Regarding if_alloc()

Brooks Davis brooks at FreeBSD.org
Tue Apr 22 17:40:01 UTC 2008 

On Tue, Apr 22, 2008 at 10:38:31AM -0700, vijay singh wrote:
> 
> 
> ----- Original Message ----
> From: Robert Watson <rwatson at FreeBSD.org>
> To: Brooks Davis <brooks at freebsd.org>
> Cc: vijay singh <vijjus at rocketmail.com>; freebsd-net at freebsd.org
> Sent: Sunday, April 20, 2008 2:27:15 AM
> Subject: Re: Regarding if_alloc()
> 
> 
> On Fri, 18 Apr 2008, Brooks Davis wrote:
> 
> > On Thu, Apr 17, 2008 at 06:35:23PM -0700, vijay singh wrote:
> >> Hi all. How do we avoid a race in populating the ifindex_table? Id this is 
> >> a TODO, as it seems from the code below, would it be acceptable if I wrote 
> >> a patch and reused the ifnet_lock [IFNET_WLOCK, IFNET_WUNLOCK]?
> >
> > Locking if_index management with ifnet_lock should be ok.  Ideally we should 
> > probably be using ALLOC_UNR(9) to manage if_indexes instead of this rather 
> > expensive loop.
> >
> > Be aware, that if_index generation is least of the issues in this area. The 
> > if_grow() call is much riskier since it changes the value of the global 
> > ifnet pointer which I'm not sure we can afford to lock.  It would be worth 
> > experimenting with rmlocks to see what the impact if of locking would be.
> >
> > I'm serious tempted to kill if_grow in favor of some sort of if_index_max 
> > tunable.
> 
> I've seen a number of reports of panics that may well be traceable to races in 
> if_index handling, and have looked a bit at possible fixes.  Quite a few uses 
> of if_index are inherently racy, as they rely on stability of the index value, 
> which of course can't be guaranteed with removable interfaces.
> 
> I think a reasonable interim fix would be to protect all use of the byindex 
> arrays using the ifnet lock, but remember that the read methods, not just the 
> write methods, need protection, and as such should move from being macros in 
> if_var.h to functions in if.c.  if_grow is probably OK if this is done right, 
> but it will need to be set up to drop the lock, grow, re-aquire, and 
> re-validate assumptions (i.e., repeat the search for a free index and loop if 
> it fails to find one).  Once the read methods are using the lock also, we 
> should seriously consider converting it to an rwlock.  We can probably also 
> un-publicize at least one of the byindex lookup routines (the dev lookup, 
> which is needed only in if.c).
> 
> This would prevent races on modifying and evaluating the index array, but not 
> on disappearing cdevs and ifnets, which are a separate problem, and one that 
> probably is exercised significanty less.  The reports I've seen appear to have 
> only to do with pulling the array out from other consumers while in use.
> 
> 
> >>
> 
> Robert, I am working on the patch, but I had a few questions. If we
> drop the lock while if_grow() is running, how do we prevent a second
> caller, blocked in if_alloc() to start scanning the ifindex_table, and
> end up deciding to grow it again. In other words, we need to stall
> the ifindex_table scan in if_alloc() till if_grow() has achieved
> finished. Since if_grow() will be called relatively infrequently,
> should we consider holding the lock through the routine? Your comments
> and suggestions are welcome.

You can't hold locks over malloc calls.

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080422/8c070b93/attachment.pgp

More information about the freebsd-net mailing list