From owner-svn-src-user@FreeBSD.ORG Sat Nov 3 17:53:04 2012 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7FF4FD0 for ; Sat, 3 Nov 2012 17:53:04 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 3DA8F8FC14 for ; Sat, 3 Nov 2012 17:53:03 +0000 (UTC) Received: (qmail 35265 invoked from network); 3 Nov 2012 19:28:55 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 3 Nov 2012 19:28:55 -0000 Message-ID: <509559F0.7030000@freebsd.org> Date: Sat, 03 Nov 2012 18:52:48 +0100 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121010 Thunderbird/16.0.1 MIME-Version: 1.0 To: src-committers@freebsd.org Subject: Re: svn commit: r242517 - user/andre/tcp_workqueue/sys/kern References: <201211031749.qA3Hn5bR013453@svn.freebsd.org> In-Reply-To: <201211031749.qA3Hn5bR013453@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-user@freebsd.org X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Nov 2012 17:53:04 -0000 On 03.11.2012 18:49, Andre Oppermann wrote: > Author: andre > Date: Sat Nov 3 17:49:04 2012 > New Revision: 242517 > URL: http://svn.freebsd.org/changeset/base/242517 > > Log: > Fix a race on listen socket teardown where while draining the > accept queues a new socket/connection may be added to the queue > due to a race on the ACCEPT_LOCK. > > The submitted patch is slightly changed in comments, teardown > and locking order and extended with KASSERT's. > > Submitted by: Vijay Singh > Found by: His team. I'm waiting on Vijay's feedback on my changes and merge to HEAD when I've received his report. -- Andre > Modified: > user/andre/tcp_workqueue/sys/kern/uipc_socket.c > > Modified: user/andre/tcp_workqueue/sys/kern/uipc_socket.c > ============================================================================== > --- user/andre/tcp_workqueue/sys/kern/uipc_socket.c Sat Nov 3 16:06:14 2012 (r242516) > +++ user/andre/tcp_workqueue/sys/kern/uipc_socket.c Sat Nov 3 17:49:04 2012 (r242517) > @@ -555,6 +555,16 @@ sonewconn(struct socket *head, int conns > so->so_snd.sb_flags |= head->so_snd.sb_flags & SB_AUTOSIZE; > so->so_state |= connstatus; > ACCEPT_LOCK(); > + /* > + * The accept socket may be tearing down but we just > + * won a race on the ACCEPT_LOCK. > + */ > + if (!(so->so_options & SO_ACCEPTCONN)) { > + SOCK_LOCK(so); > + so->so_head = NULL; > + sofree(so); /* NB: returns ACCEPT_UNLOCK'ed. */ > + return (NULL); > + } > if (connstatus) { > TAILQ_INSERT_TAIL(&head->so_comp, so, so_list); > so->so_qstate |= SQ_COMP; > @@ -780,9 +790,14 @@ soclose(struct socket *so) > drop: > if (so->so_proto->pr_usrreqs->pru_close != NULL) > (*so->so_proto->pr_usrreqs->pru_close)(so); > + ACCEPT_LOCK(); > if (so->so_options & SO_ACCEPTCONN) { > struct socket *sp; > - ACCEPT_LOCK(); > + /* > + * Prevent new additions to the accept queues due > + * to ACCEPT_LOCK races while we are draining them. > + */ > + so->so_options &= ~SO_ACCEPTCONN; > while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) { > TAILQ_REMOVE(&so->so_incomp, sp, so_list); > so->so_incqlen--; > @@ -801,9 +816,11 @@ drop: > soabort(sp); > ACCEPT_LOCK(); > } > - ACCEPT_UNLOCK(); > + KASSERT((TAILQ_EMPTY(&so->so_comp)), > + ("%s: so_comp populated", __func__)); > + KASSERT((TAILQ_EMPTY(&so->so_incomp)), > + ("%s: so_incomp populated", __func__)); > } > - ACCEPT_LOCK(); > SOCK_LOCK(so); > KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF")); > so->so_state |= SS_NOFDREF; > >