Date: Fri, 30 Jun 2006 15:01:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Stanislaw Halik <sthalik@tehran.lain.pl> Cc: freebsd-stable@freebsd.org Subject: Re: trap 12: supervisor write, page not present on 6.1-STABLE Tue May 16 2006 Message-ID: <20060630145851.S23703@fledge.watson.org> In-Reply-To: <20060630120812.GA2380@tehran.lain.pl> References: <20060627045310.GA6324@tehran.lain.pl> <20060627140946.J273@fledge.watson.org> <20060627134134.GA23337@tehran.lain.pl> <20060628101405.I50845@fledge.watson.org> <20060630120812.GA2380@tehran.lain.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 30 Jun 2006, Stanislaw Halik wrote:
>> Per my earlier e-mail, I had hoped to merge a larger set of changes from
>> HEAD that resolve the underlying problem here (that inpcb's can be detached
>> from a socket while the socket is still in use), but right now I'm
>> deferring merging those changes as they are somewhat risky (as they are
>> large). Instead, I've produced a candidate work-around patch, now attached
>> to kern/97095. This does not fix the underlying problem, but seeks to
>> narrow the window for the race to be exercised by avoiding caching a
>> volatile pointer across user memory copying, which under load can result in
>> blocking I/O. I would be quite interested in knowing if this resolves the
>> problem in practice -- if so, it's a definite short-term merge candidate to
>> reduce the symptoms of this problem until the proper fix can be merged.
>
> Unfortunately, it still happens to crash in the same code path:
<snip>
> I'll be happy to test any other patches when they're available.
Thanks for testing the patch -- it looks like there's a more pressing logical
problem in this code! Could you try the following simpler patch:
http://www.watson.org/~robert/freebsd/netperf/ip_ctloutput.diff
The IP option code seems not to know that (in RELENG_6 and before) the pcb is
discarded on disconnect, and the application is querying the TTL after a
disconnect. In FreeBSD 7.x, the pcb is preserved after disconnect so this
succeeds.
It could be we actually need both patches, but let's try this one by itself
first.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
Attached:
Index: ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.242.2.9
diff -u -r1.242.2.9 ip_output.c
--- ip_output.c 4 Jun 2006 10:19:34 -0000 1.242.2.9
+++ ip_output.c 30 Jun 2006 13:58:03 -0000
@@ -1162,6 +1162,9 @@
return (EINVAL);
}
+ if (inp == NULL)
+ return (EINVAL);
+
switch (sopt->sopt_dir) {
case SOPT_SET:
switch (sopt->sopt_name) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060630145851.S23703>