git: a2bd630ca784 - stable/13 - cxgbei: Wait for socket to close in icl_cxgbei_conn_close.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Fri, 29 Oct 2021 23:58:25 UTC
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=a2bd630ca7845120c45f2196bad870588beef16d

commit a2bd630ca7845120c45f2196bad870588beef16d
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-07-29 23:34:46 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-29 23:14:16 +0000

    cxgbei: Wait for socket to close in icl_cxgbei_conn_close.
    
    This ensures the TOE has finished processing any in-flight received
    data before returning to the caller.  The caller assumes it is safe to
    free any open tasks or transfers (and associated buffers) after this
    function returns.
    
    Previously, data placed directly via DDP could be written to buffers
    after the caller had freed the buffers.
    
    Reported by:    Jithesh Arakkan @ Chelsio
    Sponsored by:   Chelsio Communications
    
    (cherry picked from commit 67495c13d0bc25c57ebf0103e9d2af7c4a3088c9)
---
 sys/dev/cxgbe/cxgbei/icl_cxgbei.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/sys/dev/cxgbe/cxgbei/icl_cxgbei.c b/sys/dev/cxgbe/cxgbei/icl_cxgbei.c
index e974ad73a935..4a6cf0a19d44 100644
--- a/sys/dev/cxgbe/cxgbei/icl_cxgbei.c
+++ b/sys/dev/cxgbe/cxgbei/icl_cxgbei.c
@@ -881,7 +881,14 @@ icl_cxgbei_conn_close(struct icl_conn *ic)
 	INP_WLOCK(inp);
 	if (toep != NULL) {	/* NULL if connection was never offloaded. */
 		toep->ulpcb = NULL;
+
+		/* Discard PDUs queued for TX. */
 		mbufq_drain(&toep->ulp_pduq);
+
+		/*
+		 * Wait for the cwt threads to stop processing this
+		 * connection.
+		 */
 		SOCKBUF_LOCK(sb);
 		if (icc->rx_flags & RXF_ACTIVE) {
 			volatile u_int *p = &icc->rx_flags;
@@ -896,6 +903,10 @@ icl_cxgbei_conn_close(struct icl_conn *ic)
 			SOCKBUF_LOCK(sb);
 		}
 
+		/*
+		 * Discard received PDUs not passed to the iSCSI
+		 * layer.
+		 */
 		while (!STAILQ_EMPTY(&icc->rcvd_pdus)) {
 			ip = STAILQ_FIRST(&icc->rcvd_pdus);
 			STAILQ_REMOVE_HEAD(&icc->rcvd_pdus, ip_next);
@@ -914,7 +925,22 @@ icl_cxgbei_conn_close(struct icl_conn *ic)
 	 * queues were purged instead of delivered reliably but soabort isn't
 	 * really general purpose and wouldn't do the right thing here.
 	 */
+	soref(so);
 	soclose(so);
+
+	/*
+	 * Wait for the socket to fully close.  This ensures any
+	 * pending received data has been received (and in particular,
+	 * any data that would be received by DDP has been handled).
+	 * Callers assume that it is safe to free buffers for tasks
+	 * and transfers after this function returns.
+	 */
+	SOCK_LOCK(so);
+	while ((so->so_state & SS_ISDISCONNECTED) == 0)
+		mtx_sleep(&so->so_timeo, SOCK_MTX(so), PSOCK, "conclo2", 0);
+	CURVNET_SET(so->so_vnet);
+	sorele(so);
+	CURVNET_RESTORE();
 }
 
 static void