HEADS UP: socket and pcb reference changes entering tree today
Maxim Konovalov
maxim at macomnet.ru
Sun May 21 11:03:33 PDT 2006
On Sun, 21 May 2006, 18:55+0100, Robert Watson wrote:
>
> On Mon, 15 May 2006, Maxim Konovalov wrote:
>
> > There is a bug in raw ip code processing which panics system. I
> > put a small regression test in
> > src/tools/regression/netinet/rawconnect.
> >
> > At the moment the code path for the connected raw ip socket looks
> > like that:
> >
> > % soclose()
> > % sodisconnect()
> > % rip_disconnect()
> > % rip_abort()
> > % rip_pcbdetach()
> > % rip_detach <<<--------- panic
> > % rip_pcbdetach()
> >
> > .. and we panics in rip_detach() at KASSERT(inp != NULL).
> >
> > With this patch panic has gone.
>
> This looks good in terms of pcb structure, but you should acquire
> SOCK_LOCK around the so_state manipulation. To prevent races, I
> suggest doing it while also holding the INP lock in the center of
> the locking sets from the inpcb. There are some other remaining bugs
> in the raw socket code elsewhere also, I think.
I "copied" this code from udp_usrreq.c::udp_disconnect(). There is no
such lock. Is it a bug too?
--
Maxim Konovalov
More information about the freebsd-current
mailing list