Author: rscheff Date: Tue Jul 7 12:10:59 2020 New Revision: 362988 URL: https://svnweb.freebsd.org/changeset/base/362988
Log: Fix KASSERT during tcp_newtcpcb when low on memory While testing with system default cc set to cubic, and running a memory exhaustion validation, FreeBSD panics for a missing inpcb reference / lock. Reviewed by: rgrimes (mentor), tuexen (mentor) Approved by: rgrimes (mentor), tuexen (mentor) MFC after: 3 weeks Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D25583 Modified: head/sys/netinet/tcp_subr.c Modified: head/sys/netinet/tcp_subr.c ============================================================================== --- head/sys/netinet/tcp_subr.c Tue Jul 7 07:51:09 2020 (r362987) +++ head/sys/netinet/tcp_subr.c Tue Jul 7 12:10:59 2020 (r362988) @@ -1702,6 +1702,12 @@ tcp_newtcpcb(struct inpcb *inp) KASSERT(!STAILQ_EMPTY(&cc_list), ("cc_list is empty!")); CC_ALGO(tp) = CC_DEFAULT(); CC_LIST_RUNLOCK(); + /* + * The tcpcb will hold a reference on its inpcb until tcp_discardcb() + * is called. + */ + in_pcbref(inp); /* Reference for tcpcb */ + tp->t_inpcb = inp; if (CC_ALGO(tp)->cb_init != NULL) if (CC_ALGO(tp)->cb_init(tp->ccv) > 0) { @@ -1746,12 +1752,6 @@ tcp_newtcpcb(struct inpcb *inp) if (V_tcp_do_sack) tp->t_flags |= TF_SACK_PERMIT; TAILQ_INIT(&tp->snd_holes); - /* - * The tcpcb will hold a reference on its inpcb until tcp_discardcb() - * is called. - */ - in_pcbref(inp); /* Reference for tcpcb */ - tp->t_inpcb = inp; /* * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
