From nobody@FreeBSD.org Wed Jan 6 22:58:05 2010 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B78610656AD for ; Wed, 6 Jan 2010 22:58:05 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 1AEB18FC15 for ; Wed, 6 Jan 2010 22:58:05 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o06Mw4Ib064803 for ; Wed, 6 Jan 2010 22:58:04 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o06Mw4KO064802; Wed, 6 Jan 2010 22:58:04 GMT (envelope-from nobody) Message-Id: <201001062258.o06Mw4KO064802@www.freebsd.org> Date: Wed, 6 Jan 2010 22:58:04 GMT From: Michael Moll To: freebsd-gnats-submit@FreeBSD.org Subject: rtadvd triggers kernel panic when started for a hardware WLAN interface X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 142392 >Category: kern >Synopsis: [panic] rtadvd(8) triggers kernel panic when started for a hardware WLAN interface >Confidential: no >Severity: serious >Priority: low >Responsible: syrinx >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 06 23:00:11 UTC 2010 >Closed-Date: Sun Jan 31 11:36:48 UTC 2010 >Last-Modified: Sun Jan 31 11:40:03 UTC 2010 >Originator: Michael Moll >Release: 8.0-RELEASE >Organization: >Environment: FreeBSD geode.kvedulv.de 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Wed Jan 6 23:12:22 CET 2010 root@buildhost.kvedulv.de:/usr/obj/usr/src/sys/GEODE_DB i386 >Description: When upgrading from 7.2 to 8.0 I experienced a panic, before changing the interface for rtadvd from ath0 to wlan0: Fatal trap 12: page fault while in kernel mode fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0776c20 stack pointer = 0x28:0xcd0f9064 frame pointer = 0x28:0xcd0f90dc code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1662 (rtadvd) [thread pid 1662 tid 100084 ] Stopped at bcmp+0x14: repe cmpsl (%esi),%es:(%edi) db> bt Tracing pid 1662 tid 100084 td 0xc24ac240 bcmp(c20b2800,cd0f9178,c24cc400,cd0f9168,0) at bcmp+0x14 ip6_setmoptions(c23e1e9c) at ip6_setmoptions+0xb3d ip6_ctloutput(c24d0000) at ip6_ctloutput+0x55c sosetopt(c24d0000,cd0f9c44,1,29,c,...) at sosetopt+0x2a kern_setsockopt(c24ac240,4,29,c,bfbfece0,...) at kern_setsockopt+0x99 setsockopt(c24ac240,cd0f9cf8,c07e41dc,c24ac240,292,...) at setsockopt+0x1e syscall(cd0f9d38) at syscall+0x194 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (105, FreeBSD ELF32, setsockopt), eip = 0x281363b7, esp = 0xbfbfe41c, ebp = 0xbfbfed08 --- When using wlan0 as interface everything is fine, but this may bite other people when upgrading to 8. >How-To-Repeat: I can easily reproduce this with "rtadvd ath0". >Fix: >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Thu Jan 7 00:08:19 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 Responsible-Changed-From-To: freebsd-net->syrinx Responsible-Changed-By: remko Responsible-Changed-When: Sun Jan 24 10:52:33 UTC 2010 Responsible-Changed-Why: Shteryana has a patch, assign to her. http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/142392: commit references a PR Date: Sun, 24 Jan 2010 16:18:13 +0000 (UTC) Author: syrinx Date: Sun Jan 24 16:17:58 2010 New Revision: 202935 URL: http://svn.freebsd.org/changeset/base/202935 Log: While flushing the multicast filter of an interface, do not zero the relevant ifmultiaddr structures' reference to the parent interface, unless the parent interface is really detaching. While here, program only link layer multicast filters to a wlan's hardware parent interface. PR: kern/142391, kern/142392 Reviewed by: sam, rpaolo, bms MFC after: 1 week Modified: head/sys/net/if.c head/sys/net/if_var.h head/sys/net80211/ieee80211_ioctl.c Modified: head/sys/net/if.c ============================================================================== --- head/sys/net/if.c Sun Jan 24 15:12:27 2010 (r202934) +++ head/sys/net/if.c Sun Jan 24 16:17:58 2010 (r202935) @@ -740,9 +740,10 @@ if_purgeaddrs(struct ifnet *ifp) } /* - * Remove any multicast network addresses from an interface. + * Remove any multicast network addresses from an interface when an ifnet + * is going away. */ -void +static void if_purgemaddrs(struct ifnet *ifp) { struct ifmultiaddr *ifma; @@ -2940,6 +2941,22 @@ if_delmulti(struct ifnet *ifp, struct so } /* + * Delete all multicast group membership for an interface. + * Should be used to quickly flush all multicast filters. + */ +void +if_delallmulti(struct ifnet *ifp) +{ + struct ifmultiaddr *ifma; + struct ifmultiaddr *next; + + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next) + if_delmulti_locked(ifp, ifma, 0); + IF_ADDR_UNLOCK(ifp); +} + +/* * Delete a multicast group membership by group membership pointer. * Network-layer protocol domains must use this routine. * Modified: head/sys/net/if_var.h ============================================================================== --- head/sys/net/if_var.h Sun Jan 24 15:12:27 2010 (r202934) +++ head/sys/net/if_var.h Sun Jan 24 16:17:58 2010 (r202935) @@ -833,7 +833,7 @@ void if_delmulti_ifma(struct ifmultiaddr void if_detach(struct ifnet *); void if_vmove(struct ifnet *, struct vnet *); void if_purgeaddrs(struct ifnet *); -void if_purgemaddrs(struct ifnet *); +void if_delallmulti(struct ifnet *); void if_down(struct ifnet *); struct ifmultiaddr * if_findmulti(struct ifnet *, struct sockaddr *); Modified: head/sys/net80211/ieee80211_ioctl.c ============================================================================== --- head/sys/net80211/ieee80211_ioctl.c Sun Jan 24 15:12:27 2010 (r202934) +++ head/sys/net80211/ieee80211_ioctl.c Sun Jan 24 16:17:58 2010 (r202935) @@ -3199,15 +3199,18 @@ ieee80211_ioctl_updatemulti(struct ieee8 void *ioctl; IEEE80211_LOCK(ic); - if_purgemaddrs(parent); + if_delallmulti(parent); ioctl = parent->if_ioctl; /* XXX WAR if_allmulti */ parent->if_ioctl = NULL; TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { struct ifnet *ifp = vap->iv_ifp; struct ifmultiaddr *ifma; - TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) + TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { + if (ifma->ifma_addr->sa_family != AF_LINK) + continue; (void) if_addmulti(parent, ifma->ifma_addr, NULL); + } } parent->if_ioctl = ioctl; ieee80211_runtask(ic, &ic->ic_mcast_task); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" State-Changed-From-To: open->patched State-Changed-By: syrinx State-Changed-When: Sun Jan 24 16:23:32 UTC 2010 State-Changed-Why: Patch commited to CURRENT http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 State-Changed-From-To: patched->closed State-Changed-By: syrinx State-Changed-When: Sun Jan 31 11:36:05 UTC 2010 State-Changed-Why: Fixed. http://www.freebsd.org/cgi/query-pr.cgi?pr=142392 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/142392: commit references a PR Date: Sun, 31 Jan 2010 11:30:39 +0000 (UTC) Author: syrinx Date: Sun Jan 31 11:30:28 2010 New Revision: 203274 URL: http://svn.freebsd.org/changeset/base/203274 Log: MFC r202935: While flushing the multicast filter of an interface, do not zero the relevant ifmultiaddr structures' reference to the parent interface, unless the parent interface is really detaching. While here, program only link layer multicast filters to a wlan's hardware parent interface. PR: kern/142391, kern/142392 Reviewed by: sam, rpaulo, bms Modified: stable/8/sys/net/if.c stable/8/sys/net/if_var.h stable/8/sys/net80211/ieee80211_ioctl.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/xen/xenpci/ (props changed) Modified: stable/8/sys/net/if.c ============================================================================== --- stable/8/sys/net/if.c Sun Jan 31 11:20:27 2010 (r203273) +++ stable/8/sys/net/if.c Sun Jan 31 11:30:28 2010 (r203274) @@ -773,9 +773,10 @@ if_purgeaddrs(struct ifnet *ifp) } /* - * Remove any multicast network addresses from an interface. + * Remove any multicast network addresses from an interface when an ifnet + * is going away. */ -void +static void if_purgemaddrs(struct ifnet *ifp) { struct ifmultiaddr *ifma; @@ -3005,6 +3006,22 @@ if_delmulti(struct ifnet *ifp, struct so } /* + * Delete all multicast group membership for an interface. + * Should be used to quickly flush all multicast filters. + */ +void +if_delallmulti(struct ifnet *ifp) +{ + struct ifmultiaddr *ifma; + struct ifmultiaddr *next; + + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next) + if_delmulti_locked(ifp, ifma, 0); + IF_ADDR_UNLOCK(ifp); +} + +/* * Delete a multicast group membership by group membership pointer. * Network-layer protocol domains must use this routine. * Modified: stable/8/sys/net/if_var.h ============================================================================== --- stable/8/sys/net/if_var.h Sun Jan 31 11:20:27 2010 (r203273) +++ stable/8/sys/net/if_var.h Sun Jan 31 11:30:28 2010 (r203274) @@ -832,7 +832,7 @@ void if_delmulti_ifma(struct ifmultiaddr void if_detach(struct ifnet *); void if_vmove(struct ifnet *, struct vnet *); void if_purgeaddrs(struct ifnet *); -void if_purgemaddrs(struct ifnet *); +void if_delallmulti(struct ifnet *); void if_down(struct ifnet *); struct ifmultiaddr * if_findmulti(struct ifnet *, struct sockaddr *); Modified: stable/8/sys/net80211/ieee80211_ioctl.c ============================================================================== --- stable/8/sys/net80211/ieee80211_ioctl.c Sun Jan 31 11:20:27 2010 (r203273) +++ stable/8/sys/net80211/ieee80211_ioctl.c Sun Jan 31 11:30:28 2010 (r203274) @@ -3199,15 +3199,18 @@ ieee80211_ioctl_updatemulti(struct ieee8 void *ioctl; IEEE80211_LOCK(ic); - if_purgemaddrs(parent); + if_delallmulti(parent); ioctl = parent->if_ioctl; /* XXX WAR if_allmulti */ parent->if_ioctl = NULL; TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { struct ifnet *ifp = vap->iv_ifp; struct ifmultiaddr *ifma; - TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) + TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { + if (ifma->ifma_addr->sa_family != AF_LINK) + continue; (void) if_addmulti(parent, ifma->ifma_addr, NULL); + } } parent->if_ioctl = ioctl; ieee80211_runtask(ic, &ic->ic_mcast_task); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" >Unformatted: