Date: Tue, 11 Oct 2005 15:07:49 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Andrew Thompson <thompsa@freebsd.org>, Brooks Davis <brooks@one-eyed-alien.net>, Yar Tikhiy <yar@comp.chem.msu.su>, Pawel Jakub Dawidek <pjd@freebsd.org>, FreeBSD Current <current@freebsd.org> Subject: Re: panic: ifc_free_unit: bit is already cleared Message-ID: <20051011220749.GD13461@odin.ac.hmc.edu> In-Reply-To: <20051011210602.GA5714@heff.fud.org.nz> References: <20051005024903.GA72743@heff.fud.org.nz> <20051005203639.GA20552@garage.freebsd.pl> <20051005205515.GA30350@odin.ac.hmc.edu> <20051005210950.GB75848@heff.fud.org.nz> <20051009232849.GA27349@comp.chem.msu.su> <20051010022208.GA97249@heff.fud.org.nz> <20051010202900.GA24213@odin.ac.hmc.edu> <20051011210602.GA5714@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
--LTeJQqWS0MN7I/qa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 12, 2005 at 10:06:02AM +1300, Andrew Thompson wrote: > On Mon, Oct 10, 2005 at 01:29:00PM -0700, Brooks Davis wrote: > > On Mon, Oct 10, 2005 at 03:22:08PM +1300, Andrew Thompson wrote: > > > On Mon, Oct 10, 2005 at 03:28:49AM +0400, Yar Tikhiy wrote: > > > > FWIW, I tried to look at the $subject problem since I had had it > > > > before, but just got a different panic: > > > >=20 > > > > Memory modified after free 0xc140b000(4092) val=3Ddeadc0dc = @ 0xc140b000 > > > > panic: Most recently used by clone > > > >=20 > > > > The clone code seems to have decremented something (refcount?) twice > > > > after freeing the memory chunk. > > >=20 > > > I have been testing this patch and I think it fixes all the problems > > > discussed. > > >=20 > > > It changes refcounting to count the number of cloned interfaces so > > > ifc_units is only freed when its safe. A new function has been added = to > > > decrement this when a simple cloner module is unloaded. The cloner is > > > still detached first to prevent the race. > > >=20 > > > In most cases the change is as simple as: > >=20 > > I don't see any reason why you can't just replace the specific destroy > > calls with calls to ifc_simple_destroy(). That would avoid expanding > > the API. >=20 > I have updated the patch and yes, its a nicer way to do it. Please > review. >=20 > Ive run through interations of create/kldunload with bridge, disc, > faith, gif, gre and ppp with extra printf's and its freeing correctly. This looks good to me, thanks for working on this and doing the <ifn>_destory removals. Let's see about getting this committed. Slightly longer term I think should consider hanging the interface list off the cloner or maybe off some more generic per driver struct so if_clone_detach() can destroy the interfaces and the unload code becomes a one-liner in most cases. The current code is a result of not wanting to mess with the drivers too much initially, but I think we need to start looking at moving more bits into the support code. After all, if we only write something once instead of once per interface, that's a lot less opportunities to screw up. :) -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --LTeJQqWS0MN7I/qa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDTDe0XY6L6fI4GtQRAmHsAJ0fam9zzgO9GSog2U1+aVrKALjN7wCfSbHH kaolDnUHLNl6Mmg1RrWPD08= =/Kmv -----END PGP SIGNATURE----- --LTeJQqWS0MN7I/qa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051011220749.GD13461>