From dunstan@freebsd.czest.pl Tue Aug 16 10:57:47 2005 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A54CD16A41F for ; Tue, 16 Aug 2005 10:57:47 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (silver.iplus.pl [80.48.250.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C47343D49 for ; Tue, 16 Aug 2005 10:57:45 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id j7GBCdGW059964 for ; Tue, 16 Aug 2005 11:12:40 GMT (envelope-from dunstan@freebsd.czest.pl) Received: (from dunstan@localhost) by freebsd.czest.pl (8.12.10/8.12.9/Submit) id j7GBCd7T059963; Tue, 16 Aug 2005 11:12:39 GMT (envelope-from dunstan) Message-Id: <200508161112.j7GBCd7T059963@freebsd.czest.pl> Date: Tue, 16 Aug 2005 11:12:39 GMT From: "Wojciech A. Koszek" Reply-To: "Wojciech A. Koszek" To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input() X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 84987 >Category: kern >Synopsis: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input() >Confidential: no >Severity: non-critical >Priority: low >Responsible: brooks >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 16 11:00:38 GMT 2005 >Closed-Date: Sat Aug 20 19:16:10 GMT 2005 >Last-Modified: Sat Aug 20 19:16:10 GMT 2005 >Originator: Wojciech A. Koszek >Release: FreeBSD 7.0-CURRENT i386 >Organization: >Environment: System: FreeBSD laptop.freebsd.czest.pl 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Aug 16 12:29:31 CEST 2005 dunstan@laptop.freebsd.czest.pl:/usr/obj/usr/src/sys/LAPTOP i386 >Description: if_ef causes panic on -CURRENT. My analisis: if_ef.c uses correct logic (with if_alloc(), passes correct pointer to ether_ifattach()). if_findindex() from src/sys/net/if.c seems to contain small bug, and returns the same index more then once. Without posting very ugly hack coded in order to see what happens, this is what I got on -CURRENT: if_findindex, checking unit = 1 unit(1) <= if_index(2) ifaddr_byindex(1) != NULL if_findindex, checking unit = 2 unit(2) <= if_index(2) ifaddr_byindex(2) != NULL if_findindex, checking unit = 3 if_findindex, unit == 3 if_alloc, Allocated if_index: 3 ^^^ Ok if_findindex, checking unit = 1 unit(1) <= if_index(3) ifaddr_byindex(1) != NULL if_findindex, checking unit = 2 unit(2) <= if_index(3) ifaddr_byindex(2) != NULL if_findindex, checking unit = 3 unit(3) <= if_index(3) if_findindex, unit == 3 if_alloc, Allocated if_index: 3 ^^^ if_findindex, checking unit = 1 unit(1) <= if_index(3) ifaddr_byindex(1) != NULL if_findindex, checking unit = 2 unit(2) <= if_index(3) ifaddr_byindex(2) != NULL if_findindex, checking unit = 3 unit(3) <= if_index(3) if_findindex, unit == 3 if_alloc, Allocated if_index: 3 ^^^ [..] unit(2) <= if_index(3) ifaddr_byindex(2) != NULL if_findindex, checking unit = 3 unit(3) <= if_index(3) if_findindex, unit == 3 if_alloc, Allocated if_index: 3 ^^^ This is why: if (ifp->if_index == 0 || ifp != ifnet_byindex(ifp->if_index)) panic ("%s: BUG: if_attach called without if_alloc'd input()\n", ifp->if_xname); Reports problem (second condition is true). >How-To-Repeat: kldload /boot/kernel/if_ef.ko >Fix: Patch [diff.0.if.c] corrects this problem. Needs review. --- diff.0.if.c begins here --- diff -upr /usr/src/sys/net/if.c src/sys/net/if.c --- /usr/src/sys/net/if.c Sun Aug 14 14:38:50 2005 +++ src/sys/net/if.c Tue Aug 16 12:28:02 2005 @@ -370,7 +370,7 @@ found: name, unit, devname); } for (unit = 1; ; unit++) { - if (unit <= if_index && ifaddr_byindex(unit) != NULL) + if (unit <= if_index || ifaddr_byindex(unit) != NULL) continue; if (resource_string_value(name, unit, "ether", &p) == 0 || resource_string_value(name, unit, "dev", &p) == 0) --- diff.0.if.c ends here --- >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->brooks Responsible-Changed-By: brooks Responsible-Changed-When: Tue Aug 16 17:46:00 GMT 2005 Responsible-Changed-Why: I'll take this one. It think the fix is correct, but want to test it my self before commit. http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 State-Changed-From-To: open->patched State-Changed-By: brooks State-Changed-When: Thu Aug 18 19:24:59 GMT 2005 State-Changed-Why: Committed a different patch to HEAD. I hope to merge it for 6.0-BETA3. http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 State-Changed-From-To: patched->closed State-Changed-By: brooks State-Changed-When: Sat Aug 20 19:15:47 GMT 2005 State-Changed-Why: Fix MFCd. http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 >Unformatted: