Date: Sat, 5 Nov 2005 11:49:24 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Giorgos Keramidas <keramida@linux.gr> Cc: freebsd-current@FreeBSD.org, Andre Oppermann <andre@FreeBSD.org>, sam@FreeBSD.org, thierry@herbelot.com Subject: Re: panic: mb_dtor_pack: ref_cnt != 1 Message-ID: <20051105084924.GT91530@cell.sick.ru> In-Reply-To: <20051105080116.GR91530@cell.sick.ru> References: <20051104092724.GA33945@xor.obsecurity.org> <436B885B.6010609@freebsd.org> <20051104163526.GC82727@flame.pc> <200511041833.30955.thierry@herbelot.com> <436BA8B5.9070104@freebsd.org> <20051105003420.GM91530@cell.sick.ru> <20051105034105.GA906@flame.pc> <20051105080116.GR91530@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--pZs/OQEoSSbxGlYw
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
On Sat, Nov 05, 2005 at 11:01:16AM +0300, Gleb Smirnoff wrote:
T> On Sat, Nov 05, 2005 at 05:41:05AM +0200, Giorgos Keramidas wrote:
T> G> On 2005-11-05 03:34, Gleb Smirnoff <glebius@freebsd.org> wrote:
T> G> > Andre, Thierry, Sam,
T> G> >
T> G> > this patch should fix the problems
T> G>
T> G> But it panics in mb_dtor_pack() because ext_type != EXT_CLUSTER
T> G> when my ath0 interface tries to associate with an AP.
T> G>
T> G> I had to change this too, to make things work:
T>
T> Updated patch.
One more update. Since I have removed this block:
if (*(m->m_ext.ref_cnt) == 0)
*(m->m_ext.ref_cnt) = 1;
I have also altered KASSERT in mb_dtor_pack(). I don't like
inventing an incorrect invariant check and then adding helpers
to avoid it being triggered.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
--pZs/OQEoSSbxGlYw
Content-Type: text/plain; charset=koi8-r
Content-Disposition: attachment; filename="mbuma.patch"
Index: sys/mbuf.h
===================================================================
RCS file: /home/ncvs/src/sys/sys/mbuf.h,v
retrieving revision 1.179
diff -u -r1.179 mbuf.h
--- sys/mbuf.h 2 Nov 2005 16:20:35 -0000 1.179
+++ sys/mbuf.h 5 Nov 2005 00:29:17 -0000
@@ -185,8 +185,9 @@
*/
#define EXT_CLUSTER 1 /* mbuf cluster */
#define EXT_SFBUF 2 /* sendfile(2)'s sf_bufs */
-#define EXT_JUMBO9 3 /* jumbo cluster 9216 bytes */
-#define EXT_JUMBO16 4 /* jumbo cluster 16184 bytes */
+#define EXT_PACKET 3 /* came out of Packet zone */
+#define EXT_JUMBO9 4 /* jumbo cluster 9216 bytes */
+#define EXT_JUMBO16 5 /* jumbo cluster 16184 bytes */
#define EXT_NET_DRV 100 /* custom ext_buf provided by net driver(s) */
#define EXT_MOD_TYPE 200 /* custom module's ext_buf type */
#define EXT_DISPOSABLE 300 /* can throw this buffer away w/page flipping */
Index: kern/kern_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_mbuf.c,v
retrieving revision 1.13
diff -u -r1.13 kern_mbuf.c
--- kern/kern_mbuf.c 4 Nov 2005 17:20:53 -0000 1.13
+++ kern/kern_mbuf.c 5 Nov 2005 08:47:28 -0000
@@ -332,8 +332,8 @@
KASSERT(m->m_ext.ext_free == NULL, ("%s: ext_free != NULL", __func__));
KASSERT(m->m_ext.ext_args == NULL, ("%s: ext_args != NULL", __func__));
KASSERT(m->m_ext.ext_size == MCLBYTES, ("%s: ext_size != MCLBYTES", __func__));
- KASSERT(m->m_ext.ext_type == EXT_CLUSTER, ("%s: ext_type != EXT_CLUSTER", __func__));
- KASSERT(*m->m_ext.ref_cnt == 1, ("%s: ref_cnt != 1", __func__));
+ KASSERT(m->m_ext.ext_type == EXT_PACKET, ("%s: ext_type != EXT_PACKET", __func__));
+ KASSERT(*m->m_ext.ref_cnt <= 1, ("%s: ref_cnt > 1", __func__));
#ifdef INVARIANTS
trash_dtor(m->m_ext.ext_buf, MCLBYTES, arg);
#endif
@@ -470,6 +470,7 @@
m->m_len = 0;
m->m_flags = (flags | M_EXT);
m->m_type = type;
+ m->m_ext.ext_type = EXT_PACKET;
if (flags & M_PKTHDR) {
m->m_pkthdr.rcvif = NULL;
Index: kern/uipc_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v
retrieving revision 1.157
diff -u -r1.157 uipc_mbuf.c
--- kern/uipc_mbuf.c 4 Nov 2005 17:20:53 -0000 1.157
+++ kern/uipc_mbuf.c 5 Nov 2005 00:23:41 -0000
@@ -217,12 +217,13 @@
if (*(m->m_ext.ref_cnt) == 1 ||
atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
switch (m->m_ext.ext_type) {
- case EXT_CLUSTER: /* The packet zone is special. */
- if (*(m->m_ext.ref_cnt) == 0)
- *(m->m_ext.ref_cnt) = 1;
+ case EXT_PACKET: /* The packet zone is special. */
uma_zfree(zone_pack, m);
return; /* Job done. */
break;
+ case EXT_CLUSTER:
+ uma_zfree(zone_clust, m->m_ext.ext_buf);
+ break;
case EXT_JUMBO9:
uma_zfree(zone_jumbo9, m->m_ext.ext_buf);
break;
--pZs/OQEoSSbxGlYw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051105084924.GT91530>