rev. 1.94 of netinet/in.c broke CARP
Gleb Smirnoff
glebius at FreeBSD.org
Thu Jan 25 16:34:56 UTC 2007
Hello, colleagues!
I've just discovered, that revision 1.94 of in.c has broke CARP. This
change adds a code to in_ifdetach() that goes through the global list
of all multicast instances and deletes all the instances, that are
belonging to a particular interface. This is intended to avoid leaking
multicast instances.
Before this change, most of the subsystems, that allocated multicast
membership instances had freed is theirselves. I don't know about others,
but at least CARP is broken now. It attempts to free a memory, that
already has been freed.
The scenario is:
ifconfig vlan0 create
ifconfig vlan0 vlandev em0 vlan 1 10.0.0.1/24
ifconfig carp0 create
ifconfig carp0 vhid 1 10.0.0.2/24
ifconfig vlan0 destroy
The codepath is:
if_detach(vlan0)
event_handler_invoke()
carp_ifdetach(vlan0)
carpdetach(carp0)
carp_multicast_cleanup(carp0)
in_delmulti(a freed inm)
That inm has been freed earlier in if_detach() before event handler has
called its hooks.
Bruce and Robert,
I suppose you can tell me the correct way to deal with multicast
memberships now, when there is a generic GC function for them. Should I
just stop referencing the inms from CARP softc, and don't care about them?
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-net
mailing list