Date: Fri, 19 Aug 2005 13:17:34 +1200 From: Andrew Thompson <thompsa@freebsd.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-current@freebsd.org, rwatson@FreeBSD.org Subject: Re: [PANIC] 6.0BETA2 in l2ping flood Message-ID: <20050819011734.GA4206@heff.fud.org.nz> In-Reply-To: <20050818210128.GD18375@garage.freebsd.pl> References: <b0ba593005081703416d19fbf4@mail.gmail.com> <20050817231838.GA97927@heff.fud.org.nz> <20050818210128.GD18375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 18, 2005 at 11:01:29PM +0200, Pawel Jakub Dawidek wrote:
> On Thu, Aug 18, 2005 at 11:18:38AM +1200, Andrew Thompson wrote:
> +> Interesting... I can get exactly the same panic by doing
> +>
> +> ifconfig bridge0 create
> +> <'tcpdump -i bridge0' on another terminal>
> +> ifconfig bridge0 up
> +> ifconfig bridge0 destroy
>
> Here, when you destroy bridge0, callout handle is also destroyed,
> but on detach, bpf wants to turn off promiscuous mode and call
> bridge_init(), because it doesn't have IFF_DRV_RUNNING flag set.
>
> bridge_init() calls callout_reset() on destroyed callout handle.
>
Thanks for explaining this, you have saved me a lot of suffering.
This patch fixes the panic on destroy, is it the correct way to solve
the problem? I need to commit something before 6.0.
thanks again,
Andrew
Index: if.h
===================================================================
RCS file: /home/ncvs/src/sys/net/if.h,v
retrieving revision 1.98
diff -u -p -r1.98 if.h
--- if.h 9 Aug 2005 12:56:20 -0000 1.98
+++ if.h 18 Aug 2005 22:41:58 -0000
@@ -153,6 +153,7 @@ struct if_data {
#define IFF_MONITOR 0x40000 /* (n) user-requested monitor mode */
#define IFF_STATICARP 0x80000 /* (n) static ARP */
#define IFF_NEEDSGIANT 0x100000 /* (i) hold Giant over if_start calls */
+#define IFF_DRV_DYING 0x200000 /* (d) interface removal is imminent */
/*
* Old names for driver flags so that user space tools can continue to use
Index: if_bridge.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_bridge.c,v
retrieving revision 1.17
diff -u -p -r1.17 if_bridge.c
--- if_bridge.c 15 Aug 2005 02:50:13 -0000 1.17
+++ if_bridge.c 18 Aug 2005 22:41:58 -0000
@@ -496,6 +496,7 @@ bridge_clone_destroy(struct ifnet *ifp)
while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
bridge_delete_member(sc, bif);
+ ifp->if_drv_flags |= IFF_DRV_DYING;
BRIDGE_UNLOCK(sc);
mtx_lock(&bridge_list_mtx);
@@ -1209,7 +1210,8 @@ bridge_init(void *xsc)
struct bridge_softc *sc = (struct bridge_softc *)xsc;
struct ifnet *ifp = sc->sc_ifp;
- if (ifp->if_drv_flags & IFF_DRV_RUNNING)
+ if (ifp->if_drv_flags & IFF_DRV_RUNNING ||
+ ifp->if_drv_flags & IFF_DRV_DYING)
return;
callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050819011734.GA4206>