From owner-freebsd-current@FreeBSD.ORG Fri Jan 10 01:21:19 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 30ED7D9B; Fri, 10 Jan 2014 01:21:19 +0000 (UTC) Received: from mail-pb0-x22a.google.com (mail-pb0-x22a.google.com [IPv6:2607:f8b0:400e:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F2D8413B7; Fri, 10 Jan 2014 01:21:18 +0000 (UTC) Received: by mail-pb0-f42.google.com with SMTP id uo5so3748737pbc.15 for ; Thu, 09 Jan 2014 17:21:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=gu3gNE0d7wzVHiqNav7s63EyFVzV0PP0A8wrF3zLRgU=; b=i1hdGmNsr0LGsu8c3JTSwbmu4tThYefUVy8KrSruHqjDRCCUaYaIqW7+zGLYFRESB9 Rw4qJt2YIqaH/vxOy8FKaZULh//81V0aexJ4yfLHY4b2yP9z3RQOWQpVOdfpONKOH8u1 R0Sj/zk8dnfQhx6+5oA5FMfQYih7N+eOI7nE+THVWPcKDb+bB/gDeiJK/bTYETPAtSI1 HeNVTt5lNXUSojyDkFSpXT3tzerSoAVP6jKxjtN5P8Qu4/Hz+2BDAlEut5HajGrty+FO EGDhCVpZuhgmQED6h4AtwdefBYlMsyzWt6/O6M6Q9wjMIyrP60CE6BiCHb1mBiQ/wHVV a3yQ== X-Received: by 10.68.108.130 with SMTP id hk2mr7500280pbb.16.1389316878617; Thu, 09 Jan 2014 17:21:18 -0800 (PST) Received: from pyunyh@gmail.com (lpe4.p59-icn.cdngp.net. [114.111.62.249]) by mx.google.com with ESMTPSA id y9sm16535693pas.10.2014.01.09.17.21.15 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 09 Jan 2014 17:21:17 -0800 (PST) Received: by pyunyh@gmail.com (sSMTP sendmail emulation); Fri, 10 Jan 2014 10:21:14 +0900 From: Yonghyeon PYUN Date: Fri, 10 Jan 2014 10:21:14 +0900 To: Alexandre Martins Subject: Re: FreeBSD 10-RC4: Got crash in igb driver Message-ID: <20140110012114.GA3103@michelle.cdnetworks.com> References: <48005124.ny58tnLn4d@pc-alex> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48005124.ny58tnLn4d@pc-alex> User-Agent: Mutt/1.4.2.3i Cc: jfv@freebsd.org, freebsd-current@freebsd.org, fabien.thomas@netasq.com, damien.deville@netasq.com X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 01:21:19 -0000 On Thu, Jan 09, 2014 at 04:06:09PM +0100, Alexandre Martins wrote: > Dear, > > I experience some troubles with the igb device driver on FreeBSD 10-RC4. > > The kernel make a pagefault in the igb_tx_ctx_setup function when accessing to > a IPv6 header. > > The network configuration is the following: > - box acting as an IPv6 router > - one interface with an IPv6 (igb0) > - another interface with a vlan, and IPv6 on it (vlan0 on igb1) > > Vlan Hardware tagging is set on both interfaces. > > The packet that cause the crash come from igb0 and go to vlan0. > > After investigation, i see that the mbuf is split in two. The first one carry > the ethernet header, the second, the IPv6 header and data payload. > > The split is due to the "m_copy" done in ip6_forward, that make the mbuf not > writable and the "M_PREPEND" in ether_output that insert the new mbuf before > the original one. > > The kernel crashes only if the newly allocated mbuf is at the end of a memory > page, and no page is available after this one. So, it's extremly rare. > > I inserted a "KASSERT" into the function (see attached patch) to check this > behavior, and it raises on every IPv6 forwarded packet to the vlan. The > problem disapear if i remove hardware tagging. > > In the commit 256200, i see that pullups has been removed. May it be related ? > I think I introduced the header parsing code to meet controller requirement in em(4) and Jack borrowed that code in the past but it seems it was removed in r256200. It seems igb_tx_ctx_setup() assumes it can access ethernet/IP/TCP/UDP headers in the first mbuf of the chain. This looks wrong to me. > Can you confirm the problem ? > Probably Jack can tell more about change made in r256200. It's not easy for me to verify correctness of igb(4) at this moment. > Best regards > > -- > Alexandre Martins > NETASQ -- We secure IT