From owner-freebsd-current Sat Dec 21 10:24:24 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46A8337B401; Sat, 21 Dec 2002 10:24:23 -0800 (PST) Received: from fasterix.frmug.org (fasterix.frmug.org [137.194.36.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FDE343EDC; Sat, 21 Dec 2002 10:24:22 -0800 (PST) (envelope-from pb@fasterix.frmug.org) Received: from fasterix.frmug.org (localhost [127.0.0.1]) by fasterix.frmug.org (8.12.6/8.12.5) with ESMTP id gBLIOKoF001035 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 21 Dec 2002 19:24:20 +0100 (CET) (envelope-from pb@fasterix.frmug.org) Received: (from pb@localhost) by fasterix.frmug.org (8.12.6/8.12.6/Submit) id gBLIOJjp001034; Sat, 21 Dec 2002 19:24:19 +0100 (CET) Date: Sat, 21 Dec 2002 19:24:19 +0100 From: Pierre Beyssac To: freebsd-current@freebsd.org Cc: hsu@freebsd.org, jlemon@freebsd.org Subject: panic in netinet/tcp_syncache.c: syncache_timer Message-ID: <20021221182419.GA913@fasterix.frmug.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to worms and viruses Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'd like a review of the following fix I'd like to commit. The syncache_timer() function seems to have a locking problem causing panics, even after yesterday's patches. This apparently occurs when there are unexpired syncache entries while the corresponding listening socket is closed. tcp_close() destroys the relevant lock in the inpcb structure, which causes INP_LOCK() on that structure in the next syncache_timer() call to panic. I'm testing the patch below, which simply removes the inpcb locking and avoids the panic. It seems safe to me since we're running splnet, but I'm not sure it's correct since I suppose the locking is there for a reason... --- tcp_syncache.c.old Sat Dec 21 03:03:22 2002 +++ tcp_syncache.c Sat Dec 21 17:50:10 2002 @@ -384,14 +384,12 @@ break; sc = nsc; inp = sc->sc_tp->t_inpcb; - INP_LOCK(inp); if (slot == SYNCACHE_MAXREXMTS || slot >= tcp_syncache.rexmt_limit || inp->inp_gencnt != sc->sc_inp_gencnt) { nsc = TAILQ_NEXT(sc, sc_timerq); syncache_drop(sc, NULL); tcpstat.tcps_sc_stale++; - INP_UNLOCK(inp); continue; } /* @@ -400,7 +398,6 @@ * entry on the timer chain until it has completed. */ (void) syncache_respond(sc, NULL); - INP_UNLOCK(inp); nsc = TAILQ_NEXT(sc, sc_timerq); tcpstat.tcps_sc_retransmitted++; TAILQ_REMOVE(&tcp_syncache.timerq[slot], sc, sc_timerq); -- Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org Free domains: http://www.eu.org/ or mail dns-manager@EU.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message