From nobody Wed Feb 01 22:40:47 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6cMN1DgRz3cDdx; Wed, 1 Feb 2023 22:40:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6cMN0j7hz4Kvn; Wed, 1 Feb 2023 22:40:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675291248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CM7DuJRzfz9WK/BdDmkCnDYkPM06XfxA72CZbb36Av4=; b=sUlcNgsBUghInkl/usauJqiT8pQWl5V8myjeEHTtOpe9xfLE/1k0mQ6FfyrzhZUztRJ+wv H3UVJs114Ad+tWtfaaJ/C4trbx0VNxAYwEPF5y0PKWaL19VuWm4i6BzGdRSmgFrG5D/92i w4med60UtCRymh1tsslOI1k/x3lTv938cZCTAa87oYeJP9TjFEbr97azElwQDjzXkyeMeF mP8KDKjAtlxM/M4z4AqBuH2BmHypBlDZcVAo6XbaV28be4uHWflNlbhbzhFJk8oqEJh7G8 AqR3gf/SQ4W+tYgoFUq0kCU8DAdvAUb3Y8R7xM9rKGiSfkUnODWZ5lQWHT4Bbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675291248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CM7DuJRzfz9WK/BdDmkCnDYkPM06XfxA72CZbb36Av4=; b=UsYuDMZTMhGca0gWmpkAtx0dv88REH2SDSkuCb3JzJa9sJHeMCjnV2xjIVcrdVkSHHggxb U207eJVFfDT6oLSMHvYrzM82brcY5WIduI/6PlYVyKAOyiaKVyItJWkbM7CurABBIOn3Ue sr09iJ0N8rUIns1xtxKRxTQmNzcRCl8niq2dzy6dzA43u4DKyr+z0h2D5+J02u5IOe0vq1 k/tL/hsXX6NHepEqOFszT2JWIvkeXZRLtn1xLXwGnTbr7t4dTzah2e2/RvTOcDlgVKLHkC tgwewQ8GITcmopKNexhNTkIq3pd9iPq750OaQ96XrZ9ahWxworNap123SqHJ/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675291248; a=rsa-sha256; cv=none; b=qMMuB/3I29/GP8KaO4x8jELEfljP6R/tvFUbNxIWNZVbxwY6d/tcnnM66ZllzJX3SZdKVH vXBySMiH7wx6mFAV8aVE+ndpUBzrABsoH2AdO9CubvIaonavkgyqIdJucczVgS7e5k4Ebi PnBvdYTyDPTi3AsybQxQ31pWsuDlAhOoH5fhqkfY+rkCJykp8417ddYrqSFJEM2p1Cps9X Q32f5BtUttQTxiH/6y2TuhV/LytgQviD185iHva+YNIu7v098uG/JZI6VNsWZOytpmBS9l YEdwQ0nFN7N31+5cjz5vyJBBEJyA4MYyJ9xD+xDgE+rFCeGwCJaDlLwS4Su16Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P6cMM6vF0zWR5; Wed, 1 Feb 2023 22:40:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 311MelgU096701; Wed, 1 Feb 2023 22:40:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 311MelU3096700; Wed, 1 Feb 2023 22:40:47 GMT (envelope-from git) Date: Wed, 1 Feb 2023 22:40:47 GMT Message-Id: <202302012240.311MelU3096700@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: c7cc79dba23d - stable/13 - sctp: improve locking List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c7cc79dba23dc7d3b8ee3afd1b0ee2726653f2eb Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=c7cc79dba23dc7d3b8ee3afd1b0ee2726653f2eb commit c7cc79dba23dc7d3b8ee3afd1b0ee2726653f2eb Author: Michael Tuexen AuthorDate: 2022-04-15 11:58:45 +0000 Commit: Michael Tuexen CommitDate: 2023-02-01 22:40:21 +0000 sctp: improve locking Hold a refcount while giving up an stcp lock. This issue was found by running syzkaller. (cherry picked from commit e0127ea4c6b50a5bf239482d8a99ae418174aee5) --- sys/netinet/sctp_input.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 8b6a6446f486..eb4ad6de12f1 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -2326,15 +2326,22 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, /* * compute the signature/digest for the cookie */ - ep = &(*inp_p)->sctp_ep; - l_inp = *inp_p; - if (l_stcb) { + if (l_stcb != NULL) { + atomic_add_int(&l_stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(l_stcb); } + l_inp = *inp_p; SCTP_INP_RLOCK(l_inp); - if (l_stcb) { + if (l_stcb != NULL) { SCTP_TCB_LOCK(l_stcb); + atomic_subtract_int(&l_stcb->asoc.refcnt, 1); } + if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + SCTP_INP_RUNLOCK(l_inp); + sctp_m_freem(m_sig); + return (NULL); + } + ep = &(*inp_p)->sctp_ep; /* which cookie is it? */ if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) && (ep->current_secret_number != ep->last_secret_number)) {