trap 12: supervisor write, page not present on 6.1-STABLE Tue
May 16 2006
Robert Watson
rwatson at FreeBSD.org
Fri Jun 30 14:01:33 UTC 2006
On Fri, 30 Jun 2006, Stanislaw Halik wrote:
>> Per my earlier e-mail, I had hoped to merge a larger set of changes from
>> HEAD that resolve the underlying problem here (that inpcb's can be detached
>> from a socket while the socket is still in use), but right now I'm
>> deferring merging those changes as they are somewhat risky (as they are
>> large). Instead, I've produced a candidate work-around patch, now attached
>> to kern/97095. This does not fix the underlying problem, but seeks to
>> narrow the window for the race to be exercised by avoiding caching a
>> volatile pointer across user memory copying, which under load can result in
>> blocking I/O. I would be quite interested in knowing if this resolves the
>> problem in practice -- if so, it's a definite short-term merge candidate to
>> reduce the symptoms of this problem until the proper fix can be merged.
>
> Unfortunately, it still happens to crash in the same code path:
<snip>
> I'll be happy to test any other patches when they're available.
Thanks for testing the patch -- it looks like there's a more pressing logical
problem in this code! Could you try the following simpler patch:
http://www.watson.org/~robert/freebsd/netperf/ip_ctloutput.diff
The IP option code seems not to know that (in RELENG_6 and before) the pcb is
discarded on disconnect, and the application is querying the TTL after a
disconnect. In FreeBSD 7.x, the pcb is preserved after disconnect so this
succeeds.
It could be we actually need both patches, but let's try this one by itself
first.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
Attached:
Index: ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.242.2.9
diff -u -r1.242.2.9 ip_output.c
--- ip_output.c 4 Jun 2006 10:19:34 -0000 1.242.2.9
+++ ip_output.c 30 Jun 2006 13:58:03 -0000
@@ -1162,6 +1162,9 @@
return (EINVAL);
}
+ if (inp == NULL)
+ return (EINVAL);
+
switch (sopt->sopt_dir) {
case SOPT_SET:
switch (sopt->sopt_name) {
More information about the freebsd-stable
mailing list