From nobody Sun Apr 23 17:56:04 2023
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q4GCT75ZTz46DpZ;
	Sun, 23 Apr 2023 17:56:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Q4GCS4yXBz42Fy;
	Sun, 23 Apr 2023 17:56:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1682272564;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EbODbvRJWxy+Y2UPCXy6HiAXVyaxGG3f5rwHBJqi2fA=;
	b=WiS9elxFDPrUsd+9oOR97+ng9NYnReGe2xWwUdpjJXpANK1lsCSWhTsvs9y4jpdmoDztsy
	atg4NHrOfs0DRdSyjcVMN4zALkN8L8CKfDGh8Y/Fq57nnazffuny8obcCLnxCtPnMv3jOK
	I/T1fCrMThr7f6JErwgFZa5MHoa4cZk1i66XRcvRkpzXMTk+JPHHKCBODeeSH3nSsk4Fe0
	XJ62/ot7ud+ayUHOxLsfWpjIvFAr0KKYcXa3XtWyEpgBPs1AnZBvWNgfLgAW1EIXJwtooO
	RiUSulU9Wo2MoV8syBjK0MkFIGyuukSVv8TOOn31mF+2zDbGwS34arSxbSj+ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1682272564;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EbODbvRJWxy+Y2UPCXy6HiAXVyaxGG3f5rwHBJqi2fA=;
	b=fOGsybri6wlqr4lq1N/9m2/tALOUNEsD8WqrU7bWK95vv7zKk1t0ynCS6q7l5vDMeZrfvX
	0yZOpqkUOjvQrfXoSUTLU+XJGKQxAhmcdx60KNvao1vHRRQqOc1Qf15em7mBVQfgYjoCcu
	rlEcMKQD5QX6q76EvDLk5uKvf8nUMgdGRj+JdE8sO6B3Ng93pJDirwZhNAekpgNebl/zkw
	6AZPWgJdIiWDlYSLt1cLq1os/q011G39edEBHW3NwvEWM+xF5ePxEe0P3EKZLMH09avwxn
	lmJXkZrqwZt2b8BZhvVBL1SRfdzt7THiIyzwFbFu1SelcL+MQ4nTtWH+hS6WrA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682272564; a=rsa-sha256; cv=none;
	b=rId0FClb3uk3Bve+eEezRzqYvI/GckBCnAQGpgT/Sd9FAZqA7EPNrHb89adbgeVr2Qcley
	RW4Zd6JnOVIwdebVPPIO5M6K1zAXAfi7mAQXVmk5TV+30jRRWZBKPgifb7oc50CsiKlyRL
	9NU0mhH14hOp2OLO6CK5viTh2yYl2xcmq099Wuwt89cFKY0MYVliSQkxC7zjLJyTA1qPz9
	3DnQX4OqOn0eZJxuVbzLDNwqfr3/nVLdUXJFgmrV8988nwcUETWVSC16DuEfU1Qg6IPmAG
	f4LmZfot1TJ0Xh99gIkqxoCGjKiY0gDxAiQ9W00k8kYY4k27UfsrXpe7AHIpUw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q4GCS3sHFztC7;
	Sun, 23 Apr 2023 17:56:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33NHu4o2026399;
	Sun, 23 Apr 2023 17:56:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33NHu4TA026398;
	Sun, 23 Apr 2023 17:56:04 GMT
	(envelope-from git)
Date: Sun, 23 Apr 2023 17:56:04 GMT
Message-Id: <202304231756.33NHu4TA026398@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 93998d166fb7 - main - inpcb: Fix some bugs in _in_pcbinshash_wild()
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 93998d166fb7907a6ae16a08d6831e31f656c97b
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=93998d166fb7907a6ae16a08d6831e31f656c97b

commit 93998d166fb7907a6ae16a08d6831e31f656c97b
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-04-23 14:36:24 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-04-23 17:55:57 +0000

    inpcb: Fix some bugs in _in_pcbinshash_wild()
    
    - In _in_pcbinshash_wild(), we should avoid returning v6 sockets unless
      no other matches are available.  This preserves pre-existing
      semantics.
    - Fix an inverted test: when inserting a non-jailed PCB, we want to
      search for the first non-jailed PCB in the hash chain.
    - Test the right PCB when searching for a non-jailed PCB.
    
    While here, add a required locking assertion.
    
    Fixes:  7b92493ab1d4 ("inpcb: Avoid inp_cred dereferences in SMR-protected lookup")
---
 sys/netinet/in_pcb.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 4c1ba835a066..9193dfb2372b 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2506,7 +2506,8 @@ in_pcbjailed(const struct inpcb *inp, unsigned int flag)
  * in_pcblookup_hash_wild_*() always encounter the highest-ranking PCB first.
  *
  * Specifically, keep jailed PCBs in front of non-jailed PCBs, and keep PCBs
- * with exact local addresses ahead of wildcard PCBs.
+ * with exact local addresses ahead of wildcard PCBs.  Unbound v4-mapped v6 PCBs
+ * always appear last no matter whether they are jailed.
  */
 static void
 _in_pcbinshash_wild(struct inpcbhead *pcbhash, struct inpcb *inp)
@@ -2514,14 +2515,26 @@ _in_pcbinshash_wild(struct inpcbhead *pcbhash, struct inpcb *inp)
 	struct inpcb *last;
 	bool bound, injail;
 
+	INP_LOCK_ASSERT(inp);
 	INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
 
 	last = NULL;
 	bound = inp->inp_laddr.s_addr != INADDR_ANY;
+	if (!bound && (inp->inp_vflag & INP_IPV6PROTO) != 0) {
+		CK_LIST_FOREACH(last, pcbhash, inp_hash_wild) {
+			if (CK_LIST_NEXT(last, inp_hash_wild) == NULL) {
+				CK_LIST_INSERT_AFTER(last, inp, inp_hash_wild);
+				return;
+			}
+		}
+		CK_LIST_INSERT_HEAD(pcbhash, inp, inp_hash_wild);
+		return;
+	}
+
 	injail = in_pcbjailed(inp, PR_IP4);
 	if (!injail) {
 		CK_LIST_FOREACH(last, pcbhash, inp_hash_wild) {
-			if (in_pcbjailed(inp, PR_IP4))
+			if (!in_pcbjailed(last, PR_IP4))
 				break;
 			if (CK_LIST_NEXT(last, inp_hash_wild) == NULL) {
 				CK_LIST_INSERT_AFTER(last, inp, inp_hash_wild);
@@ -2559,6 +2572,7 @@ _in6_pcbinshash_wild(struct inpcbhead *pcbhash, struct inpcb *inp)
 	struct inpcb *last;
 	bool bound, injail;
 
+	INP_LOCK_ASSERT(inp);
 	INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
 
 	last = NULL;
@@ -2566,7 +2580,7 @@ _in6_pcbinshash_wild(struct inpcbhead *pcbhash, struct inpcb *inp)
 	injail = in_pcbjailed(inp, PR_IP6);
 	if (!injail) {
 		CK_LIST_FOREACH(last, pcbhash, inp_hash_wild) {
-			if (in_pcbjailed(last, PR_IP6))
+			if (!in_pcbjailed(last, PR_IP6))
 				break;
 			if (CK_LIST_NEXT(last, inp_hash_wild) == NULL) {
 				CK_LIST_INSERT_AFTER(last, inp, inp_hash_wild);