Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Nov 2021 08:02:23 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver
Message-ID:  <bug-259458-7501-P6UNlgqRuZ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-259458-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-259458-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259458

--- Comment #20 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3D1bfdb812c786ac2607a82633f9c84a5d1=
6f54079

commit 1bfdb812c786ac2607a82633f9c84a5d16f54079
Author:     Andriy Gapon <avg@FreeBSD.org>
AuthorDate: 2021-11-19 07:56:30 +0000
Commit:     Andriy Gapon <avg@FreeBSD.org>
CommitDate: 2021-11-19 08:00:38 +0000

    iflib_stop: drain rx tasks to prevent any data races

    iflib_stop modifies iflib data structures that are used by _task_fn_rx,
    most prominently the free lists.  So, iflib_stop has to ensure that the
    rx task threads are not active.

    This should help to fix a crash seen when iflib_if_ioctl (e.g.,
    SIOCSIFCAP) is called while there is already traffic flowing.

    The crash has been seen on VMWare guests with vmxnet3 driver.

    My guess is that on physical hardware the couple of 1ms delays that
    iflib_stop has after disabling interrupts are enough for the queued work
    to be completed before any iflib state is touched.

    But on busy hypervisors the guests might not get enough CPU time to
    complete the work, thus there can be a race between the taskqueue
    threads and the work done to handle an ioctl, specifically in iflib_stop
    and iflib_init_locked.

    PR:             259458
    Reviewed by:    markj
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D32926

 sys/net/iflib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259458-7501-P6UNlgqRuZ>