From owner-svn-src-all@FreeBSD.ORG  Wed Jun 24 05:28:09 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7147D1065675;
	Wed, 24 Jun 2009 05:28:09 +0000 (UTC)
	(envelope-from cperciva@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E51E8FC14;
	Wed, 24 Jun 2009 05:28:09 +0000 (UTC)
	(envelope-from cperciva@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n5O5S9OT002645;
	Wed, 24 Jun 2009 05:28:09 GMT
	(envelope-from cperciva@svn.freebsd.org)
Received: (from cperciva@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n5O5S95Z002639;
	Wed, 24 Jun 2009 05:28:09 GMT
	(envelope-from cperciva@svn.freebsd.org)
Message-Id: <200906240528.n5O5S95Z002639@svn.freebsd.org>
From: Colin Percival <cperciva@FreeBSD.org>
Date: Wed, 24 Jun 2009 05:28:09 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-releng@freebsd.org
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r194808 - in releng/7.2: . lib/libc/stdlib sys/conf
	sys/dev/bce sys/dev/fxp
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2009 05:28:09 -0000

Author: cperciva
Date: Wed Jun 24 05:28:09 2009
New Revision: 194808
URL: http://svn.freebsd.org/changeset/base/194808

Log:
  MFS r192477: Fix packet length calculation in bce(4). [EN-09:02]
  
  MFS r191867: Correctly set IP packet length for TSO in fxp(4). [EN-09:03]
  
  MFS r191767: Fix a lock order reversal bug that could cause deadlock during
  fork(2). [EN-09:04]
  
  Submitted by:	re (kensmith)
  Approved by:	so (cperciva)
  Errata:		FreeBSD-SA-09:02.bce
  Errata:		FreeBSD-SA-09:03.fxp
  Errata:		FreeBSD-SA-09:04.fork

Modified:
  releng/7.2/UPDATING
  releng/7.2/lib/libc/stdlib/malloc.c
  releng/7.2/sys/conf/newvers.sh
  releng/7.2/sys/dev/bce/if_bce.c
  releng/7.2/sys/dev/fxp/if_fxp.c

Modified: releng/7.2/UPDATING
==============================================================================
--- releng/7.2/UPDATING	Wed Jun 24 04:56:13 2009	(r194807)
+++ releng/7.2/UPDATING	Wed Jun 24 05:28:09 2009	(r194808)
@@ -8,6 +8,15 @@ Items affecting the ports and packages s
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20090624:	p2	FreeBSD-EN-09:02.bce, FreeBSD-EN-09:03.fxp,
+			FreeBSD-EN-09:04.fork
+	Fix packet length calculation in bce(4). [EN-09:02]
+
+	Correctly set IP packet length for TSO in fxp(4). [EN-09:03]
+
+	Fix a lock order reversal bug that could cause deadlock during
+	fork(2). [EN-09:04]
+
 20090610:	p1	FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
 			FreeBSD-SA-09:11.ntpd
 	Prevent integer overflow in direct pipe write code from circumventing

Modified: releng/7.2/lib/libc/stdlib/malloc.c
==============================================================================
--- releng/7.2/lib/libc/stdlib/malloc.c	Wed Jun 24 04:56:13 2009	(r194807)
+++ releng/7.2/lib/libc/stdlib/malloc.c	Wed Jun 24 05:28:09 2009	(r194808)
@@ -4715,16 +4715,41 @@ _malloc_thread_cleanup(void)
 void
 _malloc_prefork(void)
 {
-	unsigned i;
+	bool again;
+	unsigned i, j;
+	arena_t *larenas[narenas], *tarenas[narenas];
 
 	/* Acquire all mutexes in a safe order. */
 
-	malloc_spin_lock(&arenas_lock);
-	for (i = 0; i < narenas; i++) {
-		if (arenas[i] != NULL)
-			malloc_spin_lock(&arenas[i]->lock);
-	}
-	malloc_spin_unlock(&arenas_lock);
+	/*
+	 * arenas_lock must be acquired after all of the arena mutexes, in
+	 * order to avoid potential deadlock with arena_lock_balance[_hard]().
+	 * Since arenas_lock protects the arenas array, the following code has
+	 * to race with arenas_extend() callers until it succeeds in locking
+	 * all arenas before locking arenas_lock.
+	 */
+	memset(larenas, 0, sizeof(arena_t *) * narenas);
+	do {
+		again = false;
+
+		malloc_spin_lock(&arenas_lock);
+		for (i = 0; i < narenas; i++) {
+			if (arenas[i] != larenas[i]) {
+				memcpy(tarenas, arenas, sizeof(arena_t *) *
+				    narenas);
+				malloc_spin_unlock(&arenas_lock);
+				for (j = 0; j < narenas; j++) {
+					if (larenas[j] != tarenas[j]) {
+						larenas[j] = tarenas[j];
+						malloc_spin_lock(
+						    &larenas[j]->lock);
+					}
+				}
+				again = true;
+				break;
+			}
+		}
+	} while (again);
 
 	malloc_mutex_lock(&base_mtx);
 
@@ -4739,6 +4764,7 @@ void
 _malloc_postfork(void)
 {
 	unsigned i;
+	arena_t *larenas[narenas];
 
 	/* Release all mutexes, now that fork() has completed. */
 
@@ -4750,12 +4776,12 @@ _malloc_postfork(void)
 
 	malloc_mutex_unlock(&base_mtx);
 
-	malloc_spin_lock(&arenas_lock);
+	memcpy(larenas, arenas, sizeof(arena_t *) * narenas);
+	malloc_spin_unlock(&arenas_lock);
 	for (i = 0; i < narenas; i++) {
-		if (arenas[i] != NULL)
-			malloc_spin_unlock(&arenas[i]->lock);
+		if (larenas[i] != NULL)
+			malloc_spin_unlock(&larenas[i]->lock);
 	}
-	malloc_spin_unlock(&arenas_lock);
 }
 
 /*

Modified: releng/7.2/sys/conf/newvers.sh
==============================================================================
--- releng/7.2/sys/conf/newvers.sh	Wed Jun 24 04:56:13 2009	(r194807)
+++ releng/7.2/sys/conf/newvers.sh	Wed Jun 24 05:28:09 2009	(r194808)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="7.2"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/7.2/sys/dev/bce/if_bce.c
==============================================================================
--- releng/7.2/sys/dev/bce/if_bce.c	Wed Jun 24 04:56:13 2009	(r194807)
+++ releng/7.2/sys/dev/bce/if_bce.c	Wed Jun 24 05:28:09 2009	(r194808)
@@ -5895,6 +5895,9 @@ bce_rx_intr(struct bce_softc *sc)
 			/* Set the total packet length. */
 			m0->m_pkthdr.len = m0->m_len = pkt_len;
 		}
+#else
+        /* Set the total packet length. */
+		m0->m_pkthdr.len = m0->m_len = pkt_len;
 #endif
 
 		/* Remove the trailing Ethernet FCS. */

Modified: releng/7.2/sys/dev/fxp/if_fxp.c
==============================================================================
--- releng/7.2/sys/dev/fxp/if_fxp.c	Wed Jun 24 04:56:13 2009	(r194807)
+++ releng/7.2/sys/dev/fxp/if_fxp.c	Wed Jun 24 05:28:09 2009	(r194808)
@@ -1486,7 +1486,8 @@ fxp_encap(struct fxp_softc *sc, struct m
 		 * checksum in the first frame driver should compute it.
 		 */
 		ip->ip_sum = 0;
-		ip->ip_len = htons(ifp->if_mtu);
+		ip->ip_len = htons(m->m_pkthdr.tso_segsz + (ip->ip_hl << 2) +
+		    (tcp->th_off << 2));
 		tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
 		    htons(IPPROTO_TCP + (tcp->th_off << 2) +
 		    m->m_pkthdr.tso_segsz));