From owner-freebsd-current@FreeBSD.ORG Sat Nov 5 08:49:27 2005 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C452516A41F; Sat, 5 Nov 2005 08:49:27 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC60643D49; Sat, 5 Nov 2005 08:49:26 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id jA58nOZT035357 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 5 Nov 2005 11:49:25 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id jA58nOrF035356; Sat, 5 Nov 2005 11:49:24 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Sat, 5 Nov 2005 11:49:24 +0300 From: Gleb Smirnoff To: Giorgos Keramidas Message-ID: <20051105084924.GT91530@cell.sick.ru> References: <20051104092724.GA33945@xor.obsecurity.org> <436B885B.6010609@freebsd.org> <20051104163526.GC82727@flame.pc> <200511041833.30955.thierry@herbelot.com> <436BA8B5.9070104@freebsd.org> <20051105003420.GM91530@cell.sick.ru> <20051105034105.GA906@flame.pc> <20051105080116.GR91530@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="pZs/OQEoSSbxGlYw" Content-Disposition: inline In-Reply-To: <20051105080116.GR91530@cell.sick.ru> User-Agent: Mutt/1.5.6i Cc: freebsd-current@FreeBSD.org, Andre Oppermann , sam@FreeBSD.org, thierry@herbelot.com Subject: Re: panic: mb_dtor_pack: ref_cnt != 1 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Nov 2005 08:49:27 -0000 --pZs/OQEoSSbxGlYw Content-Type: text/plain; charset=koi8-r Content-Disposition: inline On Sat, Nov 05, 2005 at 11:01:16AM +0300, Gleb Smirnoff wrote: T> On Sat, Nov 05, 2005 at 05:41:05AM +0200, Giorgos Keramidas wrote: T> G> On 2005-11-05 03:34, Gleb Smirnoff wrote: T> G> > Andre, Thierry, Sam, T> G> > T> G> > this patch should fix the problems T> G> T> G> But it panics in mb_dtor_pack() because ext_type != EXT_CLUSTER T> G> when my ath0 interface tries to associate with an AP. T> G> T> G> I had to change this too, to make things work: T> T> Updated patch. One more update. Since I have removed this block: if (*(m->m_ext.ref_cnt) == 0) *(m->m_ext.ref_cnt) = 1; I have also altered KASSERT in mb_dtor_pack(). I don't like inventing an incorrect invariant check and then adding helpers to avoid it being triggered. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE --pZs/OQEoSSbxGlYw Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="mbuma.patch" Index: sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.179 diff -u -r1.179 mbuf.h --- sys/mbuf.h 2 Nov 2005 16:20:35 -0000 1.179 +++ sys/mbuf.h 5 Nov 2005 00:29:17 -0000 @@ -185,8 +185,9 @@ */ #define EXT_CLUSTER 1 /* mbuf cluster */ #define EXT_SFBUF 2 /* sendfile(2)'s sf_bufs */ -#define EXT_JUMBO9 3 /* jumbo cluster 9216 bytes */ -#define EXT_JUMBO16 4 /* jumbo cluster 16184 bytes */ +#define EXT_PACKET 3 /* came out of Packet zone */ +#define EXT_JUMBO9 4 /* jumbo cluster 9216 bytes */ +#define EXT_JUMBO16 5 /* jumbo cluster 16184 bytes */ #define EXT_NET_DRV 100 /* custom ext_buf provided by net driver(s) */ #define EXT_MOD_TYPE 200 /* custom module's ext_buf type */ #define EXT_DISPOSABLE 300 /* can throw this buffer away w/page flipping */ Index: kern/kern_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_mbuf.c,v retrieving revision 1.13 diff -u -r1.13 kern_mbuf.c --- kern/kern_mbuf.c 4 Nov 2005 17:20:53 -0000 1.13 +++ kern/kern_mbuf.c 5 Nov 2005 08:47:28 -0000 @@ -332,8 +332,8 @@ KASSERT(m->m_ext.ext_free == NULL, ("%s: ext_free != NULL", __func__)); KASSERT(m->m_ext.ext_args == NULL, ("%s: ext_args != NULL", __func__)); KASSERT(m->m_ext.ext_size == MCLBYTES, ("%s: ext_size != MCLBYTES", __func__)); - KASSERT(m->m_ext.ext_type == EXT_CLUSTER, ("%s: ext_type != EXT_CLUSTER", __func__)); - KASSERT(*m->m_ext.ref_cnt == 1, ("%s: ref_cnt != 1", __func__)); + KASSERT(m->m_ext.ext_type == EXT_PACKET, ("%s: ext_type != EXT_PACKET", __func__)); + KASSERT(*m->m_ext.ref_cnt <= 1, ("%s: ref_cnt > 1", __func__)); #ifdef INVARIANTS trash_dtor(m->m_ext.ext_buf, MCLBYTES, arg); #endif @@ -470,6 +470,7 @@ m->m_len = 0; m->m_flags = (flags | M_EXT); m->m_type = type; + m->m_ext.ext_type = EXT_PACKET; if (flags & M_PKTHDR) { m->m_pkthdr.rcvif = NULL; Index: kern/uipc_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v retrieving revision 1.157 diff -u -r1.157 uipc_mbuf.c --- kern/uipc_mbuf.c 4 Nov 2005 17:20:53 -0000 1.157 +++ kern/uipc_mbuf.c 5 Nov 2005 00:23:41 -0000 @@ -217,12 +217,13 @@ if (*(m->m_ext.ref_cnt) == 1 || atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) { switch (m->m_ext.ext_type) { - case EXT_CLUSTER: /* The packet zone is special. */ - if (*(m->m_ext.ref_cnt) == 0) - *(m->m_ext.ref_cnt) = 1; + case EXT_PACKET: /* The packet zone is special. */ uma_zfree(zone_pack, m); return; /* Job done. */ break; + case EXT_CLUSTER: + uma_zfree(zone_clust, m->m_ext.ext_buf); + break; case EXT_JUMBO9: uma_zfree(zone_jumbo9, m->m_ext.ext_buf); break; --pZs/OQEoSSbxGlYw--