Date: Mon, 3 Feb 2014 19:33:21 -0800 From: Vijay Singh <vijju.singh@gmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: vnet deletion panic Message-ID: <CALCNsJQSfqyXUuiGUPwmuXH3OCdmMRVSZtZSDQEBTb9csQAe4Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm running into a crash due on vnet deletion in the presence of routing
sockets. The root cause seems to originate from():
if_detach_internal() -> if_down(ifp) -> if_unroute() -> rt_ifmsg() ->
rt_dispatch()
In rt_dispatch() we have:
#ifdef VIMAGE
if (V_loif)
m->m_pkthdr.rcvif = V_loif;
#endif
netisr_queue(NETISR_ROUTE, m);
Now since this would be processed async, and the ifp alove is the loopback
of the vnet being deleted, we run into accessing a freed pointer (ifp) when
netisr picks up the mbuf. So I am wondering how to fix this. I am thinking
that we could do something like the following in rt_dispatch():
#ifdef VIMAGE
if (V_loif) {
if ((ifp == V_loif) && !IS_DEFAULT_VNET(curvnet)) {
CURVNET_SET_QUIET(vnet0);
m->m_pkthdr.rcvif = V_loif;
CURVNET_RESTORE();
} else
m->m_pkthdr.rcvif = V_loif;
}
#endif
So basically switch to the default vnet for the mbuf with the routing
socket message. Thoughts?
-vijay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALCNsJQSfqyXUuiGUPwmuXH3OCdmMRVSZtZSDQEBTb9csQAe4Q>