Date: Tue, 30 Sep 2025 04:59:20 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: Zhenlei Huang <zlei@freebsd.org> Cc: Gleb Smirnoff <glebius@freebsd.org>, src-committers@freebsd.org, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@FreeBSD.org" <dev-commits-src-main@freebsd.org> Subject: Re: svn commit: r256519 - in head/sys: net netatalk netinet netinet6 netipx Message-ID: <CAGudoHHew1oZazNVMSnGDfCMV%2By1Q1_f9K_CtRDWuppaiKyydQ@mail.gmail.com> In-Reply-To: <35D99D40-5534-402A-8479-64C71604206B@FreeBSD.org> References: <201310151031.r9FAVgRP008282@svn.freebsd.org> <CAGudoHGN=6-dFQ791_=kLBnYfyz9zm75-vJKh=e9gibaXun5NQ@mail.gmail.com> <35D99D40-5534-402A-8479-64C71604206B@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 30, 2025 at 4:38=E2=80=AFAM Zhenlei Huang <zlei@freebsd.org> wr= ote: > > > > > On Sep 29, 2025, at 10:29 PM, Mateusz Guzik <mjguzik@gmail.com> wrote: > > > > On Tue, Oct 15, 2013 at 12:31=E2=80=AFPM Gleb Smirnoff <glebius@freebsd= .org> wrote: > >> > >> Author: glebius > >> Date: Tue Oct 15 10:31:42 2013 > >> New Revision: 256519 > >> URL: http://svnweb.freebsd.org/changeset/base/256519 > >> > >> Log: > >> Remove ifa_init() and provide ifa_alloc() that will allocate and se= tup > >> struct ifaddr internally. > >> > >> Sponsored by: Netflix > >> Sponsored by: Nginx, Inc. > >> > >> Modified: > >> head/sys/net/if.c > >> head/sys/net/if_var.h > >> head/sys/netatalk/at_control.c > >> head/sys/netinet/in.c > >> head/sys/netinet6/in6.c > >> head/sys/netipx/ipx.c > >> > >> Modified: head/sys/net/if.c > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > >> --- head/sys/net/if.c Tue Oct 15 10:19:24 2013 (r256518) > >> +++ head/sys/net/if.c Tue Oct 15 10:31:42 2013 (r256519) > >> @@ -633,8 +633,7 @@ if_attach_internal(struct ifnet *ifp, in > >> socksize =3D sizeof(*sdl); > >> socksize =3D roundup2(socksize, sizeof(long)); > >> ifasize =3D sizeof(*ifa) + 2 * socksize; > >> - ifa =3D malloc(ifasize, M_IFADDR, M_WAITOK | M_ZERO); > >> - ifa_init(ifa); > >> + ifa =3D ifa_alloc(ifasize, M_WAITOK); > >> sdl =3D (struct sockaddr_dl *)(ifa + 1); > >> sdl->sdl_len =3D socksize; > >> sdl->sdl_family =3D AF_LINK; > >> @@ -1417,13 +1416,23 @@ if_maddr_runlock(struct ifnet *ifp) > >> /* > >> * Initialization, destruction and refcounting functions for ifaddrs. > >> */ > >> -void > >> -ifa_init(struct ifaddr *ifa) > >> +struct ifaddr * > >> +ifa_alloc(size_t size, int flags) > >> { > >> + struct ifaddr *ifa; > >> + > >> + KASSERT(size >=3D sizeof(struct ifaddr), > >> + ("%s: invalid size %zu", __func__, size)); > >> + > > > > We have crashes stemming from this: > > > > panic: ifa_alloc: invalid size 16 > > > > panic() at panic+0x43/frame 0xfffffe009e777760 > > ifa_alloc() at ifa_alloc+0xd6/frame 0xfffffe009e777780 > > in6_ifadd() at in6_ifadd+0xd8/frame 0xfffffe009e7778a0 > > nd6_ra_input() at nd6_ra_input+0x1023/frame 0xfffffe009e777a80 > > icmp6_input() at icmp6_input+0x5b6/frame 0xfffffe009e777c00 > > ip6_input() at ip6_input+0xc94/frame 0xfffffe009e777ce0 > > sppp_input() at sppp_input+0x502/frame 0xfffffe009e777d70 > > pppoe_data_input() at pppoe_data_input+0x1e7/frame 0xfffffe009e777de0 > > swi_net() at swi_net+0x19b/frame 0xfffffe009e777e60 > > ithread_loop() at ithread_loop+0x266/frame 0xfffffe009e777ef0 > > fork_exit() at fork_exit+0x82/frame 0xfffffe009e777f30 > > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe009e777f30 > > > > in6_ifadd has: > > struct in6_addr taddr; > > ifa =3D ifa_alloc(sizeof(taddr), M_WAITOK); > > > > should the assert be simply removed? > > Hi Mateusz, > > I believe you just found a bug. > > Try the following patch please, > > --- a/sys/netinet6/nd6_rtr.c > +++ b/sys/netinet6/nd6_rtr.c > @@ -1243,8 +1243,7 @@ in6_ifadd(struct nd_prefixctl *pr, int mcast) > > /* No suitable LL address, get the ifid directly */ > if (ifid_addr =3D=3D NULL) { > - struct in6_addr taddr; > - ifa =3D ifa_alloc(sizeof(taddr), M_WAITOK); > + ifa =3D ifa_alloc(sizeof(struct in6_ifaddr), M_WA= ITOK); > if (ifa) { > ib =3D (struct in6_ifaddr *)ifa; > ifid_addr =3D &ib->ia_addr.sin6_addr; > Thanks for the patch. I don't have means to readily test it. This panic was getting in the way of looking at another panic so I did not pay much attention. But now that you point this out, I don't think the patch is sufficient. in6_get_ifid starts with NET_EPOCH_ASSERT. At the same time malloc(..., M_WAITOK) is illegal to call from an epoch sec= tion. I don't know if in6_ifadd is called within net epoch, either way the above two are clearly contradictory. Is there are a reason to malloc this in the first place?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGudoHHew1oZazNVMSnGDfCMV%2By1Q1_f9K_CtRDWuppaiKyydQ>