Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Sep 2020 12:45:31 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r365659 - stable/12/sys/net
Message-ID:  <202009121245.08CCjV3o028796@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Sat Sep 12 12:45:31 2020
New Revision: 365659
URL: https://svnweb.freebsd.org/changeset/base/365659

Log:
  MFC r365457:
  
  net: mitigate vnet / epair cleanup races
  
  There's a race where dying vnets move their interfaces back to their original
  vnet, and if_epair cleanup (where deleting one interface also deletes the other
  end of the epair). This is commonly triggered by the pf tests, but also by
  cleanup of vnet jails.
  
  As we've not yet been able to fix the root cause of the issue work around the
  panic by not dereferencing a NULL softc in epair_qflush() and by not
  re-attaching DYING interfaces.
  
  This isn't a full fix, but makes a very common panic far less likely.
  
  PR:		244703, 238870

Modified:
  stable/12/sys/net/if.c
  stable/12/sys/net/if_epair.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/net/if.c
==============================================================================
--- stable/12/sys/net/if.c	Sat Sep 12 11:24:36 2020	(r365658)
+++ stable/12/sys/net/if.c	Sat Sep 12 12:45:31 2020	(r365659)
@@ -1280,6 +1280,10 @@ if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
 	ifindex_free_locked(ifp->if_index);
 	IFNET_WUNLOCK();
 
+	/* Don't re-attach DYING interfaces. */
+	if (ifp->if_flags & IFF_DYING)
+		return;
+
 	/*
 	 * Perform interface-specific reassignment tasks, if provided by
 	 * the driver.

Modified: stable/12/sys/net/if_epair.c
==============================================================================
--- stable/12/sys/net/if_epair.c	Sat Sep 12 11:24:36 2020	(r365658)
+++ stable/12/sys/net/if_epair.c	Sat Sep 12 12:45:31 2020	(r365659)
@@ -609,8 +609,14 @@ epair_qflush(struct ifnet *ifp)
 	struct epair_softc *sc;
 	
 	sc = ifp->if_softc;
-	KASSERT(sc != NULL, ("%s: ifp=%p, epair_softc gone? sc=%p\n",
-	    __func__, ifp, sc));
+
+	/*
+	 * See epair_clone_destroy(), we can end up getting called twice.
+	 * Don't do anything on the second call.
+	 */
+	if (sc == NULL)
+		return;
+
 	/*
 	 * Remove this ifp from all backpointer lists. The interface will not
 	 * usable for flushing anyway nor should it have anything to flush



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009121245.08CCjV3o028796>