kern/84987: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input()

Wojciech A. Koszek dunstan at freebsd.czest.pl
Tue Aug 16 11:00:42 GMT 2005


>Number:         84987
>Category:       kern
>Synopsis:       [PATCH] if_ef: BUG: if_attach called without if_alloc'd input()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 16 11:00:38 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Wojciech A. Koszek
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD laptop.freebsd.czest.pl 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Aug 16 12:29:31 CEST 2005 dunstan at laptop.freebsd.czest.pl:/usr/obj/usr/src/sys/LAPTOP i386


>Description:
if_ef causes panic on -CURRENT. My analisis:
if_ef.c uses correct logic (with if_alloc(), passes correct pointer to
ether_ifattach()). if_findindex() from src/sys/net/if.c seems to contain
small bug, and returns the same index more then once. Without posting
very ugly hack coded in order to see what happens, this is what I got 
on -CURRENT:


if_findindex, checking unit = 1
unit(1) <= if_index(2)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(2)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^ Ok
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
[..]
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
This is why:
if (ifp->if_index == 0 || ifp != ifnet_byindex(ifp->if_index))
	panic ("%s: BUG: if_attach called without if_alloc'd input()\n",
	    ifp->if_xname);
Reports problem (second condition is true).

>How-To-Repeat:
kldload /boot/kernel/if_ef.ko
>Fix:
Patch [diff.0.if.c] corrects this problem. Needs review.

--- diff.0.if.c begins here ---
diff -upr /usr/src/sys/net/if.c src/sys/net/if.c
--- /usr/src/sys/net/if.c	Sun Aug 14 14:38:50 2005
+++ src/sys/net/if.c	Tue Aug 16 12:28:02 2005
@@ -370,7 +370,7 @@ found:
 		    name, unit, devname);
 	}
 	for (unit = 1; ; unit++) {
-		if (unit <= if_index && ifaddr_byindex(unit) != NULL)
+		if (unit <= if_index || ifaddr_byindex(unit) != NULL)
 			continue;
 		if (resource_string_value(name, unit, "ether", &p) == 0 ||
 		    resource_string_value(name, unit, "dev", &p) == 0)
--- diff.0.if.c ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list