From owner-svn-src-head@FreeBSD.ORG  Sun Jun  6 19:24:33 2010
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DB1C21065673;
	Sun,  6 Jun 2010 19:24:32 +0000 (UTC) (envelope-from rrs@FreeBSD.org)
Received: from svn.freebsd.org (unknown [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id CA52E8FC14;
	Sun,  6 Jun 2010 19:24:32 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o56JOW0F032235;
	Sun, 6 Jun 2010 19:24:32 GMT (envelope-from rrs@svn.freebsd.org)
Received: (from rrs@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o56JOWfo032230;
	Sun, 6 Jun 2010 19:24:32 GMT (envelope-from rrs@svn.freebsd.org)
Message-Id: <201006061924.o56JOWfo032230@svn.freebsd.org>
From: Randall Stewart <rrs@FreeBSD.org>
Date: Sun, 6 Jun 2010 19:24:32 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r208878 - head/sys/netinet
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jun 2010 19:24:33 -0000

Author: rrs
Date: Sun Jun  6 19:24:32 2010
New Revision: 208878
URL: http://svn.freebsd.org/changeset/base/208878

Log:
  Ok, yet another bug in killing off all the hundreds
  of apitesters.. Basically we end up with attempting
  to destroy a lock thats contended on. A cookie echo
  arrives at the same time that the close is happening.
  The close gets the lock but the cookie echo has already
  passed the check for the gone flag and is then locked
  waiting on the create lock.. when we go to destroy it
  bam. For now we do the timer destroy for all calls
  to close.. We can probably optimize this later so that
  we check whats being contended on and if there is contention
  then do the timer thing. but this is probably safest since
  the inp has been removed from all lists and references and
  only the timer can find it.. once the locks are released all
  other places will instantly see the GONE flag and bail (thats
  what the change in sctp_input is one place that was lacking
  the bail code).
  
  MFC after:	1 week

Modified:
  head/sys/netinet/sctp_constants.h
  head/sys/netinet/sctp_input.c
  head/sys/netinet/sctp_pcb.c
  head/sys/netinet/sctputil.c

Modified: head/sys/netinet/sctp_constants.h
==============================================================================
--- head/sys/netinet/sctp_constants.h	Sun Jun  6 16:13:50 2010	(r208877)
+++ head/sys/netinet/sctp_constants.h	Sun Jun  6 19:24:32 2010	(r208878)
@@ -894,7 +894,7 @@ __FBSDID("$FreeBSD$");
 /* third argument */
 #define SCTP_CALLED_DIRECTLY_NOCMPSET     0
 #define SCTP_CALLED_AFTER_CMPSET_OFCLOSE  1
-
+#define SCTP_CALLED_FROM_INPKILL_TIMER        2
 /* second argument */
 #define SCTP_FREE_SHOULD_USE_ABORT          1
 #define SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE 0

Modified: head/sys/netinet/sctp_input.c
==============================================================================
--- head/sys/netinet/sctp_input.c	Sun Jun  6 16:13:50 2010	(r208877)
+++ head/sys/netinet/sctp_input.c	Sun Jun  6 19:24:32 2010	(r208878)
@@ -4862,6 +4862,7 @@ process_control_chunks:
 			} else {
 				if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
 					/* We are not interested anymore */
+			abend:
 					if (stcb) {
 						SCTP_TCB_UNLOCK(stcb);
 					}
@@ -4912,6 +4913,11 @@ process_control_chunks:
 
 				if (linp) {
 					SCTP_ASOC_CREATE_LOCK(linp);
+					if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
+					    (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
+						SCTP_ASOC_CREATE_UNLOCK(linp);
+						goto abend;
+					}
 				}
 				if (netp) {
 					ret_buf =

Modified: head/sys/netinet/sctp_pcb.c
==============================================================================
--- head/sys/netinet/sctp_pcb.c	Sun Jun  6 16:13:50 2010	(r208877)
+++ head/sys/netinet/sctp_pcb.c	Sun Jun  6 19:24:32 2010	(r208878)
@@ -3423,7 +3423,9 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
 #endif
 		return;
 	}
-	if ((inp->refcount) || (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
+	if ((inp->refcount) ||
+	    (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP) ||
+	    (from != SCTP_CALLED_FROM_INPKILL_TIMER)) {
 		(void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
 		sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
 		SCTP_INP_WUNLOCK(inp);

Modified: head/sys/netinet/sctputil.c
==============================================================================
--- head/sys/netinet/sctputil.c	Sun Jun  6 16:13:50 2010	(r208877)
+++ head/sys/netinet/sctputil.c	Sun Jun  6 19:24:32 2010	(r208878)
@@ -1898,7 +1898,7 @@ sctp_timeout_handler(void *t)
 		SCTP_INP_DECR_REF(inp);
 		sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_3);
 		sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
-		    SCTP_CALLED_DIRECTLY_NOCMPSET);
+		    SCTP_CALLED_FROM_INPKILL_TIMER);
 		inp = NULL;
 		goto out_no_decr;
 	default: