Date: Tue, 1 Feb 2011 13:33:49 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern uipc_usrreq.c Message-ID: <201102011334.p11DY1mW002113@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2011-02-01 13:33:49 UTC
FreeBSD src repository
Modified files:
sys/kern uipc_usrreq.c
Log:
SVN rev 218168 on 2011-02-01 13:33:49Z by kib
The unp_gc() function drops and reaquires lock between scan and
collect phases. The unp_discard() function executes
unp_externalize_fp(), which might make the socket eligible for gc-ing,
and then, later, taskqueue will close the socket. Since unp_gc()
dropped the list lock to do the malloc, close might happen after the
mark step but before the collection step, causing collection to not
find the socket and miss one array element.
I believe that the race was there before r216158, but the stated
revision made the window much wider by postponing the close to
taskqueue sometimes.
Only process as much array elements as we find the sockets during
second phase of gc [1]. Take linkage lock and recheck the eligibility
of the socket for gc, as well as call fhold() under the linkage lock.
Reported and tested by: jmallett
Submitted by: jmallett [1]
Reviewed by: rwatson, jeff (possibly)
MFC after: 1 week
Revision Changes Path
1.242 +16 -12 src/sys/kern/uipc_usrreq.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102011334.p11DY1mW002113>