Date: Fri, 30 Mar 2012 18:04:24 -0400 From: Andrew Boyer <aboyer@averesystems.com> To: freebsd-net@freebsd.org Subject: LACP kernel panics: /* unlocking is safe here */ Message-ID: <D02B1265-C1F4-4F6A-979D-E141565E813F@averesystems.com>
next in thread | raw e-mail | index | archive | help
While investigating a LACP issue, I turned on LACP_DEBUG on a debug =
kernel. In this configuration it's easy to panic the kernel - just run =
'ifconfig lagg0 laggproto lacp' on a lagg that's already in LACP mode =
and receiving LACP messages.
The problem is that lagg_lacp_detach() drops the lagg wlock (with the =
comment in the title), which allows incoming LACP messages to get =
through lagg_input() while the structure is being destroyed in =
lacp_detach().
There's a very simple fix, but I don't know if it's the best way to fix =
it. Resetting the protocol before calling sc_detach causes any further =
incoming packets to be dropped until the lagg gets reconfigured. =
Thoughts?
Is it safe to just hold on to the lagg wlock across the callout_drain() =
calls in lacp_detach()? That's what OpenBSD does.
-Andrew
Index: sys/net/if_lagg.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/net/if_lagg.c (revision 233707)
+++ sys/net/if_lagg.c (working copy)
@@ -952,9 +952,10 @@
}
if (sc->sc_proto !=3D LAGG_PROTO_NONE) {
LAGG_WLOCK(sc);
+ /* Reset protocol */
+ sc->sc_proto =3D LAGG_PROTO_NONE;
error =3D sc->sc_detach(sc);
- /* Reset protocol and pointers */
- sc->sc_proto =3D LAGG_PROTO_NONE;
+ /* Reset pointers */
sc->sc_detach =3D NULL;
sc->sc_start =3D NULL;
sc->sc_input =3D NULL;
--------------------------------------------------
Andrew Boyer aboyer@averesystems.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D02B1265-C1F4-4F6A-979D-E141565E813F>