Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Sep 2008 09:40:07 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Norbert Papke <fbsd-ml@scrapper.ca>, lioux@FreeBSD.org
Cc:        stable@FreeBSD.org
Subject:   Possible UDP deadlock/panic fix
Message-ID:  <alpine.BSF.1.10.0809220937320.58772@fledge.watson.org>
next in thread | raw e-mail | index | archive | help 

Attached is an MFC candidate for a patch I just merged to 8.x, which corrects 
the UDP lock recursion issue both of you were running into.  If it settles 
well for a couple of days in HEAD then I'll go ahead and request an MFC from 
re@, but your confirmation as to whether or not this corrects the specific 
symptoms you are seeing would be very helpful.  I was able to confirm that it 
eliminated what appeared to be the same problem here when I attempted to 
reproduce it based on the information you provided, so I'm hopeful.\

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge


Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
    Merged /head/sys:r183265

Index: netinet6/udp6_usrreq.c
===================================================================
--- netinet6/udp6_usrreq.c	(revision 183265)
+++ netinet6/udp6_usrreq.c	(working copy)
@@ -975,13 +975,23 @@
  				error = EINVAL;
  				goto out;
  			}
+
+			/*
+			 * XXXRW: We release UDP-layer locks before calling
+			 * udp_send() in order to avoid recursion.  However,
+			 * this does mean there is a short window where inp's
+			 * fields are unstable.  Could this lead to a
+			 * potential race in which the factors causing us to
+			 * select the UDPv4 output routine are invalidated?
+			 */
+			INP_WUNLOCK(inp);
+			INP_INFO_WUNLOCK(&udbinfo);
  			if (sin6)
  				in6_sin6_2_sin_in_sock(addr);
  			pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs;
-			error = ((*pru->pru_send)(so, flags, m, addr, control,
+			/* addr will just be freed in sendit(). */
+			return ((*pru->pru_send)(so, flags, m, addr, control,
  			    td));
-			/* addr will just be freed in sendit(). */
-			goto out;
  		}
  	}
  #endif

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0809220937320.58772>