[Bug 265154] tcp: syncache_expand() potential race

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 12 Jul 2022 16:43:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265154

Gleb Smirnoff <glebius@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|net@FreeBSD.org             |glebius@FreeBSD.org
             Status|New                         |Open

--- Comment #4 from Gleb Smirnoff <glebius@FreeBSD.org> ---
There are two more problems around this place.

1) There is a problem I recently introduced. If syncache_socket() fails to do
PCB insertion, it will call soabort(). This soabort() will release last
reference (that belongs to listen queue) and will go with sofree() of a socket
that is still on listening queue. Note that all other non-TCP consumers of
sonewconn() do not have this problem, as they just set so_error instead of call
to soabort().
2) The 6f3caa6d8159 very likely needs to be reverted. With modern
synchronization in the network stack (epoch + SMR) it is very likely not an
optimization.

I think all 3 problems can be nailed with a single patch, that will introduce
pr_newconn() to be executed instead of pr_attach() for sonewconn(). It will
have slightly different semantic than pr_attach().

I'm going to work on that in August, as today I'm leaving for a vacation. I
think all listed problems aren't critical and can be left as as for a few
weeks.

-- 
You are receiving this mail because:
You are the assignee for the bug.