Revert grabbing the socket lock in kqueue filters.

It is unsafe to sleep while iterating the list of pending events in
kqueue_scan().

Reported by abieber@ and juanfra@

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 7aa6aa5..8f686ee 100644 (file)
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uipc_socket.c,v 1.192 2017/07/04 12:58:32 mpi Exp $   */
+/*     $OpenBSD: uipc_socket.c,v 1.193 2017/07/08 09:19:02 mpi Exp $   */
 /*     $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $        */
 
 /*
@@ -1998,10 +1998,8 @@ int
 filt_sowrite(struct knote *kn, long hint)
 {
        struct socket *so = kn->kn_fp->f_data;
-       int s, rv;
+       int rv;
 
-       if (!(hint & NOTE_SUBMIT))
-               s = solock(so);
        kn->kn_data = sbspace(so, &so->so_snd);
        if (so->so_state & SS_CANTSENDMORE) {
                kn->kn_flags |= EV_EOF;
@@ -2017,8 +2015,6 @@ filt_sowrite(struct knote *kn, long hint)
        } else {
                rv = (kn->kn_data >= so->so_snd.sb_lowat);
        }
-       if (!(hint & NOTE_SUBMIT))
-               sounlock(s);
 
        return (rv);
 }
@@ -2027,13 +2023,8 @@ int
 filt_solisten(struct knote *kn, long hint)
 {
        struct socket *so = kn->kn_fp->f_data;
-       int s;
 
-       if (!(hint & NOTE_SUBMIT))
-               s = solock(so);
        kn->kn_data = so->so_qlen;
-       if (!(hint & NOTE_SUBMIT))
-               sounlock(s);
 
        return (kn->kn_data != 0);
 }

diff --git a/sys/miscfs/fifofs/fifo_vnops.c b/sys/miscfs/fifofs/fifo_vnops.c
index cc6616a..62b19a4 100644 (file)
--- a/sys/miscfs/fifofs/fifo_vnops.c
+++ b/sys/miscfs/fifofs/fifo_vnops.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: fifo_vnops.c,v 1.56 2017/07/03 08:31:39 mpi Exp $     */
+/*     $OpenBSD: fifo_vnops.c,v 1.57 2017/07/08 09:19:02 mpi Exp $     */
 /*     $NetBSD: fifo_vnops.c,v 1.18 1996/03/16 23:52:42 christos Exp $ */
 
 /*
@@ -531,10 +531,8 @@ int
 filt_fiforead(struct knote *kn, long hint)
 {
        struct socket *so = (struct socket *)kn->kn_hook;
-       int s, rv;
+       int rv;
 
-       if (!(hint & NOTE_SUBMIT))
-               s = solock(so);
        kn->kn_data = so->so_rcv.sb_cc;
        if (so->so_state & SS_CANTRCVMORE) {
                kn->kn_flags |= EV_EOF;
@@ -543,8 +541,6 @@ filt_fiforead(struct knote *kn, long hint)
                kn->kn_flags &= ~EV_EOF;
                rv = (kn->kn_data > 0);
        }
-       if (!(hint & NOTE_SUBMIT))
-               sounlock(s);
 
        return (rv);
 }
@@ -563,10 +559,8 @@ int
 filt_fifowrite(struct knote *kn, long hint)
 {
        struct socket *so = (struct socket *)kn->kn_hook;
-       int s, rv;
+       int rv;
 
-       if (!(hint & NOTE_SUBMIT))
-               s = solock(so);
        kn->kn_data = sbspace(so, &so->so_snd);
        if (so->so_state & SS_CANTSENDMORE) {
                kn->kn_flags |= EV_EOF;
@@ -575,8 +569,6 @@ filt_fifowrite(struct knote *kn, long hint)
                kn->kn_flags &= ~EV_EOF;
                rv = (kn->kn_data >= so->so_snd.sb_lowat);
        }
-       if (!(hint & NOTE_SUBMIT))
-               sounlock(s);
 
        return (rv);
 }

diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index c538b32..6289e48 100644 (file)
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: socketvar.h,v 1.72 2017/07/04 12:58:32 mpi Exp $      */
+/*     $OpenBSD: socketvar.h,v 1.73 2017/07/08 09:19:02 mpi Exp $      */
 /*     $NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $  */
 
 /*-
@@ -186,7 +186,10 @@ static inline long
 sbspace(struct socket *so, struct sockbuf *sb)
 {
        KASSERT(sb == &so->so_rcv || sb == &so->so_snd);
+#if 0
+       /* XXXSMP kqueue_scan() calling filt_sowrite() cannot sleep. */
        soassertlocked(so);
+#endif
        return lmin(sb->sb_hiwat - sb->sb_cc, sb->sb_mbmax - sb->sb_mbcnt);
 }