From nobody Fri Apr 15 13:15:24 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 967327CFAD9; Fri, 15 Apr 2022 13:15:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kfxdm3rV7z4rtM; Fri, 15 Apr 2022 13:15:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650028524; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FraNxSRJnzpswFkoCzDwmZoHcSUdvCy/Ys7rsec6JmA=; b=fTBUGPIPjcf4ccMSpyyLLrVET+AXlr1HT+TPv/wL1dFpDZM4ZjXqQe4RLhWMPN0jt2K+Zq GlE38+CJ1gKVyZUMmxmimeX3jHj9jopA6x2seQYWcHecVkUiTI+v6tTgmJDYUEawaGM5+Q dn1ZUAN7aMN7RxgIqxF2QA3Zrb9z9W7KcBDzkQQqoboCvCApdnlZ21eBioLmBCISV1gq2X 7NEZcsRDi2Zn4eLyJaDPoD1LCfhgSI19H3XtFEBLwCFlM90h/A8Ks1bcvGQGu/523H4DO7 bpI+N3tTahmnDobZa1sHLWTCjyEpgcIXn8tFahKSh/fetrnEXFyTguWkWFKFTA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6383915EA1; Fri, 15 Apr 2022 13:15:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23FDFOSF068562; Fri, 15 Apr 2022 13:15:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23FDFOTJ068561; Fri, 15 Apr 2022 13:15:24 GMT (envelope-from git) Date: Fri, 15 Apr 2022 13:15:24 GMT Message-Id: <202204151315.23FDFOTJ068561@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: e0127ea4c6b5 - main - sctp: improve locking List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e0127ea4c6b50a5bf239482d8a99ae418174aee5 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650028524; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FraNxSRJnzpswFkoCzDwmZoHcSUdvCy/Ys7rsec6JmA=; b=cKTDroE6onCFBDjiRVdFfgn/dhrbkBw4CzG187fngvQcOnDJqIoq2tjkVpg63Oc+Fm9NgT RXdEAqOky/sRU1WGyg4iZ+KHEjmvwbGDEWxdo/Jpoq+fRlkB700xAqrQ2aUDehXD0zfq8Y 9pm/pABARSyuWZSlBWDktRvPtO3Ytb6aGkeMqZ7G9T69iUH9aAkx/8Qewbo4Nq4+FNcWcF oM2ki5sQ8W1OF0Zciqk2zwpisz/im79eMlJmt/Db6uJTbP4QlJjzHRkT+Pvy27DsAGko3B k8EV/91jNF8hl81jYPYrHZQMKK+H55AM/kjs+BdAudIbteinIja57Ka+bWwpFA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650028524; a=rsa-sha256; cv=none; b=oti2q4ufh33lNL8CKW+mrn0yWVa4HHX2PgvS0Hkq7PHbdQ+c+rR7Yhnchuv1TsCXTo/3qg Xot8jk0Ki2mPEFWMJmbMTPg43j9/YD15rFALrOC3+vNbgdNZ13xk2tZSk9IZOxyw2xMvem b8UX6fUE3Y0O7rP/2PNSPqQREzh1Or4Yngg6YBRjM7mxE/aORVWkltxTiQKYS8W7IO0vVt Gg8hncmf9Odo/MvCHS5qe4Vn3gLwk6Jm8EjOO/V6/Wrhj5ONyMXHc4Y0mdQRrCwJz4vLOH vHGM5Xt9VFMwL/QgTM57X35mScjNO9mSS4J4iQjHPWKlo9KmSORFweM5j4S2lw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=e0127ea4c6b50a5bf239482d8a99ae418174aee5 commit e0127ea4c6b50a5bf239482d8a99ae418174aee5 Author: Michael Tuexen AuthorDate: 2022-04-15 11:58:45 +0000 Commit: Michael Tuexen CommitDate: 2022-04-15 11:58:45 +0000 sctp: improve locking Hold a refcount while giving up an stcp lock. This issue was found by running syzkaller. MFC after: 3 days --- sys/netinet/sctp_input.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 53e3de222ad5..52d8f6b7d523 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -2326,15 +2326,22 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, /* * compute the signature/digest for the cookie */ - ep = &(*inp_p)->sctp_ep; - l_inp = *inp_p; - if (l_stcb) { + if (l_stcb != NULL) { + atomic_add_int(&l_stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(l_stcb); } + l_inp = *inp_p; SCTP_INP_RLOCK(l_inp); - if (l_stcb) { + if (l_stcb != NULL) { SCTP_TCB_LOCK(l_stcb); + atomic_subtract_int(&l_stcb->asoc.refcnt, 1); } + if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + SCTP_INP_RUNLOCK(l_inp); + sctp_m_freem(m_sig); + return (NULL); + } + ep = &(*inp_p)->sctp_ep; /* which cookie is it? */ if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) && (ep->current_secret_number != ep->last_secret_number)) {