Date: Mon, 10 Nov 2003 14:36:26 -0800 From: Sam Leffler <sam@errno.com> To: Ian Dowse <iedowse@maths.tcd.ie> Cc: Larry Rosenman <ler@lerctr.org> Subject: Re: INPCB panic.... Message-ID: <200311101436.26555.sam@errno.com> In-Reply-To: <200311102219.aa37575@salmon.maths.tcd.ie> References: <200311102219.aa37575@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 10 November 2003 02:19 pm, Ian Dowse wrote: > In message <200311101159.44366.sam@errno.com>, Sam Leffler writes: > >On Monday 10 November 2003 11:37 am, Larry Rosenman wrote: > >> I removed my wi0 card (with DHCLIENT running), and got the following > >> panic on a -CURRENT from yesterday: > > > >Thanks. Working on it... > > FYI, I've been using the following patch locally which seems to > trigger the printf sometimes when wi0 is ejected. Without the patch, > it used to dereference a stale struct ifnet and crash. I have an > approx 1 week old kernel, so this particular problem may have been > fixed already. Your fix looks fine; please commit. It mimics what ip_output does. But there still look to be basic races with device removal/ifnet destruction. For example, ip_output grabs an ifnet reference from the routing table entry and uses it w/o any locking for a rather long time. If the device gets yanked in the interim it seems like you could be left holding a bogus reference. Seems like the whole if_detach path needs a careful rework. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311101436.26555.sam>