Date: Fri, 27 May 2016 23:44:33 +0000 (UTC) From: Navdeep Parhar <np@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r300888 - head/sys/dev/cxgbe/iw_cxgbe Message-ID: <201605272344.u4RNiX5P013663@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: np Date: Fri May 27 23:44:33 2016 New Revision: 300888 URL: https://svnweb.freebsd.org/changeset/base/300888 Log: iw_cxgbe: Plug a lock leak in process_mpa_request(). If the parent is DEAD or connect_request_upcall() fails, the parent mutex is left locked. This leads to a hang when process_mpa_request() is called again for another child of the listening endpoint. Submitted by: Krishnamraju Eraparaju @ Chelsio Obtained from: upstream iw_cxgb4 Sponsored by: Chelsio Communications Modified: head/sys/dev/cxgbe/iw_cxgbe/cm.c Modified: head/sys/dev/cxgbe/iw_cxgbe/cm.c ============================================================================== --- head/sys/dev/cxgbe/iw_cxgbe/cm.c Fri May 27 23:15:58 2016 (r300887) +++ head/sys/dev/cxgbe/iw_cxgbe/cm.c Fri May 27 23:44:33 2016 (r300888) @@ -1861,14 +1861,16 @@ process_mpa_request(struct c4iw_ep *ep) /* drive upcall */ mutex_lock(&ep->parent_ep->com.mutex); if (ep->parent_ep->com.state != DEAD) { - if(connect_request_upcall(ep)) - goto err_out; - }else { - goto err_out; - } + if (connect_request_upcall(ep)) + goto err_unlock_parent; + } else + goto err_unlock_parent; mutex_unlock(&ep->parent_ep->com.mutex); return 0; +err_unlock_parent: + mutex_unlock(&ep->parent_ep->com.mutex); + goto err_out; err_stop_timer: STOP_EP_TIMER(ep); err_out:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605272344.u4RNiX5P013663>