Date: Sun, 6 Jun 2010 19:24:32 +0000 (UTC) From: Randall Stewart <rrs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r208878 - head/sys/netinet Message-ID: <201006061924.o56JOWfo032230@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rrs Date: Sun Jun 6 19:24:32 2010 New Revision: 208878 URL: http://svn.freebsd.org/changeset/base/208878 Log: Ok, yet another bug in killing off all the hundreds of apitesters.. Basically we end up with attempting to destroy a lock thats contended on. A cookie echo arrives at the same time that the close is happening. The close gets the lock but the cookie echo has already passed the check for the gone flag and is then locked waiting on the create lock.. when we go to destroy it bam. For now we do the timer destroy for all calls to close.. We can probably optimize this later so that we check whats being contended on and if there is contention then do the timer thing. but this is probably safest since the inp has been removed from all lists and references and only the timer can find it.. once the locks are released all other places will instantly see the GONE flag and bail (thats what the change in sctp_input is one place that was lacking the bail code). MFC after: 1 week Modified: head/sys/netinet/sctp_constants.h head/sys/netinet/sctp_input.c head/sys/netinet/sctp_pcb.c head/sys/netinet/sctputil.c Modified: head/sys/netinet/sctp_constants.h ============================================================================== --- head/sys/netinet/sctp_constants.h Sun Jun 6 16:13:50 2010 (r208877) +++ head/sys/netinet/sctp_constants.h Sun Jun 6 19:24:32 2010 (r208878) @@ -894,7 +894,7 @@ __FBSDID("$FreeBSD$"); /* third argument */ #define SCTP_CALLED_DIRECTLY_NOCMPSET 0 #define SCTP_CALLED_AFTER_CMPSET_OFCLOSE 1 - +#define SCTP_CALLED_FROM_INPKILL_TIMER 2 /* second argument */ #define SCTP_FREE_SHOULD_USE_ABORT 1 #define SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE 0 Modified: head/sys/netinet/sctp_input.c ============================================================================== --- head/sys/netinet/sctp_input.c Sun Jun 6 16:13:50 2010 (r208877) +++ head/sys/netinet/sctp_input.c Sun Jun 6 19:24:32 2010 (r208878) @@ -4862,6 +4862,7 @@ process_control_chunks: } else { if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { /* We are not interested anymore */ + abend: if (stcb) { SCTP_TCB_UNLOCK(stcb); } @@ -4912,6 +4913,11 @@ process_control_chunks: if (linp) { SCTP_ASOC_CREATE_LOCK(linp); + if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + SCTP_ASOC_CREATE_UNLOCK(linp); + goto abend; + } } if (netp) { ret_buf = Modified: head/sys/netinet/sctp_pcb.c ============================================================================== --- head/sys/netinet/sctp_pcb.c Sun Jun 6 16:13:50 2010 (r208877) +++ head/sys/netinet/sctp_pcb.c Sun Jun 6 19:24:32 2010 (r208878) @@ -3423,7 +3423,9 @@ sctp_inpcb_free(struct sctp_inpcb *inp, #endif return; } - if ((inp->refcount) || (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) { + if ((inp->refcount) || + (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP) || + (from != SCTP_CALLED_FROM_INPKILL_TIMER)) { (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL); SCTP_INP_WUNLOCK(inp); Modified: head/sys/netinet/sctputil.c ============================================================================== --- head/sys/netinet/sctputil.c Sun Jun 6 16:13:50 2010 (r208877) +++ head/sys/netinet/sctputil.c Sun Jun 6 19:24:32 2010 (r208878) @@ -1898,7 +1898,7 @@ sctp_timeout_handler(void *t) SCTP_INP_DECR_REF(inp); sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_3); sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, - SCTP_CALLED_DIRECTLY_NOCMPSET); + SCTP_CALLED_FROM_INPKILL_TIMER); inp = NULL; goto out_no_decr; default:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006061924.o56JOWfo032230>