Date: Thu, 29 Jun 2006 16:36:30 +0200 From: Andre Oppermann <andre@freebsd.org> To: Yar Tikhiy <yar@comp.chem.msu.su> Cc: cvs-src@FreeBSD.org, Maxim Konovalov <maxim@macomnet.ru>, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net if_vlan.c Message-ID: <44A3E56E.9040705@freebsd.org> In-Reply-To: <20060629131201.GA67682@comp.chem.msu.su> References: <200606290752.k5T7qU06021639@repoman.freebsd.org> <20060629132354.D73145@mp2.macomnet.net> <20060629131201.GA67682@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Yar Tikhiy wrote: > On Thu, Jun 29, 2006 at 01:24:56PM +0400, Maxim Konovalov wrote: >> On Thu, 29 Jun 2006, 07:52-0000, Yar Tikhiy wrote: >> >>> yar 2006-06-29 07:52:30 UTC >>> >>> FreeBSD src repository >>> >>> Modified files: >>> sys/net if_vlan.c >>> Log: >>> Detach the interface first, do vlan_unconfig() then. >>> Previously, another thread could get a pointer to the >>> interface by scanning the system-wide list and sleep >>> on the global vlan mutex held by vlan_unconfig(). >>> The interface was gone by the time the other thread >>> woke up. >>> >>> In order to be able to call vlan_unconfig() on a detached >>> interface, remove the purely cosmetic bzero'ing of IF_LLADDR >>> from the function because a detached interface has no addresses. >>> >>> Noticed by: a stress-testing script by maxim >>> Reviewed by: glebius >> Still no cookie :-) >> >> db> bt >> Tracing pid 75800 tid 100098 td 0xc2b0e960 >> in_control(c2a1c67c,c02069f6,c40eece0,c2e66000,c2b0e960) at in_control+0x114 >> ifioctl(c2a1c67c,c02069f6,c40eece0,c2b0e960,0,...) at ifioctl+0xee >> soo_ioctl(c27cb4c8,c02069f6,c40eece0,c2c04980,c2b0e960) at soo_ioctl+0x2db >> ioctl(c2b0e960,d56a4d04) at ioctl+0x370 >> syscall(3b,3b,3b,bfbfe2c4,0,...) at syscall+0x27e >> Xint0x80_syscall() at Xint0x80_syscall+0x1f >> --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x2817cb43, esp = >> 0xbfbfe28c, ebp = 0xbfbfe2d8 --- >> >> Let me know if you need more info. > > I stress tested gif(4) in the same manner for kicks and got a very > similar panic in in_control(). I suppose that my change eliminated > a concurrency problem in vlan(4) and we began to feel the lack of > refcounting at ifnet level. Indeed, a thread can keep a pointer > to an ifnet beyond its lifetime and panic the system on access to > the dead ifnet. For the time being we should simply mark ifnet's dead but keep them around. Refcounting is most likely too expensive, especially on larger SMP systems. All users of ifnets then have to be teached to obey the dead flag. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44A3E56E.9040705>