Date: Thu, 20 Oct 2016 02:03:19 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r307664 - stable/11/sys/netinet Message-ID: <201610200203.u9K23Jwx056865@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Thu Oct 20 02:03:19 2016 New Revision: 307664 URL: https://svnweb.freebsd.org/changeset/base/307664 Log: MFC: r306559 r297225 broke udp_output() for the case where the "addr" argument is NULL and the function jumps to the "release:" label. For this case, the "inp" was write locked, but the code attempted to read unlock it. This patch fixes the problem. This case could occur for NFS over UDP mounts, where the server was down for a few minutes under certain circumstances. Modified: stable/11/sys/netinet/udp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/udp_usrreq.c ============================================================================== --- stable/11/sys/netinet/udp_usrreq.c Thu Oct 20 01:21:10 2016 (r307663) +++ stable/11/sys/netinet/udp_usrreq.c Thu Oct 20 02:03:19 2016 (r307664) @@ -1559,12 +1559,18 @@ udp_output(struct inpcb *inp, struct mbu release: if (unlock_udbinfo == UH_WLOCKED) { + KASSERT(unlock_inp == UH_WLOCKED, + ("%s: excl udbinfo lock, shared inp lock", __func__)); INP_HASH_WUNLOCK(pcbinfo); INP_WUNLOCK(inp); } else if (unlock_udbinfo == UH_RLOCKED) { + KASSERT(unlock_inp == UH_RLOCKED, + ("%s: shared udbinfo lock, excl inp lock", __func__)); INP_HASH_RUNLOCK(pcbinfo); INP_RUNLOCK(inp); - } else + } else if (unlock_inp == UH_WLOCKED) + INP_WUNLOCK(inp); + else INP_RUNLOCK(inp); m_freem(m); return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610200203.u9K23Jwx056865>