Date: Thu, 25 Jan 2007 19:24:22 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: bms@FreeBSD.org, rwatson@FreeBSD.org Cc: net@FreeBSD.org Subject: rev. 1.94 of netinet/in.c broke CARP Message-ID: <20070125162422.GA7922@bestcom.ru>
next in thread | raw e-mail | index | archive | help
Hello, colleagues! I've just discovered, that revision 1.94 of in.c has broke CARP. This change adds a code to in_ifdetach() that goes through the global list of all multicast instances and deletes all the instances, that are belonging to a particular interface. This is intended to avoid leaking multicast instances. Before this change, most of the subsystems, that allocated multicast membership instances had freed is theirselves. I don't know about others, but at least CARP is broken now. It attempts to free a memory, that already has been freed. The scenario is: ifconfig vlan0 create ifconfig vlan0 vlandev em0 vlan 1 10.0.0.1/24 ifconfig carp0 create ifconfig carp0 vhid 1 10.0.0.2/24 ifconfig vlan0 destroy The codepath is: if_detach(vlan0) event_handler_invoke() carp_ifdetach(vlan0) carpdetach(carp0) carp_multicast_cleanup(carp0) in_delmulti(a freed inm) That inm has been freed earlier in if_detach() before event handler has called its hooks. Bruce and Robert, I suppose you can tell me the correct way to deal with multicast memberships now, when there is a generic GC function for them. Should I just stop referencing the inms from CARP softc, and don't care about them? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070125162422.GA7922>