Page MenuHomeFreeBSD
Differential D38507

tcp: Disallow re-connection of a connected socket
ClosedPublic
Actions

Authored by markj on Feb 11 2023, 4:28 PM.
Tags
None
Referenced Files
F151207193: D38507.id117142.diff
Mon, Apr 6, 8:18 PM
Unknown Object (File)
Thu, Mar 26, 5:26 PM
Unknown Object (File)
Thu, Mar 26, 9:35 AM
Unknown Object (File)
Thu, Mar 26, 5:34 AM
Unknown Object (File)
Mon, Mar 23, 8:25 AM
Unknown Object (File)
Mon, Mar 23, 12:13 AM
Unknown Object (File)
Mon, Mar 23, 12:13 AM
Unknown Object (File)
Wed, Mar 18, 5:13 AM
View All Files
Subscribers
imp
melifaro

Details

Reviewers
glebius
Group Reviewers
transport
Commits
rG636b19ead43a: tcp: Disallow re-connection of a connected socket
Summary

soconnectat() tries to ensure that one cannot connect a connected
socket. However, the check is racy and does not really prevent two
threads from attempting to connect the same TCP socket.

Modify tcp_connect() and tcp6_connect() to perform the check again, this
time synchronized by the inpcb lock, under which we call
soisconnecting().

Reported by: syzkaller

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Feb 11 2023, 4:28 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptFeb 11 2023, 4:28 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
markj requested review of this revision.Feb 11 2023, 4:28 PM
Harbormaster completed remote builds in B49688: Diff 116986.Feb 11 2023, 4:28 PM
markj updated this revision to Diff 116987.Feb 11 2023, 4:28 PM
markj added a parent revision: D38506: tcp: Remove a redundant net_epoch entry in tcp6_connect().
  • Undo the modification to tcp6_usr_connect().
Harbormaster completed remote builds in B49689: Diff 116987.Feb 11 2023, 4:29 PM
glebius added a comment.Feb 13 2023, 9:23 PM

May I ask two additions to the existing patch?

  1. Your discovery of the racyness of soconnectat() is very important and it deserves a comment in the function code with reference to the fact that TCP solves the problem for itself.
  2. I'd suggest to brace the new check info __predict_false().
markj updated this revision to Diff 117142.Feb 13 2023, 9:43 PM
  • Add a comment to soconnectat().
  • Add __predict_false annotations.
Harbormaster completed remote builds in B49749: Diff 117142.Feb 13 2023, 9:43 PM
markj added a comment.Feb 13 2023, 9:44 PM
In D38507#877427, @glebius wrote:

May I ask two additions to the existing patch?

  1. Your discovery of the racyness of soconnectat() is very important and it deserves a comment in the function code with reference to the fact that TCP solves the problem for itself.
  2. I'd suggest to brace the new check info __predict_false().

BTW, this is already checked implicitly by UDP when it checks inp->inp_faddr.

glebius accepted this revision.Feb 13 2023, 10:26 PM
This revision was not accepted when it landed; it landed in state Needs Review.Feb 14 2023, 3:14 PM
Closed by commit rG636b19ead43a: tcp: Disallow re-connection of a connected socket (authored by markj). · Explain Why
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG636b19ead43a: tcp: Disallow re-connection of a connected socket.

Revision Contents
Changeset List

PathSize
sys/
kern/
4 lines
netinet/
11 lines

Diff 117205

View Options

sys/kern/uipc_socket.c

Loading...
View Options

sys/netinet/tcp_usrreq.c

Loading...