freebsd-skq/sys/netinet6
Robert Watson 81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
..
ah6.h - correct signedness mixups. 2003-10-12 11:08:18 +00:00
ah_aesxcbcmac.c support AES XCBC MAC for AH. 2003-10-13 04:56:04 +00:00
ah_aesxcbcmac.h support AES XCBC MAC for AH. 2003-10-13 04:56:04 +00:00
ah_core.c Move the AH algorithm list from a static local function variable to 2004-03-10 04:56:54 +00:00
ah_input.c Apply error and success logic consistently to the function netisr_queue() and 2004-08-27 18:33:08 +00:00
ah_output.c - avoid hardcoded values. 2003-10-12 12:03:25 +00:00
ah.h oops, correct wrong change in previous commit. 2003-11-15 06:16:36 +00:00
dest6.c remove unused variable. 2003-10-12 15:14:33 +00:00
esp6.h
esp_aesctr.c - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp_aesctr.h - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp_core.c - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has 2003-11-15 06:18:09 +00:00
esp_input.c Apply error and success logic consistently to the function netisr_queue() and 2004-08-27 18:33:08 +00:00
esp_output.c preparation for 64bit sequence number. 2003-11-15 05:41:41 +00:00
esp_rijndael.c cleanup rijndael API. 2003-11-11 18:58:54 +00:00
esp_rijndael.h enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
esp.h - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
frag6.c Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD 2004-08-14 15:32:40 +00:00
icmp6.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
icmp6.h
in6_cksum.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in6_gif.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
in6_gif.h - fix typo in comments. 2003-10-08 18:26:08 +00:00
in6_ifattach.c Remove in6_prefix.[ch] and the contained router renumbering capability. 2004-08-23 03:00:27 +00:00
in6_ifattach.h nuku unused functions in6_nigroup_attach() and 2003-10-31 15:51:28 +00:00
in6_pcb.c Push acquisition of the accept mutex out of sofree() into the caller 2004-10-18 22:19:43 +00:00
in6_pcb.h Pass pcbinfo structures to in6_pcbnotify() rather than pcbhead 2004-08-06 03:45:45 +00:00
in6_proto.c Remove in6_prefix.[ch] and the contained router renumbering capability. 2004-08-23 03:00:27 +00:00
in6_rmx.c fixed too delayed routing cache expiry. (tvtohz() converts a time interval to ticks, whereas hzto() converts an absolute time to ticks) 2004-10-06 03:32:26 +00:00
in6_src.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in6_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in6.c Remove in6_prefix.[ch] and the contained router renumbering capability. 2004-08-23 03:00:27 +00:00
in6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip6_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip6_forward.c Add an additional struct inpcb * argument to pfil(9) in order to enable 2004-09-29 04:54:33 +00:00
ip6_fw.c Prefer C99's __func__ over GCC's __FUNCTION__. 2004-09-22 17:16:04 +00:00
ip6_fw.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_id.c Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD 2004-08-14 15:32:40 +00:00
ip6_input.c Add an additional struct inpcb * argument to pfil(9) in order to enable 2004-09-29 04:54:33 +00:00
ip6_mroute.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip6_mroute.h
ip6_output.c Disable MTU feedback in IPv6 if the sender writes data that must be fragmented. 2004-10-02 23:45:02 +00:00
ip6_var.h Always compile PFIL_HOOKS into the kernel and remove the associated kernel 2004-08-27 15:16:24 +00:00
ip6.h
ip6protosw.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ipcomp6.h
ipcomp_core.c - fix typo in comments. 2003-10-08 18:26:08 +00:00
ipcomp_input.c - typo. found by markus@openbsd 2003-10-09 18:44:54 +00:00
ipcomp_output.c
ipcomp.h
ipsec6.h nuke unused functions. 2004-02-16 17:02:44 +00:00
ipsec.c Mark Netgraph TTY, KAME IPSEC, and IPX/SPX as requiring Giant for correct 2004-08-28 15:24:53 +00:00
ipsec.h nuke unused functions. 2004-02-16 17:02:44 +00:00
mld6_var.h rename MLD6_* to MLD_*. 2003-10-31 16:07:15 +00:00
mld6.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
nd6_nbr.c ifp has the same value as rt->rti_ifp so remove the dependency 2004-04-19 08:02:52 +00:00
nd6_rtr.c Replace Bcopy/Bzero with 'the real thing' as in the rest of the file. 2004-04-18 11:45:28 +00:00
nd6.c Prevent reentrancy of the IPv6 routing code (leading to crash with 2004-10-03 00:49:33 +00:00
nd6.h use arc4random. 2003-10-31 16:06:05 +00:00
pim6_var.h
pim6.h
raw_ip6.c Unlock rather than lock the ripcbinfo lock at the end of rip6_input(). 2004-09-02 20:18:02 +00:00
raw_ip6.h
README
route6.c hide m_tag, again. 2003-10-29 12:49:12 +00:00
scope6_var.h - add dom_if{attach,detach} framework. 2003-10-17 15:46:31 +00:00
scope6.c protect sid_default and sid. 2003-10-22 15:13:36 +00:00
tcp6_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp6_output.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp6_usrreq.c Pass pcbinfo structures to in6_pcbnotify() rather than pcbhead 2004-08-06 03:45:45 +00:00
udp6_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00

a note to committers about KAME tree
$FreeBSD$
KAME project


FreeBSD IPv6/IPsec tree is from KAMEproject (http://www.kame.net/).
To synchronize KAME tree and FreeBSD better today and in the future,
please understand the following:

- DO NOT MAKE COSTMETIC CHANGES.
  "Cosmetic changes" here includes tabify, untabify, removal of space at EOL,
  minor KNF items, and whatever adds more output lines on "diff freebsd kame".
  To make future synchronization easier. it is critical to preserve certain
  statements in the code.  Also, as KAME tree supports all 4 BSDs (Free, Open,
  Net, BSD/OS) in single shared tree, it is not always possible to backport
  FreeBSD changes into KAME tree.  So again, please do not make cosmetic
  changes.  Even if you think it a right thing, that will bite KAME guys badly
  during upgrade attempts, and prevent us from synchronizing two trees.
  (you don't usually make cosmetic changes against third-party code, do you?)

- REPORT CHANGES/BUGS TO KAME GUYS.
  It is not always possible for KAME guys to watch all the freebsd mailing
  list traffic, as the traffic is HUGE.  So if possible, please, inform
  kame guys of changes you made in IPv6/IPsec related portion.  Contact
  path would be snap-users@kame.net or KAME PR database on www.kame.net.
  (or to core@kame.net if it is necessary to make it confidential)

Thank you for your cooperation and have a happy IPv6 life!


Note: KAME-origin code is in the following locations.
The above notice applies to corresponding manpages too.
The list may not be complete.  If you see $KAME$ in the code, it is from
KAME distribution.  If you see some file that is IPv6/IPsec related, it is
highly possible that the file is from KAME distribution.

include/ifaddrs.h
lib/libc/net
lib/libc/net/getaddrinfo.c
lib/libc/net/getifaddrs.c
lib/libc/net/getnameinfo.c
lib/libc/net/ifname.c
lib/libc/net/ip6opt.c
lib/libc/net/map_v4v6.c
lib/libc/net/name6.c
lib/libftpio
lib/libipsec
sbin/ip6fw
sbin/ping6
sbin/rtsol
share/doc/IPv6
share/man/man4/ip6.4
share/man/man4/inet6.4
sys/crypto (except sys/crypto/rc4)
sys/kern/uipc_mbuf2.c
sys/net/if_faith.[ch]
sys/net/if_gif.[ch]
sys/net/if_stf.[ch]
sys/net/pfkeyv2.h
sys/netinet/icmp6.h
sys/netinet/in_gif.[ch]
sys/netinet/ip6.h
sys/netinet/ip_encap.[ch]
sys/netinet6
sys/netkey
usr.sbin/faithd
usr.sbin/gifconfig
usr.sbin/ifmcstat
usr.sbin/mld6query
usr.sbin/ndp
usr.sbin/pim6dd
usr.sbin/pim6sd
usr.sbin/prefix
usr.sbin/rip6query
usr.sbin/route6d
usr.sbin/rrenumd
usr.sbin/rtadvd
usr.sbin/rtsold
usr.sbin/scope6config
usr.sbin/setkey
usr.sbin/traceroute6