On Sun, 21 May 2006, 18:55+0100, Robert Watson wrote: > > On Mon, 15 May 2006, Maxim Konovalov wrote: > > > There is a bug in raw ip code processing which panics system. I > > put a small regression test in > > src/tools/regression/netinet/rawconnect. > > > > At the moment the code path for the connected raw ip socket looks > > like that: > > > > % soclose() > > % sodisconnect() > > % rip_disconnect() > > % rip_abort() > > % rip_pcbdetach() > > % rip_detach <<<--------- panic > > % rip_pcbdetach() > > > > .. and we panics in rip_detach() at KASSERT(inp != NULL). > > > > With this patch panic has gone. > > This looks good in terms of pcb structure, but you should acquire > SOCK_LOCK around the so_state manipulation. To prevent races, I > suggest doing it while also holding the INP lock in the center of > the locking sets from the inpcb. There are some other remaining bugs > in the raw socket code elsewhere also, I think. I "copied" this code from udp_usrreq.c::udp_disconnect(). There is no such lock. Is it a bug too? -- Maxim KonovalovReceived on Sun May 21 2006 - 16:03:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC