Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Dec 2020 22:47:56 -0600
From:      Kyle Evans <kevans@freebsd.org>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>,  svn-src-head <svn-src-head@freebsd.org>, Michael Tuexen <tuexen@freebsd.org>
Subject:   Re: svn commit: r368326 - head/sys/kern
Message-ID:  <CACNAnaEKNbQCXf5N7Sqxut1ca8SUQxk0P4w_P158_V62_cHozg@mail.gmail.com>
In-Reply-To: <202012040439.0B44dmxp043739@repo.freebsd.org>
References:  <202012040439.0B44dmxp043739@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Dec 3, 2020 at 10:40 PM Kyle Evans <kevans@freebsd.org> wrote:
>
> Author: kevans
> Date: Fri Dec  4 04:39:48 2020
> New Revision: 368326
> URL: https://svnweb.freebsd.org/changeset/base/368326
>
> Log:
>   kern: soclose: don't sleep on SO_LINGER w/ timeout=0
>
>   This is a valid scenario that's handled in the various protocol layers where
>   it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it
>   indicates we should immediately drop the connection, it makes little sense
>   to sleep on it.
>
>   This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this
>   could result in the thread hanging until a signal interrupts it if the
>   protocol does not mark the socket as disconnected for whatever reason.
>
>   Reported by:  syzbot+e625d92c1dd74e402c81@syzkaller.appspotmail.com
>   Reviewed by:  glebius, markj
>   MFC after:    1 week
>   Differential Revision:        https://reviews.freebsd.org/D27407
>

It occurred to me as I was glancing over the diff one more time
pre-commit that this panic must have been in SCTP, because TCP will
always soisdisconnected() the socket in this case while SCTP will not.
This is arguably a bug in SCTP that should also be fixed, but I
consider the below to still be a valid and better behavior than
wedging a userland process due to a minor oversight like this when the
behavior of so_linger == 0 is pretty well understood.

> Modified:
>   head/sys/kern/uipc_socket.c
>
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c Fri Dec  4 02:37:33 2020        (r368325)
> +++ head/sys/kern/uipc_socket.c Fri Dec  4 04:39:48 2020        (r368326)
> @@ -1192,7 +1192,8 @@ soclose(struct socket *so)
>                                 goto drop;
>                         }
>                 }
> -               if (so->so_options & SO_LINGER) {
> +
> +               if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) {
>                         if ((so->so_state & SS_ISDISCONNECTING) &&
>                             (so->so_state & SS_NBIO))
>                                 goto drop;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaEKNbQCXf5N7Sqxut1ca8SUQxk0P4w_P158_V62_cHozg>