Subject: kern/30154: tcp_close locking botch
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 05/06/2005 14:15:00
>Number:         30154
>Category:       kern
>Synopsis:       tcp_close locking botch
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri May 06 14:15:00 +0000 2005
>Originator:     YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release:        NetBSD 3.99.3
>Organization:

>Environment:
	
	
System: NetBSD kaeru 3.99.3 NetBSD 3.99.3 (build.kaeru.xen) #78: Wed May 4 23:21:47 JST 2005 takashi@kaeru:/home/takashi/work/kernel/build.kaeru.xen i386
Architecture: i386
Machine: i386
>Description:
	tcp_close can be called from interrupt context.
	however, it isn't safe.

	eg. tcp_input -> tcp_close -> in_pcbdetach
	    -> sofree -> chgsbsize -> uid_find
>How-To-Repeat:
	code inspection.
>Fix:
	

>Unformatted: