-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken allocation failure branches #129
Labels
Comments
Here's the configuration of the crashing system, FWIW
|
netbsd-srcmastr
pushed a commit
to NetBSD/src
that referenced
this issue
Oct 17, 2023
thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129 XXX pullup-10 XXX pullup-9
netbsd-srcmastr
pushed a commit
to NetBSD/src
that referenced
this issue
Oct 20, 2023
sys/kern/subr_thmap.c: revision 1.14 sys/kern/subr_thmap.c: revision 1.15 thmap(9): Test alloc failure, not THMAP_GETPTR failure. THMAP_GETPTR may return nonnull even though alloc returned zero. Note that this failure branch is not actually appropriate; thmap_create should not fail. We really need to pass KM_SLEEP through in this call site even though there are other call sites for which KM_NOSLEEP is appropriate. Adapted from: rmind/thmap#14 PR kern/57666 rmind/thmap#13 thmap(9): Preallocate GC list storage for thmap_del. thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129
netbsd-srcmastr
pushed a commit
to NetBSD/src
that referenced
this issue
Oct 20, 2023
sys/kern/subr_thmap.c: revision 1.14 sys/kern/subr_thmap.c: revision 1.15 thmap(9): Test alloc failure, not THMAP_GETPTR failure. THMAP_GETPTR may return nonnull even though alloc returned zero. Note that this failure branch is not actually appropriate; thmap_create should not fail. We really need to pass KM_SLEEP through in this call site even though there are other call sites for which KM_NOSLEEP is appropriate. Adapted from: rmind/thmap#14 PR kern/57666 rmind/thmap#13 thmap(9): Preallocate GC list storage for thmap_del. thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129
rokuyama
pushed a commit
to IIJ-NetBSD/netbsd-src
that referenced
this issue
Oct 26, 2023
thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129 XXX pullup-10 XXX pullup-9
rokuyama
pushed a commit
to IIJ-NetBSD/netbsd-src
that referenced
this issue
Oct 26, 2023
sys/kern/subr_thmap.c: revision 1.14 sys/kern/subr_thmap.c: revision 1.15 thmap(9): Test alloc failure, not THMAP_GETPTR failure. THMAP_GETPTR may return nonnull even though alloc returned zero. Note that this failure branch is not actually appropriate; thmap_create should not fail. We really need to pass KM_SLEEP through in this call site even though there are other call sites for which KM_NOSLEEP is appropriate. Adapted from: rmind/thmap#14 PR kern/57666 rmind/thmap#13 thmap(9): Preallocate GC list storage for thmap_del. thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129
rokuyama
pushed a commit
to IIJ-NetBSD/netbsd-src
that referenced
this issue
Oct 27, 2023
sys/kern/subr_thmap.c: revision 1.14 sys/kern/subr_thmap.c: revision 1.15 thmap(9): Test alloc failure, not THMAP_GETPTR failure. THMAP_GETPTR may return nonnull even though alloc returned zero. Note that this failure branch is not actually appropriate; thmap_create should not fail. We really need to pass KM_SLEEP through in this call site even though there are other call sites for which KM_NOSLEEP is appropriate. Adapted from: rmind/thmap#14 PR kern/57666 rmind/thmap#13 thmap(9): Preallocate GC list storage for thmap_del. thmap_del can't fail, and it is used in places in npf where sleeping is forbidden, so it can't rely on allocating memory either. Instead of having thmap_del allocate memory on the fly for each object to defer freeing until thmap_gc, arrange to have thmap(9) preallocate the same storage when allocating all the objects in the first place, with a GC header. This is suboptimal for memory usage, especially on insertion- and lookup-heavy but deletion-light workloads, but it's not clear rmind's alternative (https://github.com/rmind/thmap/tree/thmap_del_mem_fail) is ready to use yet, so we'll go with this for correctness. PR kern/57208 rmind/npf#129
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
npf_conn_establish (invoked from the packet-processing path in softint context) has an error branch to handle memory allocation failure in thmap_put (via npf_conndb_insert), but the error branch calls thmap_del (via npf_conndb_remove), which relies on memory allocation to succeed (rmind/thmap#11):
npf/src/kern/npf_conn.c
Lines 477 to 480 in 2efbe28
This error branch is essentially guaranteed to crash -- see, e.g.: https://gnats.netbsd.org/57208
Environment and configuration
Environment:
Configuration:
N/A
Any additional information
The text was updated successfully, but these errors were encountered: