From owner-freebsd-current@FreeBSD.ORG Fri Jan 10 09:04:38 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8086FFEB; Fri, 10 Jan 2014 09:04:38 +0000 (UTC) Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4ADA5165A; Fri, 10 Jan 2014 09:04:38 +0000 (UTC) Received: by mail-pd0-f182.google.com with SMTP id v10so4318980pde.13 for ; Fri, 10 Jan 2014 01:04:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=4mNzfoD/+5PYI+vu2qRgxScwrM2jblZ8pre0dbGOn5E=; b=uoQn3uyUEBKGZJX+L39/LIKrB97Z3tXRej5xTbE87+ti2g5sxoU8/AWjjgoKXMK2t/ X4fIezOaO5KpJNb6LndFlBP5Vo2ge6LdCyKonlox9X76/27UsD1mP4aUknuZKCUp/Tqs 54nejAE/J8C+5EdP1dUn7Ws1TNnB+b3ha2bfwCallH5UtyaHOqRRfpGup95CaCnVkdVV GyrV98jEGfRzcesI03bBxqiuHhNXULUzYy2vnyDm7WNK36fMmKyMESUzslr9tiOa+pQm dH80b/0iVd1se1NYHGW6b3gLbCV/ixxh0bLP/QQbBwR8IKOYMlw6on65rUXBtTphrB9x FDdw== X-Received: by 10.69.0.39 with SMTP id av7mr9902929pbd.4.1389344677984; Fri, 10 Jan 2014 01:04:37 -0800 (PST) Received: from pyunyh@gmail.com (lpe4.p59-icn.cdngp.net. [114.111.62.249]) by mx.google.com with ESMTPSA id xn12sm19920567pac.12.2014.01.10.01.04.34 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 10 Jan 2014 01:04:37 -0800 (PST) Received: by pyunyh@gmail.com (sSMTP sendmail emulation); Fri, 10 Jan 2014 18:04:35 +0900 From: Yonghyeon PYUN Date: Fri, 10 Jan 2014 18:04:35 +0900 To: Fabien Thomas Subject: Re: FreeBSD 10-RC4: Got crash in igb driver Message-ID: <20140110090435.GA1351@michelle.cdnetworks.com> References: <48005124.ny58tnLn4d@pc-alex> <20140110012114.GA3103@michelle.cdnetworks.com> <80AC5F96-BB64-4F81-BFE1-0392B7D7203A@netasq.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <80AC5F96-BB64-4F81-BFE1-0392B7D7203A@netasq.com> User-Agent: Mutt/1.4.2.3i Cc: Jack F Vogel , Alexandre Martins , freebsd-current , Damien DEVILLE X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 09:04:38 -0000 On Fri, Jan 10, 2014 at 09:37:33AM +0100, Fabien Thomas wrote: > > Le 10 janv. 2014 ? 02:21, Yonghyeon PYUN a ?crit : > > > On Thu, Jan 09, 2014 at 04:06:09PM +0100, Alexandre Martins wrote: > >> Dear, > >> > >> I experience some troubles with the igb device driver on FreeBSD 10-RC4. > >> > >> The kernel make a pagefault in the igb_tx_ctx_setup function when accessing to > >> a IPv6 header. > >> > >> The network configuration is the following: > >> - box acting as an IPv6 router > >> - one interface with an IPv6 (igb0) > >> - another interface with a vlan, and IPv6 on it (vlan0 on igb1) > >> > >> Vlan Hardware tagging is set on both interfaces. > >> > >> The packet that cause the crash come from igb0 and go to vlan0. > >> > >> After investigation, i see that the mbuf is split in two. The first one carry > >> the ethernet header, the second, the IPv6 header and data payload. > >> > >> The split is due to the "m_copy" done in ip6_forward, that make the mbuf not > >> writable and the "M_PREPEND" in ether_output that insert the new mbuf before > >> the original one. > >> > >> The kernel crashes only if the newly allocated mbuf is at the end of a memory > >> page, and no page is available after this one. So, it's extremly rare. > >> > >> I inserted a "KASSERT" into the function (see attached patch) to check this > >> behavior, and it raises on every IPv6 forwarded packet to the vlan. The > >> problem disapear if i remove hardware tagging. > >> > >> In the commit 256200, i see that pullups has been removed. May it be related ? > >> > > > > I think I introduced the header parsing code to meet controller > > requirement in em(4) and Jack borrowed that code in the past but it > > seems it was removed in r256200. It seems igb_tx_ctx_setup() > > assumes it can access ethernet/IP/TCP/UDP headers in the first mbuf > > of the chain. > > This looks wrong to me. > > Instead of patching each driver with pullup code we can add a generic pullup code ? > - get the contiguous protocol requirement (L2, L3, L4) from underlying driver. > - do the pullup > I believe Andre already planned that and he would be working on removing home-grown header parser implemented in drivers. > > > >> Can you confirm the problem ? > >> > > > > Probably Jack can tell more about change made in r256200. It's not > > easy for me to verify correctness of igb(4) at this moment. > > > >> Best regards > >> > >> -- > >> Alexandre Martins > >> NETASQ -- We secure IT >