On Fri, 30 Jun 2006, Stanislaw Halik wrote:
Per my earlier e-mail, I had hoped to merge a larger set of changes from
HEAD that resolve the underlying problem here (that inpcb's can be detached
from a socket while the socket is still in use), but right now I'm
deferring merging those changes as they are somewhat risky (as they are
large). Instead, I've produced a candidate work-around patch, now attached
to kern/97095. This does not fix the underlying problem, but seeks to
narrow the window for the race to be exercised by avoiding caching a
volatile pointer across user memory copying, which under load can result in
blocking I/O. I would be quite interested in knowing if this resolves the
problem in practice -- if so, it's a definite short-term merge candidate to
reduce the symptoms of this problem until the proper fix can be merged.
Unfortunately, it still happens to crash in the same code path:
<snip>
I'll be happy to test any other patches when they're available.
Thanks for testing the patch -- it looks like there's a more pressing logical
problem in this code! Could you try the following simpler patch:
http://www.watson.org/~robert/freebsd/netperf/ip_ctloutput.diff
The IP option code seems not to know that (in RELENG_6 and before) the pcb is
discarded on disconnect, and the application is querying the TTL after a
disconnect. In FreeBSD 7.x, the pcb is preserved after disconnect so this
succeeds.
It could be we actually need both patches, but let's try this one by itself
first.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
Attached:
Index: ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.242.2.9
diff -u -r1.242.2.9 ip_output.c
--- ip_output.c 4 Jun 2006 10:19:34 -0000 1.242.2.9
+++ ip_output.c 30 Jun 2006 13:58:03 -0000
@@ -1162,6 +1162,9 @@
return (EINVAL);
}
+ if (inp == NULL)
+ return (EINVAL);
+
switch (sopt->sopt_dir) {
case SOPT_SET:
switch (sopt->sopt_name) {
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
