From owner-freebsd-net@freebsd.org Thu Apr 20 12:49:53 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48760D4851B for ; Thu, 20 Apr 2017 12:49:53 +0000 (UTC) (envelope-from peter.blok@bsd4all.org) Received: from smtpq1.tb.mail.iss.as9143.net (smtpq1.tb.mail.iss.as9143.net [212.54.42.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 085AFF92 for ; Thu, 20 Apr 2017 12:49:51 +0000 (UTC) (envelope-from peter.blok@bsd4all.org) Received: from [212.54.42.135] (helo=smtp11.tb.mail.iss.as9143.net) by smtpq1.tb.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1d1Asp-00056M-G1; Thu, 20 Apr 2017 14:08:23 +0200 Received: from 5ed15678.cm-7-2b.dynamic.ziggo.nl ([94.209.86.120] helo=wan0.bsd4all.org) by smtp11.tb.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1d1Asp-0004ln-DZ; Thu, 20 Apr 2017 14:08:23 +0200 Received: from newnas (localhost [127.0.0.1]) by wan0.bsd4all.org (Postfix) with ESMTP id 325737CBC; Thu, 20 Apr 2017 14:08:23 +0200 (CEST) X-Virus-Scanned: amavisd-new at bsd4all.org Received: from wan0.bsd4all.org ([127.0.0.1]) by newnas (newnas.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOoUJW8gyrDg; Thu, 20 Apr 2017 14:08:21 +0200 (CEST) Received: from [192.168.1.64] (mm [192.168.1.64]) by wan0.bsd4all.org (Postfix) with ESMTPSA id 283937CB7; Thu, 20 Apr 2017 14:08:21 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: MFC VIMAGE fixes to 11-stable From: peter.blok@bsd4all.org In-Reply-To: <20170420124256.1190665d@x23> Date: Thu, 20 Apr 2017 14:08:20 +0200 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0E874FFD-735D-443C-A92E-F00E3737441C@bsd4all.org> References: <8E6FC1CD-24D5-46D5-A6A1-760DD612F92D@bsd4all.org> <20170420124256.1190665d@x23> To: Marko Zec X-Mailer: Apple Mail (2.3273) X-SourceIP: 94.209.86.120 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.2 cv=QacWhoTv c=1 sm=1 tr=0 a=IkzOOneQUJP1+bAPekPvBg==:17 a=IkcTkHD0fZMA:10 a=AzvcPWV-tVgA:10 a=6Q3WNqvRAAAA:8 a=6I5d2MoRAAAA:8 a=FFJHALQWnkoprFdbjYQA:9 a=yZZpNNtUPswjIHe7:21 a=dHqdDrHz7w_wCe-R:21 a=QEXdDO2ut3YA:10 a=I8PBwKCn76L9oNdl0isp:22 a=IjZwj45LgO3ly-622nXo:22 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 12:49:53 -0000 Hi Marko, Thanks for the pointer. It was not my intention to have this committed, = but it helped identify other problems. I have asked this before in = -current, but got no answer so I posted it here to get an answer. If you look inside slab_free_item there is a KASSERT for just this, so = that=E2=80=99s why I tried it. I have added debug information to print the zone=E2=80=99s and the = keg=E2=80=99s and It all looked good. I was not able to find any place = where we operated on the wrong context, but perhaps I missed one. I=E2=80=99ll dig further. Peter > On 20 Apr 2017, at 12:42, Marko Zec wrote: >=20 > On Wed, 19 Apr 2017 21:31:50 +0200 > wrote: > ... >> I also have a change in zone_release to fix another panic and leak in >> slab_free_item. The issue is that zone_release tries to release a keg >> that never belonged to the zone it is trying to release. With my >> limited knowledge, i think that should not happen. >>=20 >> --- vm/uma_core.c (revision 317156) >> +++ vm/uma_core.c (working copy) >> @@ -2846,7 +2846,8 @@ >> KEG_LOCK(keg); >> } >> } >> - slab_free_item(keg, slab, item); >> + if (keg =3D=3D slab->us_keg) >> + slab_free_item(keg, slab, item); >> if (keg->uk_flags & UMA_ZFLAG_FULL) { >> if (keg->uk_pages < keg->uk_maxpages) { >> keg->uk_flags &=3D ~UMA_ZFLAG_FULL; >>=20 >=20 > This change only masks the cause of the panic while still continuing = to > leak memory, and should never be commited. >=20 > The real culprit lies somewhere in PF code which operates on a wrong > vnet. Without a backtrace it's difficult to guess, but a quick read > reveals that >=20 > pfi_initialize() >=20 > is called from the default vnet context, and subsequently registers > interface eventhandlers so that all interface attach, change and = detach > events will be always executed in the default vnet, regardless of the > real vnet where the interfaces bound to the events actually reside. = In > other words, >=20 > pfi_attach_group_event() > pfi_change_group_event() > pfi_detach_group_event() >=20 > will operate fine only in the default vnet, but will wreak havoc > otherwise. Hence, those handlers should be fixed first. >=20 > Marko > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"