Differential D31754

sctp: Hold association locks across socket wakeups when freeing
ClosedPublic
Actions

Authored by markj on Aug 31 2021, 4:18 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Dec 20, 5:21 AM

	Unknown Object (File)
	Fri, Dec 12, 4:36 PM

	Unknown Object (File)
	Nov 27 2025, 1:31 AM

	Unknown Object (File)
	Nov 17 2025, 3:05 AM

	Unknown Object (File)
	Nov 17 2025, 3:05 AM

	Unknown Object (File)
	Nov 17 2025, 3:05 AM

	Unknown Object (File)
	Nov 17 2025, 1:24 AM

	Unknown Object (File)
	Nov 10 2025, 9:12 AM

View All 100 Files

Subscribers

Details

Reviewers

Group Reviewers

Commits

rGd35be50f5779: sctp: Hold association locks across socket wakeups when freeing

Summary

At this point we do not hold the inpcb lock, so the only thing holding
the socket reference live is the TCB lock, which needs to be acquired by
sctp_inpcb_free() in order to destroy associations. Defer the unlock
until after we dereference the socket reference.

Reported by: syzbot+1d0f2c4675de76a4cf1e@syzkaller.appspotmail.com
Reported by: syzbot+fabee77954fe69d3a5ad@syzkaller.appspotmail.com

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 41295
Build 38184: arc lint + arc unit

Event Timeline

markj created this revision.Aug 31 2021, 4:18 PM

Herald added a reviewer: transport. · View Herald TranscriptAug 31 2021, 4:18 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

markj requested review of this revision.Aug 31 2021, 4:18 PM

markj added a parent revision: D31753: sctp: Release the socket reference when detaching an association.

markj added a child revision: D31755: sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO.

Harbormaster completed remote builds in B41295: Diff 94441.Aug 31 2021, 4:19 PM

tuexen accepted this revision.Sep 1 2021, 8:03 AM

This revision is now accepted and ready to land.Sep 1 2021, 8:03 AM

Closed by commit rGd35be50f5779: sctp: Hold association locks across socket wakeups when freeing (authored by markj). · Explain WhySep 1 2021, 2:29 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGd35be50f5779: sctp: Hold association locks across socket wakeups when freeing.

Revision Contents
Changeset List

Path

Size

sys/

netinet/

4 lines

Diff 94441

sys/netinet/sctp_pcb.c

Loading...