From owner-freebsd-net@FreeBSD.ORG Wed Feb 4 19:30:40 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D52B1FE for ; Wed, 4 Feb 2015 19:30:40 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2D2F89E7 for ; Wed, 4 Feb 2015 19:30:40 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t14JUdBR055548 for ; Wed, 4 Feb 2015 19:30:39 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t14JUdsp055547; Wed, 4 Feb 2015 19:30:39 GMT (envelope-from root) Date: Wed, 4 Feb 2015 19:30:39 +0000 To: freebsd-net@freebsd.org From: "rrs (Randall Stewart)" Subject: [Differential] [Request, 51 lines] D1777: Associated fix for arp/nd6 timer usage. Message-ID: X-Priority: 3 Thread-Topic: D1777: Associated fix for arp/nd6 timer usage. X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Thread-Index: N2Y2Y2VmY2ZjNTc1MTM4NTA3YmIzZDk3NmE4 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , , , MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2015 19:30:40 -0000 rrs created this revision. rrs added reviewers: jhb, imp, sbruno, gnn, rwatson, lstewart, kostikbel, adrian. rrs added subscribers: hselasky, julian, hiren, emaste, freebsd-net. REVISION SUMMARY There is a hole in the timer code that when you give it a lock, it will lock that lock and then check to see if its been canceled. If the API user actually deletes the memory out from under the callout has its being processed this could (and did in nd6/arp case) lead to a panic when you try to lock (in the callout code) a lock thats been removed. If you use the MPSAFE version, you don't get that since the non-stoppable timers proceed and does the right thing. TEST PLAN After running witness and invariant I will put this on a couple of netflix caches and make sure I see no adverse results (leaked nd6 or arp entries). REVISION DETAIL https://reviews.freebsd.org/D1777 AFFECTED FILES sys/netinet/if_ether.c sys/netinet/in.c sys/netinet6/in6.c sys/netinet6/nd6.c To: rrs, jhb, imp, sbruno, gnn, rwatson, lstewart, kostikbel, adrian Cc: freebsd-net, emaste, hiren, julian, hselasky