From owner-svn-src-stable@FreeBSD.ORG Sun Mar 22 23:00:00 2009 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83E1E106564A; Sun, 22 Mar 2009 23:00:00 +0000 (UTC) (envelope-from silby@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 63EB28FC19; Sun, 22 Mar 2009 23:00:00 +0000 (UTC) (envelope-from silby@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n2MN00f2086772; Sun, 22 Mar 2009 23:00:00 GMT (envelope-from silby@svn.freebsd.org) Received: (from silby@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n2MN00IO086771; Sun, 22 Mar 2009 23:00:00 GMT (envelope-from silby@svn.freebsd.org) Message-Id: <200903222300.n2MN00IO086771@svn.freebsd.org> From: Mike Silbersack Date: Sun, 22 Mar 2009 23:00:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r190299 - stable/7/sys/kern X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2009 23:00:09 -0000 Author: silby Date: Sun Mar 22 23:00:00 2009 New Revision: 190299 URL: http://svn.freebsd.org/changeset/base/190299 Log: Fix unp_gc so that it recognizes file descriptors that are currently in the process of being passed between processes as alive and does not try to garbage collect them. The full description of the problem and a test program to reproduce it can be found in PR 112554. This fix was inspired by similar fixes in NetBSD and BSD/OS. However, it does not apply to FreeBSD 8 and above - when this code was rewritten and optimized, the bug was fixed in a different way. The test program in the PR passes on 8-current with flying colors. PR: 112554 Submitted by: Spencer Minear Reviewed by: Mike Silbersack Obtained from: Secure Computing Corp MFC after: 4 weeks Modified: stable/7/sys/kern/uipc_usrreq.c Modified: stable/7/sys/kern/uipc_usrreq.c ============================================================================== --- stable/7/sys/kern/uipc_usrreq.c Sun Mar 22 22:57:53 2009 (r190298) +++ stable/7/sys/kern/uipc_usrreq.c Sun Mar 22 23:00:00 2009 (r190299) @@ -1878,6 +1878,7 @@ unp_gc(__unused void *arg, int pending) { struct file *fp, *nextfp; struct socket *so; + struct socket *soa; struct file **extra_ref, **fpp; int nunref, i; int nfiles_snap; @@ -1984,6 +1985,20 @@ unp_gc(__unused void *arg, int pending) SOCKBUF_UNLOCK(&so->so_rcv); /* + * If socket is in listening state, then sockets + * in its accept queue are accessible, and so + * are any descriptors in those sockets' receive + * queues. + */ + ACCEPT_LOCK(); + TAILQ_FOREACH(soa, &so->so_comp, so_list) { + SOCKBUF_LOCK(&soa->so_rcv); + unp_scan(soa->so_rcv.sb_mb, unp_mark); + SOCKBUF_UNLOCK(&soa->so_rcv); + } + ACCEPT_UNLOCK(); + + /* * Wake up any threads waiting in fdrop(). */ FILE_LOCK(fp);