Date: Mon, 29 Sep 2008 15:19:37 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet tcp_input.c Message-ID: <200809291519.m8TFJqLX052723@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-09-29 15:19:37 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
sys/netinet tcp_input.c
Log:
SVN rev 183463 on 2008-09-29 15:19:37Z by rwatson
Merge r183323 from head to stable/7:
When dropping a packet and issuing a reset during TCP segment handling,
unconditionally drop the tcbinfo lock (after all, we assert it lines
before), but call tcp_dropwithreset() under both inpcb and inpcbinfo
locks only if we pass in an tcpcb. Otherwise, if the pointer is NULL,
firewall code may later recurse the global tcbinfo lock trying to look
up an inpcb.
This is an instance where a layering violation leads not only
potentially to code reentrace and recursion, but also to lock
recursion, and was revealed by the conversion to rwlocks because
acquiring a read lock on an rwlock already held with a write lock is
forbidden. When these locks were mutexes, they simply recursed.
Reported by: Stefan Ehmann <shoesoft at gmx dot net>
Approved by: re (kib)
Revision Changes Path
1.370.2.6 +12 -5 src/sys/netinet/tcp_input.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809291519.m8TFJqLX052723>