Re: kern/88725: /usr/sbin/ppp panic with 2005.10.21 netinet6 changes

From: John Baldwin <jhb_at_freebsd.org>
Date: Thu, 10 Nov 2005 11:40:13 -0500
On Thursday 10 November 2005 10:40 am, SUZUKI Shinsuke wrote:
> >>>>> On Thu, 10 Nov 2005 16:54:34 +0600
> >>>>> snezhko_at_indorsoft.ru(Victor Snezhko)  said:
> >
> > Mark Tinguely has found the offending timer.
> > The following patch fixes the problem for me:
>
> Thanks.  sounds right for me.
> So please commit it if when you've finished the test with fresh -current.

As a general rule you should be using callout_drain() before freeing a callout 
to handle the race condition where the callout is running on another CPU (so 
callout_stop can't stop it) while you are freeing it.  Note that you can not 
use callout_drain() if you are holding any locks, though.  In those cases you 
will need to defer the callout_drain() and free() until you have dropped the 
locks.  Here's one example fix:

Index: nd6.c
===================================================================
RCS file: /usr/cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.62
diff -u -r1.62 nd6.c
--- nd6.c       22 Oct 2005 05:07:16 -0000      1.62
+++ nd6.c       3 Nov 2005 19:56:42 -0000
_at__at_ -398,7 +398,7 _at__at_
        if (tick < 0) {
                ln->ln_expire = 0;
                ln->ln_ntick = 0;
-               callout_stop(&ln->ln_timer_ch);
+               callout_drain(&ln->ln_timer_ch);
        } else {
                ln->ln_expire = time_second + tick / hz;
                if (tick > INT_MAX) {
 
-- 
John Baldwin <jhb_at_FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
Received on Thu Nov 10 2005 - 15:42:17 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:47 UTC