From dunstan@freebsd.czest.pl  Tue Aug 16 10:57:47 2005
Return-Path: <dunstan@freebsd.czest.pl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A54CD16A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Aug 2005 10:57:47 +0000 (GMT)
	(envelope-from dunstan@freebsd.czest.pl)
Received: from freebsd.czest.pl (silver.iplus.pl [80.48.250.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8C47343D49
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Aug 2005 10:57:45 +0000 (GMT)
	(envelope-from dunstan@freebsd.czest.pl)
Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4])
	by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id j7GBCdGW059964
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Aug 2005 11:12:40 GMT
	(envelope-from dunstan@freebsd.czest.pl)
Received: (from dunstan@localhost)
	by freebsd.czest.pl (8.12.10/8.12.9/Submit) id j7GBCd7T059963;
	Tue, 16 Aug 2005 11:12:39 GMT
	(envelope-from dunstan)
Message-Id: <200508161112.j7GBCd7T059963@freebsd.czest.pl>
Date: Tue, 16 Aug 2005 11:12:39 GMT
From: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl>
Reply-To: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] if_ef: BUG: if_attach called without if_alloc'd input()
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         84987
>Category:       kern
>Synopsis:       [PATCH] if_ef: BUG: if_attach called without if_alloc'd input()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    brooks
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 16 11:00:38 GMT 2005
>Closed-Date:    Sat Aug 20 19:16:10 GMT 2005
>Last-Modified:  Sat Aug 20 19:16:10 GMT 2005
>Originator:     Wojciech A. Koszek
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD laptop.freebsd.czest.pl 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Aug 16 12:29:31 CEST 2005 dunstan@laptop.freebsd.czest.pl:/usr/obj/usr/src/sys/LAPTOP i386


>Description:
if_ef causes panic on -CURRENT. My analisis:
if_ef.c uses correct logic (with if_alloc(), passes correct pointer to
ether_ifattach()). if_findindex() from src/sys/net/if.c seems to contain
small bug, and returns the same index more then once. Without posting
very ugly hack coded in order to see what happens, this is what I got 
on -CURRENT:


if_findindex, checking unit = 1
unit(1) <= if_index(2)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(2)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^ Ok
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
if_findindex, checking unit = 1
unit(1) <= if_index(3)
ifaddr_byindex(1) != NULL
if_findindex, checking unit = 2
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
[..]
unit(2) <= if_index(3)
ifaddr_byindex(2) != NULL
if_findindex, checking unit = 3
unit(3) <= if_index(3)
if_findindex, unit == 3
if_alloc, Allocated if_index: 3
                             ^^^
This is why:
if (ifp->if_index == 0 || ifp != ifnet_byindex(ifp->if_index))
	panic ("%s: BUG: if_attach called without if_alloc'd input()\n",
	    ifp->if_xname);
Reports problem (second condition is true).

>How-To-Repeat:
kldload /boot/kernel/if_ef.ko
>Fix:
Patch [diff.0.if.c] corrects this problem. Needs review.

--- diff.0.if.c begins here ---
diff -upr /usr/src/sys/net/if.c src/sys/net/if.c
--- /usr/src/sys/net/if.c	Sun Aug 14 14:38:50 2005
+++ src/sys/net/if.c	Tue Aug 16 12:28:02 2005
@@ -370,7 +370,7 @@ found:
 		    name, unit, devname);
 	}
 	for (unit = 1; ; unit++) {
-		if (unit <= if_index && ifaddr_byindex(unit) != NULL)
+		if (unit <= if_index || ifaddr_byindex(unit) != NULL)
 			continue;
 		if (resource_string_value(name, unit, "ether", &p) == 0 ||
 		    resource_string_value(name, unit, "dev", &p) == 0)
--- diff.0.if.c ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->brooks 
Responsible-Changed-By: brooks 
Responsible-Changed-When: Tue Aug 16 17:46:00 GMT 2005 
Responsible-Changed-Why:  
I'll take this one.  It think the fix is correct, but want to test it 
my self before commit. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 
State-Changed-From-To: open->patched 
State-Changed-By: brooks 
State-Changed-When: Thu Aug 18 19:24:59 GMT 2005 
State-Changed-Why:  
Committed a different patch to HEAD.  I hope to merge it for 6.0-BETA3. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 
State-Changed-From-To: patched->closed 
State-Changed-By: brooks 
State-Changed-When: Sat Aug 20 19:15:47 GMT 2005 
State-Changed-Why:  
Fix MFCd. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84987 
>Unformatted:
