From nobody Thu Jul 27 03:51:34 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBGzD2P1Vz4p9Db; Thu, 27 Jul 2023 03:51:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBGzC1G2Kz3Pwb; Thu, 27 Jul 2023 03:51:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690429895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=M+b+Xnbf8wOPXYO/kIm6A2dOmO0V41YZk6yMczbLixg=; b=qwUXOKLrsnh0c3emeZCjax16duBBkPbddav3u4AM2XTDo6aJs1wBniXFlSgPvaDxqOyMhQ wGhDEgZw+2Ty9t3wla1KJYgiY0DiB60VsiQ/vhSS/ap+UqJndoC8vWNBZ5ZEm8KsZApngw /0dPBON1GZjLE1rmhRnilmr9R4fFOC6GqMQZLsA+/e/Xcgp/A9qsxQdH9RB5sTjzd5k8dN ccvdkVlqPAZLLgsN2pHzslkhOrqmjBSx4bnnU4WqHHDYbDLJ2CqpgdQYXWUlNAPB1MZKlH uE6EUPwS1vIWaz/117SMbOG4LMqwL7nN29cfsI+V1Me1BOXNSwNSrcKgmwddFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690429895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=M+b+Xnbf8wOPXYO/kIm6A2dOmO0V41YZk6yMczbLixg=; b=iDbJBCVfiNGrcPyQudmT7LrMis2fuppLMG+8qCYuDFOLZ4HoV3Q0Z50nYiGFCjvm/FblL8 XQsJjWR6VaTCG+gEwYKCda1icDX277NcMSr0TMn7KA8aG+zxU/pc8CIT+niKK6VkftWcgk RzVEc897nHp21OJwUeJ6SLz86EDztcSEHng83L5O+Kucj/Mxftvn68bt/1r+CtgOiET9ga RkIZgNxsPXpRQCU20DZrCkPdHB5hizs6Q7TDYlot/Io5aeuAkAPlR/LOFzkkuWAMuykjPR G5lSoQ/pSLUGnQW55gi/bgFCzkeIuOi57PHOgaYiaPmKH36cuIYNljfWde+FJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690429895; a=rsa-sha256; cv=none; b=s4bTdv0SkJxNYxAFVsyVijzHSYSDl5zUKtvteQ8U2cECqsbgJZOBG2DTB1cjV3Cvmv3cj7 Ne136Bkr9zEsiSaJah1DN2CMCeziVHxvq26E0Yo5G+/WuHca9PCjNmItKHui3kf2yT7Xfq ch0eZ6W2mv/KJ4qnzbdUb0WLBZhzrVJJvX7LZs+DEbR36fqBfeTc7zOp+p6i4M2sONMXI6 Z8HL3biDHQGuBtpmUyq3aZVtzDih5ulOfFAF03RCE7Z7cE+ao02fIhcgQlp98EHeCWuT9B +FXE5mrsbZ/kJh46Mz8CRJZz4kz9HMebl3eqaWMquj2lciFKxCg0/5m9lW8jrw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RBGzC0MYxz18rf; Thu, 27 Jul 2023 03:51:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36R3pYWc060581; Thu, 27 Jul 2023 03:51:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36R3pYlX060580; Thu, 27 Jul 2023 03:51:34 GMT (envelope-from git) Date: Thu, 27 Jul 2023 03:51:34 GMT Message-Id: <202307270351.36R3pYlX060580@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: a43e7a96b64e - main - inpcb: use internal flag to mark pcbs that are inserted into lbgroup List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a43e7a96b64e4bda98f49471de33f3ec5c242a2c Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=a43e7a96b64e4bda98f49471de33f3ec5c242a2c commit a43e7a96b64e4bda98f49471de33f3ec5c242a2c Author: Gleb Smirnoff AuthorDate: 2023-07-27 03:35:30 +0000 Commit: Gleb Smirnoff CommitDate: 2023-07-27 03:35:30 +0000 inpcb: use internal flag to mark pcbs that are inserted into lbgroup Using INP_REUSEPORT_LB is unsafe, as it is basically a copy of socket's SO_REUSEPORT_LB flag, which can be cleared by userland after bind(). Reviewed by: markj Reported by: syzbot+e7d2e451f89fb444319b@syzkaller.appspotmail.com Differential Revision: https://reviews.freebsd.org/D41197 --- sys/netinet/in_pcb.c | 12 +++++++++--- sys/netinet/in_pcb.h | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 5fddff89dd0a..44775e21e201 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -113,7 +113,9 @@ __FBSDID("$FreeBSD$"); #define INPCBLBGROUP_SIZMIN 8 #define INPCBLBGROUP_SIZMAX 256 -#define INP_FREED 0x00000200 /* See in_pcb.h. */ + +#define INP_FREED 0x00000200 /* Went through in_pcbfree(). */ +#define INP_INLBGROUP 0x01000000 /* Inserted into inpcblbgroup. */ /* * These configure the range of local port addresses assigned to @@ -403,6 +405,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain) grp->il_inp[grp->il_inpcnt] = inp; grp->il_inpcnt++; + inp->inp_flags |= INP_INLBGROUP; return (0); } @@ -420,6 +423,7 @@ in_pcbremlbgrouphash(struct inpcb *inp) pcbinfo = inp->inp_pcbinfo; INP_WLOCK_ASSERT(inp); + MPASS(inp->inp_flags & INP_INLBGROUP); INP_HASH_WLOCK_ASSERT(pcbinfo); hdr = &pcbinfo->ipi_lbgrouphashbase[ @@ -436,9 +440,11 @@ in_pcbremlbgrouphash(struct inpcb *inp) /* Pull up inpcbs, shrink group if possible. */ in_pcblbgroup_reorder(hdr, &grp, i); } + inp->inp_flags &= ~INP_INLBGROUP; return; } } + KASSERT(0, ("%s: did not find %p", __func__, inp)); } int @@ -2672,7 +2678,7 @@ in_pcbinshash(struct inpcb *inp) if (phd == NULL) { phd = uma_zalloc_smr(pcbinfo->ipi_portzone, M_NOWAIT); if (phd == NULL) { - if ((inp->inp_flags2 & INP_REUSEPORT_LB) != 0) + if ((inp->inp_flags & INP_INLBGROUP) != 0) in_pcbremlbgrouphash(inp); return (ENOMEM); } @@ -2717,7 +2723,7 @@ in_pcbremhash_locked(struct inpcb *inp) INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo); MPASS(inp->inp_flags & INP_INHASHLIST); - if ((inp->inp_flags2 & INP_REUSEPORT_LB) != 0) + if ((inp->inp_flags & INP_INLBGROUP) != 0) in_pcbremlbgrouphash(inp); #ifdef INET6 if (inp->inp_vflag & INP_IPV6) { diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 574d575de8f0..a989776105fb 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -575,6 +575,7 @@ int inp_so_options(const struct inpcb *inp); #define IN6P_RTHDRDSTOPTS 0x00200000 /* receive dstoptions before rthdr */ #define IN6P_TCLASS 0x00400000 /* receive traffic class value */ #define IN6P_AUTOFLOWLABEL 0x00800000 /* attach flowlabel automatically */ +/* INP_INLBGROUP 0x01000000 private to in_pcb.c */ #define INP_ONESBCAST 0x02000000 /* send all-ones broadcast */ #define INP_DROPPED 0x04000000 /* protocol drop flag */ #define INP_SOCKREF 0x08000000 /* strong socket reference */