MFC VIMAGE fixes to 11-stable

peter.blok at bsd4all.org peter.blok at bsd4all.org
Thu Apr 20 12:49:53 UTC 2017 

Hi Marko,

Thanks for the pointer. It was not my intention to have this committed, but it helped identify other problems. I have asked this before in -current, but got no answer so I posted it here to get an answer.

If you look inside slab_free_item there is a KASSERT for just this, so that’s why I tried it.

I have added debug information to print the zone’s and the keg’s and It all looked good. I was not able to find any place where we operated on the wrong context, but perhaps I missed one.

I’ll dig further.

Peter


> On 20 Apr 2017, at 12:42, Marko Zec <zec at fer.hr> wrote:
> 
> On Wed, 19 Apr 2017 21:31:50 +0200
> <peter.blok at bsd4all.org> wrote:
> ...
>> I also have a change in zone_release to fix another panic and leak in
>> slab_free_item. The issue is that zone_release tries to release a keg
>> that never belonged to the zone it is trying to release. With my
>> limited knowledge, i think that should not happen.
>> 
>> --- vm/uma_core.c	(revision 317156)
>> +++ vm/uma_core.c	(working copy)
>> @@ -2846,7 +2846,8 @@
>> 				KEG_LOCK(keg);
>> 			}
>> 		}
>> -		slab_free_item(keg, slab, item);
>> +		if (keg == slab->us_keg)
>> +			slab_free_item(keg, slab, item);
>> 		if (keg->uk_flags & UMA_ZFLAG_FULL) {
>> 			if (keg->uk_pages < keg->uk_maxpages) {
>> 				keg->uk_flags &= ~UMA_ZFLAG_FULL;
>> 
> 
> This change only masks the cause of the panic while still continuing to
> leak memory, and should never be commited.
> 
> The real culprit lies somewhere in PF code which operates on a wrong
> vnet.  Without a backtrace it's difficult to guess, but a quick read
> reveals that
> 
> pfi_initialize()
> 
> is called from the default vnet context, and subsequently registers
> interface eventhandlers so that all interface attach, change and detach
> events will be always executed in the default vnet, regardless of the
> real vnet where the interfaces bound to the events actually reside.  In
> other words,
> 
> pfi_attach_group_event()
> pfi_change_group_event()
> pfi_detach_group_event()
> 
> will operate fine only in the default vnet, but will wreak havoc
> otherwise.  Hence, those handlers should be fixed first.
> 
> Marko
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list