From owner-svn-src-all@FreeBSD.ORG Mon Oct 11 11:25:37 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF6A31065670; Mon, 11 Oct 2010 11:25:37 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A368C8FC15; Mon, 11 Oct 2010 11:25:37 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o9BBPbnv013634; Mon, 11 Oct 2010 11:25:37 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o9BBPbGd013631; Mon, 11 Oct 2010 11:25:37 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201010111125.o9BBPbGd013631@svn.freebsd.org> From: Xin LI Date: Mon, 11 Oct 2010 11:25:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r213687 - in stable: 7/sys/netinet 7/sys/netinet6 8/sys/netinet 8/sys/netinet6 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2010 11:25:38 -0000 Author: delphij Date: Mon Oct 11 11:25:37 2010 New Revision: 213687 URL: http://svn.freebsd.org/changeset/base/213687 Log: MFC r213225: Add a bandaid for a long-standing race condition during route entry un-expiring. The previous version of code have no locking when testing rt_refcnt. The result of the lack of locking may result in a condition where a routing entry have a reference count but at the same time have RTPRF_OURS bit set and an expiration timer. These would eventually lead to a panic: panic: rtqkill route really not free When the system have ICMP redirects accepted from local gateway in a moderate frequency, for instance. Commit this workaround for now until we have some better solution. PR: kern/149804 Reviewed by: bz Tested by: Zhao Xin, Pete French Modified: stable/8/sys/netinet/in_rmx.c stable/8/sys/netinet6/in6_rmx.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/xen/xenpci/ (props changed) Changes in other areas also in this revision: Modified: stable/7/sys/netinet/in_rmx.c stable/7/sys/netinet6/in6_rmx.c Directory Properties: stable/7/sys/ (props changed) stable/7/sys/cddl/contrib/opensolaris/ (props changed) stable/7/sys/contrib/dev/acpica/ (props changed) stable/7/sys/contrib/pf/ (props changed) Modified: stable/8/sys/netinet/in_rmx.c ============================================================================== --- stable/8/sys/netinet/in_rmx.c Mon Oct 11 09:42:30 2010 (r213686) +++ stable/8/sys/netinet/in_rmx.c Mon Oct 11 11:25:37 2010 (r213687) @@ -121,12 +121,13 @@ in_matroute(void *v_arg, struct radix_no struct radix_node *rn = rn_match(v_arg, head); struct rtentry *rt = (struct rtentry *)rn; - /*XXX locking? */ - if (rt && rt->rt_refcnt == 0) { /* this is first reference */ + if (rt) { + RT_LOCK(rt); if (rt->rt_flags & RTPRF_OURS) { rt->rt_flags &= ~RTPRF_OURS; rt->rt_rmx.rmx_expire = 0; } + RT_UNLOCK(rt); } return rn; } Modified: stable/8/sys/netinet6/in6_rmx.c ============================================================================== --- stable/8/sys/netinet6/in6_rmx.c Mon Oct 11 09:42:30 2010 (r213686) +++ stable/8/sys/netinet6/in6_rmx.c Mon Oct 11 11:25:37 2010 (r213687) @@ -193,11 +193,13 @@ in6_matroute(void *v_arg, struct radix_n struct radix_node *rn = rn_match(v_arg, head); struct rtentry *rt = (struct rtentry *)rn; - if (rt && rt->rt_refcnt == 0) { /* this is first reference */ + if (rt) { + RT_LOCK(rt); if (rt->rt_flags & RTPRF_OURS) { rt->rt_flags &= ~RTPRF_OURS; rt->rt_rmx.rmx_expire = 0; } + RT_UNLOCK(rt); } return rn; }