git: 97453e5e7258 - main - Unlock inp when handling TCP_MD5SIG socket options

From: Tom Jones <thj_at_FreeBSD.org>
Date: Thu, 23 Jun 2022 14:58:47 UTC
The branch main has been updated by thj:

URL: https://cgit.FreeBSD.org/src/commit/?id=97453e5e7258158042795740f2736cfca972269d

commit 97453e5e7258158042795740f2736cfca972269d
Author:     Claudio Jeker <claudio@openbsd.org>
AuthorDate: 2022-06-23 14:50:47 +0000
Commit:     Tom Jones <thj@FreeBSD.org>
CommitDate: 2022-06-23 14:57:56 +0000

    Unlock inp when handling TCP_MD5SIG socket options
    
    Unlock the inp when hanlding TCP_MD5SIG socket options. tcp_ipsec_pcbctl
    handles locking the inp when the option is being modified.
    
    This was found by Claudio Jeker while working on the OpenBGPd port.
    
    On 14 we get a panic when trying to call getsockopt, on 13.1 the process
    locks up using 100% CPU.
    
    Reviewed by:    rscheff (transport), tuexen
    MFC after:      3 days
    Sponsored by:   Klara Inc.
    Differential Revision:  https://reviews.freebsd.org/D35532
---
 sys/netinet/tcp_usrreq.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index e559d8f1fe76..e05ef963375c 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -2206,13 +2206,13 @@ tcp_default_ctloutput(struct inpcb *inp, struct sockopt *sopt)
 		switch (sopt->sopt_name) {
 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
 		case TCP_MD5SIG:
-			if (!TCPMD5_ENABLED()) {
-				INP_WUNLOCK(inp);
+			INP_WUNLOCK(inp);
+			if (!TCPMD5_ENABLED())
 				return (ENOPROTOOPT);
-			}
 			error = TCPMD5_PCBCTL(inp, sopt);
 			if (error)
 				return (error);
+			INP_WLOCK_RECHECK(inp);
 			goto unlock_and_done;
 #endif /* IPSEC */
 
@@ -2584,10 +2584,9 @@ unlock_and_done:
 		switch (sopt->sopt_name) {
 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
 		case TCP_MD5SIG:
-			if (!TCPMD5_ENABLED()) {
-				INP_WUNLOCK(inp);
+			INP_WUNLOCK(inp);
+			if (!TCPMD5_ENABLED())
 				return (ENOPROTOOPT);
-			}
 			error = TCPMD5_PCBCTL(inp, sopt);
 			break;
 #endif