From owner-freebsd-net@FreeBSD.ORG Thu Jan 25 16:34:56 2007 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 180EA16A401; Thu, 25 Jan 2007 16:34:56 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.freebsd.org (Postfix) with ESMTP id 9611D13C459; Thu, 25 Jan 2007 16:34:55 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id l0PGOMFZ009041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Jan 2007 19:24:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id l0PGOMY8009040; Thu, 25 Jan 2007 19:24:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 25 Jan 2007 19:24:22 +0300 From: Gleb Smirnoff To: bms@FreeBSD.org, rwatson@FreeBSD.org Message-ID: <20070125162422.GA7922@bestcom.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i Cc: net@FreeBSD.org Subject: rev. 1.94 of netinet/in.c broke CARP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2007 16:34:56 -0000 Hello, colleagues! I've just discovered, that revision 1.94 of in.c has broke CARP. This change adds a code to in_ifdetach() that goes through the global list of all multicast instances and deletes all the instances, that are belonging to a particular interface. This is intended to avoid leaking multicast instances. Before this change, most of the subsystems, that allocated multicast membership instances had freed is theirselves. I don't know about others, but at least CARP is broken now. It attempts to free a memory, that already has been freed. The scenario is: ifconfig vlan0 create ifconfig vlan0 vlandev em0 vlan 1 10.0.0.1/24 ifconfig carp0 create ifconfig carp0 vhid 1 10.0.0.2/24 ifconfig vlan0 destroy The codepath is: if_detach(vlan0) event_handler_invoke() carp_ifdetach(vlan0) carpdetach(carp0) carp_multicast_cleanup(carp0) in_delmulti(a freed inm) That inm has been freed earlier in if_detach() before event handler has called its hooks. Bruce and Robert, I suppose you can tell me the correct way to deal with multicast memberships now, when there is a generic GC function for them. Should I just stop referencing the inms from CARP softc, and don't care about them? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE