Re: Panic (TCP)

Yoshinobu Inoue Mon, 21 Feb 2000 20:21:53 -0800
> >Woops sorry I was worng.
> >tp->tt_rexmt->c_flags is actually causing the panic, and the
> >necessary data is the contents of the tp->tt_rexmt->c_flags.
> 
> (kgdb) print tp->tt_rexmt->c_flags
> $1 = 6
> 
> (kgdb) print tp->tt_rexmt         
> $2 = (struct callout *) 0xd5ce6c2c
> 
> (kgdb) print (*tp->tt_rexmt)
> $3 = {c_links = {sle = {sle_next = 0xd5cd7c2c}, tqe = {tqe_next = 0xd5cd7c2c,
>       tqe_prev = 0xd5cd83ac}}, c_time = 22275144, c_arg = 0xd5ce6b60, 
>   c_func = 0xc018bcdc <tcp_timer_rexmt>, c_flags = 6}

Wmm, the contents of tp->tt_rexmt not seems to be broken.

As the result of more review, I found one part which might
cause the problem in very delicate timing, tcp_output.c around line 776.

                if (!callout_active(tp->tt_rexmt) &&
                    tp->snd_nxt != tp->snd_una) {
                        callout_reset(tp->tt_rexmt, tp->t_rxtcur,
                                      tcp_timer_rexmt, tp);
                        if (callout_active(tp->tt_persist)) {
                                callout_stop(tp->tt_persist);
                                tp->t_rxtshift = 0;
                        }
                }

If persist timer is working, and if it happen to timeout between
                        callout_reset(tp->tt_rexmt, tp->t_rxtcur,
                                      tcp_timer_rexmt, tp);
and
                                callout_stop(tp->tt_persist);
then the panic might happen at tcp_setpersist().

This is same as Jan 5 version, but in more previous version,
the code was like below,

                if (tp->t_timer[TCPT_REXMT] == 0 &&
                    tp->snd_nxt != tp->snd_una) {
                        tp->t_timer[TCPT_REXMT] = tp->t_rxtcur;
                        if (tp->t_timer[TCPT_PERSIST]) {
                                tp->t_timer[TCPT_PERSIST] = 0;
                                tp->t_rxtshift = 0;
                        }
                }

Same problem might also happen in this case but the running
step were more fewer than now, so it was more difficult to
happen.

I think applying following patch will be safer.
Please review this patch.
(Same kind of patch might better to be applied into stable also.)

Thanks,
Yoshinobu Inoue

Index: tcp_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.39
diff -u -r1.39 tcp_output.c
--- tcp_output.c        2000/02/09 00:34:40     1.39
+++ tcp_output.c        2000/02/22 04:13:32
@@ -775,12 +775,12 @@
                 */
                if (!callout_active(tp->tt_rexmt) &&
                    tp->snd_nxt != tp->snd_una) {
-                       callout_reset(tp->tt_rexmt, tp->t_rxtcur,
-                                     tcp_timer_rexmt, tp);
                        if (callout_active(tp->tt_persist)) {
                                callout_stop(tp->tt_persist);
                                tp->t_rxtshift = 0;
                        }
+                       callout_reset(tp->tt_rexmt, tp->t_rxtcur,
+                                     tcp_timer_rexmt, tp);
                }
        } else
                if (SEQ_GT(tp->snd_nxt + len, tp->snd_max))


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Panic (TCP)

Reply via email to
