From nobody Tue Apr 19 20:02:47 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4D01811CD974; Tue, 19 Apr 2022 20:03:31 +0000 (UTC) (envelope-from andrew@fubar.geek.nz) Received: from fry.fubar.geek.nz (fry.fubar.geek.nz [139.59.165.16]) by mx1.freebsd.org (Postfix) with ESMTP id 4KjZVn3Wkkz4k3s; Tue, 19 Apr 2022 20:03:29 +0000 (UTC) (envelope-from andrew@fubar.geek.nz) Received: from smtpclient.apple (cpc91232-cmbg18-2-0-cust554.5-4.cable.virginm.net [82.2.126.43]) by fry.fubar.geek.nz (Postfix) with ESMTPSA id ED6064E719; Tue, 19 Apr 2022 20:02:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fubar.geek.nz; s=mail; t=1650398572; bh=gcRVG9ewjw1Hk+cpHgAdyg4Yz6tFXFVHPMwGsDGQ87M=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=W9BRaeegeoK5NS0jEq91Kw2KiOTVIk1WfJDMpzBBjVuEFbDvZ/ca5nHvziQwZazg8 dyArPNiwv+a4DSnJYWM25m+rsjLDPqTNg9jaTWEPYQxzMViIM/kvIqfBu9wHZR/x8K oJDC62144R7GUCQKRzE+Xr7bYjSu5qFBmB4bVAnf8eOEw1px2UwdxxLbYwQD2AbTGn 384kT4qm2R6nurvpYcZaxyqDX/9FvpXzoQLB7EHS8GqJE4GjKoT8fhIg0/Ej0PXMdC UHO7sCpA1vDm7eYkbtg9Wp7BPM+I5Fm//UwvsB8Wl+GwpKBtqqoLEotqkNCgaAIi6c 0enEzCKaKYzcXwAtvr/qu0Doqw/V9/j4hrBRt/HRJkfPDV8smGbPIRSIMU8XVjmQ7s WiGTwMs48bwldn4fC/8UcsNjmqtJ5L4S9tNtcdC7O3to5vB3wpVxqx3/3g7yKzFfB3 MB601wsxbllhOPe3/7GYCTQQF1zuDjjT+prUHVQTQ0rllt2MrrRdjk36wIVznxaC60 Ecj1B+Zp157LJPfKFPU+txaPVnD02B0kMN4uxmrUs5grQyYk8g/HvXbEtTJP52HP3B 7SkFYLRTCaJ7S4F0q8/RspskaGD0hKswgMLbvWvPPLIxpLRclCd6L1dOlklo0ob3l9 Eb1Syl8qkuQQwEuz1kppkl9M= Content-Type: text/plain; charset=us-ascii List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Subject: Re: git: 868868f14efc - main - sctp: improve stopping of timers From: Andrew Turner In-Reply-To: <202204191931.23JJVRqX082459@gitrepo.freebsd.org> Date: Tue, 19 Apr 2022 21:02:47 +0100 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <19040381-A406-49D9-BD31-92E9791C2701@fubar.geek.nz> References: <202204191931.23JJVRqX082459@gitrepo.freebsd.org> To: Michael Tuexen X-Mailer: Apple Mail (2.3696.80.82.1.1) X-Rspamd-Queue-Id: 4KjZVn3Wkkz4k3s X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=fubar.geek.nz header.s=mail header.b=W9BRaeeg; dmarc=pass (policy=none) header.from=fubar.geek.nz; spf=pass (mx1.freebsd.org: domain of andrew@fubar.geek.nz designates 139.59.165.16 as permitted sender) smtp.mailfrom=andrew@fubar.geek.nz X-Spamd-Result: default: False [-3.33 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[fubar.geek.nz:s=mail]; FREEFALL_USER(0.00)[andrew]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_SPF_ALLOW(-0.20)[+mx]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; DKIM_TRACE(0.00)[fubar.geek.nz:+]; DMARC_POLICY_ALLOW(-0.50)[fubar.geek.nz,none]; NEURAL_HAM_SHORT(-0.93)[-0.934]; MLMMJ_DEST(0.00)[dev-commits-src-all,dev-commits-src-main]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:139.59.160.0/20, country:US]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N > On 19 Apr 2022, at 20:31, Michael Tuexen wrote: >=20 > The branch main has been updated by tuexen: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D868868f14efcd7e127dae6e87550357c= 6cdb9c6d >=20 > commit 868868f14efcd7e127dae6e87550357c6cdb9c6d > Author: Michael Tuexen > AuthorDate: 2022-04-19 19:29:41 +0000 > Commit: Michael Tuexen > CommitDate: 2022-04-19 19:29:41 +0000 >=20 > sctp: improve stopping of timers >=20 > Reported by: = syzbot+c9c70062320aaad19de7@syzkaller.appspotmail.com > MFC after: 3 days > --- > sys/netinet/sctputil.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) >=20 > diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c > index 8c96a832827a..49a8abbc9ccf 100644 > --- a/sys/netinet/sctputil.c > +++ b/sys/netinet/sctputil.c > @@ -2869,20 +2869,23 @@ sctp_timer_stop(int t_type, struct sctp_inpcb = *inp, struct sctp_tcb *stcb, > * counts that were incremented in sctp_timer_start(). > */ > if (tmr->ep !=3D NULL) { > - SCTP_INP_DECR_REF(inp); > tmr->ep =3D NULL; > + SCTP_INP_DECR_REF(inp); > } It looks like SCTP_INP_DECR_REF and setting tmr->ep could still be = reordered on architectures with weak memory ordering. > if (tmr->tcb !=3D NULL) { > - atomic_subtract_int(&stcb->asoc.refcnt, 1); > tmr->tcb =3D NULL; > + atomic_subtract_int(&stcb->asoc.refcnt, 1); > } And here > if (tmr->net !=3D NULL) { > + struct sctp_nets *tmr_net; > + > /* > * Can't use net, since it doesn't work for > * SCTP_TIMER_TYPE_ASCONF. > */ > - sctp_free_remote_addr((struct sctp_nets = *)tmr->net); > + tmr_net =3D tmr->net; > tmr->net =3D NULL; > + sctp_free_remote_addr((struct sctp_nets = *)tmr_net); > } > } else { > SCTPDBG(SCTP_DEBUG_TIMER2, >=20 Andrew