rrs added a comment.
Imp:
Ok I have spent a bit of time puzzling this out. First I was mistaken, the
callouts being run
are either arptimer or nd6timer(function name not right). These are not using
giant but
the passed in lle structure rw_lock.
We need to adjust these so that they check they:
1) get the lock (since the callout system would no longer lock for them the
rw_lock)
2) Check the pending bit.. if its set some other place as restarted the callout
(there are several
places this can happen from).
3) Don't check the !callout_active() flag, since this would mean its not been
rescheduled and
it actually was cleared by the lle_table_flush (wrong function name here)
function, in there
its watching the return of the callout (its where the crash was from). So
instead now since
the "callout can't be stopped" it returns 0 (not lowering the reference)
even though the callout
can't be stopped, it will have removed the active bit which.. so if we
returned here we would
leak the memory leaving the reference up, so instead we go ahead and finish
processing the callout
doing the reference lowering and removal.
Its a bit odd from the normal way you do it but I think it will work fine.
REVISION DETAIL
https://reviews.freebsd.org/D1711
To: rrs, gnn, rwatson, lstewart, jhb, kostikbel, sbruno, imp, adrian, hselasky
Cc: julian, hiren, jhb, kostikbel, emaste, delphij, neel, erj, freebsd-net
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
