Date: Sun, 22 May 2022 20:44:19 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 264094] cc_htcp(4): Setting net.inet.tcp.cc.algorithm to htcp triggers panic on the most recent CURRENT Message-ID: <bug-264094-7501-JpzPzaXjhy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-264094-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-264094-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264094 --- Comment #2 from Michael Tuexen <tuexen@freebsd.org> --- The panic happens on arm64, but not amd64. It does happen when using clang14 (most recent version in the main tree), it does not happen when using clang= 13. I also does not happen using clang14 when forcing htcp_recalc_beta() not to= be inlined. The panic happens when accessing V_htcp_adaptive_backoff in https://cgit.freebsd.org/src/tree/sys/netinet/cc/cc_htcp.c#n471 I disassembled htcp_recalc_beta() when using clang14 and the function not b= eing inlined. This is the relevant code: (kgdb) disassemble htcp_recalc_beta Dump of assembler code for function htcp_recalc_beta: 0x00000000000113cc <+0>: stp x29, x30, [sp, #-16]! 0x00000000000113d0 <+4>: mov x29, sp 0x00000000000113d4 <+8>: ldr x8, [x0] ; x8 =3D ccv 0x00000000000113d8 <+12>: ldr x9, [x18] ; x9 =3D curthread 0x00000000000113dc <+16>: adrp x10, 0x21000 ; x10 =3D ??? 0x00000000000113e0 <+20>: ldr x9, [x9, #1368] ; x9 =3D curthread->td_vnet 0x00000000000113e4 <+24>: ldr x10, [x10, #2168] ; x10 =3D ??? 0x00000000000113e8 <+28>: ldr x9, [x9, #40] ; x9 =3D curthread->td_vnet->vnet_data_base 0x00000000000113ec <+32>: ldr w9, [x9, x10] ; w9 =3D V_htcp_adaptive_backoff ??? 0x00000000000113f0 <+36>: cbz w9, 0x11428 <htcp_recalc_beta+92> I don't understand the computations in relation to x10, which is the offset used to get the relevant variable. However, this code works. Looking at the code generated by clang13 when htcp_recalc_beta() is inlined, one gets: 0xffff000150610f28 <+212>: ldr x10, [x0] ; x10 =3D = ccv 0xffff000150610f2c <+216>: ldr x11, [x18] ; x11 =3D curthread 0xffff000150610f30 <+220>: ldr x11, [x11, #1368] ; x11 =3D curthread->td_vnet 0xffff000150610f34 <+224>: ldr x12, [x11, #40] ; x12 =3D curthread->td_vnet->vnet_data_base 0xffff000150610f38 <+228>: adrp x11, 0xffff000150621000 ; ??? 0xffff000150610f3c <+232>: ldr x11, [x11, #2256] ; ??? 0xffff000150610f40 <+236>: ldr w12, [x12, x11] 0xffff000150610f44 <+240>: cbz w12, 0xffff000150610f7c <htcp_ack_received+296> It looks similar and it does work. Now comes the inlined code from clang14: 0xffff0001016acf28 <+212>: ldr x10, [x0] ; x10 =3D ccv 0xffff0001016acf2c <+216>: ldr x11, [x18] ; x11 =3D curthre= ad 0xffff0001016acf30 <+220>: ldr x12, [x11, #1368] ; x12 =3D curthread->td_vnet 0xffff0001016acf34 <+224>: nop 0xffff0001016acf38 <+228>: adr x11, 0xffff0001016bd520 <vnet_entry_htcp_adaptive_backoff> 0xffff0001016acf3c <+232>: ldr x12, [x12, #40] ; x12 =3D curthread->td_vnet->vnet_data_base =3D=3D>0xffff0001016acf40 <+236>: ldr w12, [x12, x11] 0xffff0001016acf44 <+240>: cbz w12, 0xffff0001016acf7c <htcp_ack_received+296> I reached out at arm-freebsd@freebsd.org for some help regarding the genera= ted code. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264094-7501-JpzPzaXjhy>