svn commit: r368326 - head/sys/kern

Kyle Evans kevans at freebsd.org
Fri Dec 4 04:48:08 UTC 2020 

On Thu, Dec 3, 2020 at 10:40 PM Kyle Evans <kevans at freebsd.org> wrote:
>
> Author: kevans
> Date: Fri Dec  4 04:39:48 2020
> New Revision: 368326
> URL: https://svnweb.freebsd.org/changeset/base/368326
>
> Log:
>   kern: soclose: don't sleep on SO_LINGER w/ timeout=0
>
>   This is a valid scenario that's handled in the various protocol layers where
>   it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it
>   indicates we should immediately drop the connection, it makes little sense
>   to sleep on it.
>
>   This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this
>   could result in the thread hanging until a signal interrupts it if the
>   protocol does not mark the socket as disconnected for whatever reason.
>
>   Reported by:  syzbot+e625d92c1dd74e402c81 at syzkaller.appspotmail.com
>   Reviewed by:  glebius, markj
>   MFC after:    1 week
>   Differential Revision:        https://reviews.freebsd.org/D27407
>

It occurred to me as I was glancing over the diff one more time
pre-commit that this panic must have been in SCTP, because TCP will
always soisdisconnected() the socket in this case while SCTP will not.
This is arguably a bug in SCTP that should also be fixed, but I
consider the below to still be a valid and better behavior than
wedging a userland process due to a minor oversight like this when the
behavior of so_linger == 0 is pretty well understood.

> Modified:
>   head/sys/kern/uipc_socket.c
>
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c Fri Dec  4 02:37:33 2020        (r368325)
> +++ head/sys/kern/uipc_socket.c Fri Dec  4 04:39:48 2020        (r368326)
> @@ -1192,7 +1192,8 @@ soclose(struct socket *so)
>                                 goto drop;
>                         }
>                 }
> -               if (so->so_options & SO_LINGER) {
> +
> +               if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) {
>                         if ((so->so_state & SS_ISDISCONNECTING) &&
>                             (so->so_state & SS_NBIO))
>                                 goto drop;

More information about the svn-src-head mailing list