From owner-cvs-all@FreeBSD.ORG Sun Jul 3 01:26:15 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C2A016B317; Sun, 3 Jul 2005 01:01:40 +0000 (GMT) (envelope-from ps@mu.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BFC44522C; Sun, 3 Jul 2005 00:50:13 +0000 (GMT) (envelope-from ps@mu.org) Received: by elvis.mu.org (Postfix, from userid 1000) id 3EA0B6EA49; Sat, 2 Jul 2005 17:40:36 -0700 (PDT) X-Original-To: ps@mu.org Delivered-To: ps@mu.org Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by elvis.mu.org (Postfix) with ESMTP id E342F5C9C1 for ; Mon, 21 Feb 2005 13:58:31 -0800 (PST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 98B0B55E47 for ; Mon, 21 Feb 2005 21:58:31 +0000 (GMT) (envelope-from owner-src-committers@FreeBSD.org) Received: by hub.freebsd.org (Postfix) id 2A39A16A550; Mon, 21 Feb 2005 21:58:21 +0000 (GMT) Delivered-To: ps@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 538) id 5863816A4D0; Mon, 21 Feb 2005 21:58:19 +0000 (GMT) Delivered-To: src-committers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A76F16A4CE; Mon, 21 Feb 2005 21:58:18 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3E3843D1D; Mon, 21 Feb 2005 21:58:17 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j1LLwHBg071163; Mon, 21 Feb 2005 21:58:17 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j1LLwHSO071162; Mon, 21 Feb 2005 21:58:17 GMT (envelope-from rwatson) Message-Id: <200502212158.j1LLwHSO071162@repoman.freebsd.org> From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Sender: owner-src-committers@FreeBSD.org Precedence: bulk X-Loop: FreeBSD.ORG X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on elvis.mu.org X-Spam-Status: No, score=0.0 required=5.0 tests=AWL,BAYES_00,MANGLED_LIST, SARE_SUB_GAPPY_3,SARE_SUB_LONG_SUBJ_140,SARE_SUB_LONG_SUBJ_170 autolearn=no version=3.0.2 X-Spam-Level: Cc: Subject: cvs commit: src/sys/kern uipc_socket.c uipc_usrreq.c src/sys/netatm atm_cm.c atm_socket.c atm_var.h src/sys/netatm/ipatm ipatm_load.c src/sys/netgraph/bluetooth/socket ng_btsocket_l2cap.c ng_btsocket_rfcomm.c src/sys/netinet ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Sun, 03 Jul 2005 01:26:15 -0000 X-Original-Date: Mon, 21 Feb 2005 21:58:17 +0000 (UTC) X-List-Received-Date: Sun, 03 Jul 2005 01:26:15 -0000 rwatson 2005-02-21 21:58:17 UTC FreeBSD src repository Modified files: sys/kern uipc_socket.c uipc_usrreq.c sys/netatm atm_cm.c atm_socket.c atm_var.h sys/netatm/ipatm ipatm_load.c sys/netgraph/bluetooth/socket ng_btsocket_l2cap.c ng_btsocket_rfcomm.c sys/netinet tcp_usrreq.c sys/netipx spx_usrreq.c sys/sys socketvar.h Log: In the current world order, solisten() implements the state transition of a socket from a regular socket to a listening socket able to accept new connections. As part of this state transition, solisten() calls into the protocol to update protocol-layer state. There were several bugs in this implementation that could result in a race wherein a TCP SYN received in the interval between the protocol state transition and the shortly following socket layer transition would result in a panic in the TCP code, as the socket would be in the TCPS_LISTEN state, but the socket would not have the SO_ACCEPTCONN flag set. This change does the following: - Pushes the socket state transition from the socket layer solisten() to to socket "library" routines called from the protocol. This permits the socket routines to be called while holding the protocol mutexes, preventing a race exposing the incomplete socket state transition to TCP after the TCP state transition has completed. The check for a socket layer state transition is performed by solisten_proto_check(), and the actual transition is performed by solisten_proto(). - Holds the socket lock for the duration of the socket state test and set, and over the protocol layer state transition, which is now possible as the socket lock is acquired by the protocol layer, rather than vice versa. This prevents additional state related races in the socket layer. This permits the dual transition of socket layer and protocol layer state to occur while holding locks for both layers, making the two changes atomic with respect to one another. Similar changes are likely require elsewhere in the socket/protocol code. Reported by: Peter Holm Review and fixes from: emax, Antoine Brodin Philosophical head nod: gnn Revision Changes Path 1.233 +42 -14 src/sys/kern/uipc_socket.c 1.151 +14 -9 src/sys/kern/uipc_usrreq.c 1.33 +13 -1 src/sys/netatm/atm_cm.c 1.23 +1 -1 src/sys/netatm/atm_socket.c 1.26 +2 -2 src/sys/netatm/atm_var.h 1.21 +2 -2 src/sys/netatm/ipatm/ipatm_load.c 1.16 +21 -6 src/sys/netgraph/bluetooth/socket/ng_btsocket_l2cap.c 1.15 +25 -19 src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c 1.115 +14 -4 src/sys/netinet/tcp_usrreq.c 1.62 +7 -2 src/sys/netipx/spx_usrreq.c 1.139 +2 -0 src/sys/sys/socketvar.h