Bug 228612 - if_setlladdr() invokes SIOCSIFFLAGS handlers in epoch context
Summary: if_setlladdr() invokes SIOCSIFFLAGS handlers in epoch context
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Matt Macy
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-30 17:48 UTC by Mark Johnston
Modified: 2018-08-29 17:42 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Johnston freebsd_committer freebsd_triage 2018-05-30 17:48:05 UTC 
I'm getting an INVARIANTS panic on boot on ThunderX. It occurs because if_setlladdr() may invoke the driver's SIOCSIFFLAGS handler in epoch context, and this handler may sleep in general.

lo0: link state changed to UP
vnic0: link state changed to UP
lagg0: link state changed to UP
panic: malloc(M_WAITOK) in epoch context
cpuid = 89
time = 1527701819
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
         pc = 0xffff000000667ca4  lr = 0xffff0000000db510
         sp = 0xffff000148eae100  fp = 0xffff000148eae310

db_trace_self_wrapper() at vpanic+0x1a8
         pc = 0xffff0000000db510  lr = 0xffff00000037a364
         sp = 0xffff000148eae320  fp = 0xffff000148eae3d0

vpanic() at kassert_panic+0x1bc
         pc = 0xffff00000037a364  lr = 0xffff00000037a110
         sp = 0xffff000148eae3e0  fp = 0xffff000148eae490

kassert_panic() at malloc_dbg+0x13c                                                                                                                                                               
         pc = 0xffff00000037a110  lr = 0xffff000000354dc0
         sp = 0xffff000148eae4a0  fp = 0xffff000148eae4c0

malloc_dbg() at malloc+0x28
         pc = 0xffff000000354dc0  lr = 0xffff000000354aa8
         sp = 0xffff000148eae4d0  fp = 0xffff000148eae500

malloc() at nicvf_config_data_transfer+0xfc
         pc = 0xffff000000354aa8  lr = 0xffff0000006a7d50
         sp = 0xffff000148eae510  fp = 0xffff000148eae5c0

nicvf_config_data_transfer() at nicvf_if_init_locked+0x14c
         pc = 0xffff0000006a7d50  lr = 0xffff0000006a6f00
         sp = 0xffff000148eae5d0  fp = 0xffff000148eae620

nicvf_if_init_locked() at nicvf_if_ioctl+0x340
         pc = 0xffff0000006a6f00  lr = 0xffff0000006a6bd0
         sp = 0xffff000148eae630  fp = 0xffff000148eae670

nicvf_if_ioctl() at if_setlladdr+0x180
         pc = 0xffff0000006a6bd0  lr = 0xffff00000046bc5c
         sp = 0xffff000148eae680  fp = 0xffff000148eae6e0

if_setlladdr() at lagg_ioctl+0xe20
         pc = 0xffff00000046bc5c  lr = 0xffff000148a8e6d4
         sp = 0xffff000148eae6f0  fp = 0xffff000148eae7a0

lagg_ioctl() at ifioctl+0x7a8
         pc = 0xffff000148a8e6d4  lr = 0xffff000000469bf8
         sp = 0xffff000148eae7b0  fp = 0xffff000148eae860

ifioctl() at kern_ioctl+0x358
         pc = 0xffff000000469bf8  lr = 0xffff0000003e39e0
         sp = 0xffff000148eae870  fp = 0xffff000148eae8c0

kern_ioctl() at sys_ioctl+0x158
         pc = 0xffff0000003e39e0  lr = 0xffff0000003e3638
         sp = 0xffff000148eae8d0  fp = 0xffff000148eae9a0

sys_ioctl() at do_el0_sync+0x498
         pc = 0xffff0000003e3638  lr = 0xffff000000683328
         sp = 0xffff000148eae9b0  fp = 0xffff000148eaea70

do_el0_sync() at handle_el0_sync+0x74
         pc = 0xffff000000683328  lr = 0xffff00000066a1f4
         sp = 0xffff000148eaea80  fp = 0xffff000148eaeb90

handle_el0_sync() at 0x3a53c
         pc = 0xffff00000066a1f4  lr = 0x000000000003a53c
         sp = 0xffff000148eaeba0  fp = 0x0000ffffffffe410
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-05-30 21:46:24 UTC 
A commit references this bug:

Author: mmacy
Date: Wed May 30 21:46:10 UTC 2018
New revision: 334402
URL: https://svnweb.freebsd.org/changeset/base/334402

Log:
  if_setlladdr: don't call ioctl in epoch context

  PR: 228612
  Reported by: markj

Changes:
  head/sys/net/if.c