From nobody Sat Sep 28 20:09:56 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XGJN42vDKz5XnL6;
	Sat, 28 Sep 2024 20:09:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XGJN42Qsnz57Xr;
	Sat, 28 Sep 2024 20:09:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1727554196;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6W8lKXBAwmrYahOlErRbnvnbgzjA1TpTNPkjp+gaCgs=;
	b=wbV95VUmpc+YXIpqTHpus+IxnB/Np5LY5oraAj2TqFS7eV+XTkxcsk7ca9PV4JwPNTb4Xr
	SCVd5u90jSpFeBCSKW6zTH+KeHYg2yTSW8sR6nEhZh1JlcCZxVVJy9IViELWXAplO6IDRw
	Tjo0m8DvaxuvlTUIjJ8TQ5ORFZ5tPXw22NJivbLgEXIH2uUOn7NlypFVB+vnDTc8NtgyHh
	mw+V4zlLQL83d5yJLtNCUAD6Sa9vYp3zxLA/GwhrrmngfWj8zfn9L6wNJobR3muh8e0QQi
	lZ98JN+Bju/Q67ZEkruXkTPrCxbqphLdF9CcvjxJ5UZsENVT5JJ9mu+rso1e5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1727554196;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6W8lKXBAwmrYahOlErRbnvnbgzjA1TpTNPkjp+gaCgs=;
	b=BjoxZVK0Z/moYTJqkvTJTGCi9OKSkOVK7gDdgX3hUQxZIr3qt4198DVGwbstGpu36AG3Mo
	Mfh/awMVaMHQbki4InQFBJYdxp/iAbL5jx/DvAfbenmdLtuQYgfOSCj985gnEUZKnVw+dI
	tpEOK90oz/HdgeuBcQYYqaQC5ZoyklOdpcwFHTVUhmXXG3fUgCSdVFvE6B3DKv6uC8hCXZ
	shKvC9lCbr6xUiWCa2nhJ3XkqwHWuKc9VPOm5QORypCYSSSh+16C8DhL2m7lQsNoCpjJdX
	x8RaJy5dsrtyFSfQziNtwjKe2jh4Imwuw0fqqiIJv6XczITITF5s2oFOLdEKNw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727554196; a=rsa-sha256; cv=none;
	b=bKTvev0S/joxh+CPI23RDScAAw7nEe8FSxwOZox3rinjMQPREoe0Hmqg1z/LVdWn+/Cl02
	SJPHiGZLn2Dqf8AqvJ1AGycIfzqbg8N8e3Z5eUkZhb9TcVAlNU74rpBu8+dazgLFsdaAZK
	2ivGvcYmrvBv2hlzm9ZynfAWON6lL9kcuFKkavA/o2DMogAGWTlECpaXCM0kAXicvPydLT
	NkQpafth+ILzTH+nlRmqm//IDT7ERvpEir0PZExyn8conEFETVhmSw1n6qdwn1w9+ibYOh
	vWhfC82+sUoUuMDuvwDui6rtMdECH88jqsDWrtUJoe61VIN6+24y3bXYG+CgOw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XGJN41k8Pzfd2;
	Sat, 28 Sep 2024 20:09:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48SK9ueI065751;
	Sat, 28 Sep 2024 20:09:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48SK9uZc065748;
	Sat, 28 Sep 2024 20:09:56 GMT
	(envelope-from git)
Date: Sat, 28 Sep 2024 20:09:56 GMT
Message-Id: <202409282009.48SK9uZc065748@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: cbc9438f0505 - main - tcp: improve ref count handling
  when processing SYN
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: cbc9438f0505bd971e9eba635afdae38a267d76e
Auto-Submitted: auto-generated

The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=cbc9438f0505bd971e9eba635afdae38a267d76e

commit cbc9438f0505bd971e9eba635afdae38a267d76e
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-28 20:06:41 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-09-28 20:06:41 +0000

    tcp: improve ref count handling when processing SYN
    
    Don't leak a reference count for so->so_cred when processing an
    incoming SYN segment with an on-stack syncache entry and the
    sysctl variable net.inet.tcp.syncache.see_other is false.
    
    Reviewed by:            cc, markj, rscheff
    MFC after:              1 week
    Sponsored by:           Netflix, Inc.
    Pull Request:           https://reviews.freebsd.org/D46793
---
 sys/netinet/tcp_syncache.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index ed131421207d..19145446988e 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1375,7 +1375,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 	struct label *maclabel = NULL;
 #endif
 	struct syncache scs;
-	struct ucred *cred;
 	uint64_t tfo_response_cookie;
 	unsigned int *tfo_pending = NULL;
 	int tfo_cookie_valid = 0;
@@ -1392,7 +1391,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 	 */
 	KASSERT(SOLISTENING(so), ("%s: %p not listening", __func__, so));
 	tp = sototcpcb(so);
-	cred = V_tcp_syncache.see_other ? NULL : crhold(so->so_cred);
 
 #ifdef INET6
 	if (inc->inc_flags & INC_ISIPV6) {
@@ -1623,9 +1621,21 @@ skip_alloc:
 #ifdef MAC
 	sc->sc_label = maclabel;
 #endif
-	sc->sc_cred = cred;
+	/*
+	 * sc_cred is only used in syncache_pcblist() to list TCP endpoints in
+	 * TCPS_SYN_RECEIVED state when V_tcp_syncache.see_other is false.
+	 * Therefore, store the credentials and take a reference count only
+	 * when needed:
+	 * - sc is allocated from the zone and not using the on stack instance.
+	 * - the sysctl variable net.inet.tcp.syncache.see_other is false.
+	 * The reference count is decremented when a zone allocated sc is
+	 * freed in syncache_free().
+	 */
+	if (sc != &scs && !V_tcp_syncache.see_other)
+		sc->sc_cred = crhold(so->so_cred);
+	else
+		sc->sc_cred = NULL;
 	sc->sc_port = port;
-	cred = NULL;
 	sc->sc_ipopts = ipopts;
 	bcopy(inc, &sc->sc_inc, sizeof(struct in_conninfo));
 	sc->sc_ip_tos = ip_tos;
@@ -1761,8 +1771,6 @@ donenoprobe:
 		tcp_fastopen_decrement_counter(tfo_pending);
 
 tfo_expanded:
-	if (cred != NULL)
-		crfree(cred);
 	if (sc == NULL || sc == &scs) {
 #ifdef MAC
 		mac_syncache_destroy(&maclabel);