From owner-dev-commits-src-main@freebsd.org  Thu May 13 11:39:23 2021
Return-Path: <owner-dev-commits-src-main@freebsd.org>
Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFA0463B964;
 Thu, 13 May 2021 11:39:23 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FgqSW4cRzz4ly2;
 Thu, 13 May 2021 11:39:23 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 90E771DF24;
 Thu, 13 May 2021 11:39:23 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14DBdNdg008351;
 Thu, 13 May 2021 11:39:23 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14DBdNVj008350;
 Thu, 13 May 2021 11:39:23 GMT (envelope-from git)
Date: Thu, 13 May 2021 11:39:23 GMT
Message-Id: <202105131139.14DBdNVj008350@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Randall Stewart <rrs@FreeBSD.org>
Subject: git: 02cffbc2507e - main - tcp: Incorrect KASSERT causes a panic in
 rack
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rrs
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 02cffbc2507e83944b0c29d69d6ddf26c9386d54
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for the main branch of the src repository
 <dev-commits-src-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-main/>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Help: <mailto:dev-commits-src-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 11:39:23 -0000

The branch main has been updated by rrs:

URL: https://cgit.FreeBSD.org/src/commit/?id=02cffbc2507e83944b0c29d69d6ddf26c9386d54

commit 02cffbc2507e83944b0c29d69d6ddf26c9386d54
Author:     Randall Stewart <rrs@FreeBSD.org>
AuthorDate: 2021-05-13 11:36:04 +0000
Commit:     Randall Stewart <rrs@FreeBSD.org>
CommitDate: 2021-05-13 11:36:04 +0000

    tcp: Incorrect KASSERT causes a panic in rack
    
    Skyzall found an interesting panic in rack. When a SYN and FIN are
    both sent together a KASSERT gets tripped where it is validating that
    a mbuf pointer is in the sendmap. But a SYN and FIN often will not
    have a mbuf pointer. So the fix is two fold a) make sure that the
    SYN and FIN split the right way when cloning an RSM SYN on left
    edge and FIN on right. And also make sure the KASSERT properly
    accounts for the case that we have a SYN or FIN so we don't
    panic.
    
    Reviewed by: mtuexen
    Sponsored by: Netflix Inc.
    Differential Revision:  https://reviews.freebsd.org/D30241
---
 sys/netinet/tcp_stacks/rack.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index 115f5f2ee44b..c4f3be02dd29 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -6054,6 +6054,12 @@ rack_clone_rsm(struct tcp_rack *rack, struct rack_sendmap *nrsm,
 	for (idx = 0; idx < nrsm->r_rtr_cnt; idx++) {
 		nrsm->r_tim_lastsent[idx] = rsm->r_tim_lastsent[idx];
 	}
+	/* Now if we have SYN flag we keep it on the left edge */
+	if (nrsm->r_flags & RACK_HAS_SYN)
+		nrsm->r_flags &= ~RACK_HAS_SYN;
+	/* Now if we have a FIN flag we keep it on the right edge */
+	if (nrsm->r_flags & RACK_HAS_FIN)
+		nrsm->r_flags &= ~RACK_HAS_FIN;
 	/*
 	 * Now we need to find nrsm's new location in the mbuf chain
 	 * we basically calculate a new offset, which is soff +
@@ -6061,9 +6067,11 @@ rack_clone_rsm(struct tcp_rack *rack, struct rack_sendmap *nrsm,
 	 * chain to find the righ postion, it may be the same mbuf
 	 * or maybe not.
 	 */
-	KASSERT((rsm->m != NULL),
+	KASSERT(((rsm->m != NULL) ||
+		 (rsm->r_flags & (RACK_HAS_SYN|RACK_HAS_FIN))),
 		("rsm:%p nrsm:%p rack:%p -- rsm->m is NULL?", rsm, nrsm, rack));
-	rack_setup_offset_for_rsm(rsm, nrsm);
+	if (rsm->m)
+		rack_setup_offset_for_rsm(rsm, nrsm);
 }
 
 static struct rack_sendmap *