> Hi All, > Eugene has reported about the following assertion in the ARP code: > http://www.grosbein.net/freebsd/crash/arp-kassert.txt
> After some investigation I found that L2 cache has reference leak, that > can lead to integer overflow and this assertion. > The one of the ways to reproduce this overflow can be demonstrated with > simple IP forwarding, when ip_forward() is used (not ip_tryforward). > I asked olivier@ to reproduce this leak and he got this result: > http://slexy.org/view/s21ql7nA0q > After further investigation I found similar leak in the IPv6 TCP path. > Simple iperf test shows these results: > # dtrace -n 'fbt::in6_lltable_dump_entry:entry {printf("%d", > args[1]->lle_refcnt);}' > dtrace: description 'fbt::in6_lltable_dump_entry:entry ' matched 1 probe > CPU ID FUNCTION:NAME > 51 18589 in6_lltable_dump_entry:entry 55721 > 51 18589 in6_lltable_dump_entry:entry 1 > 51 18589 in6_lltable_dump_entry:entry 1 > 51 18589 in6_lltable_dump_entry:entry 2 > 38 18589 in6_lltable_dump_entry:entry 111417 > 38 18589 in6_lltable_dump_entry:entry 1 > 38 18589 in6_lltable_dump_entry:entry 1 > -- > WBR, Andrey V. Elsukov Thanks! Could you try the following patch (compiles, but untested): Index: netinet/ip_input.c =================================================================== --- netinet/ip_input.c (revision 315160) +++ netinet/ip_input.c (working copy) @@ -60,6 +60,7 @@ #include <net/if_types.h> #include <net/if_var.h> #include <net/if_dl.h> +#include <net/if_llatbl.h> #include <net/route.h> #include <net/netisr.h> #include <net/rss_config.h> @@ -1066,6 +1067,8 @@ if (error == EMSGSIZE && ro.ro_rt) mtu = ro.ro_rt->rt_mtu; RO_RTFREE(&ro); + if (ro.ro_lle) + LLE_FREE(ro.ro_lle); if (error) IPSTAT_INC(ips_cantforward); Index: netinet6/ip6_forward.c =================================================================== --- netinet6/ip6_forward.c (revision 315160) +++ netinet6/ip6_forward.c (working copy) @@ -52,6 +52,7 @@ #include <net/if.h> #include <net/if_var.h> #include <net/netisr.h> +#include <net/if_llatbl.h> #include <net/route.h> #include <net/pfil.h> @@ -431,4 +432,6 @@ out: if (rt != NULL) RTFREE(rt); + if (rin6.ro_lle) + LLE_FREE(rin6.ro_lle); } Thanks, Mike _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"