INPCB panic....
Sam Leffler
sam at errno.com
Mon Nov 10 14:34:26 PST 2003
On Monday 10 November 2003 02:19 pm, Ian Dowse wrote:
> In message <200311101159.44366.sam at errno.com>, Sam Leffler writes:
> >On Monday 10 November 2003 11:37 am, Larry Rosenman wrote:
> >> I removed my wi0 card (with DHCLIENT running), and got the following
> >> panic on a -CURRENT from yesterday:
> >
> >Thanks. Working on it...
>
> FYI, I've been using the following patch locally which seems to
> trigger the printf sometimes when wi0 is ejected. Without the patch,
> it used to dereference a stale struct ifnet and crash. I have an
> approx 1 week old kernel, so this particular problem may have been
> fixed already.
Your fix looks fine; please commit. It mimics what ip_output does. But there
still look to be basic races with device removal/ifnet destruction. For
example, ip_output grabs an ifnet reference from the routing table entry and
uses it w/o any locking for a rather long time. If the device gets yanked in
the interim it seems like you could be left holding a bogus reference. Seems
like the whole if_detach path needs a careful rework.
Sam
More information about the freebsd-current
mailing list