Date: Thu, 5 Feb 2015 05:24:25 +0000 From: "rrs (Randall Stewart)" <phabric-noreply@FreeBSD.org> To: freebsd-net@freebsd.org Subject: [Differential] [Commented On] D1777: Associated fix for arp/nd6 timer usage. Message-ID: <752ff810e14c92168bbc371f6d01d368@localhost.localdomain> In-Reply-To: <differential-rev-PHID-DREV-7mg6mtc3edzvrggvnij4-req@FreeBSD.org> References: <differential-rev-PHID-DREV-7mg6mtc3edzvrggvnij4-req@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
rrs added a comment. JHB: The scenario you outline is *exactly* the panic that was seen by sbruno. I guess my description was unclear. The existing code in that other thread <b> right now does a callout_stop and tests the return code. If its one its one (which says I canceled a callout) then it lowers the reference count. Then goes on down a few lines later and does a FREE_LLE_LOCKED macro which lowers the reference count again. The one return happens because the callout has a lock associated with it. If you change to MPSAFE then instead there is no lock so the callout_stop() will return zero since the callout can *not* be stopped. This means that the code at <b> *will not* lower the reference count. It then will call FREE_LLE_LOCKED() but it will find a reference of 2 not 1.. since it did not do the extra lower. So it returns without freeing the lle. When soft clock continues, the callout will run and since the reference was not lowered the memory has not been freed. REVISION DETAIL https://reviews.freebsd.org/D1777 To: rrs, imp, sbruno, gnn, rwatson, lstewart, kostikbel, adrian, bz, jhb Cc: bz, emaste, hiren, julian, hselasky, freebsd-net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?752ff810e14c92168bbc371f6d01d368>