Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2023 13:32:40 GMT
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: bb56b36d7188 - main - sctp: further improve shutting down the read side of a socket
Message-ID:  <202309131332.38DDWekl048679@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb56b36d7188e004840294d0bd5dfdf7f3392a05

commit bb56b36d7188e004840294d0bd5dfdf7f3392a05
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2023-09-13 11:02:51 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-09-13 11:02:51 +0000

    sctp: further improve shutting down the read side of a socket
    
    Deal with the case that the association is already gone.
    
    Reported by:    syzbot+e256d42e9b390564530a@syzkaller.appspotmail.com
    MFC after:      3 days
---
 sys/netinet/sctp_usrreq.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 02bb87578528..29d63f989e79 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -806,11 +806,9 @@ sctp_flush(struct socket *so, int how)
 		return (0);
 	}
 	stcb = LIST_FIRST(&inp->sctp_asoc_list);
-	if (stcb == NULL) {
-		SCTP_INP_WUNLOCK(inp);
-		return (ENOTCONN);
+	if (stcb != NULL) {
+		SCTP_TCB_LOCK(stcb);
 	}
-	SCTP_TCB_LOCK(stcb);
 	SCTP_INP_READ_LOCK(inp);
 	inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_CANT_READ;
 	SOCK_LOCK(so);
@@ -836,7 +834,7 @@ sctp_flush(struct socket *so, int how)
 	}
 	SOCK_UNLOCK(so);
 	SCTP_INP_READ_UNLOCK(inp);
-	if (need_to_abort) {
+	if (need_to_abort && (stcb != NULL)) {
 		inp->last_abort_code = SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6;
 		SCTP_INP_WUNLOCK(inp);
 		op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, "");
@@ -845,7 +843,9 @@ sctp_flush(struct socket *so, int how)
 		NET_EPOCH_EXIT(et);
 		return (ECONNABORTED);
 	}
-	SCTP_TCB_UNLOCK(stcb);
+	if (stcb != NULL) {
+		SCTP_TCB_UNLOCK(stcb);
+	}
 	SCTP_INP_WUNLOCK(inp);
 	return (0);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202309131332.38DDWekl048679>