[Issue] FreeBSD 10 emulated 0xE001 NIC overwrites freed mbuf on handling JUMBO Frames

[sundar]

I've a Emulated 0xE001 NIC on my BSD10FreeBSD 10 VM. FreeBSD 10 manages the device through if_lem.c driver.

Issue:
There are "mbuf" memory overwrite issues noticed while using the driver when JUMBO frames are enabled.
I.e the driver seems to access a freed mbuf after the recv buffer is freed

Instead of if_lem.c, if the device is managed through if_em.c, the device is quite stable and is working fine.

Looking for answers to the following:
1. any known issues with if_lem.c in handling JUMBO frames?
2. any pointers in handling the "memory overwrite" issue?
3. Is it advisable to manage the "Emulated 0xE001" NIC with if_em.c instead of if_lem.c?

Thanks in advance
- Sundar

 

[wblock@]

It might be helpful to identify the VM software and the exact version of FreeBSD.

How did you identify the problem?

 

[sundar]

It might be helpful to identify the VM software and the exact version of FreeBSD.

- I am using "QEMU emulator version 1.5.0"
- With FreeBSD 10, E1000_DEV_ID_82540EM is handled with if_lem.c. while the same was handled in BSD6 with if_em.c

How did you identify the problem?

- initially the issue was narrowed down to the JUMBO Frames. once the interface was configured for MTU=1500, the issue is no more seen.
- verified the Emulated Intel E1000 NIC with if_em.c instead of if_lem.c. with if_em.c, with MTU=9512, there was no issues observed.

The effort is carried out in order to migrate FreeBSD from FreeBSD 6 to FreeBSD 10
With FreeBSD 6, the Emulated E1000 NIC is handled through if_em.c. This is the reason the device was verified with if_em.c.

 

[wblock@]

Is the bug in FreeBSD or in QEMU? Trying it in VirtualBox should help narrow that down. VirtualBox can emulate several different Intel cards, which might also help in proving the source of the problem.

 

[sundar]

Is the bug in FreeBSD or in QEMU? Trying it in VirtualBox should help narrow that down. VirtualBox can emulate several different Intel cards, which might also help in proving the source of the problem.

While, I try the same on a VirtualBox and get back.

How to explain the behaviour as below, with the same QEMU:
- With FreeBSD 10, if_em.c is able to configure the device working without any issues. while if_lem.c alone has the issues.-
- Emulated NIC is working fine with FreeBSD 6. but with FreeBSD 10, it isnt working.

The above behavior is what makes me suspect FreeBSD 10 driver than the QEMU!!

Also, there are notes in the driver that mentions about issues with JUMBO frames support. please advise on any specific portions with the driver that i can play around with.

 

[fnoyanisi]

It is a long way from FreeBSD 6 to FreeBSD 10, but may want to check commit logs from the SVN and try to figure out what might have happened that would cause the issue you have.

With regards to your first questions; Yes, seems like , as you might have already discovered, there are some design issues that may cause memory problems. Saying that, these issues are not necessarliy due to FreeBSD driver/code. Some comments from the if_lem.c source.

You may also want to flick an email to freebsd-wireless email group and ask the same question there once you are confident that the problem is due to the FreeBSD driver rather than the emulated NIC on QEMU.