From owner-cvs-src-old@FreeBSD.ORG  Tue Feb  1 13:34:01 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 71B0B1065780
	for <cvs-src-old@freebsd.org>; Tue,  1 Feb 2011 13:34:01 +0000 (UTC)
	(envelope-from kib@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F3818FC1B
	for <cvs-src-old@freebsd.org>; Tue,  1 Feb 2011 13:34:01 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p11DY1ab002114
	for <cvs-src-old@freebsd.org>; Tue, 1 Feb 2011 13:34:01 GMT
	(envelope-from kib@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p11DY1mW002113
	for cvs-src-old@freebsd.org; Tue, 1 Feb 2011 13:34:01 GMT
	(envelope-from kib@repoman.freebsd.org)
Message-Id: <201102011334.p11DY1mW002113@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	kib@repoman.freebsd.org using -f
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Tue, 1 Feb 2011 13:33:49 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/kern uipc_usrreq.c
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 13:34:01 -0000

kib         2011-02-01 13:33:49 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             uipc_usrreq.c 
  Log:
  SVN rev 218168 on 2011-02-01 13:33:49Z by kib
  
  The unp_gc() function drops and reaquires lock between scan and
  collect phases.  The unp_discard() function executes
  unp_externalize_fp(), which might make the socket eligible for gc-ing,
  and then, later, taskqueue will close the socket.  Since unp_gc()
  dropped the list lock to do the malloc, close might happen after the
  mark step but before the collection step, causing collection to not
  find the socket and miss one array element.
  
  I believe that the race was there before r216158, but the stated
  revision made the window much wider by postponing the close to
  taskqueue sometimes.
  
  Only process as much array elements as we find the sockets during
  second phase of gc [1].  Take linkage lock and recheck the eligibility
  of the socket for gc, as well as call fhold() under the linkage lock.
  
  Reported and tested by: jmallett
  Submitted by:   jmallett [1]
  Reviewed by:    rwatson, jeff (possibly)
  MFC after:      1 week
  
  Revision  Changes    Path
  1.242     +16 -12    src/sys/kern/uipc_usrreq.c