From owner-cvs-all@FreeBSD.ORG Tue Nov 28 23:19:19 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 80ACD16A407; Tue, 28 Nov 2006 23:19:19 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id F355D43CA6; Tue, 28 Nov 2006 23:19:13 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kASNJIdn015236; Tue, 28 Nov 2006 23:19:18 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kASNJIji015235; Tue, 28 Nov 2006 23:19:18 GMT (envelope-from rwatson) Message-Id: <200611282319.kASNJIji015235@repoman.freebsd.org> From: Robert Watson Date: Tue, 28 Nov 2006 23:19:18 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_6_2 Cc: Subject: cvs commit: src/sys/netinet ip_output.c ip_var.h tcp_usrreq.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2006 23:19:19 -0000 rwatson 2006-11-28 23:19:18 UTC FreeBSD src repository Modified files: (Branch: RELENG_6_2) sys/netinet ip_output.c ip_var.h tcp_usrreq.c Log: Merge ip_output.c:1.242.2.17, ip_var.h:1.95.2.1, tcp_usrreq.c:1.124.2.4 from RELENG_6 to RELENG_6_2: Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce Tested by: Daniel Austin , Kai Gallasch Approved by: re (kensmith) Revision Changes Path 1.242.2.16.2.1 +34 -1 src/sys/netinet/ip_output.c 1.95.8.1 +3 -0 src/sys/netinet/ip_var.h 1.124.2.3.2.1 +1 -1 src/sys/netinet/tcp_usrreq.c