[Bug 243324] Module with 'mii' can panic during kldunload
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jan 13 16:08:50 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243324
Bug ID: 243324
Summary: Module with 'mii' can panic during kldunload
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: ghuckriede at blackberry.com
Overview:
While trying to see if setting ivars to NULL during detach was required (See
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242727), discovered 're'
module can panic on kldunload. Upon further analysis, it was determined that
there is no protection for ioctls during the kldunload. The 'mii' devices
appear to be detached and destroyed while ioctl (ifconfig) is holding the
RL_LOCK. There does not appear to be a 'mii' device lock (perhaps assuming the
RL_LOCK would protect it, which it doesn't).
Steps to Reproduce:
Compile a kernel without re module (needed to do a kldunload).
After rebooting open 2 terminals (ssh for example)
for 're'
#### 1st terminal
$ su root
# /bin/sh
# while true ; do kldload
/usr/obj/usr/src/amd64.amd64/sys/modules/re/if_re.ko;ifconfig re0 up;sleep 1;
kldunload if_re.ko ; done
#### 2nd terminal
$ su root
# /bin/sh
# while true ; do ifconfig re0 ; done
OR for 'axe'
$ su root
# /bin/sh
# while true ; do ifconfig ue0 up;sleep 1; kldunload if_axe.ko ; done
#### 2nd terminal
$ su root
# /bin/sh
# while true ; do ifconfig ue0 ; done
Actual Results:
Panic occurred within a few seconds.
Expected Results:
no panic
Build Date & Hardware:
# uname -a
FreeBSD FreeBSD_head_ghuckriede 13.0-CURRENT FreeBSD 13.0-CURRENT #2 r356559:
Thu Jan 9 15:45:41 EST 2020
ghuckriede at FreeBSD_head_ghuckriede:/usr/obj/usr/src/amd64.amd64/sys/GENERIC_NO_RE
amd64
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list