Date: Fri, 11 Jan 2019 08:26:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234846] [lagg] race condition when adding port Message-ID: <bug-234846-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234846 Bug ID: 234846 Summary: [lagg] race condition when adding port Product: Base System Version: 11.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: alexandre.martins@stormshield.eu Greetings, I'm facing some random crash when I'm adding a port into an LACP aggregate. In the coredump, I found that the crash is due to a race condition when the interface is added to the aggregate. The condition is the following: The thread 1 (ifconfig lagg0 laggport em0) is adding an interface to an LACP aggregate. The code enter the function lagg_port_create in the file if_lagg.c. That function "publish" an update of the interface with the following code: /* Change the interface type */ lp->lp_iftype = ifp->if_type; ifp->if_type = IFT_IEEE8023ADLAG; ifp->if_lagg = lp; lp->lp_ioctl = ifp->if_ioctl; ifp->if_ioctl = lagg_port_ioctl; lp->lp_output = ifp->if_output; ifp->if_output = lagg_port_output; In the thread 2, thereafter that publication, a packet come on the interface em0, use the new state of the interface, so lagg_input_p is called. Because the setup of the LACP is not finished (the call to lagg_proto_addport is after the publication), the LACP code uses a NULL pointer and the kernel crashes. Can I change the code of the lagg_port_create function and put the "publication" of the new state of the interface at the end of the function ? Best regards, Alexandre -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234846-227>