panic after ifioctl/if_clone_destroy
Matthew Macy
mmacy at freebsd.org
Mon Aug 6 19:44:31 UTC 2018
The struct thread is typesafe. The problem is that the link is no longer
typesafe now that it’s not part of the thread. Thanks for pointing this
out. I’ll commit a fix later today.
-M
On Mon, Aug 6, 2018 at 02:39 Hans Petter Selasky <hps at selasky.org> wrote:
> Hi Matthew,
>
> On 08/06/18 10:02, Hans Petter Selasky wrote:
> > - if ((tdwait = TAILQ_FIRST(&record->er_tdlist)) != NULL &&
> > - TD_IS_RUNNING(tdwait->et_td)) {
>
> At least the TD_IS_RUNNING() check is invalid. The "tdwait" structure is
> in the control of the other CPU and "tdwait->et_td" might be invalid at
> any time, so accessing any members here is not a good idea.
>
> It is pretty clear that the epoch was exited during the loop:
>
> etd->et_td = (void*)0xDEADBEEF;
>
> fault virtual address = 0xdeadc2ff
> fault code = supervisor read data, page not present
>
>
> If you remove the TD_IS_RUNNING() check I'm not sure how useful this
> loop will be ...
>
> --HPS
>
More information about the freebsd-current
mailing list