vlan panic in -CURRENT

SUZUKI Shinsuke suz at kame.net
Fri Feb 6 20:46:19 PST 2004 

>>>>> On Fri, 6 Feb 2004 10:33:06 -0800
>>>>> brooks at one-eyed-alien.net(Brooks Davis)  said:

> > This crashes -CURRENT (from a couple of days ago) for me:
> > ifconfig vlan0 create
> > ifconfig vlan0 vlan 2 vlandev fxp0
> > ifconfig vlan0 up
> > 
> > (immediate trap 12/page fault while in kernel mode crash)
> > 
> > BUT, if I manually bring up fxp0 first, everything is fine.
(snip)
> Well, it's not related to simply upping a vlan on a down interface since
> I can't reproduce it with fwe0.  I've got a shortage of systems
> configured for debugging that have an extra nic in them so I can't seem
> to replicate this.  Since it should be possiable to replicate in single
> user mode, you might try setting hw.physmem to something small enough
> that you can get a crashdump.

I can reproduce the problem, and here's the trace:
	  if_up->if_route->in6_if_up->in6_ifattach->in6_ifattach_link
	->in6_update_ifa->in6_addmulti->if_addmulti->vlan_ioctl
	->vlan_setmulti->if_delmulti->fxp_ioctl->fxp_mc_setup

The reason of this panic lies in if_fxp.c; fxp's
ethernet-multicast-filter is configured before the initializtion of
fxp driver.

The attached ad-hoc patch fixed the problem, but IMHO much further
considerataion is necessary; this happens when vlan is initialized
before the initialization of its physical interface, and there might
be a similar different bug (in other driver or in different situation).

So could anyone see to it?
#I'm afraid I cannot, because I'm not a device-driver expert...

Thanks,
----
SUZUKI, Shinsuke @ Hitachi / KAME Project


---------------------
Index: if_fxp.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/fxp/if_fxp.c,v
retrieving revision 1.198
diff -u -u -r1.198 if_fxp.c
--- if_fxp.c	28 Nov 2003 05:28:28 -0000	1.198
+++ if_fxp.c	6 Feb 2004 23:47:05 -0000
@@ -2578,6 +2578,8 @@
 		 */
 		txp = sc->fxp_desc.tx_last->tx_next;
 		txp->tx_mbuf = NULL;
+		if (txp->tx_cb == NULL)
+			return;	/* XXX? */
 		txp->tx_cb->cb_status = 0;
 		txp->tx_cb->cb_command = htole16(FXP_CB_COMMAND_NOP |
 		    FXP_CB_COMMAND_S | FXP_CB_COMMAND_I);

More information about the freebsd-current mailing list