svn commit: r211157 - in head/sys: modules modules/if_carp net netinet netinet6

Bjoern A. Zeeb bz at FreeBSD.org
Wed Aug 11 19:50:07 UTC 2010 

On Wed, 11 Aug 2010, Will Andrews wrote:

> On Wed, Aug 11, 2010 at 8:34 AM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
>> Wouldn't it be better to allow unload only if there are no carp(4)
>> interfaces? I'd be glad to destroy my carp interfaces before unloading
>> the module, but recompiling the kernel to unload it? Not so much.
>
> Well, in theory, if_clone_detach() is supposed to do that, and it's
> called during the unload process prior to NULLing the fp's.  But I've
> been unable to verify whether that is enough to prevent races.

In addition only the module, not the kernel needs to be recompiled.

Maybe I should add some more blah ...

Actually destroying most (cloned) interfaces is not save at the moment.
There could be an mbuf in a netisr queue with an ifp to that
interface, or just a packet being processed on another PU, so there is
more to this entire picture.

Assume that the current way and what is under the #ifdef is a temporary
thing and that we'll be able to flip the switch in the future.  But
there's still quite a bit of work into infratructure and details ahead,
some of that will come with more VIMAGE/vnet work on network stack
teardown, some might be done independently.

SeND will have the cleanup/check to allow to unload under
#ifdef __noyet__ as well, once it'll hit the tree, but for that the
hooks will need proper ND6 locking as well.

The point is, it's currently just not 100% save to just unload and
we've been very lenient and lazy with that in the past.   It's just
that times have changed and the races become true more easily so
adding new code/features need to be made aware of that or the pile
will just grow.  Unfortunately adding extra locking for all those
things is nothing you'd want either.

If you accept the risk for now that's fine but for the majority of our
users we'll have to err on the save side, while allowing them to use
freebsd-update now if it was only carp they needed (and not say IPSEC
as well) and they can just load the module and be happy w/o having to
recompile their own kernel.

/bz

-- 
Bjoern A. Zeeb                       This signature is about you not me.

More information about the svn-src-head mailing list