Page MenuHomeFreeBSD
Differential D45425

tcp: in tcp_close() call tcp_timer_stop() after pcb has been dropped
AbandonedPublic
Actions

Authored by glebius on May 31 2024, 6:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 4, 4:31 PM
Unknown Object (File)
Tue, Nov 4, 4:31 PM
Unknown Object (File)
Tue, Nov 4, 2:04 PM
Unknown Object (File)
Mon, Nov 3, 2:39 AM
Unknown Object (File)
Sat, Nov 1, 2:08 PM
Unknown Object (File)
Sat, Nov 1, 5:42 AM
Unknown Object (File)
Fri, Oct 24, 1:23 AM
Unknown Object (File)
Sep 24 2025, 1:26 AM
View All 79 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
rscheff
rrs
jtl
Group Reviewers
transport
Summary

The tcp_timer_stop() is designed to be called when the pcb belongs solely
to the calling thread and can't be looked up via in_pcblookup(). The
function may release lock which creates a race if used on a pcb that can
be found by an other thread.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57975
Build 54863: arc lint + arc unit

Event Timeline

glebius created this revision.May 31 2024, 6:21 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptMay 31 2024, 6:21 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.May 31 2024, 6:21 PM
Harbormaster completed remote builds in B57975: Diff 139266.May 31 2024, 6:21 PM
jtl accepted this revision.May 31 2024, 6:24 PM
This revision is now accepted and ready to land.May 31 2024, 6:24 PM
tuexen accepted this revision.EditedMay 31 2024, 6:55 PM

If the summary is true, wouldn't it be good to KASSERT that (inp->inp_flags & INP_DROPPED) != 0 after we have removed the two calls of tcp_timer_stop() from the RACK code? Willing to work on it...

glebius abandoned this revision.Jun 26 2024, 3:57 PM

This doesn't fix anything.

Revision Contents
Changeset List

PathSize
sys/
netinet/
2 lines

Diff 139266

View Options

sys/netinet/tcp_subr.c

Loading...