[Bug 275169] Panic: rw_rlock: wlock already held for tcpinp @ /usr/src/sys/netinet/in_pcb.c:2529

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275169] Panic: rw_rlock: wlock already held for tcpinp @ /usr/src/sys/netinet/in_pcb.c:2529"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 19 Dec 2023 19:25:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275169

--- Comment #28 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=513f2e2e7180202167ca2963d815d2a4c3ac0af9

commit 513f2e2e7180202167ca2963d815d2a4c3ac0af9
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2023-12-19 19:24:17 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2023-12-19 19:24:17 +0000

    tcp: always set tcp_tun_port to a correct value

    The tcp_tun_port field that is used to pass port value between UDP
    and TCP in case of tunneling is a generic field that used to pass
    data between network layers.  It can be contaminated on entry, e.g.
    by a VLAN tag set by a NIC driver.  Explicily set it, so that it
    is zeroed out in a normal not-tunneled TCP.  If it contains garbage,
    tcp_twcheck() later can enter wrong block of code and treat the packet
    as incorrectly tunneled one.  On main and stable/14 that will end up
    with sending incorrect responses, but on stable/13 with ipfw(8) and
    pcb-matching rules it may end up in a panic.

    This is a minimal conservative patch to be merged to stable branches.
    Later we may redesign this.

    PR:                     275169
    Reviewed by:            tuexen
    Differential Revision:  https://reviews.freebsd.org/D43065

 sys/netinet/tcp_input.c | 1 +
 1 file changed, 1 insertion(+)

-- 
You are receiving this mail because:
You are the assignee for the bug.