svn commit: r252787 - stable/9/sys/netinet
Andre Oppermann
andre at FreeBSD.org
Fri Jul 5 14:30:54 UTC 2013
Author: andre
Date: Fri Jul 5 14:30:54 2013
New Revision: 252787
URL: http://svnweb.freebsd.org/changeset/base/252787
Log:
MFC r249317:
Fix a race condition on tcp listen socket teardown with pending
connections in the accept queue and contiguous new incoming SYNs.
Compared to the original submitters patch I've moved the test
next to the SYN handling to have it together in a logical unit
and reworded the comment explaining the issue.
Submitted by: Matt Miller <matt at matthewjmiller.net>
Submitted by: Juan Mojica <jmojica at gmail.com>
Reviewed by: Matt Miller (changes)
Tested by: pho
Modified:
stable/9/sys/netinet/tcp_input.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/netinet/tcp_input.c
==============================================================================
--- stable/9/sys/netinet/tcp_input.c Fri Jul 5 14:24:37 2013 (r252786)
+++ stable/9/sys/netinet/tcp_input.c Fri Jul 5 14:30:54 2013 (r252787)
@@ -1375,6 +1375,15 @@ relocked:
*/
INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
return;
+ } else if (tp->t_state == TCPS_LISTEN) {
+ /*
+ * When a listen socket is torn down the SO_ACCEPTCONN
+ * flag is removed first while connections are drained
+ * from the accept queue in a unlock/lock cycle of the
+ * ACCEPT_LOCK, opening a race condition allowing a SYN
+ * attempt go through unhandled.
+ */
+ goto dropunlock;
}
#ifdef TCP_SIGNATURE
More information about the svn-src-stable-9
mailing list