This is very similar to the UID/GID filtering problem. What appears to be happening is on the inbound path, we pickup the pfil lock and attempt to pickup the inp info lock, while on the outbound path, we hold the inp info lock across ip_output which will try to pickup the pfil lock. This problem is the result of a layering violation, in reality the firewall should not be picking up layer 4 related locks. Myself and a few others have been discussing this problem for quite some time now, and hopefully it won't be long before we can come up with a solution that will make everyone happy. For now, you should be able to set debug.mpsafenet to 0 which will re-enable Giant in the network stack, in theory preventing the deadlock. debug.mpsafenet=0 in your loader.conf Let me know if this helps sekes wrote: > On 5/14/06, Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net> wrote: >> >> On Sun, 14 May 2006, sekes wrote: >> >> > lock order reversal: >> > 1st 0xc2b8b090 inp (divinp) _at_ >> > /usr/src/sys/modules/ipdivert/../../netinet/ip_divert.c:336 >> > 2nd 0xc0a44db8 PFil hook read/write mutex (PFil hook read/write >> mutex) _at_ >> > /usr/src/sys/net/pfil.c:73 >> >> looks almost the same as LOR #181: >> http://sources.zabbadoz.net/freebsd/lor.html#181 >> but without the div_output(). >> >> -- >> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT >> > > yes, it is similar to my situation. may i know when it could be fixed? > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe_at_freebsd.org" > > -- Christian S.J. Peron csjp_at_FreeBSD.ORG FreeBSD Committer FreeBSD Security TeamReceived on Sun May 14 2006 - 13:25:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:55 UTC