Project

General

Profile

Bug #13316

ipmgmtd inconsistent with kernel on failure

Added by Ryan Zezeski 14 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
networking
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

You can get ipmgmtd out of sync with the kernel with a specific sequence of ipadm commands.

1. Create simnet with Primary Administrator profile.
2. Attempt to create link-local IPv6 object as normal user (notice the lack of pfexec).
3. List addrs and interfaces and notice there is no sim1 interface.
4. Try to create addr object again, this time with Primary Administrator profile. Notice it says the interface already exists. How is this possible?

rpz@thunderhead:~$ pfexec dladm create-simnet sim1

rpz@thunderhead:~$ ipadm create-addr -T addrconf sim1/v6
ipadm: Could not create address: Could not open DLPI link

rpz@thunderhead:~$ ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
igb1/v4           static   ok           192.168.2.8/24
lo0/v6            static   ok           ::1/128

rpz@thunderhead:~$ ipadm show-if
IFNAME     STATE    CURRENT      PERSISTENT
lo0        ok       -m-v------46 ---
igb1       ok       bm--------46 -46

rpz@thunderhead:~$ pfexec ipadm create-addr -T addrconf sim1/v6
ipadm: Could not create address: Address object already exists

Attach to ipmgmtd and print its list of interfaces.

rpz@thunderhead:~$ pgrep ipmgmtd
52

rpz@thunderhead:~$ pfexec mdb -p 52
Loading modules: [ ld.so.1 libumem.so.1 libc.so.1 libnvpair.so.1 libuutil.so.1 ]
> 
> aobjmap::print -t ipmgmt_aobjmap_list_t aobjmap_head | ::list ipmgmt_aobjmap_t am_next | ::printf "0x%p %s\n" ipmgmt_aobjmap_t . am_aobjname
0x811e1c8 sim1/v6
0x811eac8 igb1/v4
0x811ec48 lo0/v6
0x811edc8 lo0/v4

Check the list of interfaces according to the kernel. The list of interfaces presented by ipadm is determined by the SIOCGLIFNUM ioctl, which uses kernel-resident data structures, not ipmgmtd's data.

rpz@thunderhead:~$ pfexec mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc apix scsi_vhci zfs sata ip hook neti sockfs arp usba smbios fctl stmf stmf_sbd mm sd lofs random idm mr_sas crypto ptm cpc fcip fcp ufs logindmux nsmb smbsrv nfs ]
> ::illif
            ADDR IP          AVLADDR   NUMNODES            ARENA NAME      
fffffe5941271520 v4 fffffe5941271530          1                0 lo
fffffe59422f3200 v4 fffffe59422f3210          1                0 igb
fffffe5941488aa8 v6 fffffe5941488ab8          1                0 lo
fffffe59422f30c0 v6 fffffe59422f30d0          1                0 igb

I haven't had the time to track down the exact cause yet. But my guess is that ipmgmtd is failing to undo its active state on a failed ioctl. Furthermore, perhaps ipmgmtd needs to check the privs of the user somehow? I'm not really familiar enough with ipmgmtd and privs to know offhand.

If you happen to hit this bug you can get out of it pretty easily: just delete the interface. The ipadm command will complain that it doesn't exist, but it will still have the effect of cleaning up the bad ipmgmtd state.

rpz@thunderhead:~$ pfexec ipadm create-addr -T addrconf sim1/v6
ipadm: Could not create address: Address object already exists

rpz@thunderhead:~$ pfexec ipadm delete-if sim1
ipadm: Could not delete sim1: Interface does not exist

rpz@thunderhead:~$ pfexec ipadm create-addr -T addrconf sim1/v6

rpz@thunderhead:~$ ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
igb1/v4           static   ok           192.168.2.8/24
lo0/v6            static   ok           ::1/128
sim1/v6           addrconf ok           fe80::8086:2dff:fe0a:e0f7/10

rpz@thunderhead:~$ ipadm show-if
IFNAME     STATE    CURRENT      PERSISTENT
lo0        ok       -m-v------46 ---
igb1       ok       bm--------46 -46
sim1       ok       bm--------46 -46

No data to display

Also available in: Atom PDF