Date: Tue, 12 Dec 2006 14:13:34 +0100 From: Bernd Walter <ticso@cicely12.cicely.de> To: Luigi Rizzo <luigi@FreeBSD.org>, imp@FreeBSD.org Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net if_ethersubr.c Message-ID: <20061212131333.GU54209@cicely12.cicely.de> In-Reply-To: <200612081036.kB8AakMD029277@repoman.freebsd.org> References: <200612081036.kB8AakMD029277@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 08, 2006 at 10:36:46AM +0000, Luigi Rizzo wrote: > luigi 2006-12-08 10:36:45 UTC > > FreeBSD src repository > > Modified files: > sys/net if_ethersubr.c > Log: > Fix an oscure bug triggered by a recent change in kern_socket.c. > The symptoms were that outgoing DHCP requests for diskless kernels > had the IP header corrupt. After long investigations, the source of > the problem was found in ether_output() - for SIMPLEX interfaces > and broadcast traffic, a copy of the packet is passed back to the kernel > through if_simloop(). However if_simloop() modifies the mbuf, while > the copy obtained through m_copym() is a readonly one. > > The bug has been there forever, but it has been triggered only recently > by a change in sosend_dgram() which passed down mbufs with sufficient > space to prepend the header. > > This fix is trivial - use m_dup() instead of m_copy() to create > the copy. As an alternative, we could try and modify if_simloop() > to play safely with readonly mbufs, but i don't think it is worthwhile > because 1) this is a relatively infrequent code path so we do not need > to worry too much about performance, and 2) the cost of doing an > extra m_pullup in if_simloop() is probably the same as doing the > copy of the cluster, anyways. This change produces an alignment panic on arm. Reverting it gets my system back to live. Sending DHCP Discover packet from interface ate0 (00:0e:42:02:00:21) Fatal kernel mode data abort: 'Alignment Fault 3' trapframe: 0xc529fd98 FSR=000000f3, FAR=c08e181e, spsr=20000013 r0 =c08a2e00, r1 =c529fdec, r2 =00000045, r3 =000005d0 r4 =c08e180e, r5 =c01eb8a0, r6 =00000014, r7 =00000000 r8 =00000000, r9 =c01fb9ac, r10=c079acb8, r11=c529fe10 r12=c08a2e00, ssp=c529fde4, slr=c00d2670, pc =c00e2afc [thread pid 11 tid 100004 ] Stopped at ip_input+0x9c: ldr r1, [r4, #0x010] -- B.Walter http://www.bwct.de http://www.fizon.de bernd@bwct.de info@bwct.de support@fizon.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061212131333.GU54209>