From owner-freebsd-bugs@FreeBSD.ORG Thu Sep 30 23:20:25 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AFF416A4D2 for ; Thu, 30 Sep 2004 23:20:25 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0AF943D4C for ; Thu, 30 Sep 2004 23:20:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8UNKOWW030994 for ; Thu, 30 Sep 2004 23:20:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8UNKOZ0030993; Thu, 30 Sep 2004 23:20:24 GMT (envelope-from gnats) Resent-Date: Thu, 30 Sep 2004 23:20:24 GMT Resent-Message-Id: <200409302320.i8UNKOZ0030993@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Richard Andrades Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCC1016A4CE for ; Thu, 30 Sep 2004 23:18:25 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97A7643D39 for ; Thu, 30 Sep 2004 23:18:25 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i8UNIPD5056272 for ; Thu, 30 Sep 2004 23:18:25 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i8UNIPXl056271; Thu, 30 Sep 2004 23:18:25 GMT (envelope-from nobody) Message-Id: <200409302318.i8UNIPXl056271@www.freebsd.org> Date: Thu, 30 Sep 2004 23:18:25 GMT From: Richard Andrades To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: kern/72217: Bug in calculation of the parameter for the in6_rtqtimo and in6_mtutimo timeout functions X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 23:20:25 -0000 >Number: 72217 >Category: kern >Synopsis: Bug in calculation of the parameter for the in6_rtqtimo and in6_mtutimo timeout functions >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 30 23:20:24 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Richard Andrades >Release: FreeBSD 4.9 RELEASE >Organization: UTStarcom >Environment: FreeBSD mobo14 4.9-RELEASE FreeBSD 4.9-RELEASE #0 root@rainier.nj.us.utstar.com:/usr/home/build/richard/main/os/freebsd/kernel/DISKLESS i386 >Description: The current time is not subtracted from the calculated (future) absolute time for the timeout function before calling timeout() - which expects a relative time. This results in the function getting called after a (much) larger than expected timeout time interval. >How-To-Repeat: These timeouts are not used very often so it is not easy to notice this problem. It does not show up normally. Only found them by accident while debugging the timer code for an unrelated problem. >Fix: FILE: src/sys/netinet6/in6_rmx.c The bug is present in two separate functions in this file. static void in6_rtqtimo(void *rock) { .. .. .. atv.tv_usec = 0; atv.tv_sec = arg.nextstop; /* BUG: Must subtract current time */ timeout(in6_rtqtimo, rock, tvtohz(&atv)); } AND: static void in6_mtutimo(void *rock) { .. .. .. atv.tv_usec = 0; atv.tv_sec = arg.nextstop; if (atv.tv_sec < time_second) { printf("invalid mtu expiration time on routing table\n"); arg.nextstop = time_second + 30; /* last resort */ } /* BUG: Must subtract surrent time */ timeout(in6_mtutimo, rock, tvtohz(&atv)); } Change to: static void in6_rtqtimo(void *rock) { .. .. .. atv.tv_usec = 0; atv.tv_sec = arg.nextstop - time_second; /* Fix: Subtract current time */ timeout(in6_rtqtimo, rock, tvtohz(&atv)); } AND: static void in6_mtutimo(void *rock) { .. .. .. atv.tv_usec = 0; atv.tv_sec = arg.nextstop; if (atv.tv_sec < time_second) { printf("invalid mtu expiration time on routing table\n"); arg.nextstop = time_second + 30; /* last resort */ } atv.tv_sec = arg.nextstop - time_second; /* Fix: Subtract current time */ timeout(in6_mtutimo, rock, tvtohz(&atv)); } Note: These problems are still present in newer versions of FreeBSD although the code is now using callout_reset() instead of timeout(). >Release-Note: >Audit-Trail: >Unformatted: