From owner-freebsd-current@FreeBSD.ORG Mon May 15 00:56:19 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8157816A401 for ; Mon, 15 May 2006 00:56:19 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2063A43D45 for ; Mon, 15 May 2006 00:56:19 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E503646BF9; Sun, 14 May 2006 20:56:17 -0400 (EDT) Date: Mon, 15 May 2006 01:56:17 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Maxim Konovalov In-Reply-To: <20060515025600.U70399@mp2.macomnet.net> Message-ID: <20060515015102.F9273@fledge.watson.org> References: <20060317141627.W2181@fledge.watson.org> <20060329100839.V19236@fledge.watson.org> <20060401102918.P79188@fledge.watson.org> <20060401170554.R82503@fledge.watson.org> <20060402233436.P76562@fledge.watson.org> <20060515025600.U70399@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: current@freebsd.org Subject: Re: HEADS UP: socket and pcb reference changes entering tree today X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2006 00:56:19 -0000 On Mon, 15 May 2006, Maxim Konovalov wrote: > There is a bug in raw ip code processing which panics system. I put a small > regression test in src/tools/regression/netinet/rawconnect. > > At the moment the code path for the connected raw ip socket looks like that: > > % soclose() > % sodisconnect() > % rip_disconnect() > % rip_abort() > % rip_pcbdetach() > % rip_detach <<<--------- panic > % rip_pcbdetach() > > .. and we panics in rip_detach() at KASSERT(inp != NULL). > > With this patch panic has gone. This patch looks good! Thanks for tracking this down :-). Robert N M Watson > > Index: raw_ip.c > =================================================================== > RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v > retrieving revision 1.160 > diff -u -p -r1.160 raw_ip.c > --- raw_ip.c 21 Apr 2006 09:25:39 -0000 1.160 > +++ raw_ip.c 14 May 2006 23:39:15 -0000 > @@ -661,9 +661,19 @@ rip_abort(struct socket *so) > static int > rip_disconnect(struct socket *so) > { > + struct inpcb *inp; > + > if ((so->so_state & SS_ISCONNECTED) == 0) > return ENOTCONN; > - rip_abort(so); > + > + inp = sotoinpcb(so); > + KASSERT(inp != NULL, ("rip_disconnect: inp == NULL")); > + INP_INFO_WLOCK(&ripcbinfo); > + INP_LOCK(inp); > + inp->inp_faddr.s_addr = INADDR_ANY; > + INP_UNLOCK(inp); > + INP_INFO_WUNLOCK(&ripcbinfo); > + so->so_state &= ~SS_ISCONNECTED; > return (0); > } > %%% > > -- > Maxim Konovalov >