svn commit: r324179 - head/sys/netinet
Gary Jennejohn
gljennjohn at gmail.com
Mon Oct 2 11:12:28 UTC 2017
On Sun, 1 Oct 2017 21:20:28 +0000 (UTC)
Julien Charbon <jch at FreeBSD.org> wrote:
> Author: jch
> Date: Sun Oct 1 21:20:28 2017
> New Revision: 324179
> URL: https://svnweb.freebsd.org/changeset/base/324179
>
> Log:
> Fix an infinite loop in tcp_tw_2msl_scan() when an INP_TIMEWAIT inp has
> been destroyed before its tcptw with INVARIANTS undefined.
>
> This is a symmetric change of r307551:
>
> A INP_TIMEWAIT inp should not be destroyed before its tcptw, and INVARIANTS
> will catch this case. If INVARIANTS is undefined it will emit a log(LOG_ERR)
> and avoid a hard to debug infinite loop in tcp_tw_2msl_scan().
>
> Reported by: Ben Rubson, hselasky
> Submitted by: hselasky
> Tested by: Ben Rubson, jch
> MFC after: 1 week
> Sponsored by: Verisign, inc
> Differential Revision: https://reviews.freebsd.org/D12267
>
> Modified:
> head/sys/netinet/tcp_timewait.c
>
> Modified: head/sys/netinet/tcp_timewait.c
> ==============================================================================
> --- head/sys/netinet/tcp_timewait.c Sun Oct 1 20:12:30 2017 (r324178)
> +++ head/sys/netinet/tcp_timewait.c Sun Oct 1 21:20:28 2017 (r324179)
> @@ -709,10 +709,29 @@ tcp_tw_2msl_scan(int reuse)
> INP_WLOCK(inp);
> tw = intotw(inp);
> if (in_pcbrele_wlocked(inp)) {
> - KASSERT(tw == NULL, ("%s: held last inp "
> - "reference but tw not NULL", __func__));
> - INP_INFO_RUNLOCK(&V_tcbinfo);
> - continue;
> + if (__predict_true(tw == NULL)) {
> + INP_INFO_RUNLOCK(&V_tcbinfo);
> + continue;
> + } else {
> + /* This should not happen as in TIMEWAIT
> + * state the inp should not be destroyed
> + * before its tcptw. If INVARIANTS is
> + * defined panic.
> + */
> +#ifdef INVARIANTS
> + panic("%s: Panic before an infinite "
> + "loop: INP_TIMEWAIT && (INP_FREED "
> + "|| inp last reference) && tw != "
> + "NULL", __func__);
> +#else
> + log(LOG_ERR, "%s: Avoid an infinite "
> + "loop: INP_TIMEWAIT && (INP_FREED "
> + "|| inp last reference) && tw != "
> + "NULL", __func__);
> +#endif
> + INP_INFO_RUNLOCK(&V_tcbinfo);
> + break;
> + }
> }
>
> if (tw == NULL) {
>
This file needs to include sys/syslog.h, otherwise LOG_ERR is
not defined and the kernel build fails when INVARIANTS is not
defined in the kernel config file.
--
Gary Jennejohn
More information about the svn-src-all
mailing list