From nobody Sat Apr 16 17:45:21 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D01015D7C36; Sat, 16 Apr 2022 17:45:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KggZn5PSBz4lqP; Sat, 16 Apr 2022 17:45:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650131121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mBOaXdQP4bBOwi67q+J5rUG6nhUR8RPfbIBnvbEARG4=; b=H2cJkmzX9fS5poFi03Y64QOWWAxUkFrt13mM3Yu9ZlFAMQtXPsFYrAxf1RwGHAm8fzYVJG Dj/2CARd9mlFSyws/Z/s1CnZpH5KvcdNoJN7CyXLUS6WQ2iy2LZ55t8sdGOW6g6RNcoeHa kVDyHMiorx4CJ3wTboX8RaI80rBnRGULwQnidR7AggjafZ8ckuTe6xCVMWWM2Hs8vtzOnC juSxBFarXPYPDYOVcmfkau9Zn9tZBB+OFWRucFNNnzlhA8XnqnUbJJulj+nf3k/N5qYpIl YZ255ODPfUP0/asK3Br5vmWm1QyEESOTz1ZVNz/B8oYXSdl+lIINyMeKImzHPA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 96AAE632F; Sat, 16 Apr 2022 17:45:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23GHjLaH087690; Sat, 16 Apr 2022 17:45:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23GHjLYZ087689; Sat, 16 Apr 2022 17:45:21 GMT (envelope-from git) Date: Sat, 16 Apr 2022 17:45:21 GMT Message-Id: <202204161745.23GHjLYZ087689@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: 3dc57df91e65 - main - sctp: don't wakeup 1-to-1 listening sockets for data or notifications List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3dc57df91e65acf9abfbb437110845f380a8b312 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650131121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mBOaXdQP4bBOwi67q+J5rUG6nhUR8RPfbIBnvbEARG4=; b=HNz8BF8lXfQUtlPe634dF4lRZmGDBSXr9i9FlV+PnBzwsHt+Dbg6LnxkJJU/xJkPzJ+89/ SakO8niehzCz+BSiyEsNmy6M4s3CGXaAbwatxAxIuw0WkUPic+YiXXw21im7XOXO/qY64O /7n6wfWIk+JCLdHVKmXDRAaZuqC2Lb1savRcB8w2kb0A3FkADSXFDg3pGBj8+36Jbl1w7Z qupqvCAMUOhzHyXr0U8UhE/HLxEvykb/wFRmeZeqclJ3AjjDUfzlbwzqnqJ3V+M5GjXBGI gMfCEgY2oeH5TBbYX/0w44+3vvxSlPPf+FTH3pA5S7plNRfxNDBFnIsjkD6IVg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650131121; a=rsa-sha256; cv=none; b=LYT4zFdFSCCJw/yvKm4lHK6EYB+NiYNSa93Q7AslEQos2nP/fI80fYnm6a8/Fd10UTFZqf oPuS+FijUIZTCmuFZIxRSWk6HrqUO+GLIKDOBjfW0loH0Hbwd88aiw3ZLPV84J97DTl8BD yfEPy6JFHsbnzBOCym8jxGR+gQk3LpDuDywRNAffmICoS3fM17wlBAoikxs92j5LQu/Bk4 cJJ8t8uHVxwTHfNJes3pFnWckZlF2X2HPfByNk/GmBwn2BBp8k2R4vPNxioZdvb/yOJbKO bsebbbreENYiq8ho80QmqW6LxYz5PnsyPsRFNqn0mRN8ntJ32OgHcaAXt0M1hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=3dc57df91e65acf9abfbb437110845f380a8b312 commit 3dc57df91e65acf9abfbb437110845f380a8b312 Author: Michael Tuexen AuthorDate: 2022-04-16 17:42:27 +0000 Commit: Michael Tuexen CommitDate: 2022-04-16 17:42:27 +0000 sctp: don't wakeup 1-to-1 listening sockets for data or notifications Reported by: syzbot+ec9279d306a4ff0215f8@syzkaller.appspotmail.com Reported by: syzbot+31d54f6d486333493dd4@syzkaller.appspotmail.com MFC after: 3 days --- sys/netinet/sctp_usrreq.c | 10 ++++------ sys/netinet/sctputil.c | 5 ++++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 87fef518b9e8..65341796d197 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -5076,9 +5076,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } else { sctp_feature_off(inp, SCTP_PCB_FLAGS_STREAM_RESETEVNT); } - SCTP_INP_WUNLOCK(inp); - SCTP_INP_RLOCK(inp); LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { SCTP_TCB_LOCK(stcb); if (events->sctp_association_event) { @@ -5138,10 +5136,10 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, * style sockets. */ if (events->sctp_sender_dry_event) { - if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || - (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { + if (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) != 0) && + !SCTP_IS_LISTENING(inp)) { stcb = LIST_FIRST(&inp->sctp_asoc_list); - if (stcb) { + if (stcb != NULL) { SCTP_TCB_LOCK(stcb); if (TAILQ_EMPTY(&stcb->asoc.send_queue) && TAILQ_EMPTY(&stcb->asoc.sent_queue) && @@ -5152,7 +5150,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } } } - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); break; } case SCTP_ADAPTATION_LAYER: diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 7b82a2ce6d86..6c62a083458f 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -4836,7 +4836,10 @@ sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, SCTP_UNUSED ) { - if ((inp != NULL) && (inp->sctp_socket != NULL)) { + if ((inp != NULL) && + (inp->sctp_socket != NULL) && + (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) == 0) || + !SCTP_IS_LISTENING(inp))) { sctp_sorwakeup(inp, inp->sctp_socket); } }