kern/109277: kernel ppp(4) botches clist reservation in RELENG_6

Bruce Evans bde at zeta.org.au
Mon Feb 19 00:20:21 UTC 2007


The following reply was made to PR kern/109277; it has been noted by GNATS.

From: Bruce Evans <bde at zeta.org.au>
To: Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
Cc: FreeBSD-gnats-submit at FreeBSD.org, freebsd-bugs at FreeBSD.org
Subject: Re: kern/109277: kernel ppp(4) botches clist reservation in RELENG_6
Date: Mon, 19 Feb 2007 11:18:34 +1100 (EST)

 On Sun, 18 Feb 2007, Dmitry Pryanishnikov wrote:
 
 >> Description:
 >    Very rare (maybe, once a month) spontaneous crashes occur during the
 >    active simultaneous use of kernel ppp and system console. When console
 >    is in X.org mode, system just silently reboots. OTOH, there is a certain
 >    chance to get valid crash dump when system console is in text mode.
 >    Last such a crash was "panic: clist reservation botch" (see cblock_alloc()
 >    function in /sys/kern/tty_subr.c), this was RELENG_6 as of 1-Feb-2007,
 >    backtrace was:
 > ...
 >    Looks like ppp(4) enters cblock_alloc(), then gets preempted, then
 >    ttyinput() reenters cblock_alloc().
 >
 >> Fix:
 >    I'm ready to provide further debugging information on this issue.
 >    Unfortunately, I'm not familiar enough with the locking concepts
 >    in modern FreeBSD kernels (and in tty subsystem particularly)
 >    in order to make the fix myself.
 
 Tty locking is especially simple and not very good -- everything must
 be Giant-locked to work.  However, the default for network drivers is
 now not to use Giant locking.  ppp doesn't seem to be aware of this.
 The only simple fix seems to be to pessimize all network drivers by
 configuring Giant locking for them all -- see netisr.c.  I'm not sure
 if this is enough -- it is probably necessary to Giant-lock all calls
 into ppp (especially ioctls), but things in netisr.c only logically
 affect isrs.
 
 Bruce


More information about the freebsd-bugs mailing list