cvs commit: src/sys/netinet
Matthew Dillon
dillon at crater.dragonflybsd.org
Tue Oct 26 20:44:22 PDT 2004
dillon 2004/10/26 20:43:47 PDT
DragonFly src repository
Modified files:
sys/netinet tcp_usrreq.c
Log:
Fix a NULL pointer dereference panic that occurs when the TCP protocol
stack races against userland while closing a tcp connection. It is
possible for userland to queue a disconnect request but for the protocol
stack to then receive a packet that causes it to call tcp_drop()->tcp_close()
which also disconnects the inpcb from the tcpcb. When the protocol stack
then processes the disconnect request it hits the panic because the inpcb
no longer has a tcpcb connected to it.
The bug generally only occured on SMP systems where the latency in intra-cpu
communication opens up the window of opportunity for the bug to occur.
Panic-Reported-by: Adam K Kirchhoff <adamk at xxxxxxxxxxxx>
Revision Changes Path
1.27 +11 -5 src/sys/netinet/tcp_usrreq.c
http://www.dragonflybsd.org/cvsweb/src/sys/netinet/tcp_usrreq.c.diff?r1=1.26&r2=1.27&f=u
More information about the Commits
mailing list