From owner-svn-src-all@FreeBSD.ORG Tue Jul 28 14:09:07 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 737F91065672; Tue, 28 Jul 2009 14:09:07 +0000 (UTC) (envelope-from rrs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 56F028FC08; Tue, 28 Jul 2009 14:09:07 +0000 (UTC) (envelope-from rrs@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6SE970w034588; Tue, 28 Jul 2009 14:09:07 GMT (envelope-from rrs@svn.freebsd.org) Received: (from rrs@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6SE971u034585; Tue, 28 Jul 2009 14:09:07 GMT (envelope-from rrs@svn.freebsd.org) Message-Id: <200907281409.n6SE971u034585@svn.freebsd.org> From: Randall Stewart Date: Tue, 28 Jul 2009 14:09:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r195918 - head/sys/netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 14:09:07 -0000 Author: rrs Date: Tue Jul 28 14:09:06 2009 New Revision: 195918 URL: http://svn.freebsd.org/changeset/base/195918 Log: Turns out that when a receiver forwards through its TNS's the processing code holds the read lock (when processing a FWD-TSN for pr-sctp). If it finds stranded data that can be given to the application, it calls sctp_add_to_readq(). The readq function also grabs this lock. So if INVAR is on we get a double recurse on a non-recursive lock and panic. This fix will change it so that readq() function gets a flag to tell if the lock is held, if so then it does not get the lock. Approved by: re@freebsd.org (Kostik Belousov) MFC after: 1 week Modified: head/sys/netinet/sctp_auth.c head/sys/netinet/sctp_indata.c head/sys/netinet/sctputil.c head/sys/netinet/sctputil.h Modified: head/sys/netinet/sctp_auth.c ============================================================================== --- head/sys/netinet/sctp_auth.c Mon Jul 27 20:24:00 2009 (r195917) +++ head/sys/netinet/sctp_auth.c Tue Jul 28 14:09:06 2009 (r195918) @@ -1960,7 +1960,7 @@ sctp_notify_authentication(struct sctp_t /* not that we need this */ control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, so_locked); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); } Modified: head/sys/netinet/sctp_indata.c ============================================================================== --- head/sys/netinet/sctp_indata.c Mon Jul 27 20:24:00 2009 (r195917) +++ head/sys/netinet/sctp_indata.c Tue Jul 28 14:09:06 2009 (r195918) @@ -388,7 +388,8 @@ abandon: else end = 0; sctp_add_to_readq(stcb->sctp_ep, - stcb, control, &stcb->sctp_socket->so_rcv, end, SCTP_SO_NOT_LOCKED); + stcb, control, &stcb->sctp_socket->so_rcv, end, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); cntDel++; } else { if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) @@ -516,7 +517,8 @@ abandon: nr_tsn = ctl->sinfo_tsn; sctp_add_to_readq(stcb->sctp_ep, stcb, ctl, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); /* * EY -now something is * delivered, calculate @@ -685,8 +687,8 @@ protocol_error: nr_tsn = control->sinfo_tsn; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); - + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); /* * EY this is the chunk that should be tagged nr gapped * calculate the gap and such then tag this TSN nr @@ -739,7 +741,9 @@ protocol_error: nr_tsn = control->sinfo_tsn; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, + SCTP_SO_NOT_LOCKED); /* * EY this is the chunk that should be * tagged nr gapped calculate the gap and @@ -1910,7 +1914,9 @@ sctp_process_a_data_chunk(struct sctp_tc if (control == NULL) { goto failed_express_del; } - sctp_add_to_readq(stcb->sctp_ep, stcb, control, &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, &stcb->sctp_socket->so_rcv, + 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); /* * EY here I should check if this delivered tsn is @@ -2248,7 +2254,7 @@ failed_pdapi_express_del: /* queue directly into socket buffer */ sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); /* * EY It is added to the read queue in prev if block @@ -5722,7 +5728,7 @@ sctp_kick_prsctp_reorder_queue(struct sc nr_tsn = ctl->sinfo_tsn; sctp_add_to_readq(stcb->sctp_ep, stcb, ctl, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); /* * EY this is the chunk that should be * tagged nr gapped calculate the gap and @@ -5823,7 +5829,7 @@ sctp_kick_prsctp_reorder_queue(struct sc nr_tsn = ctl->sinfo_tsn; sctp_add_to_readq(stcb->sctp_ep, stcb, ctl, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); /* * EY this is the chunk that should be * tagged nr gapped calculate the gap and Modified: head/sys/netinet/sctputil.c ============================================================================== --- head/sys/netinet/sctputil.c Mon Jul 27 20:24:00 2009 (r195917) +++ head/sys/netinet/sctputil.c Tue Jul 28 14:09:06 2009 (r195918) @@ -2839,7 +2839,8 @@ sctp_notify_assoc_change(uint32_t event, control->spec_flags = M_NOTIFICATION; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, so_locked); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, + so_locked); if (event == SCTP_COMM_LOST) { /* Wake up any sleeper */ #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) @@ -2935,7 +2936,9 @@ sctp_notify_peer_addr_change(struct sctp control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, + SCTP_SO_NOT_LOCKED); } @@ -3016,7 +3019,9 @@ sctp_notify_send_failed(struct sctp_tcb control->spec_flags = M_NOTIFICATION; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, so_locked); + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, + so_locked); } @@ -3090,7 +3095,7 @@ sctp_notify_send_failed2(struct sctp_tcb control->spec_flags = M_NOTIFICATION; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, so_locked); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); } @@ -3137,7 +3142,7 @@ sctp_notify_adaptation_layer(struct sctp control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); } /* This always must be called with the read-queue LOCKED in the INP */ @@ -3277,7 +3282,7 @@ sctp_notify_shutdown_event(struct sctp_t control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); } static void @@ -3324,7 +3329,7 @@ sctp_notify_sender_dry_event(struct sctp /* not that we need this */ control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, so_locked); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); } @@ -3380,7 +3385,7 @@ sctp_notify_stream_reset_add(struct sctp control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); } @@ -3446,7 +3451,7 @@ sctp_notify_stream_reset(struct sctp_tcb control->tail_mbuf = m_notify; sctp_add_to_readq(stcb->sctp_ep, stcb, control, - &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED); + &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); } @@ -4301,6 +4306,7 @@ sctp_add_to_readq(struct sctp_inpcb *inp struct sctp_queued_to_read *control, struct sockbuf *sb, int end, + int inp_read_lock_held, int so_locked #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) SCTP_UNUSED @@ -4321,7 +4327,8 @@ sctp_add_to_readq(struct sctp_inpcb *inp #endif return; } - SCTP_INP_READ_LOCK(inp); + if (inp_read_lock_held == 0) + SCTP_INP_READ_LOCK(inp); if (!(control->spec_flags & M_NOTIFICATION)) { atomic_add_int(&inp->total_recvs, 1); if (!control->do_not_ref_stcb) { @@ -4362,14 +4369,16 @@ sctp_add_to_readq(struct sctp_inpcb *inp control->tail_mbuf = prev; } else { /* Everything got collapsed out?? */ - SCTP_INP_READ_UNLOCK(inp); + if (inp_read_lock_held == 0) + SCTP_INP_READ_UNLOCK(inp); return; } if (end) { control->end_added = 1; } TAILQ_INSERT_TAIL(&inp->read_queue, control, next); - SCTP_INP_READ_UNLOCK(inp); + if (inp_read_lock_held == 0) + SCTP_INP_READ_UNLOCK(inp); if (inp && inp->sctp_socket) { if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); Modified: head/sys/netinet/sctputil.h ============================================================================== --- head/sys/netinet/sctputil.h Mon Jul 27 20:24:00 2009 (r195917) +++ head/sys/netinet/sctputil.h Tue Jul 28 14:09:06 2009 (r195918) @@ -39,6 +39,8 @@ __FBSDID("$FreeBSD$"); #if defined(_KERNEL) || defined(__Userspace__) +#define SCTP_READ_LOCK_HELD 1 +#define SCTP_READ_LOCK_NOT_HELD 0 #ifdef SCTP_ASOCLOG_OF_TSNS void sctp_print_out_track_log(struct sctp_tcb *stcb); @@ -103,6 +105,7 @@ sctp_add_to_readq(struct sctp_inpcb *inp struct sctp_queued_to_read *control, struct sockbuf *sb, int end, + int inpread_locked, int so_locked #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) SCTP_UNUSED