d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Install an extra hold on the newly allocated synq entry so that it

Browse Source 
cannot be freed while do_pass_accept_req is running.  This closes a race
where do_pass_establish on another CPU (the driver chose a different
queue for the new tid) expands the synq entry into a full PCB and then
releases the only hold on it, all while do_pass_accept_req is still
running.

MFC after:	3 days
This commit is contained in:
Navdeep Parhar 2013-01-26 03:23:28 +00:00
parent 1cdc889916
commit d92ed49c94
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=245937
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sys/dev/cxgbe/tom/t4_listen.c
View File

@ -954,7 +954,7 @@ mbuf_to_synqe(struct mbuf *m)
return (NULL);
synqe->flags = TPF_SYNQE | TPF_SYNQE_NEEDFREE;
} else {
synqe = (void *)(m->m_data + m->m_len + tspace - sizeof(*synqe));
synqe = (void *)(m->m_data + m->m_len + tspace - len);
synqe->flags = TPF_SYNQE;
}
@ -1335,7 +1335,7 @@ do_pass_accept_req(struct sge_iq *iq, const struct rss_header *rss,
synqe->lctx = lctx;
synqe->syn = m;
m = NULL;
refcount_init(&synqe->refcnt, 0);
refcount_init(&synqe->refcnt, 1); /* 1 means extra hold */
synqe->l2e_idx = e->idx;
synqe->rcv_bufsize = rx_credits;
atomic_store_rel_ptr(&synqe->wr, (uintptr_t)wr);
@ -1381,6 +1381,7 @@ do_pass_accept_req(struct sge_iq *iq, const struct rss_header *rss,
if (inp)
INP_WUNLOCK(inp);
release_synqe(synqe); /* extra hold */
REJECT_PASS_ACCEPT();
}
@ -1395,15 +1396,19 @@ do_pass_accept_req(struct sge_iq *iq, const struct rss_header *rss,
* this tid because there was no L2T entry for the tid at that
* time. Abort it now. The reply to the abort will clean up.
*/
CTR5(KTR_CXGBE, "%s: stid %u, tid %u, lctx %p, synqe %p, ABORT",
__func__, stid, tid, lctx, synqe);
send_reset_synqe(tod, synqe);
CTR6(KTR_CXGBE,
"%s: stid %u, tid %u, lctx %p, synqe %p (0x%x), ABORT",
__func__, stid, tid, lctx, synqe, synqe->flags);
if (!(synqe->flags & TPF_SYNQE_EXPANDED))
send_reset_synqe(tod, synqe);
INP_WUNLOCK(inp);
release_synqe(synqe); /* extra hold */
return (__LINE__);
}
INP_WUNLOCK(inp);
release_synqe(synqe); /* extra hold */
return (0);
reject:
CTR4(KTR_CXGBE, "%s: stid %u, tid %u, REJECT (%d)", __func__, stid, tid,