socket: Assert SS_{INCOMP,COMP} before deq/enq so_{comp,incomp}
authorSepherosa Ziehau <sephe@dragonflybsd.org>
Wed, 19 Aug 2015 12:51:43 +0000 (20:51 +0800)
committerSepherosa Ziehau <sephe@dragonflybsd.org>
Thu, 20 Aug 2015 02:15:21 +0000 (10:15 +0800)
Suggested-by: dillon@
sys/kern/uipc_socket.c
sys/kern/uipc_socket2.c
sys/kern/uipc_syscalls.c

index d74b74d..901690e 100644 (file)
@@ -286,6 +286,7 @@ sobind(struct socket *so, struct sockaddr *nam, struct thread *td)
 static void
 sodealloc(struct socket *so)
 {
+       KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) == 0);
        if (so->so_rcv.ssb_hiwat)
                (void)chgsbsize(so->so_cred->cr_uidinfo,
                    &so->so_rcv.ssb_hiwat, 0, RLIM_INFINITY);
@@ -363,6 +364,8 @@ sofree(struct socket *so)
         */
        if (head != NULL) {
                if (so->so_state & SS_INCOMP) {
+                       KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) ==
+                           SS_INCOMP);
                        TAILQ_REMOVE(&head->so_incomp, so, so_list);
                        head->so_incqlen--;
                } else if (so->so_state & SS_COMP) {
@@ -372,6 +375,8 @@ sofree(struct socket *so)
                         * accept(2) may hang after select(2) indicated
                         * that the listening socket was ready.
                         */
+                       KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) ==
+                           SS_COMP);
                        lwkt_relpooltoken(head);
                        return;
                } else {
@@ -418,12 +423,16 @@ sodiscard(struct socket *so)
                struct socket *sp;
 
                while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) {
+                       KKASSERT((sp->so_state & (SS_INCOMP | SS_COMP)) ==
+                           SS_INCOMP);
                        TAILQ_REMOVE(&so->so_incomp, sp, so_list);
                        so->so_incqlen--;
                        soclrstate(sp, SS_INCOMP);
                        soabort_async(sp, TRUE);
                }
                while ((sp = TAILQ_FIRST(&so->so_comp)) != NULL) {
+                       KKASSERT((sp->so_state & (SS_INCOMP | SS_COMP)) ==
+                           SS_COMP);
                        TAILQ_REMOVE(&so->so_comp, sp, so_list);
                        so->so_qlen--;
                        soclrstate(sp, SS_COMP);
@@ -461,6 +470,7 @@ soinherit(struct socket *head, struct socket *head_inh)
                struct socket *sp;
 
                sp = TAILQ_FIRST(&head->so_comp);
+               KKASSERT((sp->so_state & (SS_INCOMP | SS_COMP)) == SS_COMP);
 
                /*
                 * Remove this socket from the current listen socket
index 6c8f48d..c26f499 100644 (file)
@@ -254,6 +254,7 @@ soisconnected(struct socket *so)
                /*
                 * Listen socket are not per-cpu.
                 */
+               KKASSERT((so->so_state & (SS_COMP | SS_INCOMP)) == SS_INCOMP);
                TAILQ_REMOVE(&head->so_incomp, so, so_list);
                head->so_incqlen--;
                TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
@@ -428,17 +429,21 @@ sonewconn_faddr(struct socket *head, int connstatus,
 
        lwkt_getpooltoken(head);
        if (connstatus) {
+               KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) == 0);
                TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
                sosetstate(so, SS_COMP);
                head->so_qlen++;
        } else {
                if (head->so_incqlen > head->so_qlimit) {
                        sp = TAILQ_FIRST(&head->so_incomp);
+                       KKASSERT((sp->so_state & (SS_INCOMP | SS_COMP)) ==
+                           SS_INCOMP);
                        TAILQ_REMOVE(&head->so_incomp, sp, so_list);
                        head->so_incqlen--;
                        soclrstate(sp, SS_INCOMP);
                        soabort_async(sp, TRUE);
                }
+               KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) == 0);
                TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
                sosetstate(so, SS_INCOMP);
                head->so_incqlen++;
index 2ab5834..b0906a6 100644 (file)
@@ -221,6 +221,7 @@ soaccept_predicate(struct netmsg_so_notify *msg)
        if (!TAILQ_EMPTY(&head->so_comp)) {
                /* Abuse nm_so field as copy in/copy out parameter. XXX JH */
                so = TAILQ_FIRST(&head->so_comp);
+               KKASSERT((so->so_state & (SS_INCOMP | SS_COMP)) == SS_COMP);
                TAILQ_REMOVE(&head->so_comp, so, so_list);
                head->so_qlen--;
                soclrstate(so, SS_COMP);