Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Apr 2023 19:43:42 GMT
From:      Randall Stewart <rrs@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 3cc7b6673280 - main - tcp: stack unloading crash in rack and bbr
Message-ID:  <202304141943.33EJhghd051466@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by rrs:

URL: https://cgit.FreeBSD.org/src/commit/?id=3cc7b66732808a5f7f703f4b887fe6c60a3e7d4e

commit 3cc7b66732808a5f7f703f4b887fe6c60a3e7d4e
Author:     Randall Stewart <rrs@FreeBSD.org>
AuthorDate: 2023-04-14 19:42:23 +0000
Commit:     Randall Stewart <rrs@FreeBSD.org>
CommitDate: 2023-04-14 19:42:23 +0000

    tcp: stack unloading crash in rack and bbr
    
    Its possible to induce a crash in either rack or bbr. This would be done
    if the rack stack were say the default and bbr was being used by a connection.
    If the bbr stack is then unloaded and it was active, we will trigger a MPASS assert
    in tcp_hpts since the new stack (default rack) would start a timer, and the old stack
    (bbr) would have the inp already in hpts.
    
    Reviewed by: tuexen
    Sponsored by: Netflix Inc
    Differential Revision:https://reviews.freebsd.org/D39576
---
 sys/netinet/tcp_stacks/bbr.c  | 3 +++
 sys/netinet/tcp_stacks/rack.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 623b65f2c159..bce17b57205c 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -9854,6 +9854,9 @@ bbr_stop_all_timers(struct tcpcb *tp, struct tcp_bbr *bbr)
 		/* We enter in persists, set the flag appropriately */
 		bbr->rc_in_persist = 1;
 	}
+	if (tcp_in_hpts(bbr->rc_inp)) {
+		tcp_hpts_remove(bbr->rc_inp);
+	}
 }
 
 static void
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index a6a15514ff53..7b97a8e9c5d9 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -8113,6 +8113,9 @@ rack_stop_all_timers(struct tcpcb *tp, struct tcp_rack *rack)
 		/* We enter in persists, set the flag appropriately */
 		rack->rc_in_persist = 1;
 	}
+	if (tcp_in_hpts(rack->rc_inp)) {
+		tcp_hpts_remove(rack->rc_inp);
+	}
 }
 
 static void

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304141943.33EJhghd051466>