Date: Wed, 1 Feb 2023 22:42:17 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d3336114f7ca - stable/13 - sctp: don't wakeup 1-to-1 listening sockets for data or notifications Message-ID: <202302012242.311MgHJF000701@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=d3336114f7caafee1381134de0b82e5ca74f47cc commit d3336114f7caafee1381134de0b82e5ca74f47cc Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2022-04-16 17:42:27 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2023-02-01 22:41:54 +0000 sctp: don't wakeup 1-to-1 listening sockets for data or notifications Reported by: syzbot+ec9279d306a4ff0215f8@syzkaller.appspotmail.com Reported by: syzbot+31d54f6d486333493dd4@syzkaller.appspotmail.com (cherry picked from commit 3dc57df91e65acf9abfbb437110845f380a8b312) --- sys/netinet/sctp_usrreq.c | 10 ++++------ sys/netinet/sctputil.c | 5 ++++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 1f046fb3189d..5dad0460fea9 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -5074,9 +5074,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } else { sctp_feature_off(inp, SCTP_PCB_FLAGS_STREAM_RESETEVNT); } - SCTP_INP_WUNLOCK(inp); - SCTP_INP_RLOCK(inp); LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { SCTP_TCB_LOCK(stcb); if (events->sctp_association_event) { @@ -5136,10 +5134,10 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, * style sockets. */ if (events->sctp_sender_dry_event) { - if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || - (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { + if (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) != 0) && + !SCTP_IS_LISTENING(inp)) { stcb = LIST_FIRST(&inp->sctp_asoc_list); - if (stcb) { + if (stcb != NULL) { SCTP_TCB_LOCK(stcb); if (TAILQ_EMPTY(&stcb->asoc.send_queue) && TAILQ_EMPTY(&stcb->asoc.sent_queue) && @@ -5150,7 +5148,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } } } - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); break; } case SCTP_ADAPTATION_LAYER: diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index e0ac9e23fc68..d0376f03e8db 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -4836,7 +4836,10 @@ sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, SCTP_UNUSED ) { - if ((inp != NULL) && (inp->sctp_socket != NULL)) { + if ((inp != NULL) && + (inp->sctp_socket != NULL) && + (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) == 0) || + !SCTP_IS_LISTENING(inp))) { sctp_sorwakeup(inp, inp->sctp_socket); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302012242.311MgHJF000701>