Page MenuHomeFreeBSD
Differential D45425

tcp: in tcp_close() call tcp_timer_stop() after pcb has been dropped
AbandonedPublic
Actions

Authored by glebius on May 31 2024, 6:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Sep 24, 1:26 AM
Unknown Object (File)
Sun, Sep 21, 8:55 PM
Unknown Object (File)
Mon, Sep 15, 4:14 AM
Unknown Object (File)
Sep 7 2025, 9:08 PM
Unknown Object (File)
Sep 5 2025, 9:20 PM
Unknown Object (File)
Aug 9 2025, 7:39 AM
Unknown Object (File)
Jul 27 2025, 6:55 PM
Unknown Object (File)
Jun 30 2025, 8:08 PM
View All 72 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
rscheff
rrs
jtl
Group Reviewers
transport
Summary

The tcp_timer_stop() is designed to be called when the pcb belongs solely
to the calling thread and can't be looked up via in_pcblookup(). The
function may release lock which creates a race if used on a pcb that can
be found by an other thread.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57975
Build 54863: arc lint + arc unit

Event Timeline

glebius created this revision.May 31 2024, 6:21 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptMay 31 2024, 6:21 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.May 31 2024, 6:21 PM
Harbormaster completed remote builds in B57975: Diff 139266.May 31 2024, 6:21 PM
jtl accepted this revision.May 31 2024, 6:24 PM
This revision is now accepted and ready to land.May 31 2024, 6:24 PM
tuexen accepted this revision.EditedMay 31 2024, 6:55 PM

If the summary is true, wouldn't it be good to KASSERT that (inp->inp_flags & INP_DROPPED) != 0 after we have removed the two calls of tcp_timer_stop() from the RACK code? Willing to work on it...

glebius abandoned this revision.Jun 26 2024, 3:57 PM

This doesn't fix anything.

Revision Contents
Changeset List

PathSize
sys/
netinet/
2 lines

Diff 139266

View Options

sys/netinet/tcp_subr.c

Loading...