HomeFreeBSD
Diffusion FreeBSD src repository d35be50f5779

sctp: Hold association locks across socket wakeups when freeing
d35be50f5779
Actions

Description

sctp: Hold association locks across socket wakeups when freeing

At this point we do not hold the inpcb lock, so the only thing holding
the socket reference live is the TCB lock, which needs to be acquired by
sctp_inpcb_free() in order to destroy associations. Defer the unlock to
until after we dereference the socket reference.

Reported by: syzbot+1d0f2c4675de76a4cf1e@syzkaller.appspotmail.com
Reported by: syzbot+fabee77954fe69d3a5ad@syzkaller.appspotmail.com
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31754

Details

Provenance
markjAuthored on Sep 1 2021, 2:27 PM
Reviewer
tuexen
Differential Revision
D31754: sctp: Hold association locks across socket wakeups when freeing
Parents
rG65f30a39e11b: sctp: Release the socket reference when detaching an association
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
netinet/

rGd35be50f5779

View Options

sys/netinet/sctp_pcb.c

Loading...