Index: sys/netinet/tcp_input.c =================================================================== --- sys/netinet/tcp_input.c +++ sys/netinet/tcp_input.c @@ -1476,18 +1476,21 @@ * the TIME_WAIT state before coming here, we need * to check if the socket is still connected. */ + if (tp == NULL) { + log(2, "%s#%d: tp is NULL\n", __func__, __LINE__); + return; + } + if (so == NULL) { + log(2, "%s#%d: so is NULL\n", __func__, __LINE__); + return; + } if ((so->so_state & SS_ISCONNECTED) == 0) return; INP_LOCK_ASSERT(tp->t_inpcb); if (tp->t_flags & TF_WAKESOR) { tp->t_flags &= ~TF_WAKESOR; - SOCKBUF_UNLOCK_ASSERT(&so->so_rcv); - sorwakeup(so); - } - if (tp->t_flags & TF_WAKESOW) { - tp->t_flags &= ~TF_WAKESOW; - SOCKBUF_UNLOCK_ASSERT(&so->so_snd); - sowwakeup(so); + SOCKBUF_LOCK_ASSERT(&so->so_rcv); + sorwakeup_locked(so); } } @@ -1515,6 +1518,10 @@ struct tcphdr tcp_savetcp; short ostate = 0; #endif + + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s: WAKESOR left over from last invocation\n", __func__); + thflags = th->th_flags; inc = &tp->t_inpcb->inp_inc; tp->sackhint.last_sack_ack = 0; @@ -1865,7 +1872,7 @@ else if (!tcp_timer_active(tp, TT_PERSIST)) tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur); - tp->t_flags |= TF_WAKESOW; + sowwakeup(so); if (sbavail(&so->so_snd)) (void) tp->t_fb->tfb_tcp_output(tp); goto check_delack; @@ -1930,12 +1937,13 @@ m_adj(m, drop_hdrlen); /* delayed header drop */ sbappendstream_locked(&so->so_rcv, m, 0); } - SOCKBUF_UNLOCK(&so->so_rcv); - tp->t_flags |= TF_WAKESOR; if (DELAY_ACK(tp, tlen)) { tp->t_flags |= TF_DELACK; + tp->t_flags |= TF_WAKESOR; } else { tp->t_flags |= TF_ACKNOW; + /* NB: sorwakeup_locked() does an implicit unlock. */ + sorwakeup_locked(so); tp->t_fb->tfb_tcp_output(tp); } goto check_delack; @@ -2923,8 +2931,8 @@ tp->snd_wnd = 0; ourfinisacked = 0; } - SOCKBUF_UNLOCK(&so->so_snd); - tp->t_flags |= TF_WAKESOW; + /* NB: sowwakeup_locked() does an implicit unlock. */ + sowwakeup_locked(so); m_freem(mfree); /* Detect una wraparound. */ if (!IN_RECOVERY(tp->t_flags) && @@ -2984,6 +2992,8 @@ if (ourfinisacked) { tcp_twstart(tp); m_freem(m); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; } break; @@ -3145,7 +3155,6 @@ m_freem(m); else sbappendstream_locked(&so->so_rcv, m, 0); - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; } else { /* @@ -3214,9 +3223,12 @@ */ if (thflags & TH_FIN) { if (TCPS_HAVERCVDFIN(tp->t_state) == 0) { - socantrcvmore(so); - /* The socket upcall is handled by socantrcvmore. */ - tp->t_flags &= ~TF_WAKESOR; + if (tp->t_flags & TF_WAKESOR) { + /* The socket upcall is handled by socantrcvmore. */ + tp->t_flags &= ~TF_WAKESOR; + socantrcvmore_locked(so); + } else + socantrcvmore(so); /* * If connection is half-synchronized * (ie NEEDSYN flag on) then delay ACK, @@ -3257,6 +3269,8 @@ */ case TCPS_FIN_WAIT_2: tcp_twstart(tp); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; } } @@ -3267,6 +3281,7 @@ #endif TCP_PROBE3(debug__input, tp, th, m); + tcp_handle_wakeup(tp, so); /* * Return any desired output. */ @@ -3282,6 +3297,8 @@ } tcp_handle_wakeup(tp, so); INP_WUNLOCK(tp->t_inpcb); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; dropafterack: @@ -3312,20 +3329,24 @@ &tcp_savetcp, 0); #endif TCP_PROBE3(debug__input, tp, th, m); + tcp_handle_wakeup(tp, so); tp->t_flags |= TF_ACKNOW; (void) tp->t_fb->tfb_tcp_output(tp); - tcp_handle_wakeup(tp, so); INP_WUNLOCK(tp->t_inpcb); m_freem(m); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; dropwithreset: if (tp != NULL) { - tcp_dropwithreset(m, th, tp, tlen, rstreason); tcp_handle_wakeup(tp, so); + tcp_dropwithreset(m, th, tp, tlen, rstreason); INP_WUNLOCK(tp->t_inpcb); } else tcp_dropwithreset(m, th, NULL, tlen, rstreason); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; drop: @@ -3343,6 +3364,8 @@ INP_WUNLOCK(tp->t_inpcb); } m_freem(m); + if ((tp != NULL ) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); } /* @@ -3407,9 +3430,13 @@ tcp_respond(tp, mtod(m, void *), th, m, th->th_seq+tlen, (tcp_seq)0, TH_RST|TH_ACK); } + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); return; drop: m_freem(m); + if ((tp != NULL) && (tp->t_flags & TF_WAKESOR)) + log(2, "%s#%d: WAKESOR left over\n", __func__,__LINE__); } /* Index: sys/netinet/tcp_reass.c =================================================================== --- sys/netinet/tcp_reass.c +++ sys/netinet/tcp_reass.c @@ -959,7 +959,6 @@ } else { sbappendstream_locked(&so->so_rcv, m, 0); } - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; return (flags); } @@ -1108,7 +1107,6 @@ #ifdef TCP_REASS_LOGGING tcp_reass_log_dump(tp); #endif - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; return (flags); } Index: sys/netinet/tcp_stacks/bbr.c =================================================================== --- sys/netinet/tcp_stacks/bbr.c +++ sys/netinet/tcp_stacks/bbr.c @@ -7876,8 +7876,8 @@ acked_amount = min(acked, (int)sbavail(&so->so_snd)); tp->snd_wnd -= acked_amount; mfree = sbcut_locked(&so->so_snd, acked_amount); - SOCKBUF_UNLOCK(&so->so_snd); - tp->t_flags |= TF_WAKESOW; + /* NB: sowwakeup_locked() does an implicit unlock. */ + sowwakeup_locked(so); m_freem(mfree); if (SEQ_GT(th->th_ack, tp->snd_una)) { bbr_collapse_rtt(tp, bbr, TCP_REXMTVAL(tp)); @@ -8353,7 +8353,6 @@ appended = #endif sbappendstream_locked(&so->so_rcv, m, 0); - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; #ifdef NETFLIX_SB_LIMITS if (so->so_rcv.sb_shlim && appended != mcnt) @@ -8415,9 +8414,12 @@ */ if (thflags & TH_FIN) { if (TCPS_HAVERCVDFIN(tp->t_state) == 0) { - socantrcvmore(so); - /* The socket upcall is handled by socantrcvmore. */ - tp->t_flags &= ~TF_WAKESOR; + if (tp->t_flags & TF_WAKESOR) { + /* The socket upcall is handled by socantrcvmore. */ + tp->t_flags &= ~TF_WAKESOR; + socantrcvmore_locked(so); + } else + socantrcvmore(so); /* * If connection is half-synchronized (ie NEEDSYN * flag on) then delay ACK, so it may be piggybacked @@ -8608,7 +8610,6 @@ sbappendstream_locked(&so->so_rcv, m, 0); ctf_calc_rwin(so, tp); } - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; #ifdef NETFLIX_SB_LIMITS if (so->so_rcv.sb_shlim && mcnt != appended) @@ -8800,7 +8801,7 @@ &tcp_savetcp, 0); #endif /* Wake up the socket if we have room to write more */ - tp->t_flags |= TF_WAKESOW; + sowwakeup(so); if (tp->snd_una == tp->snd_max) { /* Nothing left outstanding */ bbr_log_progress_event(bbr, tp, ticks, PROGRESS_CLEAR, __LINE__); Index: sys/netinet/tcp_stacks/rack.c =================================================================== --- sys/netinet/tcp_stacks/rack.c +++ sys/netinet/tcp_stacks/rack.c @@ -8344,8 +8344,8 @@ */ ourfinisacked = 1; } - SOCKBUF_UNLOCK(&so->so_snd); - tp->t_flags |= TF_WAKESOW; + /* NB: sowwakeup_locked() does an implicit unlock. */ + sowwakeup_locked(so); m_freem(mfree); if (rack->r_ctl.rc_early_recovery == 0) { if (IN_RECOVERY(tp->t_flags)) { @@ -8665,7 +8665,6 @@ appended = #endif sbappendstream_locked(&so->so_rcv, m, 0); - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; #ifdef NETFLIX_SB_LIMITS if (so->so_rcv.sb_shlim && appended != mcnt) @@ -8732,9 +8731,12 @@ */ if (thflags & TH_FIN) { if (TCPS_HAVERCVDFIN(tp->t_state) == 0) { - socantrcvmore(so); - /* The socket upcall is handled by socantrcvmore. */ - tp->t_flags &= ~TF_WAKESOR; + if (tp->t_flags & TF_WAKESOR) { + /* The socket upcall is handled by socantrcvmore. */ + tp->t_flags &= ~TF_WAKESOR; + socantrcvmore_locked(so); + } else + socantrcvmore(so); /* * If connection is half-synchronized (ie NEEDSYN * flag on) then delay ACK, so it may be piggybacked @@ -8926,7 +8928,6 @@ sbappendstream_locked(&so->so_rcv, m, 0); ctf_calc_rwin(so, tp); } - SOCKBUF_UNLOCK(&so->so_rcv); tp->t_flags |= TF_WAKESOR; #ifdef NETFLIX_SB_LIMITS if (so->so_rcv.sb_shlim && mcnt != appended) @@ -9144,7 +9145,7 @@ rack_timer_cancel(tp, rack, rack->r_ctl.rc_rcvtime, __LINE__); } /* Wake up the socket if we have room to write more */ - tp->t_flags |= TF_WAKESOW; + sowwakeup(so); if (sbavail(&so->so_snd)) { rack->r_wanted_output = 1; } Index: sys/netinet/tcp_var.h =================================================================== --- sys/netinet/tcp_var.h +++ sys/netinet/tcp_var.h @@ -394,7 +394,7 @@ #define TF_FORCEDATA 0x00800000 /* force out a byte */ #define TF_TSO 0x01000000 /* TSO enabled on this connection */ #define TF_TOE 0x02000000 /* this connection is offloaded */ -#define TF_WAKESOW 0x04000000 /* wake up send socket */ +#define TF_UNUSED0 0x04000000 /* unused */ #define TF_UNUSED1 0x08000000 /* unused */ #define TF_UNUSED2 0x10000000 /* unused */ #define TF_CONGRECOVERY 0x20000000 /* congestion recovery mode */