| created | 2022-03-03T15:07:05Z |
|---|---|
| begin | 2022-02-26T00:00:00Z |
| end | 2022-02-27T00:00:00Z |
| path | src/sys |
| commits | 4 |
| date | 2022-02-26T02:15:45Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_tun.c | log | diff | annotate |
| message |
have another go at fixing assert "sc->sc_dev == NUM" failed. claudio figured it out. his clue was that multiple concurrent calls to tunopen (or tapopen) will share a vnode. because tunopen can sleep, multiple programs can be inside tunopen for the same tun interface at the same time, all with references against the same vnode. at the same time as this another thread/program can call VOP_REVOKE via tun_clone_destroy (eg, ifconfig tun1 destroy does this). VOP_REVOKE marks a vnode as bad, which in turn means that subsequent open()s of a tun interface will get a brand new vnode. so multiple threads holding references to a vnode can be sleeping in tun_dev_open on the interface cloner lock. one thread wins and takes ownership of the tun interface, then another thread can destroy that tun interface, calls VOP_REVOKE which calls tun_dev_close to tear down the vnodes association with the tun interface and mark the vnode as bad. the thread that called tun_clone_destroy then creates another instance of the interface by calling tun_clone_create immediately. one of the original threads with the old vnode reference wakes up and takes ownership of the new tun_softc. however, because the vnode is bad, all the vnode ops have been replaced with the deadfs ops. the close() op on the old vnode is now a nop from the point of view of tun interfaces. the old vnode is no longer associated with tun and tap and will now never call tun_dev_close (via tunclose or tapclose), which in turn means sc_dev won't get cleared. another thread can now call tun_clone_destroy against the new instance of tun_softc. this instance has sc_dev set, so it tries to revoke it, but there's no vnode associated with it because the old vnode reference is dead. because this second call to VOP_REVOKE couldnt find a vnode, it can't call tunclose against it, so sc_dev is still set and this KASSERT fires. claudio and i came up with the following, which is to have tun_dev_open check the state of the vnode associated with the current open call after all the sleeping and potential tun_clone_destroy and tun_clone_create calls. if the vnode has been made bad/dead after all the sleeping, it returns with ENXIO. Reported-by: [email protected] ok claudio@ visa@ |
|||
| date | 2022-02-26T04:46:34Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_vxlan.c | log | diff | annotate |
| message |
add the mbuf tag that prevents loops in vxlan_encap, not vxlan_output. vxlan_output calls ether_output, which will do arp for ipv4 packets. if arp hasn't resolved an address for a peer yet, it will queue the packet and transmit it again after resolution completes. the way it outputs is to call the interface output routine again, which is vxlan_output. if we tag the packet in vxlan_output before arp, and then arp calls vxlan_output again, it looks like a loop and drops it. moving the tagging to when we add all the encap headers in vxlan_encap avoids this issue. |
|||
| date | 2022-02-26T13:38:11Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/dev/pci/pcidevs | log | diff | annotate |
| message | Add Broadcom BCM4387. | |||
| date | 2022-02-26T13:38:46Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/dev/pci/pcidevs.h | log | diff | annotate |
| src/sys/dev/pci/pcidevs_data.h | log | diff | annotate | |
| message | regen | |||