Page MenuHomeFreeBSD
Differential D45425

tcp: in tcp_close() call tcp_timer_stop() after pcb has been dropped
AbandonedPublic
Actions

Authored by glebius on May 31 2024, 6:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Feb 25, 7:54 PM
Unknown Object (File)
Fri, Feb 21, 7:59 PM
Unknown Object (File)
Tue, Feb 18, 6:13 PM
Unknown Object (File)
Feb 9 2025, 7:58 AM
Unknown Object (File)
Feb 9 2025, 7:57 AM
Unknown Object (File)
Feb 8 2025, 12:50 PM
Unknown Object (File)
Jan 23 2025, 6:46 PM
Unknown Object (File)
Jan 22 2025, 9:27 PM
View All 54 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
rscheff
rrs
jtl
Group Reviewers
transport
Summary

The tcp_timer_stop() is designed to be called when the pcb belongs solely
to the calling thread and can't be looked up via in_pcblookup(). The
function may release lock which creates a race if used on a pcb that can
be found by an other thread.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57975
Build 54863: arc lint + arc unit

Event Timeline

glebius created this revision.May 31 2024, 6:21 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptMay 31 2024, 6:21 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.May 31 2024, 6:21 PM
Harbormaster completed remote builds in B57975: Diff 139266.May 31 2024, 6:21 PM
jtl accepted this revision.May 31 2024, 6:24 PM
This revision is now accepted and ready to land.May 31 2024, 6:24 PM
tuexen accepted this revision.EditedMay 31 2024, 6:55 PM

If the summary is true, wouldn't it be good to KASSERT that (inp->inp_flags & INP_DROPPED) != 0 after we have removed the two calls of tcp_timer_stop() from the RACK code? Willing to work on it...

glebius abandoned this revision.Jun 26 2024, 3:57 PM

This doesn't fix anything.

Revision Contents
Changeset List

PathSize
sys/
netinet/
2 lines

Diff 139266

View Options

sys/netinet/tcp_subr.c

Loading...