Date: Tue, 22 Feb 2000 13:23:27 +0900 From: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp> To: asmodai@bart.nl Cc: freebsd-current@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Panic (TCP) Message-ID: <20000222132327B.shin@nd.net.fujitsu.co.jp> In-Reply-To: <20000221144858.O84100@lucifer.bart.nl> References: <20000221134724.J84100@lucifer.bart.nl> <20000221223459W.shin@nd.net.fujitsu.co.jp> <20000221144858.O84100@lucifer.bart.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Woops sorry I was worng.
> >tp->tt_rexmt->c_flags is actually causing the panic, and the
> >necessary data is the contents of the tp->tt_rexmt->c_flags.
>
> (kgdb) print tp->tt_rexmt->c_flags
> $1 = 6
>
> (kgdb) print tp->tt_rexmt
> $2 = (struct callout *) 0xd5ce6c2c
>
> (kgdb) print (*tp->tt_rexmt)
> $3 = {c_links = {sle = {sle_next = 0xd5cd7c2c}, tqe = {tqe_next = 0xd5cd7c2c,
> tqe_prev = 0xd5cd83ac}}, c_time = 22275144, c_arg = 0xd5ce6b60,
> c_func = 0xc018bcdc <tcp_timer_rexmt>, c_flags = 6}
Wmm, the contents of tp->tt_rexmt not seems to be broken.
As the result of more review, I found one part which might
cause the problem in very delicate timing, tcp_output.c around line 776.
if (!callout_active(tp->tt_rexmt) &&
tp->snd_nxt != tp->snd_una) {
callout_reset(tp->tt_rexmt, tp->t_rxtcur,
tcp_timer_rexmt, tp);
if (callout_active(tp->tt_persist)) {
callout_stop(tp->tt_persist);
tp->t_rxtshift = 0;
}
}
If persist timer is working, and if it happen to timeout between
callout_reset(tp->tt_rexmt, tp->t_rxtcur,
tcp_timer_rexmt, tp);
and
callout_stop(tp->tt_persist);
then the panic might happen at tcp_setpersist().
This is same as Jan 5 version, but in more previous version,
the code was like below,
if (tp->t_timer[TCPT_REXMT] == 0 &&
tp->snd_nxt != tp->snd_una) {
tp->t_timer[TCPT_REXMT] = tp->t_rxtcur;
if (tp->t_timer[TCPT_PERSIST]) {
tp->t_timer[TCPT_PERSIST] = 0;
tp->t_rxtshift = 0;
}
}
Same problem might also happen in this case but the running
step were more fewer than now, so it was more difficult to
happen.
I think applying following patch will be safer.
Please review this patch.
(Same kind of patch might better to be applied into stable also.)
Thanks,
Yoshinobu Inoue
Index: tcp_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.39
diff -u -r1.39 tcp_output.c
--- tcp_output.c 2000/02/09 00:34:40 1.39
+++ tcp_output.c 2000/02/22 04:13:32
@@ -775,12 +775,12 @@
*/
if (!callout_active(tp->tt_rexmt) &&
tp->snd_nxt != tp->snd_una) {
- callout_reset(tp->tt_rexmt, tp->t_rxtcur,
- tcp_timer_rexmt, tp);
if (callout_active(tp->tt_persist)) {
callout_stop(tp->tt_persist);
tp->t_rxtshift = 0;
}
+ callout_reset(tp->tt_rexmt, tp->t_rxtcur,
+ tcp_timer_rexmt, tp);
}
} else
if (SEQ_GT(tp->snd_nxt + len, tp->snd_max))
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000222132327B.shin>