DragonFly commits List (threaded) for 2004-10
cvs commit: src/sys/netinet
dillon 2004/10/26 20:43:47 PDT
DragonFly src repository
Fix a NULL pointer dereference panic that occurs when the TCP protocol
stack races against userland while closing a tcp connection. It is
possible for userland to queue a disconnect request but for the protocol
stack to then receive a packet that causes it to call tcp_drop()->tcp_close()
which also disconnects the inpcb from the tcpcb. When the protocol stack
then processes the disconnect request it hits the panic because the inpcb
no longer has a tcpcb connected to it.
The bug generally only occured on SMP systems where the latency in intra-cpu
communication opens up the window of opportunity for the bug to occur.
Panic-Reported-by: Adam K Kirchhoff <adamk@xxxxxxxxxxxx>
Revision Changes Path
1.27 +11 -5 src/sys/netinet/tcp_usrreq.c