freebsd-dev/sys/netinet
Gleb Smirnoff df4e91d386 There is a complex race in in_pcblookup_hash() and in_pcblookup_group().
Both functions need to obtain lock on the found PCB, and they can't do
classic inter-lock with the PCB hash lock, due to lock order reversal.
To keep the PCB stable, these functions put a reference on it and after PCB
lock is acquired drop it. If the reference was the last one, this means
we've raced with in_pcbfree() and the PCB is no longer valid.

  This approach works okay only if we are acquiring writer-lock on the PCB.
In case of reader-lock, the following scenario can happen:

  - 2 threads locate pcb, and do in_pcbref() on it.
  - These 2 threads drop the inp hash lock.
  - Another thread comes to delete pcb via in_pcbfree(), it obtains hash lock,
    does in_pcbremlists(), drops hash lock, and runs in_pcbrele_wlocked(), which
    doesn't free the pcb due to two references on it. Then it unlocks the pcb.
  - 2 aforementioned threads acquire reader lock on the pcb and run
    in_pcbrele_rlocked(). One gets 1 from in_pcbrele_rlocked() and continues,
    second gets 0 and considers pcb freed, returns.
  - The thread that got 1 continutes working with detached pcb, which later
    leads to panic in the underlying protocol level.

  To plumb that problem an additional INPCB flag introduced - INP_FREED. We
check for that flag in the in_pcbrele_rlocked() and if it is set, we pretend
that that was the last reference.

Discussed with:		rwatson, jhb
Reported by:		Vladimir Medvedkin <medved rambler-co.ru>
2012-10-02 12:03:02 +00:00
..
cc Staticize malloc types. 2011-04-13 11:28:46 +00:00
khelp The TCP PAWS fix for kernels with fast tick rates (r231767) changed the TCP 2012-08-17 01:49:51 +00:00
libalias Fix typo: s/pakcet/packet 2012-09-20 03:29:43 +00:00
accf_data.c
accf_dns.c
accf_http.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
cc.h Use the full and proper company name for Swinburne University of Technology 2011-04-12 08:13:18 +00:00
icmp6.h Correct typo in the RFC number for the constants based on IANA assignments 2012-03-04 18:47:20 +00:00
icmp_var.h Add rate limitation for SCTP OOTB responses. 2012-06-18 17:11:24 +00:00
if_atm.c Bring back (most of) NATM to avoid further bitrot after r186119. 2010-12-15 22:58:45 +00:00
if_atm.h
if_ether.c Provide a sysctl switch that allows to install ARP entries 2012-09-03 14:29:28 +00:00
if_ether.h - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
igmp_var.h
igmp.c Don't check for ifp != NULL before KASSERT, as ifp may not be NULL here 2012-07-03 19:04:18 +00:00
igmp.h
in_cksum.c nobody uses this file except the userspace ipfw code, but the cast 2012-07-31 08:04:49 +00:00
in_debug.c Remove last remnants of classful addressing: 2011-10-15 16:28:06 +00:00
in_gif.c Merge the projects/pf/head branch, that was worked on for last six months, 2012-09-08 06:41:54 +00:00
in_gif.h
in_mcast.c Remove unused variable. 2012-01-24 14:27:14 +00:00
in_pcb.c There is a complex race in in_pcblookup_hash() and in_pcblookup_group(). 2012-10-02 12:03:02 +00:00
in_pcb.h There is a complex race in in_pcblookup_hash() and in_pcblookup_group(). 2012-10-02 12:03:02 +00:00
in_pcbgroup.c Implement a CPU-affine TCP and UDP connection lookup data structure, 2011-06-06 12:55:02 +00:00
in_proto.c Bunch of fixes to pfsync(4) module load/unload: 2012-01-09 08:50:22 +00:00
in_rmx.c After some off-list discussion, revert a number of changes to the 2010-11-22 19:32:54 +00:00
in_systm.h
in_var.h When traversing global in_ifaddr list in the IFP_TO_IA() macro, we need 2012-07-18 08:41:00 +00:00
in.c Though I disagree, I conceed to jhb & Rui. Note 2012-08-19 11:54:02 +00:00
in.h Add a IP_RECVTOS socket option to receive for received UDP/IPv4 2012-06-12 14:02:38 +00:00
ip6.h Fix more continuous/contiguous typos (cf. r215955) 2010-11-27 21:51:39 +00:00
ip_carp.c carp_send_ad() should never return without rescheduling next run. 2012-09-29 05:52:19 +00:00
ip_carp.h Restore a feature that was present in 5.x and 6.x, and was cleared in 2011-12-20 13:53:31 +00:00
ip_divert.c Make #error messages string-literals and remove punctuation. 2012-01-22 10:41:58 +00:00
ip_divert.h
ip_dummynet.h s/lenght/length/ in comments 2012-08-07 07:52:25 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c Use correct field to track statistics counting error as bad header length. 2010-12-05 01:09:48 +00:00
ip_fw.h Revert r234834 per luigi@ request. 2012-05-03 08:56:43 +00:00
ip_gre.c Make #error messages string-literals and remove punctuation. 2012-01-22 10:41:58 +00:00
ip_gre.h
ip_icmp.c Merge the projects/pf/head branch, that was worked on for last six months, 2012-09-08 06:41:54 +00:00
ip_icmp.h
ip_id.c
ip_input.c When ip_output()/ip6_output() is supplied a struct route *ro argument, 2012-07-04 07:37:53 +00:00
ip_ipsec.c Clean up some #endif comments removing from short sections. Add #endif 2012-01-22 02:13:19 +00:00
ip_ipsec.h
ip_mroute.c Remove route caching from IP multicast routing code. There is no 2012-07-02 19:44:18 +00:00
ip_mroute.h Remove route caching from IP multicast routing code. There is no 2012-07-02 19:44:18 +00:00
ip_options.c Use ifa_ifwithaddr_check() rather than ifa_ifwithaddr() as we are not 2010-10-14 12:32:49 +00:00
ip_options.h
ip_output.c Plug a reference leak: before doing 'goto again' we need to unref 2012-07-18 08:58:30 +00:00
ip_var.h Introduce new link-layer PFIL hook V_link_pfil_hook. 2012-09-04 19:43:26 +00:00
ip.h Add ToS definitions for DiffServ Codepoints as per RFC2474. 2012-05-04 21:00:32 +00:00
pim_var.h
pim.h
raw_ip.c Merge the projects/pf/head branch, that was worked on for last six months, 2012-09-08 06:41:54 +00:00
sctp_asconf.c Whitespace cleanup. 2012-09-08 20:54:54 +00:00
sctp_asconf.h Pass the src and dst address of a received packet explicitly around. 2012-06-28 16:01:08 +00:00
sctp_auth.c Using %p in a format string requires a void *. 2012-09-05 18:52:01 +00:00
sctp_auth.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_bsd_addr.c Testing an interface property should depend on the interface, not 2012-08-04 08:03:30 +00:00
sctp_bsd_addr.h Do packet logging in a consistent way. 2012-06-24 21:25:54 +00:00
sctp_cc_functions.c Get rid of a gcc'ism. 2012-09-06 07:03:56 +00:00
sctp_constants.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_crc32.c Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_crc32.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_dtrace_declare.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_dtrace_define.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_header.h Don't include a structure containing a flexible array in another 2012-09-07 13:36:42 +00:00
sctp_indata.c Don't include a structure containing a flexible array in another 2012-09-07 13:36:42 +00:00
sctp_indata.h Pass the src and dst address of a received packet explicitly around. 2012-06-28 16:01:08 +00:00
sctp_input.c Fix a bug related to handling Re-config chunks. It is not true that 2012-09-22 22:04:17 +00:00
sctp_input.h Don't include a structure containing a flexible array in another 2012-09-07 13:36:42 +00:00
sctp_lock_bsd.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_os_bsd.h Pass the src and dst address of a received packet explicitly around. 2012-06-28 16:01:08 +00:00
sctp_os.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_output.c Declare a static function as such. 2012-09-23 07:23:18 +00:00
sctp_output.h Small cleanups. No functional change. 2012-09-22 14:39:20 +00:00
sctp_pcb.c Whitespace change. 2012-09-23 07:43:10 +00:00
sctp_pcb.h Pass the src and dst address of a received packet explicitly around. 2012-06-28 16:01:08 +00:00
sctp_peeloff.c Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_peeloff.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_ss_functions.c Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_structs.h Don't include a structure containing a flexible array in another 2012-09-07 13:36:42 +00:00
sctp_sysctl.c Whitespace cleanup. 2012-06-25 17:15:09 +00:00
sctp_sysctl.h Whitespace cleanup. 2012-06-25 17:15:09 +00:00
sctp_timer.c Using %p in a format string requires a void *. 2012-09-05 18:52:01 +00:00
sctp_timer.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp_uio.h Fix the sctp_sockstore union such that userland programs don't depend 2012-07-26 08:10:29 +00:00
sctp_usrreq.c Changes which improve compilation if neither INET nor INET6 is defined. 2012-07-15 20:16:17 +00:00
sctp_var.h Use consistent text at the begining of the files. 2012-05-23 11:26:28 +00:00
sctp.h Undefine SCTP_PACKED before including sctp_uio.h, which doesn't 2012-05-25 11:14:08 +00:00
sctputil.c Small cleanups. No functional change. 2012-09-14 18:32:20 +00:00
sctputil.h Pass the src and dst address of a received packet explicitly around. 2012-06-28 16:01:08 +00:00
siftr.c Decompose the current single inpcbinfo lock into two locks: 2011-05-30 09:43:55 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Fix RTTVAR scale in net.inet.tcp.hostcache.list sysctl. 2012-07-03 18:59:13 +00:00
tcp_hostcache.h
tcp_input.c This small change takes care of a race condition 2012-08-25 09:26:37 +00:00
tcp_lro.c Make TCP LRO work properly with VIMAGE kernels rather than just panicing. 2012-06-01 11:42:50 +00:00
tcp_lro.h MFp4 bz_ipv6_fast: 2012-05-24 23:03:23 +00:00
tcp_offload.c - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
tcp_offload.h - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
tcp_output.c If ip_output() returns EMSGSIZE to tcp_output(), then the latter calls 2012-07-16 07:08:34 +00:00
tcp_reass.c Plug a TCP reassembly UMA zone leak introduced in r226113 by only using the 2011-11-27 02:32:08 +00:00
tcp_sack.c Covers values if (BYTES_THIS_ACK(tp, th) / tp->t_maxseg) value is from 2011-03-28 19:03:56 +00:00
tcp_seq.h Fix PAWS (Protect Against Wrapped Sequence numbers) in cases when 2012-02-15 16:09:56 +00:00
tcp_subr.c Merge the projects/pf/head branch, that was worked on for last six months, 2012-09-08 06:41:54 +00:00
tcp_syncache.c - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
tcp_syncache.h - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
tcp_timer.c In tcp timers, check INP_DROPPED flag a little later, after 2012-08-05 17:30:17 +00:00
tcp_timer.h Add new socket options: TCP_KEEPINIT, TCP_KEEPIDLE, TCP_KEEPINTVL and 2012-02-05 16:53:02 +00:00
tcp_timewait.c It turns out that too many drivers are not only parsing the L2/3/4 2012-05-28 09:30:13 +00:00
tcp_usrreq.c Fix bug in TCP_KEEPCNT setting, which slipped in in the last round 2012-09-27 07:13:21 +00:00
tcp_var.h - Updated TOE support in the kernel. 2012-06-19 07:34:13 +00:00
tcp.h Add new socket options: TCP_KEEPINIT, TCP_KEEPIDLE, TCP_KEEPINTVL and 2012-02-05 16:53:02 +00:00
tcpip.h
toecore.c Correctly handle the case where an inp has already been dropped by the time 2012-08-21 18:09:33 +00:00
toecore.h Correctly handle the case where an inp has already been dropped by the time 2012-08-21 18:09:33 +00:00
udp_usrreq.c Add a cmsg of type IP_TOS for UDP/IPv4 sockets to specify the TOS byte. 2012-06-12 14:56:08 +00:00
udp_var.h Export the udp_cksum sysctl for upcoming SCTP work. Rather than always, 2012-03-27 15:14:29 +00:00
udp.h Trim extra spaces before tabs. 2011-01-07 21:40:34 +00:00