NetBSD Problem Report #49373
From www@NetBSD.org Fri Nov 7 09:11:39 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id CFEA2A65E5
for <gnats-bugs@gnats.NetBSD.org>; Fri, 7 Nov 2014 09:11:39 +0000 (UTC)
Message-Id: <20141107091138.77A69A6608@mollari.NetBSD.org>
Date: Fri, 7 Nov 2014 09:11:38 +0000 (UTC)
From: ozaki-r@netbsd.org
Reply-To: ozaki-r@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: Running if_clone_create and if_clone_destroy in parallel causes panic
X-Send-Pr-Version: www-1.0
>Number: 49373
>Category: kern
>Synopsis: Running if_clone_create and if_clone_destroy in parallel causes panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 07 09:15:00 +0000 2014
>Closed-Date: Wed Nov 12 01:51:53 +0000 2014
>Last-Modified: Wed Nov 12 01:51:53 +0000 2014
>Originator: Ryota Ozaki
>Release: current
>Organization:
>Environment:
NetBSD kvm 7.99.1 NetBSD 7.99.1 (GENERIC.201411061000Z) #0: Thu Nov 6 10:48:02 UTC 2014 snj@b45.netbsd.org:/home/builds/ab/HEAD/amd64/201411061000Z-obj/home/source
/ab/HEAD/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
if_clone_create and if_clone_destroy are not expected to run on
an interface in parallel. However, we can do by executing
ifconfig create/destroy in parallel.
Normally we don't do such operations, but we should fix the problem
because it causes kernel panic easily.
A fix is to serialize if_clone_create and if_clone_destroy by a mutex.
It's simple but enough to fix the problem.
>How-To-Repeat:
cat > test.sh <<-EOF
while true; do
ifconfig tap0 destroy &
ifconfig tap0 create &
ifconfig tap0 create &
ifconfig tap0 destroy &
ifconfig tap0 create &
ifconfig tap0 create &
done
EOF
while true; do echo hogs >/dev/null; done &
while true; do sh test.sh ; done
>Fix:
Index: sys/net/if.c
===================================================================
RCS file: /cvsroot/src/sys/net/if.c,v
retrieving revision 1.291
diff -u -p -r1.291 if.c
--- sys/net/if.c 9 Sep 2014 20:16:12 -0000 1.291
+++ sys/net/if.c 7 Nov 2014 09:02:11 -0000
@@ -164,6 +164,7 @@ static u_int if_index = 1;
static size_t if_indexlim = 0;
static uint64_t index_gen;
static kmutex_t index_gen_mtx;
+static kmutex_t if_clone_mtx;
static struct ifaddr ** ifnet_addrs = NULL;
@@ -252,6 +253,7 @@ void
ifinit1(void)
{
mutex_init(&index_gen_mtx, MUTEX_DEFAULT, IPL_NONE);
+ mutex_init(&if_clone_mtx, MUTEX_DEFAULT, IPL_NONE);
TAILQ_INIT(&ifnet_list);
if_indexlim = 8;
@@ -1850,6 +1852,7 @@ doifioctl(struct socket *so, u_long cmd,
struct ifreq ifrb;
struct oifreq *oifr = NULL;
#endif
+ int r;
switch (cmd) {
#ifdef COMPAT_OIFREQ
@@ -1891,9 +1894,12 @@ doifioctl(struct socket *so, u_long cmd,
if (error != 0)
return error;
}
- return (cmd == SIOCIFCREATE) ?
+ mutex_enter(&if_clone_mtx);
+ r = (cmd == SIOCIFCREATE) ?
if_clone_create(ifr->ifr_name) :
if_clone_destroy(ifr->ifr_name);
+ mutex_exit(&if_clone_mtx);
+ return r;
case SIOCIFGCLONERS:
return if_clone_list((struct if_clonereq *)data);
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/49373 CVS commit: src/sys/net
Date: Fri, 7 Nov 2014 07:57:42 -0500
Module Name: src
Committed By: christos
Date: Fri Nov 7 12:57:42 UTC 2014
Modified Files:
src/sys/net: if.c
Log Message:
PR/49373: Ryota Ozaki: Running if_clone_create and if_clone_destroy in
parallel causes panic
XXX: Pullup 7.
To generate a diff of this commit:
cvs rdiff -u -r1.291 -r1.292 src/sys/net/if.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->pending-pullups
State-Changed-By: ozaki-r@NetBSD.org
State-Changed-When: Mon, 10 Nov 2014 02:33:18 +0000
State-Changed-Why:
pullup-7 #205
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/49373 CVS commit: [netbsd-7] src/sys/net
Date: Tue, 11 Nov 2014 12:20:28 +0000
Module Name: src
Committed By: martin
Date: Tue Nov 11 12:20:28 UTC 2014
Modified Files:
src/sys/net [netbsd-7]: if.c
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #205):
sys/net/if.c: revision 1.292
PR/49373: Ryota Ozaki: Running if_clone_create and if_clone_destroy in
parallel causes panic
XXX: Pullup 7.
To generate a diff of this commit:
cvs rdiff -u -r1.290 -r1.290.2.1 src/sys/net/if.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: ozaki-r@NetBSD.org
State-Changed-When: Wed, 12 Nov 2014 01:51:53 +0000
State-Changed-Why:
pullup-7 #205 done
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home