Date: Sun, 2 Apr 2006 06:41:29 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Robert Watson <rwatson@freebsd.org> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c tcp_subr.c tcp_timer.c tcp_usrreq.c tcp_var.h Message-ID: <20060401204129.GB684@turion.vk2pj.dyndns.org> In-Reply-To: <200604011636.k31GabRv029962@repoman.freebsd.org> References: <200604011636.k31GabRv029962@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2006-Apr-01 16:36:37 +0000, Robert Watson wrote: > - Annotate the existence of a long-standing race in the TCP timer code, > in which timers are stopped but not drained when the socket is freed, > as waiting for drain may lead to deadlocks, or have to occur in a > context where waiting is not permitted. This race has been handled > by testing to see if the tcpcb pointer in the inpcb is NULL (and vice > versa), which is not normally permitted, but may be true of a inpcb > and tcpcb have been freed. Add a counter to test how often this race > has actually occurred, and a large comment for each instance where > we compare potentially freed memory with NULL. This will have to be > fixed in the near future, but requires is to further address how to > handle the timer shutdown shutdown issue. Is it worthwhile (or possible) to merge this bit into 6.x earlier to provide greater exposure and therefore more statistics on the occurrence of this race? -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060401204129.GB684>