Date: Fri, 10 Jan 2014 09:37:33 +0100 From: Fabien Thomas <fabien.thomas@netasq.com> To: pyunyh@gmail.com Cc: Jack F Vogel <jfv@freebsd.org>, Alexandre Martins <alexandre.martins@netasq.com>, freebsd-current <freebsd-current@freebsd.org>, Damien DEVILLE <damien.deville@netasq.com> Subject: Re: FreeBSD 10-RC4: Got crash in igb driver Message-ID: <80AC5F96-BB64-4F81-BFE1-0392B7D7203A@netasq.com> In-Reply-To: <20140110012114.GA3103@michelle.cdnetworks.com> References: <48005124.ny58tnLn4d@pc-alex> <20140110012114.GA3103@michelle.cdnetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 10 janv. 2014 =E0 02:21, Yonghyeon PYUN <pyunyh@gmail.com> a =E9crit = : > On Thu, Jan 09, 2014 at 04:06:09PM +0100, Alexandre Martins wrote: >> Dear, >>=20 >> I experience some troubles with the igb device driver on FreeBSD = 10-RC4. >>=20 >> The kernel make a pagefault in the igb_tx_ctx_setup function when = accessing to=20 >> a IPv6 header. >>=20 >> The network configuration is the following: >> - box acting as an IPv6 router >> - one interface with an IPv6 (igb0) >> - another interface with a vlan, and IPv6 on it (vlan0 on igb1) >>=20 >> Vlan Hardware tagging is set on both interfaces. >>=20 >> The packet that cause the crash come from igb0 and go to vlan0. >>=20 >> After investigation, i see that the mbuf is split in two. The first = one carry=20 >> the ethernet header, the second, the IPv6 header and data payload. >>=20 >> The split is due to the "m_copy" done in ip6_forward, that make the = mbuf not=20 >> writable and the "M_PREPEND" in ether_output that insert the new mbuf = before=20 >> the original one. >>=20 >> The kernel crashes only if the newly allocated mbuf is at the end of = a memory=20 >> page, and no page is available after this one. So, it's extremly = rare. >>=20 >> I inserted a "KASSERT" into the function (see attached patch) to = check this=20 >> behavior, and it raises on every IPv6 forwarded packet to the vlan. = The=20 >> problem disapear if i remove hardware tagging. >>=20 >> In the commit 256200, i see that pullups has been removed. May it be = related ? >>=20 >=20 > I think I introduced the header parsing code to meet controller > requirement in em(4) and Jack borrowed that code in the past but it > seems it was removed in r256200. It seems igb_tx_ctx_setup() > assumes it can access ethernet/IP/TCP/UDP headers in the first mbuf > of the chain. > This looks wrong to me. Instead of patching each driver with pullup code we can add a generic = pullup code ? - get the contiguous protocol requirement (L2, L3, L4) from underlying = driver. - do the pullup >=20 >> Can you confirm the problem ? >>=20 >=20 > Probably Jack can tell more about change made in r256200. It's not > easy for me to verify correctness of igb(4) at this moment. >=20 >> Best regards >>=20 >> --=20 >> Alexandre Martins >> NETASQ -- We secure IT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80AC5F96-BB64-4F81-BFE1-0392B7D7203A>