Philip Kirk - Solaris Sustaining wrote:
Hi Darren,
I think there's a potential panic in ipif_down(). In the case where we
send an NE_DOWN event we hold the ill_lock so if a callback gets run
that does something like net_getifname(), this will call
ill_lookup_on_ifindex() which will take the ill_lock and we'll get a
recursive mutex enter panic. Maybe this is just something you're not
meant to do but it seems reasonable that on receiving an NE_DOWN event
you might want to lookup the name of the nic.
We discussed this in an internal code review and I thought we resolved
to do something with this but obviously nothing happened..
I believe the code should really be:
if (ipif->ipif_flags & IPIF_UP) {
mutex_enter(&ill->ill_lock);
ipif->ipif_flags &= ~IPIF_UP;
mutex_exit(&ill->ill_lock);
ASSERT(ill->ill_ipif_up_count > 0);
--ill->ill_ipif_up_count;
ipif_was_up = B_TRUE;
if (ill->ill_ipif_up_count == 0) {
...
(void) hook_run(hr, (hook_data_t)&info);
}
/* Update status in SCTP's list */
sctp_update_ipif(ipif, SCTP_IPIF_DOWN);
}
The ill_lock is only required to protect ipif_flags
and ill_ipif_up_count can only change in one of two
places, both of which are mutually exclusive of each
other as they assert holding a write lock on the
squeue.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
