svn commit: r294536 - head/sys/netinet
Gleb Smirnoff
glebius at FreeBSD.org
Sun Jan 24 07:56:47 UTC 2016
Lawrence,
On Sat, Jan 23, 2016 at 06:09:19PM +1100, Lawrence Stewart wrote:
L> > Is that the race you refer to?
L>
L> No, the TCP_CONGESTION refactoring i.e. this commit, introduced races in
L> the get and set cases. I guess I didn't provide enough context in
L> Crucible, so here goes...
L>
L> The post refactoring get code is now:
L>
L> case TCP_CONGESTION:
L> INP_WUNLOCK(inp);
L> error = sooptcopyout(sopt, CC_ALGO(tp)->name, TCP_CA_NAME_MAX);
L> break;
L>
L> Consider that tp is using cc_blah and that the cc_blah module is
L> unloaded as the copy out is happening. By not holding the INP lock, the
L> CC module unload code is able to walk the list of active connections,
L> find this connection is using cc_blah, acquire the INP lock, switch this
L> connection to cc_newreno, release the lock and finally unload the
L> cc_blah module, rendering the pointer passed in to sooptcopyout garbage.
L> See cc_deregister_algo() in cc.c and tcp_ccalgounload() in tcp_subr.c
L> for details related to CC module unload.
Understood. Can you please review this patch? It basicly shifts INP_WLOCK
earlier in the SOPT_SET case, and reverts to old code the SOPT_GET case.
It returns back the stack based string buffer.
--
Totus tuus, Glebius.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcp_usrreq.c.diff
Type: text/x-diff
Size: 2554 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20160123/197f764a/attachment.diff>
More information about the svn-src-all
mailing list