Date: Tue, 16 Aug 2005 11:12:39 GMT From: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/84987: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input() Message-ID: <200508161112.j7GBCd7T059963@freebsd.czest.pl> Resent-Message-ID: <200508161100.j7GB0diB011811@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84987
>Category: kern
>Synopsis: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input()
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 16 11:00:38 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Wojciech A. Koszek
>Release: FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD laptop.freebsd.czest.pl 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Aug 16 12:29:31 CEST 2005 dunstan@laptop.freebsd.czest.pl:/usr/obj/usr/src/sys/LAPTOP i386
>Description:
if_ef causes panic on -CURRENT. My analisis:
if_ef.c uses correct logic (with if_alloc(), passes correct pointer to
ether_ifattach()). if_findindex() from src/sys/net/if.c seems to contain
small bug, and returns the same index more then once. Without posting
very ugly hack coded in order to see what happens, this is what I got
on -CURRENT:
if_findindex, checking unit = 1
unit(1) <= if_index(2)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(2)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
^^^ Ok
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
^^^
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
^^^
[..]
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
^^^
This is why:
if (ifp->if_index == 0 || ifp != ifnet_byindex(ifp->if_index))
panic ("%s: BUG: if_attach called without if_alloc'd input()\n",
ifp->if_xname);
Reports problem (second condition is true).
>How-To-Repeat:
kldload /boot/kernel/if_ef.ko
>Fix:
Patch [diff.0.if.c] corrects this problem. Needs review.
--- diff.0.if.c begins here ---
diff -upr /usr/src/sys/net/if.c src/sys/net/if.c
--- /usr/src/sys/net/if.c Sun Aug 14 14:38:50 2005
+++ src/sys/net/if.c Tue Aug 16 12:28:02 2005
@@ -370,7 +370,7 @@ found:
name, unit, devname);
}
for (unit = 1; ; unit++) {
- if (unit <= if_index && ifaddr_byindex(unit) != NULL)
+ if (unit <= if_index || ifaddr_byindex(unit) != NULL)
continue;
if (resource_string_value(name, unit, "ether", &p) == 0 ||
resource_string_value(name, unit, "dev", &p) == 0)
--- diff.0.if.c ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508161112.j7GBCd7T059963>