Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Dec 2006 14:13:34 +0100
From:      Bernd Walter <ticso@cicely12.cicely.de>
To:        Luigi Rizzo <luigi@FreeBSD.org>, imp@FreeBSD.org
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/net if_ethersubr.c
Message-ID:  <20061212131333.GU54209@cicely12.cicely.de>
In-Reply-To: <200612081036.kB8AakMD029277@repoman.freebsd.org>
References:  <200612081036.kB8AakMD029277@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 08, 2006 at 10:36:46AM +0000, Luigi Rizzo wrote:
> luigi       2006-12-08 10:36:45 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/net              if_ethersubr.c 
>   Log:
>   Fix an oscure bug triggered by a recent change in kern_socket.c.
>   The symptoms were that outgoing DHCP requests for diskless kernels
>   had the IP header corrupt. After long investigations, the source of
>   the problem was found in ether_output() - for SIMPLEX interfaces
>   and broadcast traffic, a copy of the packet is passed back to the kernel
>   through if_simloop(). However if_simloop() modifies the mbuf, while
>   the copy obtained through m_copym() is a readonly one.
>   
>   The bug has been there forever, but it has been triggered only recently
>   by a change in sosend_dgram() which passed down mbufs with sufficient
>   space to prepend the header.
>   
>   This fix is trivial - use m_dup() instead of m_copy() to create
>   the copy. As an alternative, we could try and modify if_simloop()
>   to play safely with readonly mbufs, but i don't think it is worthwhile
>   because 1) this is a relatively infrequent code path so we do not need
>   to worry too much about performance, and 2) the cost of doing an
>   extra m_pullup in if_simloop() is probably the same as doing the
>   copy of the cluster, anyways.

This change produces an alignment panic on arm.
Reverting it gets my system back to live.

Sending DHCP Discover packet from interface ate0 (00:0e:42:02:00:21)
Fatal kernel mode data abort: 'Alignment Fault 3'
trapframe: 0xc529fd98
FSR=000000f3, FAR=c08e181e, spsr=20000013
r0 =c08a2e00, r1 =c529fdec, r2 =00000045, r3 =000005d0
r4 =c08e180e, r5 =c01eb8a0, r6 =00000014, r7 =00000000
r8 =00000000, r9 =c01fb9ac, r10=c079acb8, r11=c529fe10
r12=c08a2e00, ssp=c529fde4, slr=c00d2670, pc =c00e2afc

[thread pid 11 tid 100004 ]
Stopped at      ip_input+0x9c:  ldr     r1, [r4, #0x010]

-- 
B.Walter                http://www.bwct.de      http://www.fizon.de
bernd@bwct.de           info@bwct.de            support@fizon.de



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061212131333.GU54209>