Date: Sun, 3 Jun 2012 11:52:11 +0000 From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Maksim Yevmenkin <emax@FreeBSD.org>, Scott Long <scottl@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r236501 - head/sys/netinet6 Message-ID: <930B5C42-C9B7-49BD-A610-AAD7FEAC1BD9@FreeBSD.org> In-Reply-To: <201206030736.q537axiD042645@svn.freebsd.org> References: <201206030736.q537axiD042645@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3. Jun 2012, at 07:36 , Maksim Yevmenkin wrote: > Author: emax > Date: Sun Jun 3 07:36:59 2012 > New Revision: 236501 > URL: http://svn.freebsd.org/changeset/base/236501 >=20 > Log: > Plug reference leak. >=20 > Interface routes are refcounted as packets move through the stack, > and there's garbage collection tied to it so that route changes can > safely propagate while traffic is flowing. In our setup, we weren't > changing or deleting any routes, but the refcounting logic in > ip6_input() was wrong and caused a reference leak on every inbound > V6 packet. This eventually caused a 32bit overflow, and the resulting > 0 value caused the garbage collection to run on the active route. > That then snowballed into the panic. Global s/route/address/ above. Awesome you found this. I have = certainly read the code several times lately incl. having done the initial review and always missed it. I'll try to get around reviewing the other two you put in my inbox. Great job and finally someone doing 1<<32 packet IPv6 one uptime. Been waiting for that to happen for a long time:-) /bz >=20 > Reviewed by: scottl > MFC after: 3 days >=20 > Modified: > head/sys/netinet6/ip6_input.c >=20 > Modified: head/sys/netinet6/ip6_input.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/netinet6/ip6_input.c Sun Jun 3 06:57:47 2012 = (r236500) > +++ head/sys/netinet6/ip6_input.c Sun Jun 3 07:36:59 2012 = (r236501) > @@ -879,19 +879,23 @@ passin: > * as our interface address (e.g. multicast addresses, addresses > * within FAITH prefixes and such). > */ > - if (deliverifp && !ip6_getdstifaddr(m)) { > + if (deliverifp) { > struct in6_ifaddr *ia6; >=20 > - ia6 =3D in6_ifawithifp(deliverifp, &ip6->ip6_dst); > - if (ia6) { > - if (!ip6_setdstifaddr(m, ia6)) { > - /* > - * XXX maybe we should drop the packet = here, > - * as we could not provide enough = information > - * to the upper layers. > - */ > - } > + if ((ia6 =3D ip6_getdstifaddr(m)) !=3D NULL) { > ifa_free(&ia6->ia_ifa); > + } else { > + ia6 =3D in6_ifawithifp(deliverifp, = &ip6->ip6_dst); > + if (ia6) { > + if (!ip6_setdstifaddr(m, ia6)) { > + /* > + * XXX maybe we should drop the = packet here, > + * as we could not provide = enough information > + * to the upper layers. > + */ > + } > + ifa_free(&ia6->ia_ifa); > + } > } > } >=20 --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?930B5C42-C9B7-49BD-A610-AAD7FEAC1BD9>