGS)
{
netstat_sysctl_context ctx;
uint64_t ipss[IPSEC_NSTATS];
ctx.ctx_stat = ipsecstat_percpu;
ctx.ctx_counters = ipss;
ctx.ctx_ncounters = IPSEC_NSTATS;
return (NETSTAT_SYSCTL(&ctx));
}
back trace:
sysctl_net_inet_ipsec_stats() at netbsd:sysctl_net_inet_ipsec_stats+0x19
sysctl_dispatch() at netbsd:sysctl_dispatch+0xd8
sys___sysctl() at netbsd:sys___sysctl+0xd4
syscall() at netbsd:syscall+0x9a
disassemble:
Dump of assembler code for function sysctl_net_inet_ipsec_stats:
0xffffffff801c1280 <sysctl_net_inet_ipsec_stats+0>: push %rbp
0xffffffff801c1281 <sysctl_net_inet_ipsec_stats+1>: mov %rdi,%r10
0xffffffff801c1284 <sysctl_net_inet_ipsec_stats+4>: mov %rsp,%rbp
0xffffffff801c1287 <sysctl_net_inet_ipsec_stats+7>: sub $0x30e0,%rsp
0xffffffff801c128e <sysctl_net_inet_ipsec_stats+14>: mov 7264963(%rip),%r\
ax # 0xffffffff808aed58 <ipsecstat_percpu>
0xffffffff801c1295 <sysctl_net_inet_ipsec_stats+21>: lea 0xffffffffffffff\
e0(%rbp),%rdi
0xffffffff801c1299 <sysctl_net_inet_ipsec_stats+25>: mov %r9,(%rsp) <==
here
0xffffffff801c129d <sysctl_net_inet_ipsec_stats+29>: mov %r8,%r9
0xffffffff801c12a0 <sysctl_net_inet_ipsec_stats+32>: mov %rcx,%r8
0xffffffff801c12a3 <sysctl_net_inet_ipsec_stats+35>: mov %rdx,%rcx
0xffffffff801c12a6 <sysctl_net_inet_ipsec_stats+38>: mov %esi,%edx
0xffffffff801c12a8 <sysctl_net_inet_ipsec_stats+40>: mov %rax,0xfffffffff\
fffffe0(%rbp)
0xffffffff801c12ac <sysctl_net_inet_ipsec_stats+44>: lea 0xffffffffffffcf\
40(%rbp),%rax
0xffffffff801c12b3 <sysctl_net_inet_ipsec_stats+51>: mov %r10,%rsi
0xffffffff801c12b6 <sysctl_net_inet_ipsec_stats+54>: movl $0x614,0xfffffff\
ffffffff0(%rbp)
0xffffffff801c12bd <sysctl_net_inet_ipsec_stats+61>: mov %rax,0xfffffffff\
fffffe8(%rbp)
0xffffffff801c12c1 <sysctl_net_inet_ipsec_stats+65>: mov 0x20(%rbp),%rax
0xffffffff801c12c5 <sysctl_net_inet_ipsec_stats+69>: mov %rax,0x18(%rsp)
0xffffffff801c12ca <sysctl_net_inet_ipsec_stats+74>: mov 0x18(%rbp),%rax
0xffffffff801c12ce <sysctl_net_inet_ipsec_stats+78>: mov %rax,0x10(%rsp)
0xffffffff801c12d3 <sysctl_net_inet_ipsec_stats+83>: mov 0x10(%rbp),%rax
0xffffffff801c12d7 <sysctl_net_inet_ipsec_stats+87>: mov %rax,0x8(%rsp)
0xffffffff801c12dc <sysctl_net_inet_ipsec_stats+92>: callq 0xffffffff8042c5\
30 <netstat_sysctl>
0xffffffff801c12e1 <sysctl_net_inet_ipsec_stats+97>: leaveq
0xffffffff801c12e2 <sysctl_net_inet_ipsec_stats+98>: retq
>How-To-Repeat:
1. enable IPSEC in your kernel configuration file.
2. build kernel and boot it.
3. execute netstat -s
>Fix:
grow kernel stack size or allocate uint64_t ipss[IPSEC_NSTATS] on heap.
Home |
Main Index |
Thread Index |
Old Index