The branch main has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=6b288408ca32e68c74f6ab12324448ab4862a045
commit 6b288408ca32e68c74f6ab12324448ab4862a045
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2021-09-17 16:26:56 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2021-09-17 18:19:06 +0000
socket: Add assertions around naked refcount decrements
Sockets in a listen queue hold a reference to the parent listening
socket. Several code paths release this reference manually when moving
a child socket out of the queue.
Replace comments about the expected post-decrement refcount value with
assertions. Use refcount_load() instead of a plain load. No functional
change intended.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31974
---
sys/kern/uipc_socket.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index f1a3b5acc827..9e898861f8f4 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1120,11 +1120,12 @@ void
sofree(struct socket *so)
{
struct protosw *pr = so->so_proto;
+ bool last __diagused;
SOCK_LOCK_ASSERT(so);
- if ((so->so_state & SS_NOFDREF) == 0 || so->so_count != 0 ||
- (so->so_state & SS_PROTOREF) || (so->so_qstate == SQ_COMP)) {
+ if ((so->so_state & (SS_NOFDREF | SS_PROTOREF)) != SS_NOFDREF ||
+ refcount_load(&so->so_count) != 0 || so->so_qstate == SQ_COMP) {
SOCK_UNLOCK(so);
return;
}
@@ -1160,8 +1161,9 @@ sofree(struct socket *so)
__func__, so, sol));
TAILQ_REMOVE(&sol->sol_incomp, so, so_list);
sol->sol_incqlen--;
- /* This is guarenteed not to be the last. */
- refcount_release(&sol->so_count);
+ last = refcount_release(&sol->so_count);
+ KASSERT(!last, ("%s: released last reference for %p",
+ __func__, sol));
so->so_qstate = SQ_NONE;
so->so_listen = NULL;
} else
@@ -1169,7 +1171,7 @@ sofree(struct socket *so)
("%s: so %p not on (in)comp with so_listen",
__func__, so));
sorele(sol);
- KASSERT(so->so_count == 1,
+ KASSERT(refcount_load(&so->so_count) == 1,
("%s: so %p count %u", __func__, so, so->so_count));
so->so_count = 0;
}
@@ -1225,6 +1227,7 @@ soclose(struct socket *so)
struct accept_queue lqueue;
struct socket *sp, *tsp;
int error = 0;
+ bool last __diagused;
KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
@@ -1271,8 +1274,9 @@ drop:
sp->so_qstate = SQ_NONE;
sp->so_listen = NULL;
SOCK_UNLOCK(sp);
- /* Guaranteed not to be the last. */
- refcount_release(&so->so_count);
+ last = refcount_release(&so->so_count);
+ KASSERT(!last, ("%s: released last reference for %p",
+ __func__, so));
}
}
KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
@@ -1284,7 +1288,7 @@ drop:
SOCK_UNLOCK(sp);
soabort(sp);
} else {
- /* sp is now in sofree() */
+ /* See the handling of queued sockets in sofree(). */
SOCK_UNLOCK(sp);
}
}
@@ -4010,6 +4014,7 @@ soisconnecting(struct socket *so)
void
soisconnected(struct socket *so)
{
+ bool last __diagused;
SOCK_LOCK(so);
so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
@@ -4042,8 +4047,9 @@ soisconnected(struct socket *so)
sorele(head);
return;
}
- /* Not the last one, as so holds a ref. */
- refcount_release(&head->so_count);
+ last = refcount_release(&head->so_count);
+ KASSERT(!last, ("%s: released last reference for %p",
+ __func__, head));
}
again:
if ((so->so_options & SO_ACCEPTFILTER) == 0) {
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
