From owner-svn-src-head@freebsd.org  Mon Feb 26 02:43:27 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39B37F21275;
 Mon, 26 Feb 2018 02:43:27 +0000 (UTC)
 (envelope-from pkelsey@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DCB297D31E;
 Mon, 26 Feb 2018 02:43:26 +0000 (UTC)
 (envelope-from pkelsey@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D611D158D9;
 Mon, 26 Feb 2018 02:43:26 +0000 (UTC)
 (envelope-from pkelsey@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1Q2hQEM006228;
 Mon, 26 Feb 2018 02:43:26 GMT (envelope-from pkelsey@FreeBSD.org)
Received: (from pkelsey@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1Q2hQBc006227;
 Mon, 26 Feb 2018 02:43:26 GMT (envelope-from pkelsey@FreeBSD.org)
Message-Id: <201802260243.w1Q2hQBc006227@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pkelsey set sender to
 pkelsey@FreeBSD.org using -f
From: Patrick Kelsey <pkelsey@FreeBSD.org>
Date: Mon, 26 Feb 2018 02:43:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r330000 - head/sys/netinet
X-SVN-Group: head
X-SVN-Commit-Author: pkelsey
X-SVN-Commit-Paths: head/sys/netinet
X-SVN-Commit-Revision: 330000
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 02:43:27 -0000

Author: pkelsey
Date: Mon Feb 26 02:43:26 2018
New Revision: 330000
URL: https://svnweb.freebsd.org/changeset/base/330000

Log:
  Fix harmless locking bug in tfp_fastopen_check_cookie().
  
  The keylist lock was not being acquired early enough.  The only side
  effect of this bug is that the effective add time of a new key could
  be slightly later than it would have been otherwise, as seen by a TFO
  client.
  
  Reviewed by:	tuexen
  MFC after:	1 month
  Sponsored by:	Limelight Networks
  Differential Revision:	https://reviews.freebsd.org/D14046

Modified:
  head/sys/netinet/tcp_fastopen.c

Modified: head/sys/netinet/tcp_fastopen.c
==============================================================================
--- head/sys/netinet/tcp_fastopen.c	Mon Feb 26 02:28:32 2018	(r329999)
+++ head/sys/netinet/tcp_fastopen.c	Mon Feb 26 02:43:26 2018	(r330000)
@@ -313,6 +313,7 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uin
 {
 	struct rm_priotracker tracker;
 	unsigned int i, key_index;
+	int rv;
 	uint64_t cur_cookie;
 
 	if (V_tcp_fastopen_acceptany) {
@@ -320,21 +321,22 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uin
 		return (1);
 	}
 
+	TCP_FASTOPEN_KEYS_RLOCK(&tracker);
 	if (len != TCP_FASTOPEN_COOKIE_LEN) {
 		if (V_tcp_fastopen_numkeys > 0) {
 			*latest_cookie =
 			    tcp_fastopen_make_cookie(
 				V_tcp_fastopen_keys.key[V_tcp_fastopen_keys.newest],
 				inc);
-			return (0);
-		}
- 		return (-1);
+			rv = 0;
+		} else
+			rv = -1;
+		goto out;
 	}
 
 	/*
 	 * Check against each available key, from newest to oldest.
 	 */
-	TCP_FASTOPEN_KEYS_RLOCK(&tracker);
 	key_index = V_tcp_fastopen_keys.newest;
 	for (i = 0; i < V_tcp_fastopen_numkeys; i++) {
 		cur_cookie =
@@ -343,17 +345,19 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uin
 		if (i == 0)
 			*latest_cookie = cur_cookie;
 		if (memcmp(cookie, &cur_cookie, TCP_FASTOPEN_COOKIE_LEN) == 0) {
-			TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
-			return (1);
+			rv = 1;
+			goto out;
 		}
 		if (key_index == 0)
 			key_index = TCP_FASTOPEN_MAX_KEYS - 1;
 		else
 			key_index--;
 	}
-	TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
+	rv = 0;
 
-	return (0);
+out:
+	TCP_FASTOPEN_KEYS_RUNLOCK(&tracker);
+	return (rv);
 }
 
 static int