Date: Tue, 16 May 1995 10:01:27 -0400 From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> To: davidg@Root.COM Cc: bugs@FreeBSD.org Subject: Appears to fix rtfree() panics Message-ID: <9505161401.AA19916@halloran-eldar.lcs.mit.edu> In-Reply-To: <199505152249.PAA03566@corbin.Root.COM> References: <199505152249.PAA03566@corbin.Root.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 15 May 1995 15:49:18 -0700, David Greenman <davidg@Root.COM> said: > The patch you posted appears to fix the route reference count problems that > people have reported. Any objections for commit? > ! if ((rt = saved_nrt)->rt_refcnt <= 0) > ! if ((rt = saved_nrt)) Just to follow up on this, here's what was happening: The problem was that, in most situations, there were still PCBs with active references to cloned children of the route being deleted. Because clones keep a reference to their parents, the reference count was non-zero, and the delete code here was not incrementing the reference count like it should have in preparation for the rtfree() which happens further down (after the `report' label). Thus, the reference count of this route was one less than it should have been. The RTM_DELETE code in rtrequest() then deleted all of the cloned children, so that the next reference to them by one of these active PCBs would result in a reference drop and deletion of the clones, which would in turn drop a reference to the parent. But, because the reference count was one too small, the second-to-the-last reference drop caused the route to get freed, and then when the last drop happened, the route had already been re-allocated and overwritten with garbage (or at least, something that was not a valid route). This caused the panic. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9505161401.AA19916>