[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/51467 detaching USB network interface panics
The following reply was made to PR kern/51467; it has been noted by GNATS.
From: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: kern/51467 detaching USB network interface panics
Date: Sun, 27 Nov 2016 10:45:27 +0100
nd6_purge() contains a hack:
* Because if_detach() does *not* release prefixes
* while purging addresses the reference count will
* still be above zero. We therefore reset it to
* make sure that the prefix really gets purged.
pr->ndpr_refcnt = 0;
followed by a call to prelist_remove(pr). This will free the prefix list
although it is still referenced by the interface.
It will also finally call pfxlist_onlink_check().
* Changes on the prefix status might affect address status as well.
* Make sure that all addresses derived from an attached prefix are
* attached, and that all addresses derived from a detached prefix are
* detached. Note, however, that a manually configured address should
* always be attached.
* The precise detection logic is same as the one for prefixes.
Here pfxlist_onlink_check uses the stale ia->ia6_ndpr reference
when calling find_pfxlist_reachable_router().
If the kernel is compiled with DEBUG (implies KMEM_POISON), this
leads to an immediate crash.
Michael van Elst
"A potential Snark may lurk in every tree."
Main Index |
Thread Index |