MFC VIMAGE fixes to 11-stable
Marko Zec
zec at fer.hr
Thu Apr 20 10:43:53 UTC 2017
On Wed, 19 Apr 2017 21:31:50 +0200
<peter.blok at bsd4all.org> wrote:
...
> I also have a change in zone_release to fix another panic and leak in
> slab_free_item. The issue is that zone_release tries to release a keg
> that never belonged to the zone it is trying to release. With my
> limited knowledge, i think that should not happen.
>
> --- vm/uma_core.c (revision 317156)
> +++ vm/uma_core.c (working copy)
> @@ -2846,7 +2846,8 @@
> KEG_LOCK(keg);
> }
> }
> - slab_free_item(keg, slab, item);
> + if (keg == slab->us_keg)
> + slab_free_item(keg, slab, item);
> if (keg->uk_flags & UMA_ZFLAG_FULL) {
> if (keg->uk_pages < keg->uk_maxpages) {
> keg->uk_flags &= ~UMA_ZFLAG_FULL;
>
This change only masks the cause of the panic while still continuing to
leak memory, and should never be commited.
The real culprit lies somewhere in PF code which operates on a wrong
vnet. Without a backtrace it's difficult to guess, but a quick read
reveals that
pfi_initialize()
is called from the default vnet context, and subsequently registers
interface eventhandlers so that all interface attach, change and detach
events will be always executed in the default vnet, regardless of the
real vnet where the interfaces bound to the events actually reside. In
other words,
pfi_attach_group_event()
pfi_change_group_event()
pfi_detach_group_event()
will operate fine only in the default vnet, but will wreak havoc
otherwise. Hence, those handlers should be fixed first.
Marko
More information about the freebsd-net
mailing list