svn commit: r353040 - in releng/12.1/sys/netinet: . tcp_stacks
Michael Tuexen
tuexen at FreeBSD.org
Thu Oct 3 12:26:56 UTC 2019
Author: tuexen
Date: Thu Oct 3 12:26:55 2019
New Revision: 353040
URL: https://svnweb.freebsd.org/changeset/base/353040
Log:
MFS r352673:
When the RACK stack computes the space for user data in a TCP segment,
it wasn't taking the IP level options into account. This patch fixes this.
In addition, it also corrects a KASSERT and adds protection code to assure
that the IP header chain and the TCP head fit in the first fragment as
required by RFC 7112.
MFS: r353035:
RFC 7112 requires a host to put the complete IP header chain
including the TCP header in the first IP packet.
Enforce this in tcp_output(). In addition make sure that at least
one byte payload fits in the TCP segement to allow making progress.
Without this check, a kernel with INVARIANTS will panic.
This issue was found by running an instance of syzkaller.
Approved by: re (kib@)
Reviewed by: rrs@ (r352673), jtl@ (r353035)
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D21665
Differential Revision: https://reviews.freebsd.org/D21666
Modified:
releng/12.1/sys/netinet/tcp_output.c
releng/12.1/sys/netinet/tcp_stacks/rack.c
Directory Properties:
releng/12.1/ (props changed)
Modified: releng/12.1/sys/netinet/tcp_output.c
==============================================================================
--- releng/12.1/sys/netinet/tcp_output.c Thu Oct 3 11:23:10 2019 (r353039)
+++ releng/12.1/sys/netinet/tcp_output.c Thu Oct 3 12:26:55 2019 (r353040)
@@ -931,6 +931,20 @@ send:
if (tp->t_flags & TF_NEEDFIN)
sendalot = 1;
} else {
+ if (optlen + ipoptlen >= tp->t_maxseg) {
+ /*
+ * Since we don't have enough space to put
+ * the IP header chain and the TCP header in
+ * one packet as required by RFC 7112, don't
+ * send it. Also ensure that at least one
+ * byte of the payload can be put into the
+ * TCP segment.
+ */
+ SOCKBUF_UNLOCK(&so->so_snd);
+ error = EMSGSIZE;
+ sack_rxmit = 0;
+ goto out;
+ }
len = tp->t_maxseg - optlen - ipoptlen;
sendalot = 1;
if (dont_sendalot)
Modified: releng/12.1/sys/netinet/tcp_stacks/rack.c
==============================================================================
--- releng/12.1/sys/netinet/tcp_stacks/rack.c Thu Oct 3 11:23:10 2019 (r353039)
+++ releng/12.1/sys/netinet/tcp_stacks/rack.c Thu Oct 3 12:26:55 2019 (r353040)
@@ -7872,7 +7872,16 @@ send:
hdrlen += sizeof(struct udphdr);
}
#endif
- ipoptlen = 0;
+#ifdef INET6
+ if (isipv6)
+ ipoptlen = ip6_optlen(tp->t_inpcb);
+ else
+#endif
+ if (tp->t_inpcb->inp_options)
+ ipoptlen = tp->t_inpcb->inp_options->m_len -
+ offsetof(struct ipoption, ipopt_list);
+ else
+ ipoptlen = 0;
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
ipoptlen += ipsec_optlen;
#endif
@@ -7945,6 +7954,20 @@ send:
sendalot = 1;
} else {
+ if (optlen + ipoptlen >= tp->t_maxseg) {
+ /*
+ * Since we don't have enough space to put
+ * the IP header chain and the TCP header in
+ * one packet as required by RFC 7112, don't
+ * send it. Also ensure that at least one
+ * byte of the payload can be put into the
+ * TCP segment.
+ */
+ SOCKBUF_UNLOCK(&so->so_snd);
+ error = EMSGSIZE;
+ sack_rxmit = 0;
+ goto out;
+ }
len = tp->t_maxseg - optlen - ipoptlen;
sendalot = 1;
}
@@ -8438,15 +8461,9 @@ send:
m->m_pkthdr.csum_flags |= CSUM_TSO;
m->m_pkthdr.tso_segsz = tp->t_maxseg - optlen;
}
-#if defined(IPSEC) || defined(IPSEC_SUPPORT)
- KASSERT(len + hdrlen + ipoptlen - ipsec_optlen == m_length(m, NULL),
- ("%s: mbuf chain shorter than expected: %d + %u + %u - %u != %u",
- __func__, len, hdrlen, ipoptlen, ipsec_optlen, m_length(m, NULL)));
-#else
- KASSERT(len + hdrlen + ipoptlen == m_length(m, NULL),
- ("%s: mbuf chain shorter than expected: %d + %u + %u != %u",
- __func__, len, hdrlen, ipoptlen, m_length(m, NULL)));
-#endif
+ KASSERT(len + hdrlen == m_length(m, NULL),
+ ("%s: mbuf chain different than expected: %d + %u != %u",
+ __func__, len, hdrlen, m_length(m, NULL)));
#ifdef TCP_HHOOK
/* Run HHOOK_TCP_ESTABLISHED_OUT helper hooks. */
More information about the svn-src-all
mailing list