NetBSD Problem Report #55288

From liman@cafax.se  Sat May 23 11:34:37 2020
Return-Path: <liman@cafax.se>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 4670F1A9244
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 23 May 2020 11:34:37 +0000 (UTC)
Message-Id: <227dx2vrds.fsf@floptop.liman.net>
Date: Sat, 23 May 2020 13:10:23 +0200
From: Lars-Johan Liman <liman@cafax.se>
To: gnats-bugs@NetBSD.org
Subject: Kernel panics on "npfctl reload" if setting incorrect variables.
X-Send-Pr-Version: 3.95

>Number:         55288
>Category:       kern
>Synopsis:       Kernel panics on "npfctl reload" if setting portmap parameters.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    rmind
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 23 11:35:00 +0000 2020
>Closed-Date:    Mon May 25 17:35:36 +0000 2020
>Last-Modified:  Mon May 25 17:35:36 +0000 2020
>Originator:     Lars-Johan Liman
>Release:        NetBSD 9.0
>Organization:
	Cafax AB
>Environment:
System: NetBSD vpn.cafax.se 9.0 NetBSD 9.0 (XEN3_DOMU) #0: Fri Feb 14 00:06:28 UTC 2020 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/xen/compile/XEN3_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:
	If you try to set a parameter with somewhat incorrect name and
        do an "npfctl reload", the kernel will immediately panic and the
        machine will reboot.
>How-To-Repeat:
        # cat >/etc/npf.conf <<EOT
	set portmap.somthingweird 40010
	group default {
	    pass in all
	    pass out all
	}
        EOT

	# npfctl reload
	<crash!>
>Fix:
	None known.

The traceback on the console looks like this:

[  96.9801348] uvm_fault(0xffffd40004af02f0, 0x0, 1) -> e
[  96.9801348] fatal page fault in supervisor mode
[  96.9801348] trap type 6 code 0 rip 0xffffffff802fe1d4 cs 0xe030 rflags 0x10282 cr2 0 ilevel 0 rsp 0xffffd4007a62bbb0
[  96.9801348] curlwp 0xffffd40004ad56a0 pid 955.1 lowest kstack 0xffffd4007a6282c0
[  96.9801348] panic: trap
[  96.9901034] cpu0: Begin traceback...
[  96.9901034] vpanic() at netbsd:vpanic+0x143
[  96.9901034] snprintf() at netbsd:snprintf
[  96.9901034] startlwp() at netbsd:startlwp
[  96.9901034] alltraps() at netbsd:alltraps+0xae
[  96.9901034] npf_config_destroy() at netbsd:npf_config_destroy+0x26
[  96.9901034] npfctl_load() at netbsd:npfctl_load+0x75
[  96.9901034] VOP_IOCTL() at netbsd:VOP_IOCTL+0x3b
[  96.9901034] vn_ioctl() at netbsd:vn_ioctl+0xa5
[  96.9901034] sys_ioctl() at netbsd:sys_ioctl+0x547
[  96.9901034] syscall() at netbsd:syscall+0x9c
[  96.9901034] --- syscall (number 54) ---
[  96.9901034] 7b3c5f7681ba:
[  96.9901034] cpu0: End traceback...

[  96.9901034] dumping to dev 168,1 (offset=8388607, size=0): not possible
[  96.9901034] rebooting...


Sorry, I have no idea where to start looking. :-(

The background is that I wanted to set the port range for NAT.
npf-params(7) says "portmap.min_port" (and "...max_port") but they yield
syntax errors with "npfctl validate". I thought it might be a
documentation error and tried "portmap.min-port" (hyphen instead of
underscore), but still syntax error, so I then tried with
"portmap.minport" (neiter hyphen nor underscore). That passed
validation, so I did a "reload", with ther result above.

Since then I've been testing other combinations, and I blieve the syntax
check will say OK to anything that begings with a proper "xxx.", but it
can be followed by any ".yyy" that is a valid combination of characters,
so "portmap.somethingsweird" will pass, but "somethingweird.max_port"
will not.

So there are essentially two problems here:

1. The syntax checker needs a once-over to make sure it kicks out
   unknown variables.

2. The kernel should deal gracefully with unknown variables.

... and I still haven't found the right words to use for setting the
port interval ... ;-)

Your kind assistance would be appreciated. :-)

				Best regards,
				  /Lars-Johan Liman
-- 
#-------------------------------------------------------------------------
# Lars-Johan Liman, M.Sc.		 ! E-mail: liman@cafax.se
# Cafax AB				 ! HTTP  : //www.cafax.se/
# Computer Consultants, Sweden		 ! Voice : +46 8 - 564 702 30
#-------------------------------------------------------------------------

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->rmind
Responsible-Changed-By: rmind@NetBSD.org
Responsible-Changed-When: Sat, 23 May 2020 12:20:18 +0000
Responsible-Changed-Why:
Likely fixed in NPF version on Github, but I'll have a look.


From: Lars-Johan Liman <liman@cafax.se>
To: rmind@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org, gnats-admin@netbsd.org,
        gnats-bugs@netbsd.org
Subject: Re: kern/55288 (Kernel panics on "npfctl reload" if setting portmap parameters.)
Date: Sun, 24 May 2020 08:16:55 +0200

 rmind@NetBSD.org 2020-05-23 12:20 [+0000]:
 > Likely fixed in NPF version on Github, but I'll have a look.

 Ack! Thanks!

 				Cheers,
 				  /Liman




From: "Mindaugas Rasiukevicius" <rmind@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55288 CVS commit: src/usr.sbin/npf/npfctl
Date: Sun, 24 May 2020 15:35:40 +0000

 Module Name:	src
 Committed By:	rmind
 Date:		Sun May 24 15:35:40 UTC 2020

 Modified Files:
 	src/usr.sbin/npf/npfctl: npf_scan.l

 Log Message:
 PR/55288: npfctl: change parameter syntax to be more permissive.


 To generate a diff of this commit:
 cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/npf/npfctl/npf_scan.l

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55288 CVS commit: [netbsd-9] src/usr.sbin/npf/npfctl
Date: Mon, 25 May 2020 17:29:28 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Mon May 25 17:29:28 UTC 2020

 Modified Files:
 	src/usr.sbin/npf/npfctl [netbsd-9]: npf_scan.l

 Log Message:
 Pull up following revision(s) (requested by rmind in ticket #932):

 	usr.sbin/npf/npfctl/npf_scan.l: revision 1.31

 PR/55288: npfctl: change parameter syntax to be more permissive.


 To generate a diff of this commit:
 cvs rdiff -u -r1.29.2.1 -r1.29.2.2 src/usr.sbin/npf/npfctl/npf_scan.l

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: rmind@NetBSD.org
State-Changed-When: Mon, 25 May 2020 17:35:36 +0000
State-Changed-Why:
Fixed.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.