Re: git: 9b569353e0b0 - main - tcp: initialize V_ts_offset_secret for all vnets

From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Sat, 10 Aug 2024 00:20:45 UTC

> On Aug 9, 2024, at 10:15 PM, Michael Tuexen <tuexen@FreeBSD.org> wrote:
> 
> The branch main has been updated by tuexen:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=9b569353e0b073a513cf10debbe634c2ceb29fdf
> 
> commit 9b569353e0b073a513cf10debbe634c2ceb29fdf
> Author:     Michael Tuexen <tuexen@FreeBSD.org>
> AuthorDate: 2024-08-09 14:12:22 +0000
> Commit:     Michael Tuexen <tuexen@FreeBSD.org>
> CommitDate: 2024-08-09 14:12:22 +0000
> 
>    tcp: initialize V_ts_offset_secret for all vnets
> 
>    Initialize V_ts_offset_secret for each vnet, not only for the
>    default vnet, since it is vnet specific.
> 
>    Reviewed by:            Peter Lei
>    MFC after:              3 days
>    Sponsored by:           Netflix, Inc.
>    Differential Revision:  https://reviews.freebsd.org/D46246
> ---
> sys/netinet/tcp_subr.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
> index 9e95a87b3596..9b5f2651fb35 100644
> --- a/sys/netinet/tcp_subr.c
> +++ b/sys/netinet/tcp_subr.c
> @@ -1465,6 +1465,7 @@ tcp_vnet_init(void *arg __unused)
> 	VNET_PCPUSTAT_ALLOC(tcpstat, M_WAITOK);
> 
> 	V_tcp_msl = TCPTV_MSL;
> +	arc4rand(&V_ts_offset_secret, sizeof(V_ts_offset_secret), 0);

Emm, does it have any (potential) security problems if not initialized ? If yes then does it deserve an SA ?

> }
> VNET_SYSINIT(tcp_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH,
>     tcp_vnet_init, NULL);
> @@ -1502,7 +1503,6 @@ tcp_init(void *arg __unused)
> 	/* Initialize the TCP logging data. */
> 	tcp_log_init();
> #endif
> -	arc4rand(&V_ts_offset_secret, sizeof(V_ts_offset_secret), 0);
> 
> 	if (tcp_soreceive_stream) {
> #ifdef INET