vnet deletion panic
Vijay Singh
vijju.singh at gmail.com
Tue Feb 4 03:33:22 UTC 2014
I'm running into a crash due on vnet deletion in the presence of routing
sockets. The root cause seems to originate from():
if_detach_internal() -> if_down(ifp) -> if_unroute() -> rt_ifmsg() ->
rt_dispatch()
In rt_dispatch() we have:
#ifdef VIMAGE
if (V_loif)
m->m_pkthdr.rcvif = V_loif;
#endif
netisr_queue(NETISR_ROUTE, m);
Now since this would be processed async, and the ifp alove is the loopback
of the vnet being deleted, we run into accessing a freed pointer (ifp) when
netisr picks up the mbuf. So I am wondering how to fix this. I am thinking
that we could do something like the following in rt_dispatch():
#ifdef VIMAGE
if (V_loif) {
if ((ifp == V_loif) && !IS_DEFAULT_VNET(curvnet)) {
CURVNET_SET_QUIET(vnet0);
m->m_pkthdr.rcvif = V_loif;
CURVNET_RESTORE();
} else
m->m_pkthdr.rcvif = V_loif;
}
#endif
So basically switch to the default vnet for the mbuf with the routing
socket message. Thoughts?
-vijay
More information about the freebsd-net
mailing list