Date: Wed, 14 Feb 2007 16:40:30 +0800 From: Blue <Susan.Lan@zyxel.com.tw> To: freebsd-net@freebsd.org Subject: [FreeBSD-6.1 6.2] Race condition could happen while two thread close socket? Message-ID: <45D2CAFE.8000806@zyxel.com.tw>
next in thread | raw e-mail | index | archive | help
Dear all: When looking into the soclose() in uipc_socket.c, I thought of one possible situation. If thread A called soclose() first, and then execute sorele() then sofree(). However, in sofree() (defined in uipc_socket.c), the socket mutex and accept mutex is unlocked first before releasing socket send buffer. While thread A is dealing with the send buffer releasing, another thread, thread B, jumped in. It also calls soclose(), and then sorele(). Following will be a catastrophe: sorele() will examine the socket's reference count ((so)->so_count), then panic occurs since the count value equals zero! Is there any reasonable explanation? Thanks. BR, Yi-Wen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D2CAFE.8000806>