From root@watchdog.lcs.mit.edu  Thu Jul 12 14:02:34 2001
Return-Path: <root@watchdog.lcs.mit.edu>
Received: from watchdog.lcs.mit.edu (watchdog.lcs.mit.edu [18.24.4.198])
	by hub.freebsd.org (Postfix) with ESMTP id 7A3C037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 12 Jul 2001 14:02:33 -0700 (PDT)
	(envelope-from root@watchdog.lcs.mit.edu)
Received: (from root@localhost)
	by watchdog.lcs.mit.edu (8.11.4/8.11.4) id f6CL2Ws00422;
	Thu, 12 Jul 2001 17:02:32 -0400 (EDT)
	(envelope-from root)
Message-Id: <200107122102.f6CL2Ws00422@watchdog.lcs.mit.edu>
Date: Thu, 12 Jul 2001 17:02:32 -0400 (EDT)
From: Garrett Wollman <wollman@lcs.mit.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: IPv6 prefix-discovery code sleeps when it shouldn't
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         28927
>Category:       kern
>Synopsis:       IPv6 prefix-discovery code sleeps when it shouldn't
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    ume
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 12 14:10:01 PDT 2001
>Closed-Date:    Sun Jul 15 07:25:13 PDT 2001
>Last-Modified:  Sun Jul 15 07:30:28 PDT 2001
>Originator:     Garrett Wollman
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
MIT Laboratory for Computer Science
>Environment:
System: FreeBSD watchdog.lcs.mit.edu 4.3-STABLE FreeBSD 4.3-STABLE #3: Thu Jul 12 12:40:59 EDT 2001 root@:/usr/src/sys/compile/WATCHDOG i386


	
>Description:
	When acquiring a new prefix from a router, the IPv6 code
	can call malloc(..., M_WAITOK) from interrupt context.
	This causes a crash.  It is clear from the context that
	the code was written to be able to fail gracefully,
	and that it is called from interrupt context, so the
	solution is trivial.

	For some reason, this error only manifested itself when
	I switched from an `fxp' to a `ti' network interface,
	perhaps because the latter takes an inordinate amount
	of time to bring the link up, so that the initial
	router discovery message is never sent and the new
	prefix is only learned through the router's periodic
	broadcasts.
>How-To-Repeat:
	Run IPv6 on a Netgear GA620T.  Run a mildly network-intensive
	task and wait for the BOOM!
>Fix:

Index: netinet6/in6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
retrieving revision 1.7.2.3
diff -u -r1.7.2.3 in6.c
--- netinet6/in6.c	2001/07/03 11:01:50	1.7.2.3
+++ netinet6/in6.c	2001/07/12 16:40:26
@@ -900,7 +900,7 @@
 	if (ia == NULL) {
 		hostIsNew = 1;
 		ia = (struct in6_ifaddr *)
-			malloc(sizeof(*ia), M_IFADDR, M_WAITOK);
+			malloc(sizeof(*ia), M_IFADDR, M_NOWAIT);
 		if (ia == NULL)
 			return (ENOBUFS);
 		bzero((caddr_t)ia, sizeof(*ia));
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ume 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Fri Jul 13 01:18:58 PDT 2001 
Responsible-Changed-Why:  
Looks like one for ume - It looks like this patch should apply to the 
kame tree aswell as FreeBSD. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28927 
State-Changed-From-To: open->closed 
State-Changed-By: ume 
State-Changed-When: Sun Jul 15 07:25:13 PDT 2001 
State-Changed-Why:  
Thank you for your report.  I just committed it with some comment. 

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/in6.c.diff?r1=1.13&r2=1.14 

This fix was also applied into KAME repo. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28927 
>Unformatted:
