From owner-freebsd-net@FreeBSD.ORG  Fri Jan  6 11:22:26 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A32F10656D7
	for <freebsd-net@freebsd.org>; Fri,  6 Jan 2012 11:22:26 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id C3F4B8FC1D
	for <freebsd-net@freebsd.org>; Fri,  6 Jan 2012 11:22:25 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 4F53746B0D;
	Fri,  6 Jan 2012 06:22:25 -0500 (EST)
Date: Fri, 6 Jan 2012 11:22:25 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Navdeep Parhar <nparhar@gmail.com>
In-Reply-To: <CAPFoGT-S-gvp12dGBZewEEZUFrWaOL=V4Jotu-pgzOEpcHs7Xg@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1201061120001.31024@fledge.watson.org>
References: <CAPFoGT-S-gvp12dGBZewEEZUFrWaOL=V4Jotu-pgzOEpcHs7Xg@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-net@freebsd.org
Subject: Re: tcp_detach can return with inpcb lock held
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2012 11:22:26 -0000


On Thu, 5 Jan 2012, Navdeep Parhar wrote:

> Looks like there's a case where tcp_detach could return with the inp lock 
> held.  I see an XXXRW comment questioning this possibility, but we should 
> either add an assertion to verify that the case does not occur, or unlock 
> the inpcb before returning.  Or maybe both?

Hi Navdeep:

A number of other folks have pointed this out as well -- usually while 
tracking a different bug, so a fix never gets committed.  I believe we should 
commit + merge the patch you've proposed.  However, as far as I'm aware, it's 
never triggered, so the comment is probably correct.  I'm not sure if we want 
to make the comment an invariant, since other than avoiding this bug, it 
shouldn't need to be true (I think).

Robert

>
> Regards, Navdeep
>
> diff -r 35bdf8d932e8 sys/netinet/tcp_usrreq.c
> --- a/sys/netinet/tcp_usrreq.c  Mon Dec 19 10:08:31 2011 -0800
> +++ b/sys/netinet/tcp_usrreq.c  Thu Jan 05 21:20:24 2012 -0800
> @@ -204,8 +204,11 @@
>                        tcp_discardcb(tp);
>                        in_pcbdetach(inp);
>                        in_pcbfree(inp);
> -               } else
> +               } else {
>                        in_pcbdetach(inp);
> +                       INP_WUNLOCK(inp);
> +               }
> +
>        }
> }
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>