From owner-svn-src-all@freebsd.org Fri Dec 4 04:48:08 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C3680472D4A for ; Fri, 4 Dec 2020 04:48:08 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CnKvr3BGfz3lSl for ; Fri, 4 Dec 2020 04:48:08 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 551836447 for ; Fri, 4 Dec 2020 04:48:08 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qt1-f169.google.com with SMTP id b9so3183582qtr.2 for ; Thu, 03 Dec 2020 20:48:08 -0800 (PST) X-Gm-Message-State: AOAM530DwZL8Px62H892fRSTKbzELBcnUnh060h3Nk8Ob5/OWQmoJJdS 3UJ12pYiqpx2kdPeROZZ5kkNPv8bWZWz54Qfyyw= X-Received: by 2002:ac8:4897:: with SMTP id i23mt7394848qtq.211.1607057287856; Thu, 03 Dec 2020 20:48:07 -0800 (PST) MIME-Version: 1.0 References: <202012040439.0B44dmxp043739@repo.freebsd.org> In-Reply-To: <202012040439.0B44dmxp043739@repo.freebsd.org> From: Kyle Evans Date: Thu, 3 Dec 2020 22:47:56 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r368326 - head/sys/kern Cc: src-committers , svn-src-all , svn-src-head , Michael Tuexen Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2020 04:48:08 -0000 On Thu, Dec 3, 2020 at 10:40 PM Kyle Evans wrote: > > Author: kevans > Date: Fri Dec 4 04:39:48 2020 > New Revision: 368326 > URL: https://svnweb.freebsd.org/changeset/base/368326 > > Log: > kern: soclose: don't sleep on SO_LINGER w/ timeout=0 > > This is a valid scenario that's handled in the various protocol layers where > it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it > indicates we should immediately drop the connection, it makes little sense > to sleep on it. > > This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this > could result in the thread hanging until a signal interrupts it if the > protocol does not mark the socket as disconnected for whatever reason. > > Reported by: syzbot+e625d92c1dd74e402c81@syzkaller.appspotmail.com > Reviewed by: glebius, markj > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D27407 > It occurred to me as I was glancing over the diff one more time pre-commit that this panic must have been in SCTP, because TCP will always soisdisconnected() the socket in this case while SCTP will not. This is arguably a bug in SCTP that should also be fixed, but I consider the below to still be a valid and better behavior than wedging a userland process due to a minor oversight like this when the behavior of so_linger == 0 is pretty well understood. > Modified: > head/sys/kern/uipc_socket.c > > Modified: head/sys/kern/uipc_socket.c > ============================================================================== > --- head/sys/kern/uipc_socket.c Fri Dec 4 02:37:33 2020 (r368325) > +++ head/sys/kern/uipc_socket.c Fri Dec 4 04:39:48 2020 (r368326) > @@ -1192,7 +1192,8 @@ soclose(struct socket *so) > goto drop; > } > } > - if (so->so_options & SO_LINGER) { > + > + if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) { > if ((so->so_state & SS_ISDISCONNECTING) && > (so->so_state & SS_NBIO)) > goto drop;