From owner-svn-src-head@freebsd.org  Wed Jul  4 17:10:08 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 514691024E3E;
 Wed,  4 Jul 2018 17:10:08 +0000 (UTC)
 (envelope-from sbruno@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F187987528;
 Wed,  4 Jul 2018 17:10:07 +0000 (UTC)
 (envelope-from sbruno@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D27515FE1;
 Wed,  4 Jul 2018 17:10:07 +0000 (UTC)
 (envelope-from sbruno@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w64HA7BL017909;
 Wed, 4 Jul 2018 17:10:07 GMT (envelope-from sbruno@FreeBSD.org)
Received: (from sbruno@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w64HA7ZW017908;
 Wed, 4 Jul 2018 17:10:07 GMT (envelope-from sbruno@FreeBSD.org)
Message-Id: <201807041710.w64HA7ZW017908@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sbruno set sender to
 sbruno@FreeBSD.org using -f
From: Sean Bruno <sbruno@FreeBSD.org>
Date: Wed, 4 Jul 2018 17:10:07 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r335962 - head/sys/netipsec
X-SVN-Group: head
X-SVN-Commit-Author: sbruno
X-SVN-Commit-Paths: head/sys/netipsec
X-SVN-Commit-Revision: 335962
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 17:10:08 -0000

Author: sbruno
Date: Wed Jul  4 17:10:07 2018
New Revision: 335962
URL: https://svnweb.freebsd.org/changeset/base/335962

Log:
  fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl()
  
  IPSEC_PCBCTL() functions, which include tcp_ipsec_pcbctl(),
  ipsec4_pcbctl(), and ipsec6_pcbctl(), should all have matching locking
  semantics.
  
  ipsec4_pcbctl() and ipsec6_pcbctl() expect the inp to be unlocked on
  entry and exit and appear to be correctly implemented as such. But
  tcp_ipsec_pcbctl() had other semantics. This patch fixes the semantics
  for tcp_ipsec_pcbctl().
  
  Submitted by:	Jason Eggleston <jason@eggnet.com>
  MFH:		2 weeks
  Sponsored by:	Limelight Networks
  Differential Revision:	https://reviews.freebsd.org/D14623

Modified:
  head/sys/netipsec/xform_tcp.c

Modified: head/sys/netipsec/xform_tcp.c
==============================================================================
--- head/sys/netipsec/xform_tcp.c	Wed Jul  4 17:06:51 2018	(r335961)
+++ head/sys/netipsec/xform_tcp.c	Wed Jul  4 17:10:07 2018	(r335962)
@@ -80,23 +80,24 @@ tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *so
 	struct tcpcb *tp;
 	int error, optval;
 
-	INP_WLOCK_ASSERT(inp);
 	if (sopt->sopt_name != TCP_MD5SIG) {
-		INP_WUNLOCK(inp);
 		return (ENOPROTOOPT);
 	}
 
-	tp = intotcpcb(inp);
 	if (sopt->sopt_dir == SOPT_GET) {
+		INP_RLOCK(inp);
+		if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
+			INP_RUNLOCK(inp);
+			return (ECONNRESET);
+		}
+		tp = intotcpcb(inp);
 		optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
-		INP_WUNLOCK(inp);
+		INP_RUNLOCK(inp);
 
 		/* On success return with released INP_WLOCK */
 		return (sooptcopyout(sopt, &optval, sizeof(optval)));
 	}
 
-	INP_WUNLOCK(inp);
-
 	error = sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval));
 	if (error != 0)
 		return (error);
@@ -107,12 +108,13 @@ tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *so
 		INP_WUNLOCK(inp);
 		return (ECONNRESET);
 	}
+	tp = intotcpcb(inp);
 	if (optval > 0)
 		tp->t_flags |= TF_SIGNATURE;
 	else
 		tp->t_flags &= ~TF_SIGNATURE;
 
-	/* On success return with acquired INP_WLOCK */
+	INP_WUNLOCK(inp);
 	return (error);
 }