Index: kern/kern_descrip.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v retrieving revision 1.245 diff -u -r1.245 kern_descrip.c --- kern/kern_descrip.c 4 Oct 2004 06:45:48 -0000 1.245 +++ kern/kern_descrip.c 18 Oct 2004 20:13:23 -0000 @@ -2063,6 +2063,7 @@ { NET_ASSERT_GIANT(); + ACCEPT_LOCK(); SOCK_LOCK(so); sorele(so); } Index: kern/uipc_socket.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.213 diff -u -r1.213 uipc_socket.c --- kern/uipc_socket.c 11 Oct 2004 08:11:26 -0000 1.213 +++ kern/uipc_socket.c 18 Oct 2004 20:17:18 -0000 @@ -227,6 +227,7 @@ SOCK_UNLOCK(so); error = (*prp->pr_usrreqs->pru_attach)(so, proto, td); if (error) { + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_state |= SS_NOFDREF; sorele(so); @@ -333,9 +334,8 @@ { struct socket *head; - SOCK_UNLOCK(so); - ACCEPT_LOCK(); - SOCK_LOCK(so); + ACCEPT_LOCK_ASSERT(); + SOCK_LOCK_ASSERT(so); if (so->so_pcb != NULL || (so->so_state & SS_NOFDREF) == 0 || so->so_count != 0) { @@ -467,6 +467,7 @@ error = error2; } discard: + ACCEPT_LOCK(); SOCK_LOCK(so); KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF")); so->so_state |= SS_NOFDREF; Index: kern/uipc_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v retrieving revision 1.140 diff -u -r1.140 uipc_usrreq.c --- kern/uipc_usrreq.c 25 Aug 2004 21:24:36 -0000 1.140 +++ kern/uipc_usrreq.c 18 Oct 2004 20:18:04 -0000 @@ -140,6 +140,7 @@ unp_drop(unp, ECONNABORTED); unp_detach(unp); UNP_UNLOCK_ASSERT(); + ACCEPT_LOCK(); SOCK_LOCK(so); sotryfree(so); return (0); Index: net/raw_cb.c =================================================================== RCS file: /home/ncvs/src/sys/net/raw_cb.c,v retrieving revision 1.29 diff -u -r1.29 raw_cb.c --- net/raw_cb.c 15 Jun 2004 04:13:59 -0000 1.29 +++ net/raw_cb.c 18 Oct 2004 20:18:23 -0000 @@ -98,6 +98,7 @@ { struct socket *so = rp->rcb_socket; + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = 0; sotryfree(so); Index: net/raw_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/net/raw_usrreq.c,v retrieving revision 1.34 diff -u -r1.34 raw_usrreq.c --- net/raw_usrreq.c 15 Jun 2004 04:13:59 -0000 1.34 +++ net/raw_usrreq.c 18 Oct 2004 20:18:54 -0000 @@ -147,6 +147,7 @@ return EINVAL; raw_disconnect(rp); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); sotryfree(so); return 0; Index: netatalk/ddp_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netatalk/ddp_pcb.c,v retrieving revision 1.44 diff -u -r1.44 ddp_pcb.c --- netatalk/ddp_pcb.c 12 Jul 2004 18:39:59 -0000 1.44 +++ netatalk/ddp_pcb.c 18 Oct 2004 20:19:11 -0000 @@ -282,6 +282,7 @@ DDP_LOCK_ASSERT(ddp); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netatm/atm_socket.c =================================================================== RCS file: /home/ncvs/src/sys/netatm/atm_socket.c,v retrieving revision 1.20 diff -u -r1.20 atm_socket.c --- netatm/atm_socket.c 12 Jun 2004 20:47:29 -0000 1.20 +++ netatm/atm_socket.c 18 Oct 2004 20:19:40 -0000 @@ -173,6 +173,7 @@ /* * Break links and free control blocks */ + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netgraph/bluetooth/socket/ng_btsocket_hci_raw.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c,v retrieving revision 1.15 diff -u -r1.15 ng_btsocket_hci_raw.c --- netgraph/bluetooth/socket/ng_btsocket_hci_raw.c 12 Jun 2004 20:47:30 -0000 1.15 +++ netgraph/bluetooth/socket/ng_btsocket_hci_raw.c 18 Oct 2004 20:19:58 -0000 @@ -1417,6 +1417,7 @@ bzero(pcb, sizeof(*pcb)); FREE(pcb, M_NETGRAPH_BTSOCKET_HCI_RAW); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netgraph/bluetooth/socket/ng_btsocket_l2cap.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/bluetooth/socket/ng_btsocket_l2cap.c,v retrieving revision 1.13 diff -u -r1.13 ng_btsocket_l2cap.c --- netgraph/bluetooth/socket/ng_btsocket_l2cap.c 12 Jun 2004 20:47:30 -0000 1.13 +++ netgraph/bluetooth/socket/ng_btsocket_l2cap.c 18 Oct 2004 20:20:14 -0000 @@ -1804,6 +1804,7 @@ FREE(pcb, M_NETGRAPH_BTSOCKET_L2CAP); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); @@ -2347,6 +2348,7 @@ FREE(pcb, M_NETGRAPH_BTSOCKET_L2CAP); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c,v retrieving revision 1.12 diff -u -r1.12 ng_btsocket_l2cap_raw.c --- netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c 12 Jun 2004 20:47:30 -0000 1.12 +++ netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c 18 Oct 2004 20:20:22 -0000 @@ -1129,6 +1129,7 @@ bzero(pcb, sizeof(*pcb)); FREE(pcb, M_NETGRAPH_BTSOCKET_L2CAP_RAW); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netgraph/bluetooth/socket/ng_btsocket_rfcomm.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c,v retrieving revision 1.12 diff -u -r1.12 ng_btsocket_rfcomm.c --- netgraph/bluetooth/socket/ng_btsocket_rfcomm.c 18 Jun 2004 05:09:42 -0000 1.12 +++ netgraph/bluetooth/socket/ng_btsocket_rfcomm.c 18 Oct 2004 20:20:28 -0000 @@ -724,6 +724,7 @@ FREE(pcb, M_NETGRAPH_BTSOCKET_RFCOMM); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netinet/in_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.155 diff -u -r1.155 in_pcb.c --- netinet/in_pcb.c 29 Sep 2004 04:01:13 -0000 1.155 +++ netinet/in_pcb.c 18 Oct 2004 20:20:45 -0000 @@ -687,6 +687,7 @@ inp->inp_gencnt = ++ipi->ipi_gencnt; in_pcbremlists(inp); if (so) { + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netinet/tcp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.204 diff -u -r1.204 tcp_subr.c --- netinet/tcp_subr.c 5 Oct 2004 18:36:24 -0000 1.204 +++ netinet/tcp_subr.c 18 Oct 2004 20:21:04 -0000 @@ -1680,6 +1680,7 @@ } tcp_discardcb(tp); so = inp->inp_socket; + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; tw->tw_cred = crhold(so->so_cred); Index: netinet6/in6_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_pcb.c,v retrieving revision 1.60 diff -u -r1.60 in6_pcb.c --- netinet6/in6_pcb.c 21 Aug 2004 17:38:48 -0000 1.60 +++ netinet6/in6_pcb.c 18 Oct 2004 20:21:18 -0000 @@ -436,6 +436,7 @@ in_pcbremlists(inp); if (so) { + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: netipx/ipx_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netipx/ipx_pcb.c,v retrieving revision 1.28 diff -u -r1.28 ipx_pcb.c --- netipx/ipx_pcb.c 12 Jun 2004 20:47:31 -0000 1.28 +++ netipx/ipx_pcb.c 18 Oct 2004 20:21:40 -0000 @@ -268,6 +268,7 @@ { struct socket *so = ipxp->ipxp_socket; + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = 0; sotryfree(so); Index: netipx/ipx_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netipx/ipx_usrreq.c,v retrieving revision 1.40 diff -u -r1.40 ipx_usrreq.c --- netipx/ipx_usrreq.c 12 Jun 2004 20:47:31 -0000 1.40 +++ netipx/ipx_usrreq.c 18 Oct 2004 20:21:52 -0000 @@ -424,6 +424,7 @@ ipx_pcbdetach(ipxp); splx(s); soisdisconnected(so); + ACCEPT_LOCK(); SOCK_LOCK(so); sotryfree(so); return (0); Index: netnatm/natm.c =================================================================== RCS file: /home/ncvs/src/sys/netnatm/natm.c,v retrieving revision 1.34 diff -u -r1.34 natm.c --- netnatm/natm.c 24 Jun 2004 03:11:29 -0000 1.34 +++ netnatm/natm.c 18 Oct 2004 20:22:15 -0000 @@ -135,6 +135,7 @@ * we turn on 'drain' *before* we sofree. */ npcb_free(npcb, NPCB_DESTROY); /* drain */ + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); @@ -464,6 +465,7 @@ */ npcb_free(npcb, NPCB_DESTROY); /* drain */ + ACCEPT_LOCK(); SOCK_LOCK(so); so->so_pcb = NULL; sotryfree(so); Index: sys/socketvar.h =================================================================== RCS file: /home/ncvs/src/sys/sys/socketvar.h,v retrieving revision 1.134 diff -u -r1.134 socketvar.h --- sys/socketvar.h 9 Oct 2004 16:42:57 -0000 1.134 +++ sys/socketvar.h 18 Oct 2004 20:27:55 -0000 @@ -158,6 +158,8 @@ * until such time as it proves to be a good idea. */ extern struct mtx accept_mtx; +#define ACCEPT_LOCK_ASSERT() mtx_assert(&accept_mtx, MA_OWNED) +#define ACCEPT_UNLOCK_ASSERT() mtx_assert(&accept_mtx, MA_NOTOWNED) #define ACCEPT_LOCK() mtx_lock(&accept_mtx) #define ACCEPT_UNLOCK() mtx_unlock(&accept_mtx) @@ -344,21 +346,27 @@ } while (0) #define sorele(so) do { \ + ACCEPT_LOCK_ASSERT(); \ SOCK_LOCK_ASSERT(so); \ if ((so)->so_count <= 0) \ panic("sorele"); \ if (--(so)->so_count == 0) \ sofree(so); \ - else \ + else { \ SOCK_UNLOCK(so); \ + ACCEPT_UNLOCK(); \ + } \ } while (0) #define sotryfree(so) do { \ + ACCEPT_LOCK_ASSERT(); \ SOCK_LOCK_ASSERT(so); \ if ((so)->so_count == 0) \ sofree(so); \ - else \ + else { \ SOCK_UNLOCK(so); \ + ACCEPT_UNLOCK(); \ + } \ } while(0) /*