Page MenuHomeFreeBSD

Incorrect KASSERT
AbandonedPublic

Authored by rrs on Mar 17 2019, 1:15 PM.

Details

Reviewers
jtl
tuexen
Group Reviewers
transport
Summary

While testing at NF we have found this incorrect KASSERT. It is rare, which
is why no one probably has hit it. You have to have a session that is
being dropped by persists. And when the tcp_drop() calls tcp_output.c it
will be in the closed state. The interface must be overloaded and return
ENOBUF's. When that occurs, your flags will be set to
TH_RST (you were dropping the connection). The check in the KASSERT
is trying to make sure you don't have the TH_FIN or TH_SYN but it needs to
include TH_RST as well and the
flags in place, but it is the wrong logic it should be != not ==.

Test Plan
  1. Use a small test program to validate that when no timers are set and you pass in to the new logic TH_FIN or TH_SYN and TH_RST you will correctly return true to pass the kassert
  2. place the change in nf and test (which may or may not hit the problem) since its a very rare event (the test prog is better to make sure we are doing the right thing) :)

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

rrs created this revision.Mar 17 2019, 1:15 PM
rrs edited the summary of this revision. (Show Details)Mar 17 2019, 1:22 PM
rrs edited the test plan for this revision. (Show Details)
rrs updated this revision to Diff 55154.
jtl added a comment.Mar 18 2019, 3:37 PM

I'm confused how a RST could have tripped this assert. In that case, len should have been 0 and ((th_flags) & (TH_SYN | TH_FIN)) == 0 should have been true (i.e. neither SYN nor FIN was set). In other words, it looks to me as if a RST should already pass the assert without tripping it. Can you explain further what I'm missing?

rrs abandoned this revision.Mar 19 2019, 5:36 PM