Date: Thu, 12 Jul 2001 17:02:32 -0400 (EDT) From: Garrett Wollman <wollman@lcs.mit.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/28927: IPv6 prefix-discovery code sleeps when it shouldn't Message-ID: <200107122102.f6CL2Ws00422@watchdog.lcs.mit.edu>
next in thread | raw e-mail | index | archive | help
>Number: 28927 >Category: kern >Synopsis: IPv6 prefix-discovery code sleeps when it shouldn't >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 12 14:10:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Garrett Wollman >Release: FreeBSD 4.3-STABLE i386 >Organization: MIT Laboratory for Computer Science >Environment: System: FreeBSD watchdog.lcs.mit.edu 4.3-STABLE FreeBSD 4.3-STABLE #3: Thu Jul 12 12:40:59 EDT 2001 root@:/usr/src/sys/compile/WATCHDOG i386 >Description: When acquiring a new prefix from a router, the IPv6 code can call malloc(..., M_WAITOK) from interrupt context. This causes a crash. It is clear from the context that the code was written to be able to fail gracefully, and that it is called from interrupt context, so the solution is trivial. For some reason, this error only manifested itself when I switched from an `fxp' to a `ti' network interface, perhaps because the latter takes an inordinate amount of time to bring the link up, so that the initial router discovery message is never sent and the new prefix is only learned through the router's periodic broadcasts. >How-To-Repeat: Run IPv6 on a Netgear GA620T. Run a mildly network-intensive task and wait for the BOOM! >Fix: Index: netinet6/in6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6.c,v retrieving revision 1.7.2.3 diff -u -r1.7.2.3 in6.c --- netinet6/in6.c 2001/07/03 11:01:50 1.7.2.3 +++ netinet6/in6.c 2001/07/12 16:40:26 @@ -900,7 +900,7 @@ if (ia == NULL) { hostIsNew = 1; ia = (struct in6_ifaddr *) - malloc(sizeof(*ia), M_IFADDR, M_WAITOK); + malloc(sizeof(*ia), M_IFADDR, M_NOWAIT); if (ia == NULL) return (ENOBUFS); bzero((caddr_t)ia, sizeof(*ia)); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107122102.f6CL2Ws00422>