Date: Tue, 30 Sep 2025 10:38:10 +0800 From: Zhenlei Huang <zlei@FreeBSD.org> To: Mateusz Guzik <mjguzik@gmail.com> Cc: Gleb Smirnoff <glebius@freebsd.org>, src-committers@freebsd.org, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@FreeBSD.org" <dev-commits-src-main@freebsd.org> Subject: Re: svn commit: r256519 - in head/sys: net netatalk netinet netinet6 netipx Message-ID: <35D99D40-5534-402A-8479-64C71604206B@FreeBSD.org> In-Reply-To: <CAGudoHGN=6-dFQ791_=kLBnYfyz9zm75-vJKh=e9gibaXun5NQ@mail.gmail.com> References: <201310151031.r9FAVgRP008282@svn.freebsd.org> <CAGudoHGN=6-dFQ791_=kLBnYfyz9zm75-vJKh=e9gibaXun5NQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sep 29, 2025, at 10:29 PM, Mateusz Guzik <mjguzik@gmail.com> wrote: >=20 > On Tue, Oct 15, 2013 at 12:31=E2=80=AFPM Gleb Smirnoff = <glebius@freebsd.org> wrote: >>=20 >> Author: glebius >> Date: Tue Oct 15 10:31:42 2013 >> New Revision: 256519 >> URL: http://svnweb.freebsd.org/changeset/base/256519 >>=20 >> Log: >> Remove ifa_init() and provide ifa_alloc() that will allocate and = setup >> struct ifaddr internally. >>=20 >> Sponsored by: Netflix >> Sponsored by: Nginx, Inc. >>=20 >> Modified: >> head/sys/net/if.c >> head/sys/net/if_var.h >> head/sys/netatalk/at_control.c >> head/sys/netinet/in.c >> head/sys/netinet6/in6.c >> head/sys/netipx/ipx.c >>=20 >> Modified: head/sys/net/if.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/net/if.c Tue Oct 15 10:19:24 2013 (r256518) >> +++ head/sys/net/if.c Tue Oct 15 10:31:42 2013 (r256519) >> @@ -633,8 +633,7 @@ if_attach_internal(struct ifnet *ifp, in >> socksize =3D sizeof(*sdl); >> socksize =3D roundup2(socksize, sizeof(long)); >> ifasize =3D sizeof(*ifa) + 2 * socksize; >> - ifa =3D malloc(ifasize, M_IFADDR, M_WAITOK | M_ZERO); >> - ifa_init(ifa); >> + ifa =3D ifa_alloc(ifasize, M_WAITOK); >> sdl =3D (struct sockaddr_dl *)(ifa + 1); >> sdl->sdl_len =3D socksize; >> sdl->sdl_family =3D AF_LINK; >> @@ -1417,13 +1416,23 @@ if_maddr_runlock(struct ifnet *ifp) >> /* >> * Initialization, destruction and refcounting functions for ifaddrs. >> */ >> -void >> -ifa_init(struct ifaddr *ifa) >> +struct ifaddr * >> +ifa_alloc(size_t size, int flags) >> { >> + struct ifaddr *ifa; >> + >> + KASSERT(size >=3D sizeof(struct ifaddr), >> + ("%s: invalid size %zu", __func__, size)); >> + >=20 > We have crashes stemming from this: >=20 > panic: ifa_alloc: invalid size 16 >=20 > panic() at panic+0x43/frame 0xfffffe009e777760 > ifa_alloc() at ifa_alloc+0xd6/frame 0xfffffe009e777780 > in6_ifadd() at in6_ifadd+0xd8/frame 0xfffffe009e7778a0 > nd6_ra_input() at nd6_ra_input+0x1023/frame 0xfffffe009e777a80 > icmp6_input() at icmp6_input+0x5b6/frame 0xfffffe009e777c00 > ip6_input() at ip6_input+0xc94/frame 0xfffffe009e777ce0 > sppp_input() at sppp_input+0x502/frame 0xfffffe009e777d70 > pppoe_data_input() at pppoe_data_input+0x1e7/frame 0xfffffe009e777de0 > swi_net() at swi_net+0x19b/frame 0xfffffe009e777e60 > ithread_loop() at ithread_loop+0x266/frame 0xfffffe009e777ef0 > fork_exit() at fork_exit+0x82/frame 0xfffffe009e777f30 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe009e777f30 >=20 > in6_ifadd has: > struct in6_addr taddr; > ifa =3D ifa_alloc(sizeof(taddr), M_WAITOK); >=20 > should the assert be simply removed? Hi Mateusz, I believe you just found a bug. Try the following patch please, --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -1243,8 +1243,7 @@ in6_ifadd(struct nd_prefixctl *pr, int mcast) =20 /* No suitable LL address, get the ifid directly */ if (ifid_addr =3D=3D NULL) { - struct in6_addr taddr; - ifa =3D ifa_alloc(sizeof(taddr), M_WAITOK); + ifa =3D ifa_alloc(sizeof(struct in6_ifaddr), = M_WAITOK); if (ifa) { ib =3D (struct in6_ifaddr *)ifa; ifid_addr =3D &ib->ia_addr.sin6_addr; Best regards, Zhenlei >=20 >> + ifa =3D malloc(size, M_IFADDR, M_ZERO | flags); >> + if (ifa =3D=3D NULL) >> + return (NULL); >>=20 >> mtx_init(&ifa->ifa_mtx, "ifaddr", NULL, MTX_DEF); >> refcount_init(&ifa->ifa_refcnt, 1); >> ifa->if_data.ifi_datalen =3D sizeof(ifa->if_data); >> + >> + return (ifa); >> } >>=20 >> void >>=20 >> Modified: head/sys/net/if_var.h >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/net/if_var.h Tue Oct 15 10:19:24 2013 = (r256518) >> +++ head/sys/net/if_var.h Tue Oct 15 10:31:42 2013 = (r256519) >> @@ -819,8 +819,8 @@ struct ifaddr { >> #define IFA_LOCK(ifa) mtx_lock(&(ifa)->ifa_mtx) >> #define IFA_UNLOCK(ifa) mtx_unlock(&(ifa)->ifa_mtx) >>=20 >> +struct ifaddr * ifa_alloc(size_t size, int flags); >> void ifa_free(struct ifaddr *ifa); >> -void ifa_init(struct ifaddr *ifa); >> void ifa_ref(struct ifaddr *ifa); >> #endif >>=20 >>=20 >> Modified: head/sys/netatalk/at_control.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/netatalk/at_control.c Tue Oct 15 10:19:24 2013 = (r256518) >> +++ head/sys/netatalk/at_control.c Tue Oct 15 10:31:42 2013 = (r256519) >> @@ -199,16 +199,10 @@ at_control(struct socket *so, u_long cmd >> * allocate a fresh one. >> */ >> if (aa =3D=3D NULL) { >> - aa =3D malloc(sizeof(struct at_ifaddr), = M_IFADDR, >> - M_NOWAIT | M_ZERO); >> - if (aa =3D=3D NULL) { >> - error =3D ENOBUFS; >> - goto out; >> - } >> - callout_init(&aa->aa_callout, = CALLOUT_MPSAFE); >> + ifa =3D ifa_alloc(sizeof(struct at_ifaddr), = M_WAITOK); >> + aa =3D (struct at_ifaddr *)ifa; >>=20 >> - ifa =3D (struct ifaddr *)aa; >> - ifa_init(ifa); >> + callout_init(&aa->aa_callout, = CALLOUT_MPSAFE); >>=20 >> /* >> * As the at_ifaddr contains the actual = sockaddrs, >>=20 >> Modified: head/sys/netinet/in.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/netinet/in.c Tue Oct 15 10:19:24 2013 = (r256518) >> +++ head/sys/netinet/in.c Tue Oct 15 10:31:42 2013 = (r256519) >> @@ -404,16 +404,8 @@ in_control(struct socket *so, u_long cmd >> goto out; >> } >> if (ia =3D=3D NULL) { >> - ia =3D (struct in_ifaddr *) >> - malloc(sizeof *ia, M_IFADDR, M_NOWAIT = | >> - M_ZERO); >> - if (ia =3D=3D NULL) { >> - error =3D ENOBUFS; >> - goto out; >> - } >> - >> - ifa =3D &ia->ia_ifa; >> - ifa_init(ifa); >> + ifa =3D ifa_alloc(sizeof(struct in_ifaddr), = M_WAITOK); >> + ia =3D (struct in_ifaddr *)ifa; >> ifa->ifa_addr =3D (struct sockaddr = *)&ia->ia_addr; >> ifa->ifa_dstaddr =3D (struct sockaddr = *)&ia->ia_dstaddr; >> ifa->ifa_netmask =3D (struct sockaddr = *)&ia->ia_sockmask; >>=20 >> Modified: head/sys/netinet6/in6.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/netinet6/in6.c Tue Oct 15 10:19:24 2013 = (r256518) >> +++ head/sys/netinet6/in6.c Tue Oct 15 10:31:42 2013 = (r256519) >> @@ -1141,12 +1141,9 @@ in6_update_ifa(struct ifnet *ifp, struct >> * RA, it is called under an interrupt context. So, = we should >> * call malloc with M_NOWAIT. >> */ >> - ia =3D (struct in6_ifaddr *) malloc(sizeof(*ia), = M_IFADDR, >> - M_NOWAIT); >> + ia =3D (struct in6_ifaddr *)ifa_alloc(sizeof(*ia), = M_NOWAIT); >> if (ia =3D=3D NULL) >> return (ENOBUFS); >> - bzero((caddr_t)ia, sizeof(*ia)); >> - ifa_init(&ia->ia_ifa); >> LIST_INIT(&ia->ia6_memberships); >> /* Initialize the address and masks, and put time = stamp */ >> ia->ia_ifa.ifa_addr =3D (struct sockaddr = *)&ia->ia_addr; >>=20 >> Modified: head/sys/netipx/ipx.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/netipx/ipx.c Tue Oct 15 10:19:24 2013 = (r256518) >> +++ head/sys/netipx/ipx.c Tue Oct 15 10:31:42 2013 = (r256519) >> @@ -190,13 +190,8 @@ ipx_control(struct socket *so, u_long cm >> if (td && (error =3D priv_check(td, = PRIV_NET_SETLLADDR)) !=3D 0) >> goto out; >> if (ia =3D=3D NULL) { >> - ia =3D malloc(sizeof(*ia), M_IFADDR, M_NOWAIT = | M_ZERO); >> - if (ia =3D=3D NULL) { >> - error =3D ENOBUFS; >> - goto out; >> - } >> - ifa =3D (struct ifaddr *)ia; >> - ifa_init(ifa); >> + ifa =3D ifa_alloc(sizeof(struct ipx_ifaddr), = M_WAITOK); >> + ia =3D (struct ipx_ifaddr *)ifa; >> ia->ia_ifp =3D ifp; >> ifa->ifa_addr =3D (struct sockaddr = *)&ia->ia_addr; >> ifa->ifa_netmask =3D (struct sockaddr = *)&ipx_netmask;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35D99D40-5534-402A-8479-64C71604206B>