git: 00c3c39fcc4c - stable/14 - tcp: improve ref count handling when processing SYN

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Thu, 31 Oct 2024 13:56:13 UTC
The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=00c3c39fcc4ccdbc2b83ed0f0f2838863856b795

commit 00c3c39fcc4ccdbc2b83ed0f0f2838863856b795
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-28 20:06:41 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 11:34:33 +0000

    tcp: improve ref count handling when processing SYN
    
    Don't leak a reference count for so->so_cred when processing an
    incoming SYN segment with an on-stack syncache entry and the
    sysctl variable net.inet.tcp.syncache.see_other is false.
    
    Reviewed by:            cc, markj, rscheff
    Sponsored by:           Netflix, Inc.
    Pull Request:           https://reviews.freebsd.org/D46793
    
    (cherry picked from commit cbc9438f0505bd971e9eba635afdae38a267d76e)
---
 sys/netinet/tcp_syncache.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index fa64d2d79c3b..0f7e7359679f 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1385,7 +1385,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 	struct label *maclabel = NULL;
 #endif
 	struct syncache scs;
-	struct ucred *cred;
 	uint64_t tfo_response_cookie;
 	unsigned int *tfo_pending = NULL;
 	int tfo_cookie_valid = 0;
@@ -1402,7 +1401,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 	 */
 	KASSERT(SOLISTENING(so), ("%s: %p not listening", __func__, so));
 	tp = sototcpcb(so);
-	cred = V_tcp_syncache.see_other ? NULL : crhold(so->so_cred);
 
 #ifdef INET6
 	if (inc->inc_flags & INC_ISIPV6) {
@@ -1633,9 +1631,21 @@ skip_alloc:
 #ifdef MAC
 	sc->sc_label = maclabel;
 #endif
-	sc->sc_cred = cred;
+	/*
+	 * sc_cred is only used in syncache_pcblist() to list TCP endpoints in
+	 * TCPS_SYN_RECEIVED state when V_tcp_syncache.see_other is false.
+	 * Therefore, store the credentials and take a reference count only
+	 * when needed:
+	 * - sc is allocated from the zone and not using the on stack instance.
+	 * - the sysctl variable net.inet.tcp.syncache.see_other is false.
+	 * The reference count is decremented when a zone allocated sc is
+	 * freed in syncache_free().
+	 */
+	if (sc != &scs && !V_tcp_syncache.see_other)
+		sc->sc_cred = crhold(so->so_cred);
+	else
+		sc->sc_cred = NULL;
 	sc->sc_port = port;
-	cred = NULL;
 	sc->sc_ipopts = ipopts;
 	bcopy(inc, &sc->sc_inc, sizeof(struct in_conninfo));
 	sc->sc_ip_tos = ip_tos;
@@ -1771,8 +1781,6 @@ donenoprobe:
 		tcp_fastopen_decrement_counter(tfo_pending);
 
 tfo_expanded:
-	if (cred != NULL)
-		crfree(cred);
 	if (sc == NULL || sc == &scs) {
 #ifdef MAC
 		mac_syncache_destroy(&maclabel);