Subject: kern/30154: tcp_close locking botch
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 05/06/2005 14:15:00
>Number: 30154
>Category: kern
>Synopsis: tcp_close locking botch
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri May 06 14:15:00 +0000 2005
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 3.99.3
>Organization:
>Environment:
System: NetBSD kaeru 3.99.3 NetBSD 3.99.3 (build.kaeru.xen) #78: Wed May 4 23:21:47 JST 2005 takashi@kaeru:/home/takashi/work/kernel/build.kaeru.xen i386
Architecture: i386
Machine: i386
>Description:
tcp_close can be called from interrupt context.
however, it isn't safe.
eg. tcp_input -> tcp_close -> in_pcbdetach
-> sofree -> chgsbsize -> uid_find
>How-To-Repeat:
code inspection.
>Fix:
>Unformatted: