From owner-freebsd-current@FreeBSD.ORG Wed Apr 5 16:08:23 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCA8516A41F for ; Wed, 5 Apr 2006 16:08:23 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25DD743D6E for ; Wed, 5 Apr 2006 16:08:22 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 6520E46BC9; Wed, 5 Apr 2006 12:08:21 -0400 (EDT) Date: Wed, 5 Apr 2006 17:08:21 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Kazuaki Oda In-Reply-To: <44333063.70606@highway.ne.jp> Message-ID: <20060405170737.P82516@fledge.watson.org> References: <4430FAAF.2040809@highway.ne.jp> <20060403133210.U36756@fledge.watson.org> <44311AB5.2010407@highway.ne.jp> <20060404141813.H22854@fledge.watson.org> <44333063.70606@highway.ne.jp> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org Subject: Re: kernel panic: page fault X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2006 16:08:23 -0000 On Wed, 5 Apr 2006, Kazuaki Oda wrote: > Is more information required? Could you try the attached patch? Index: tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.296 diff -u -r1.296 tcp_input.c --- tcp_input.c 5 Apr 2006 08:45:59 -0000 1.296 +++ tcp_input.c 5 Apr 2006 16:07:23 -0000 @@ -173,7 +173,7 @@ struct mbuf *); static void tcp_xmit_timer(struct tcpcb *, int); static void tcp_newreno_partial_ack(struct tcpcb *, struct tcphdr *); -static int tcp_timewait(struct tcptw *, struct tcpopt *, +static int tcp_timewait(struct inpcb *, struct tcpopt *, struct tcphdr *, struct mbuf *, int); /* Neighbor Discovery, Neighbor Unreachability Detection Upper layer hint. */ @@ -760,7 +760,7 @@ */ if (thflags & TH_SYN) tcp_dooptions(&to, optp, optlen, 1); - if (tcp_timewait(intotw(inp), &to, th, m, tlen)) + if (tcp_timewait(inp, &to, th, m, tlen)) goto findpcb; /* * tcp_timewait unlocks inp. @@ -3141,13 +3141,14 @@ * looking for a pcb in the listen state. Returns 0 otherwise. */ static int -tcp_timewait(tw, to, th, m, tlen) - struct tcptw *tw; +tcp_timewait(inp, to, th, m, tlen) + struct inpcb *inp; struct tcpopt *to; struct tcphdr *th; struct mbuf *m; int tlen; { + struct tcptw *tw; int thflags; tcp_seq seq; #ifdef INET6 @@ -3156,19 +3157,20 @@ const int isipv6 = 0; #endif + /* tcbinfo lock required for tcp_twclose(), tcp_2msl_reset. */ + INP_INFO_WLOCK_ASSERT(&tcbinfo); + INP_LOCK_ASSERT(inp); + /* * XXXRW: Time wait state for inpcb has been recycled, but inpcb is * still present. This is undesirable, but temporarily necessary * until we work out how to handle inpcb's who's timewait state has * been removed. */ + tw = intotw(inp); if (tw == NULL) goto drop; - /* tcbinfo lock required for tcp_twclose(), tcp_2msl_reset. */ - INP_INFO_WLOCK_ASSERT(&tcbinfo); - INP_LOCK_ASSERT(tw->tw_inpcb); - thflags = th->th_flags; /* @@ -3268,12 +3270,11 @@ tcp_respond(NULL, mtod(m, void *), th, m, seq, 0, TH_RST|TH_ACK); } - INP_UNLOCK(tw->tw_inpcb); + INP_UNLOCK(inp); return (0); drop: - if (tw != NULL) - INP_UNLOCK(tw->tw_inpcb); + INP_UNLOCK(inp); m_freem(m); return (0); }