Page MenuHomeFreeBSD
Differential D45425

tcp: in tcp_close() call tcp_timer_stop() after pcb has been dropped
AbandonedPublic
Actions

Authored by glebius on May 31 2024, 6:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 16 2025, 2:26 PM
Unknown Object (File)
Mar 14 2025, 2:51 PM
Unknown Object (File)
Feb 25 2025, 7:54 PM
Unknown Object (File)
Feb 21 2025, 7:59 PM
Unknown Object (File)
Feb 18 2025, 6:13 PM
Unknown Object (File)
Feb 9 2025, 7:58 AM
Unknown Object (File)
Feb 9 2025, 7:57 AM
Unknown Object (File)
Feb 8 2025, 12:50 PM
View All 56 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
rscheff
rrs
jtl
Group Reviewers
transport
Summary

The tcp_timer_stop() is designed to be called when the pcb belongs solely
to the calling thread and can't be looked up via in_pcblookup(). The
function may release lock which creates a race if used on a pcb that can
be found by an other thread.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57975
Build 54863: arc lint + arc unit

Event Timeline

glebius created this revision.May 31 2024, 6:21 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptMay 31 2024, 6:21 PM
Herald added subscribers: melifaro, imp. · View Herald Transcript
glebius requested review of this revision.May 31 2024, 6:21 PM
Harbormaster completed remote builds in B57975: Diff 139266.May 31 2024, 6:21 PM
jtl accepted this revision.May 31 2024, 6:24 PM
This revision is now accepted and ready to land.May 31 2024, 6:24 PM
tuexen accepted this revision.EditedMay 31 2024, 6:55 PM

If the summary is true, wouldn't it be good to KASSERT that (inp->inp_flags & INP_DROPPED) != 0 after we have removed the two calls of tcp_timer_stop() from the RACK code? Willing to work on it...

glebius abandoned this revision.Jun 26 2024, 3:57 PM

This doesn't fix anything.

Revision Contents
Changeset List

PathSize
sys/
netinet/
2 lines

Diff 139266

View Options

sys/netinet/tcp_subr.c

Loading...