Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 5 Nov 2005 11:49:24 +0300
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Giorgos Keramidas <keramida@linux.gr>
Cc:        freebsd-current@FreeBSD.org, Andre Oppermann <andre@FreeBSD.org>, sam@FreeBSD.org, thierry@herbelot.com
Subject:   Re: panic: mb_dtor_pack: ref_cnt != 1
Message-ID:  <20051105084924.GT91530@cell.sick.ru>
In-Reply-To: <20051105080116.GR91530@cell.sick.ru>
References:  <20051104092724.GA33945@xor.obsecurity.org> <436B885B.6010609@freebsd.org> <20051104163526.GC82727@flame.pc> <200511041833.30955.thierry@herbelot.com> <436BA8B5.9070104@freebsd.org> <20051105003420.GM91530@cell.sick.ru> <20051105034105.GA906@flame.pc> <20051105080116.GR91530@cell.sick.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

--pZs/OQEoSSbxGlYw
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline

On Sat, Nov 05, 2005 at 11:01:16AM +0300, Gleb Smirnoff wrote:
T> On Sat, Nov 05, 2005 at 05:41:05AM +0200, Giorgos Keramidas wrote:
T> G> On 2005-11-05 03:34, Gleb Smirnoff <glebius@freebsd.org> wrote:
T> G> >   Andre, Thierry, Sam,
T> G> >
T> G> >   this patch should fix the problems
T> G> 
T> G> But it panics in mb_dtor_pack() because ext_type != EXT_CLUSTER
T> G> when my ath0 interface tries to associate with an AP.
T> G> 
T> G> I had to change this too, to make things work:
T> 
T> Updated patch.

One more update. Since I have removed this block:

                       if (*(m->m_ext.ref_cnt) == 0)
                               *(m->m_ext.ref_cnt) = 1;

I have also altered KASSERT in mb_dtor_pack(). I don't like
inventing an incorrect invariant check and then adding helpers
to avoid it being triggered.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE

--pZs/OQEoSSbxGlYw
Content-Type: text/plain; charset=koi8-r
Content-Disposition: attachment; filename="mbuma.patch"

Index: sys/mbuf.h
===================================================================
RCS file: /home/ncvs/src/sys/sys/mbuf.h,v
retrieving revision 1.179
diff -u -r1.179 mbuf.h
--- sys/mbuf.h	2 Nov 2005 16:20:35 -0000	1.179
+++ sys/mbuf.h	5 Nov 2005 00:29:17 -0000
@@ -185,8 +185,9 @@
  */
 #define	EXT_CLUSTER	1	/* mbuf cluster */
 #define	EXT_SFBUF	2	/* sendfile(2)'s sf_bufs */
-#define	EXT_JUMBO9	3	/* jumbo cluster 9216 bytes */
-#define	EXT_JUMBO16	4	/* jumbo cluster 16184 bytes */
+#define	EXT_PACKET	3	/* came out of Packet zone */
+#define	EXT_JUMBO9	4	/* jumbo cluster 9216 bytes */
+#define	EXT_JUMBO16	5	/* jumbo cluster 16184 bytes */
 #define	EXT_NET_DRV	100	/* custom ext_buf provided by net driver(s) */
 #define	EXT_MOD_TYPE	200	/* custom module's ext_buf type */
 #define	EXT_DISPOSABLE	300	/* can throw this buffer away w/page flipping */
Index: kern/kern_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_mbuf.c,v
retrieving revision 1.13
diff -u -r1.13 kern_mbuf.c
--- kern/kern_mbuf.c	4 Nov 2005 17:20:53 -0000	1.13
+++ kern/kern_mbuf.c	5 Nov 2005 08:47:28 -0000
@@ -332,8 +332,8 @@
 	KASSERT(m->m_ext.ext_free == NULL, ("%s: ext_free != NULL", __func__));
 	KASSERT(m->m_ext.ext_args == NULL, ("%s: ext_args != NULL", __func__));
 	KASSERT(m->m_ext.ext_size == MCLBYTES, ("%s: ext_size != MCLBYTES", __func__));
-	KASSERT(m->m_ext.ext_type == EXT_CLUSTER, ("%s: ext_type != EXT_CLUSTER", __func__));
-	KASSERT(*m->m_ext.ref_cnt == 1, ("%s: ref_cnt != 1", __func__));
+	KASSERT(m->m_ext.ext_type == EXT_PACKET, ("%s: ext_type != EXT_PACKET", __func__));
+	KASSERT(*m->m_ext.ref_cnt <= 1, ("%s: ref_cnt > 1", __func__));
 #ifdef INVARIANTS
 	trash_dtor(m->m_ext.ext_buf, MCLBYTES, arg);
 #endif
@@ -470,6 +470,7 @@
 	m->m_len = 0;
 	m->m_flags = (flags | M_EXT);
 	m->m_type = type;
+	m->m_ext.ext_type = EXT_PACKET;
 
 	if (flags & M_PKTHDR) {
 		m->m_pkthdr.rcvif = NULL;
Index: kern/uipc_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v
retrieving revision 1.157
diff -u -r1.157 uipc_mbuf.c
--- kern/uipc_mbuf.c	4 Nov 2005 17:20:53 -0000	1.157
+++ kern/uipc_mbuf.c	5 Nov 2005 00:23:41 -0000
@@ -217,12 +217,13 @@
 	if (*(m->m_ext.ref_cnt) == 1 ||
 	    atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
 		switch (m->m_ext.ext_type) {
-		case EXT_CLUSTER:	/* The packet zone is special. */
-			if (*(m->m_ext.ref_cnt) == 0)
-				*(m->m_ext.ref_cnt) = 1;
+		case EXT_PACKET:	/* The packet zone is special. */
 			uma_zfree(zone_pack, m);
 			return;		/* Job done. */
 			break;
+		case EXT_CLUSTER:
+			uma_zfree(zone_clust, m->m_ext.ext_buf);
+			break;
 		case EXT_JUMBO9:
 			uma_zfree(zone_jumbo9, m->m_ext.ext_buf);
 			break;

--pZs/OQEoSSbxGlYw--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051105084924.GT91530>