From owner-cvs-all@FreeBSD.ORG Wed Jan 23 23:40:22 2008 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F131616A421; Wed, 23 Jan 2008 23:40:22 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id F2D5713C457; Wed, 23 Jan 2008 23:40:22 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0NNeMkB029038; Wed, 23 Jan 2008 23:40:22 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0NNeM5H029037; Wed, 23 Jan 2008 23:40:22 GMT (envelope-from rwatson) Message-Id: <200801232340.m0NNeM5H029037@repoman.freebsd.org> From: Robert Watson Date: Wed, 23 Jan 2008 23:40:22 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_7 Cc: Subject: cvs commit: src/sys/netinet tcp_usrreq.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2008 23:40:23 -0000 rwatson 2008-01-23 23:40:22 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) sys/netinet tcp_usrreq.c Log: Merge tcp_usrreq.c:1.167 from HEAD to RELENG_7: tcp_usrreq.c:1.313 removed tcbinfo locking from tcp_usr_accept(), which while in principle a good idea, opened us up to a race inherrent to the syncache's direct insertion of incoming TCP connections into the "completed connection" listen queue, as it transpires that the socket is inserted before the inpcb is fully filled in by syncache_expand(). The bug manifested with the occasional returning of 0.0.0.0:0 in the address returned by the accept() system call, which occurred if accept managed to execute tcp_usr_accept() before syncache_expand() had copied the endpoint addresses into inpcb connection state. Re-add tcbinfo locking around the address copyout, which has the effect of delaying the copy until syncache_expand() has finished running, as it is run while the tcbinfo lock is held. This is undesirable in that it increases contention on tcbinfo further, but a more significant change will be required to how the syncache inserts new sockets in order to fix this and keep more granular locking here. In particular, either more state needs to be passed into sonewconn() so that pru_attach() can fill in the fields *before* the socket is inserted, or the socket needs to be inserted in the incomplete connection queue until it is actually ready to be used. Reported by: glebius (and kris) Tested by: glebius Approved: re (kensmith) Revision Changes Path 1.163.2.2 +2 -0 src/sys/netinet/tcp_usrreq.c