Page MenuHomeFreeBSD
Differential D25486

Improve error path in BBR
ClosedPublic
Actions

Authored by tuexen on Jun 27 2020, 1:56 PM.
Tags
None
Referenced Files
F103542794: D25486.diff
Tue, Nov 26, 7:39 AM
Unknown Object (File)
Oct 7 2024, 5:51 AM
Unknown Object (File)
Sep 27 2024, 9:38 AM
Unknown Object (File)
Sep 27 2024, 9:24 AM
Unknown Object (File)
Sep 27 2024, 9:23 AM
Unknown Object (File)
Sep 26 2024, 5:58 AM
Unknown Object (File)
Sep 20 2024, 10:22 AM
Unknown Object (File)
Sep 14 2024, 1:23 AM
View All 33 Files
Subscribers
imp
melifaro

Details

Reviewers
rrs
rscheff
Group Reviewers
transport
Commits
rS362846: Fix the cleanup handling in a error path for TCP BBR.
Summary

syzkaller found a bug in the BBR code. On an error path, the socket buffer was not unlocked. Free also on this path the allocated mbuf.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tuexen created this revision.Jun 27 2020, 1:56 PM
Herald added a reviewer: transport. · View Herald TranscriptJun 27 2020, 1:56 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
tuexen requested review of this revision.Jun 27 2020, 1:56 PM
Harbormaster completed remote builds in B32009: Diff 73760.Jun 27 2020, 1:57 PM
tuexen edited the summary of this revision. (Show Details)Jun 27 2020, 1:57 PM
rscheff accepted this revision.Jun 27 2020, 3:04 PM

This mechanical change looks good to me. Just wondering is similar missing sbunlock would be in RACK or elsewhere in BBR. (but didn't spot anything obvious just now)

This revision is now accepted and ready to land.Jun 27 2020, 3:04 PM
tuexen added a comment.Jun 27 2020, 3:11 PM
In D25486#562860, @rscheff wrote:

This mechanical change looks good to me. Just wondering is similar missing sbunlock would be in RACK or elsewhere in BBR. (but didn't spot anything obvious just now)

syzkaller triggered the condition. I looked for other cases, but did not spot any. That doesn't mean that they don't exist... Maybe syzkaller will find other issue, I don't know. That is the reason why it it constantly running...

Closed by commit rS362846: Fix the cleanup handling in a error path for TCP BBR. (authored by tuexen). · Explain WhyJul 1 2020, 5:17 PM
This revision was automatically updated to reflect the committed changes.
tuexen added a commit: rS362846: Fix the cleanup handling in a error path for TCP BBR..

Revision Contents
Changeset List

PathSize
head/
sys/
netinet/
tcp_stacks/
2 lines

Diff 73977

View Options

head/sys/netinet/tcp_stacks/bbr.c

Loading...