freebsd-skq/sys/net
rwatson 4b81ce6dd2 Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
..
bpf_compat.h
bpf_filter.c
bpf.c Don't recurse the BPF descriptor lock during the BIOCSDLT operation 2004-10-06 04:25:37 +00:00
bpf.h
bpfdesc.h Reformulate use of linked lists in 'struct bpf_d' and 'struct bpf_if' 2004-09-09 00:19:27 +00:00
bridge.c Fix packet flow when both ng_ether(4) and bridge(4) are in use: 2004-10-12 10:33:42 +00:00
bridge.h Fix packet flow when both ng_ether(4) and bridge(4) are in use: 2004-10-12 10:33:42 +00:00
bsd_comp.c
ethernet.h add ETHERTYPE_PAE for EAPOL/802.1x 2004-10-05 19:28:52 +00:00
fddi.h
firewire.h Fix big-endian build. 2004-06-14 08:17:51 +00:00
if_arc.h
if_arcsubr.c Prefer C99's __func__ over GCC's __FUNCTION__. 2004-09-22 17:16:04 +00:00
if_arp.h Add a new driver to support IP over firewire. This driver is intended to 2004-06-13 10:54:36 +00:00
if_atm.h
if_atmsubr.c
if_clone.c Fix a LOR where copyout was called while holding a lock. 2004-09-15 04:41:56 +00:00
if_clone.h Major overhaul of pseudo-interface cloning. Highlights include: 2004-06-22 20:13:25 +00:00
if_disc.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_dl.h
if_ef.c Initialize ; variable eraly to shut up GCC warning. 2004-07-28 06:48:36 +00:00
if_ethersubr.c Fix packet flow when both ng_ether(4) and bridge(4) are in use: 2004-10-12 10:33:42 +00:00
if_faith.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_fddisubr.c Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on 2004-06-15 23:57:42 +00:00
if_fwsubr.c Revert previous revision, 1.7, as removal of GIANT_REQUIRED was made 2004-08-24 14:17:58 +00:00
if_gif.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_gif.h
if_gre.c Set ip_v field properly. 2004-08-05 08:12:46 +00:00
if_gre.h
if_iso88025subr.c Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on 2004-06-15 23:57:42 +00:00
if_llc.h
if_loop.c Apply error and success logic consistently to the function netisr_queue() and 2004-08-27 18:33:08 +00:00
if_media.c
if_media.h Added two new media types for 10GBASE-SR and 10GBASE-LR 2004-08-12 23:48:26 +00:00
if_mib.c
if_mib.h
if_ppp.c Apply error and success logic consistently to the function netisr_queue() and 2004-08-27 18:33:08 +00:00
if_ppp.h
if_pppvar.h
if_sl.c Use an ANSI-style definition for slstart() 2004-08-30 04:48:52 +00:00
if_slvar.h
if_sppp.h
if_spppsubr.c Apply error and success logic consistently to the function netisr_queue() and 2004-08-27 18:33:08 +00:00
if_stf.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
if_stf.h
if_tap.c Destroy global tapmtx when the if_tap module is unloaded. 2004-09-17 03:55:50 +00:00
if_tap.h
if_tapvar.h Do the dreaded s/dev_t/struct cdev */ 2004-06-16 09:47:26 +00:00
if_tun.c Assign pointer NULL, not 0. 2004-10-11 07:28:36 +00:00
if_tun.h
if_types.h
if_var.h Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
if_vlan_var.h
if_vlan.c Add locking to the kqueue subsystem. This also makes the kqueue subsystem 2004-08-15 06:24:42 +00:00
if.c Call sbuf_finish() before sbuf_data() so as to not panic the system. 2004-09-22 12:53:27 +00:00
if.h Re-add ifi_epoch, to struct if_data, this time replacing ifi_unused 2004-09-08 04:50:55 +00:00
iso88025.h
net_osdep.h Since net/net_osdep.c contained only one function that could be 2004-10-08 00:24:30 +00:00
netisr.c Correctly unregister a netisr by clearing the ni->ni_queue field to NULL as 2004-10-11 20:01:43 +00:00
netisr.h
pfil.c Change pfil starvation prevention from fail-open to fail-close. 2004-10-08 12:07:20 +00:00
pfil.h Add an additional struct inpcb * argument to pfil(9) in order to enable 2004-09-29 04:54:33 +00:00
pfkeyv2.h
ppp_comp.h
ppp_deflate.c
ppp_defs.h
ppp_tty.c Preparation commit for the tty cleanups that will follow in the near 2004-07-15 20:47:41 +00:00
radix.c
radix.h
raw_cb.c Push acquisition of the accept mutex out of sofree() into the caller 2004-10-18 22:19:43 +00:00
raw_cb.h Lock down rawcb_list, a global list of control blocks for raw sockets, 2004-06-15 04:13:59 +00:00
raw_usrreq.c Push acquisition of the accept mutex out of sofree() into the caller 2004-10-18 22:19:43 +00:00
route.c When a prison is given the ability to create raw sockets (when the 2004-08-21 17:38:57 +00:00
route.h Add 802.11-specific events that are dispatched through the routing socket. 2004-10-05 19:48:33 +00:00
rtsock.c Add 802.11-specific events that are dispatched through the routing socket. 2004-10-05 19:48:33 +00:00
slcompress.c
slcompress.h
slip.h
zlib.c Give zlib the ability to be a module that can be depended on, 2004-06-20 17:42:35 +00:00
zlib.h