From owner-cvs-all@FreeBSD.ORG Tue Nov 28 21:41:13 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5087416A500; Tue, 28 Nov 2006 21:41:13 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1219343C9D; Tue, 28 Nov 2006 21:41:08 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kASLfC92095335; Tue, 28 Nov 2006 21:41:12 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kASLfCWr095333; Tue, 28 Nov 2006 21:41:12 GMT (envelope-from rwatson) Message-Id: <200611282141.kASLfCWr095333@repoman.freebsd.org> From: Robert Watson Date: Tue, 28 Nov 2006 21:41:12 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_6 Cc: Subject: cvs commit: src/sys/netinet ip_output.c ip_var.h tcp_usrreq.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2006 21:41:13 -0000 rwatson 2006-11-28 21:41:12 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) sys/netinet ip_output.c ip_var.h tcp_usrreq.c Log: Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce Tested by: Daniel Austin , Kai Gallasch Revision Changes Path 1.242.2.17 +34 -1 src/sys/netinet/ip_output.c 1.95.2.1 +3 -0 src/sys/netinet/ip_var.h 1.124.2.4 +1 -1 src/sys/netinet/tcp_usrreq.c