From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 06:53:42 2011 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 82DB4106564A; Fri, 15 Jul 2011 06:53:42 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 0C8C48FC0C; Fri, 15 Jul 2011 06:53:41 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.4/8.14.4) with ESMTP id p6F6re6R023275; Fri, 15 Jul 2011 10:53:40 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.4/8.14.4/Submit) id p6F6rep1023274; Fri, 15 Jul 2011 10:53:40 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 15 Jul 2011 10:53:40 +0400 From: Gleb Smirnoff To: bz@FreeBSD.org, rwatson@FreeBSD.org, gnn@FreeBSD.org, net@FreeBSD.org Message-ID: <20110715065340.GK70776@glebius.int.ru> References: <20110714154457.GI70776@FreeBSD.org> <20110715002701.GH1822@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20110715002701.GH1822@funkthat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: Re: m_pkthdr.rcvif dangling pointer problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2011 06:53:42 -0000 On Thu, Jul 14, 2011 at 05:27:01PM -0700, John-Mark Gurney wrote: J> Gleb Smirnoff wrote this message on Thu, Jul 14, 2011 at 19:44 +0400: J> > 2) kib@ suggested to allocate ifnets from a UMA_ZONE_NOFREE zone. J> > I've made a compilable & working patch: J> > J> > http://people.freebsd.org/~glebius/patches/ifnet.no_free J> > J> > But on second though I find this a bad idea, this is just fooling J> > of INVARIANTS. Yes, we avoid thrashing of freed memory and rewriting J> > it by some other kernel allocation. But still out pointer point to J> > invalid ifnet. Even, if we make a check for IFF_DYING flag, we still J> > can not guarantee that an interface had been re-allocated for a new J> > instance. This would be not a panic condition, but subtle bugs in J> > firewalls. J> > J> > 3) As we now have a straight if_index table that can grow, what about J> > storing the if_index in the m_pkthdr? Lookup of interface by index J> > is fast enough if done lockless. Doing it lockless isn't perfect, but J> > better than current pointer dereferncing. Optionally it could be J> > done with locking and with putting a reference. To avoid situation J> > with with getting to a re-allocated interface with the same index, J> > we can use a unique cookie, that is incremented in if_alloc(). J> J> How is this any different than #2? I assume that if_index's are reused J> causing the same issues w/ the firewall that #2 has. See last sentence: to avoid this situation we also store an interface cookie. Index for fast lookup. Cookie to check that this is the same interface. -- Totus tuus, Glebius.