Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Jul 2001 17:02:32 -0400 (EDT)
From:      Garrett Wollman <wollman@lcs.mit.edu>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/28927: IPv6 prefix-discovery code sleeps when it shouldn't
Message-ID:  <200107122102.f6CL2Ws00422@watchdog.lcs.mit.edu>
next in thread | raw e-mail | index | archive | help 

>Number:         28927
>Category:       kern
>Synopsis:       IPv6 prefix-discovery code sleeps when it shouldn't
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 12 14:10:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Wollman
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
MIT Laboratory for Computer Science
>Environment:
System: FreeBSD watchdog.lcs.mit.edu 4.3-STABLE FreeBSD 4.3-STABLE #3: Thu Jul 12 12:40:59 EDT 2001 root@:/usr/src/sys/compile/WATCHDOG i386


	
>Description:
	When acquiring a new prefix from a router, the IPv6 code
	can call malloc(..., M_WAITOK) from interrupt context.
	This causes a crash.  It is clear from the context that
	the code was written to be able to fail gracefully,
	and that it is called from interrupt context, so the
	solution is trivial.

	For some reason, this error only manifested itself when
	I switched from an `fxp' to a `ti' network interface,
	perhaps because the latter takes an inordinate amount
	of time to bring the link up, so that the initial
	router discovery message is never sent and the new
	prefix is only learned through the router's periodic
	broadcasts.
>How-To-Repeat:
	Run IPv6 on a Netgear GA620T.  Run a mildly network-intensive
	task and wait for the BOOM!
>Fix:

Index: netinet6/in6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
retrieving revision 1.7.2.3
diff -u -r1.7.2.3 in6.c
--- netinet6/in6.c	2001/07/03 11:01:50	1.7.2.3
+++ netinet6/in6.c	2001/07/12 16:40:26
@@ -900,7 +900,7 @@
 	if (ia == NULL) {
 		hostIsNew = 1;
 		ia = (struct in6_ifaddr *)
-			malloc(sizeof(*ia), M_IFADDR, M_WAITOK);
+			malloc(sizeof(*ia), M_IFADDR, M_NOWAIT);
 		if (ia == NULL)
 			return (ENOBUFS);
 		bzero((caddr_t)ia, sizeof(*ia));
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107122102.f6CL2Ws00422>