From nobody Tue Mar 29 14:35:04 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 417E01A47CB3; Tue, 29 Mar 2022 14:35:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSXCY1NBjz3N4N; Tue, 29 Mar 2022 14:35:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648564505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D+yzSE9evg+zrkiemleTIBUCTHqNNsz0pApEqxGXPuQ=; b=Mtnhf/jNqXH9/WZJEJEhleNN5JPbkcmAXTGaqn0rK1o/QH9tCoH6nuSKBQZdwsvKcC6GK6 kHUUuLFyWL0UQApyFyONA4/46KBeCp8tfbJOoI44YFu7U1VFTi62h4/sgXycWeQmWiq1QA dTQsUUJOD7IN7NhwjYZS6Uj+bbxJLE94R2r74WdghsiidzWKtPdCZH5rr/jI3pcC4tOPDl QGcMUkOFeH/3rfLKMyu4934zlAxW/8+kXs1RIeDLGNepv1fePGbg2iR3ncV2Bgy8yju4CO S5AWdZetWkqjxuqhYV0GOq2Yk9krmC+X4GZCNEpBjiOhY4eKIIWuleVtk5hs4Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0F14A20532; Tue, 29 Mar 2022 14:35:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22TEZ4bd063021; Tue, 29 Mar 2022 14:35:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22TEZ4QX063020; Tue, 29 Mar 2022 14:35:04 GMT (envelope-from git) Date: Tue, 29 Mar 2022 14:35:04 GMT Message-Id: <202203291435.22TEZ4QX063020@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: 5d0c76c7302b - main - sctp: don't lock an already locked stcb. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5d0c76c7302bad0cd0a9f83a30e11d70141adf37 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648564505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D+yzSE9evg+zrkiemleTIBUCTHqNNsz0pApEqxGXPuQ=; b=Kk37s88sUSrSnJ/rBz6LNxWMMZfQcgzJJH9eRPNQNrdS6q9xBkId3cfO9A4PtbusV2K0SI yssZotQ4J5llSUbkc9AxivJfK4s0jYota08bI67oLmjx49hCWLAl4yK0QWX5v40QNiAyne 2bl+OCuMM0VVJXhFhRBOqVXv6rjo5/tteO1uvNdQqNDrK6yk6uu9gVRAfnw45ZOIgGh0Hq NAKpP/Hcmj03J6Jk78WgsWImMD35P4J2Vs1EAuRtVjAhdbJKktfjg6cEOSdBt5boMQoTeQ q3RkBYlpB9KYGWGgpHYmAQ2MMWR7EmKYE5FSqjOdGbd0ufX0asjnxPAoQvW8Cw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648564505; a=rsa-sha256; cv=none; b=K0EZ0TRsBySW/3rvZb1hR8fvUGnJGMpuUiesA2awBbJMAKTRQiNuhjrduizy0q/gTwG3sD xgtCARS3xF7YGRomBystoZwiJjY5hOmhRBhmeWl+5+dPy/Us8Jf9vn1zTkMV48dMCRDa2e Fcdxi1SlHUtQBKHfV35761RIMzbVCgRRozP5XPrCl4o8bNS0lzp7pHf+yxY6Yai/01FwgL P7gJH+ATKuo3AzgcnEcaiAAu85zErLWcn7vWLjwpGCPtH+fi8YksBVHtEst9qzdFuPL9Zg jqB+1va9wcOEr92Sd8v/0+Q8mD8jHHkmb9bzuO/ygn0cqXAmk21Vw+yxDg8yJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=5d0c76c7302bad0cd0a9f83a30e11d70141adf37 commit 5d0c76c7302bad0cd0a9f83a30e11d70141adf37 Author: Michael Tuexen AuthorDate: 2022-03-29 14:33:53 +0000 Commit: Michael Tuexen CommitDate: 2022-03-29 14:33:53 +0000 sctp: don't lock an already locked stcb. Reported by: syzbot+e8dca84da3b4b82f4400@syzkaller.appspotmail.com MFC after: 3 days --- sys/netinet/sctp_output.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 2bc6ec9628cc..698025477c69 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -13376,22 +13376,25 @@ skip_preblock: } SOCKBUF_UNLOCK(&so->so_snd); - SCTP_TCB_LOCK(stcb); - hold_tcblock = true; - stcb->block_entry = NULL; - if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) || - (asoc->state & SCTP_STATE_WAS_ABORTED)) { - if (asoc->state & SCTP_STATE_WAS_ABORTED) { - /* - * XXX: Could also be ECONNABORTED, - * not enough info. - */ - error = ECONNRESET; - } else { - error = ENOTCONN; + if (!hold_tcblock) { + SCTP_TCB_LOCK(stcb); + hold_tcblock = true; + if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) || + (asoc->state & SCTP_STATE_WAS_ABORTED)) { + if (asoc->state & SCTP_STATE_WAS_ABORTED) { + /* + * XXX: Could also be + * ECONNABORTED, not enough + * info. + */ + error = ECONNRESET; + } else { + error = ENOTCONN; + } + goto out; } - goto out; } + stcb->block_entry = NULL; if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, asoc, asoc->total_output_queue_size);