From owner-cvs-all@FreeBSD.ORG  Mon Sep 29 15:19:52 2008
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 57EEA10656A3;
	Mon, 29 Sep 2008 15:19:52 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 470648FC19;
	Mon, 29 Sep 2008 15:19:52 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m8TFJquB052724;
	Mon, 29 Sep 2008 15:19:52 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m8TFJqLX052723;
	Mon, 29 Sep 2008 15:19:52 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Message-Id: <200809291519.m8TFJqLX052723@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	rwatson@repoman.freebsd.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 29 Sep 2008 15:19:37 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_7
Cc: 
Subject: cvs commit: src/sys/netinet tcp_input.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2008 15:19:52 -0000

rwatson     2008-09-29 15:19:37 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    sys/netinet          tcp_input.c 
  Log:
  SVN rev 183463 on 2008-09-29 15:19:37Z by rwatson
  
  Merge r183323 from head to stable/7:
  
    When dropping a packet and issuing a reset during TCP segment handling,
    unconditionally drop the tcbinfo lock (after all, we assert it lines
    before), but call tcp_dropwithreset() under both inpcb and inpcbinfo
    locks only if we pass in an tcpcb.  Otherwise, if the pointer is NULL,
    firewall code may later recurse the global tcbinfo lock trying to look
    up an inpcb.
  
    This is an instance where a layering violation leads not only
    potentially to code reentrace and recursion, but also to lock
    recursion, and was revealed by the conversion to rwlocks because
    acquiring a read lock on an rwlock already held with a write lock is
    forbidden.  When these locks were mutexes, they simply recursed.
  
    Reported by:        Stefan Ehmann <shoesoft at gmx dot net>
  
  Approved by:    re (kib)
  
  Revision   Changes    Path
  1.370.2.6  +12 -5     src/sys/netinet/tcp_input.c