FreeBSD 7-STABLE mbuf corruption
John Baldwin
jhb at freebsd.org
Wed Sep 14 11:48:43 UTC 2011
On Tuesday, September 13, 2011 6:29:05 pm Ryan Stone wrote:
> On Tue, Sep 13, 2011 at 2:36 PM, Arnaud Lacombe <lacombar at gmail.com> wrote:
> > It did not crash, yet. The only downside is that after 3h30 and ~4h,
> > igb(4) queues' handler started spinning infinitely, breaking network
> > connectivity.
>
> I saw a similar issue on HEAD last week. The attached patch fix the
> problem for me. The problem was that if a struct task's ta_pending
> field overflows, the task will be inserted into a list when it is
> already in that list, causing a cycle in the list of tasks to be run.
> This causes the taskqueue thread to spin indefinitely as it looks over
> the cycle again and again.
>
> In case the list eats the patch, it was:
>
> Index: sys/kern/subr_taskqueue.c
> ===================================================================
> --- sys/kern/subr_taskqueue.c (revision 225537)
> +++ sys/kern/subr_taskqueue.c (working copy)
> @@ -173,7 +173,8 @@
> * Count multiple enqueues.
> */
> if (task->ta_pending) {
> - task->ta_pending++;
> + if (task->ta_pending < UINT16_MAX)
> + task->ta_pending++;
> return (0);
> }
You should probably commit that. I wonder if it should be a KASSERT() also so
that it outright panics on a kernel with INVARIANTS enabled so developers will
go fix their code as it seems to me to likely be a bug to enqueue a task that
many times.
--
John Baldwin
More information about the freebsd-net
mailing list