From owner-freebsd-bugs Thu Jul 12 14:10: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7B0AD37B403 for ; Thu, 12 Jul 2001 14:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6CLA1q17723; Thu, 12 Jul 2001 14:10:01 -0700 (PDT) (envelope-from gnats) Received: from watchdog.lcs.mit.edu (watchdog.lcs.mit.edu [18.24.4.198]) by hub.freebsd.org (Postfix) with ESMTP id 7A3C037B401 for ; Thu, 12 Jul 2001 14:02:33 -0700 (PDT) (envelope-from root@watchdog.lcs.mit.edu) Received: (from root@localhost) by watchdog.lcs.mit.edu (8.11.4/8.11.4) id f6CL2Ws00422; Thu, 12 Jul 2001 17:02:32 -0400 (EDT) (envelope-from root) Message-Id: <200107122102.f6CL2Ws00422@watchdog.lcs.mit.edu> Date: Thu, 12 Jul 2001 17:02:32 -0400 (EDT) From: Garrett Wollman To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/28927: IPv6 prefix-discovery code sleeps when it shouldn't Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 28927 >Category: kern >Synopsis: IPv6 prefix-discovery code sleeps when it shouldn't >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 12 14:10:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Garrett Wollman >Release: FreeBSD 4.3-STABLE i386 >Organization: MIT Laboratory for Computer Science >Environment: System: FreeBSD watchdog.lcs.mit.edu 4.3-STABLE FreeBSD 4.3-STABLE #3: Thu Jul 12 12:40:59 EDT 2001 root@:/usr/src/sys/compile/WATCHDOG i386 >Description: When acquiring a new prefix from a router, the IPv6 code can call malloc(..., M_WAITOK) from interrupt context. This causes a crash. It is clear from the context that the code was written to be able to fail gracefully, and that it is called from interrupt context, so the solution is trivial. For some reason, this error only manifested itself when I switched from an `fxp' to a `ti' network interface, perhaps because the latter takes an inordinate amount of time to bring the link up, so that the initial router discovery message is never sent and the new prefix is only learned through the router's periodic broadcasts. >How-To-Repeat: Run IPv6 on a Netgear GA620T. Run a mildly network-intensive task and wait for the BOOM! >Fix: Index: netinet6/in6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6.c,v retrieving revision 1.7.2.3 diff -u -r1.7.2.3 in6.c --- netinet6/in6.c 2001/07/03 11:01:50 1.7.2.3 +++ netinet6/in6.c 2001/07/12 16:40:26 @@ -900,7 +900,7 @@ if (ia == NULL) { hostIsNew = 1; ia = (struct in6_ifaddr *) - malloc(sizeof(*ia), M_IFADDR, M_WAITOK); + malloc(sizeof(*ia), M_IFADDR, M_NOWAIT); if (ia == NULL) return (ENOBUFS); bzero((caddr_t)ia, sizeof(*ia)); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message