From owner-freebsd-net@FreeBSD.ORG Mon Nov 19 20:01:46 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2F7A70E for ; Mon, 19 Nov 2012 20:01:46 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 922178FC15 for ; Mon, 19 Nov 2012 20:01:46 +0000 (UTC) Received: by mail-vb0-f54.google.com with SMTP id l1so7035939vba.13 for ; Mon, 19 Nov 2012 12:01:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8xutW1KQA6B9Y+kgC/492GL3AOkhiwZiGr1G+dd3n4c=; b=syT8y+FSOi4Z2RmVVIJZu6NVnj9xmx+WMzNDAM3FC5LOV8HBDAEeDfpNLaKsXM+iBC PMkd93pP6jQMmzowrYzP41wI/OcEk6YxhfhsdL2XtCmi/rJ10B0q043+gPxinREob2iy ZAly96XYtKEl+Eb4x1k+OdScHjdMuMuhJ5KigjUULPCYuoQde7Dhgwo4tnOplO9pkWTS MapLPII02iAL0H68pc5gQDfvXaZWKaxRTzZszQPnXHBtOyXoE6ZkxbPHviaOPTsipPLg c24Cc5uJgrtau9fuHM9EGRsSTamDoMPkhj3NHv9tT/im+gWeVpHAdogl2mW9TioCJExs /Zxg== MIME-Version: 1.0 Received: by 10.220.228.2 with SMTP id jc2mr8871713vcb.32.1353355305456; Mon, 19 Nov 2012 12:01:45 -0800 (PST) Received: by 10.59.3.165 with HTTP; Mon, 19 Nov 2012 12:01:45 -0800 (PST) In-Reply-To: <50AA8F24.7080604@gmail.com> References: <50AA8F24.7080604@gmail.com> Date: Mon, 19 Nov 2012 12:01:45 -0800 Message-ID: Subject: Re: igb diver crashes in head@241037 From: Jack Vogel To: Karim Fodil-Lemelin Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 20:01:47 -0000 Indeed, I found this very same problem in internal testing, I took it out, but then have been working on the best way to keep the idea without the problems, I have code that will do that coming soon. Thanks for the report! Jack On Mon, Nov 19, 2012 at 11:57 AM, Karim Fodil-Lemelin < fodillemlinkarim@gmail.com> wrote: > Hello -net, > > While testing the latest igb driver in CURRENT I came across an issue with > igb_mq_start(). More specifically this code: > > ... > > struct mbuf *pm = NULL; > /* > ** Try to queue first to avoid > ** out-of-order delivery, but > ** settle for it if that fails > */ > if (m && drbr_enqueue(ifp, txr->br, m)) > pm = m; > err = igb_mq_start_locked(ifp, txr, pm); > > ... > > > The problem comes from the fact that drbr_enqueue() can return an error > and delete the mbuf as seen in drbr_enqueue(): > > ... > error = buf_ring_enqueue(br, m); > if (error) > m_freem(m); > ... > > When this happens pm is set to m then igb_mq_start_locked() will enqueue > an already freed mbuf with the outcome you can imagine. > > When I reverted only that part of r241037 that problem disappeared. I have > attached a patch for those interested. > > Best regards, > > Karim. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >