From owner-freebsd-net@FreeBSD.ORG Fri May 15 12:40:14 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF0CB38A for ; Fri, 15 May 2015 12:40:13 +0000 (UTC) Received: from mail-qg0-f103.google.com (mail-qg0-f103.google.com [209.85.192.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 97DDF1617 for ; Fri, 15 May 2015 12:40:13 +0000 (UTC) Received: by qgdz60 with SMTP id z60so3870130qgd.0 for ; Fri, 15 May 2015 05:40:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=n+ffum7CEDCMdXktS912nY29vUOYOgbl0yUWM8ylwj8=; b=SoC0gBaDcoQLA2jsxtK0AuLMMPQzHvbLE5DbfLGkfmW+mPYlIAcW8YJcH6waGUWQ0r lpub2dFp5s6TmDvgwj423l8Y3C48BqMA2cE2BdBBe5JmBnHm0bJtToMkg/3RYlUi0fdN IDr3pV78ciFNW2laKDYJsjaqQCrb//NbR2Ais79NG3CsNYTofOgQ4gBlclwVqHtnYwge CmFHuzO06HNDuOQWJ8gCbanUVZ3mp2+0/al8/aovz02edr/5f+QMGXPvvrJqVceL/Iu2 Yx/DOj3fMJ/8ssVbLEh3FDFD7BgKwjw6+ssw9rL/0KEsmSByTKnVct/tBIgHQkLfn8S8 +yUw== X-Gm-Message-State: ALoCoQmA7r+q+gKmZ9rW1hjDlqbEiJF1A25JU4V9HYOhRyYHWCzLNs97jru5EkcVpEAzvbQdvDpsYCg3PYU0mTtSFM54Jhm5Bw== X-Received: by 10.140.150.216 with SMTP id 207mr8162272qhw.10.1431692133169; Fri, 15 May 2015 05:15:33 -0700 (PDT) Received: from brn1lxmailout01.verisign.com (brn1lxmailout01.verisign.com. [72.13.63.41]) by mx.google.com with ESMTPS id q6sm356640qck.4.2015.05.15.05.15.31 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 15 May 2015 05:15:33 -0700 (PDT) X-Relaying-Domain: verisign.com Received: from DUL1WNSMTP01.vcorp.ad.vrsn.com (dul1mail.vrsn.com [10.170.12.113] (may be forged)) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id t4FCFVD5003067; Fri, 15 May 2015 08:15:31 -0400 Received: from FRI2JCHARBON-M1.local ([10.100.64.7]) by DUL1WNSMTP01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(7.5.7601.17514); Fri, 15 May 2015 08:15:31 -0400 Message-ID: <5555E356.8080000@freebsd.org> Date: Fri, 15 May 2015 14:15:18 +0200 From: Julien Charbon User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org CC: John Baldwin , Jason Wolfe , hiren panchasara , Sean Chittenden Subject: Re: MFC-ing TCP timer race condition fix References: <5548BB20.2020700@freebsd.org> <5548EC8F.3010103@freebsd.org> In-Reply-To: <5548EC8F.3010103@freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IROhIHgoWGxkvqmSgFJR7OwaQNC1KfHCf" X-OriginalArrivalTime: 15 May 2015 12:15:31.0199 (UTC) FILETIME=[D65290F0:01D08F08] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2015 12:40:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IROhIHgoWGxkvqmSgFJR7OwaQNC1KfHCf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, On 05/05/15 18:15, Julien Charbon wrote: > I was asked if it is possible to MFC r281599 in FreeBSD 10: >=20 > --- > Fix an old and well-documented use-after-free race condition in > TCP timers: > - Add a reference from tcpcb to its inpcb > - Defer tcpcb deletion until TCP timers have finished > --- > https://svnweb.freebsd.org/base?view=3Drevision&revision=3D281599 >=20 > First, I thought it was no possible as it touches struct > tcp_timer/struct tcpcb_mem. Second, John pointed me that these two > structures are used only internally. The only side effect I was able t= o > find is the increase of struct tcpcb_mem size: >=20 > - stable/10: struct tcpcb_mem size is 1024 bytes > - stable/10 + tcp timer change: struct tcpcb_mem size is 1032 bytes > - currently in head: struct tcpcb_mem size is 1048 bytes >=20 > If you have extra concerns on MFC-ing this change please scream. > Without nice yelps I plan to "MFC after: 1 month" (around May 16th). Following the lack of screamed concerns, here the MFC-ing result in stable/10 of the old and well-documented use-after-free TCP timer race condition fix: https://svnweb.freebsd.org/base?view=3Drevision&revision=3D282964 Thanks again John for your inputs about the feasibility of this MFC. -- Julien --IROhIHgoWGxkvqmSgFJR7OwaQNC1KfHCf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJVVeNhAAoJEKVlQ5Je6dhxpKsIAJIfQ5B6a19HSELTMxni/+6Z ElyDwV/62BO1OCUBaXj8WBCfUYF2hHqsWEL0xf12os5uovRqMBrzcC7qtE17lf3S 08LD2r1wje44YhvX1tdhKFw6WAh6c1Zst1kPjy4LiZEZ2xPETeBklXxBYS8Apx2W iJlwONBfcrUkm7INnOQYo6q/Mui9zfDk9JCxk5q3lk2c/dOYCItewWhH41OWKKu1 VuVGMLBOz2hiP3HGCrYrQ0mg46XnpZ+Fr6iR1JeaxpOyYKRb6C/tR/CO3prYD4JJ tkdOlBrfLKr8CmAlPeu2UQViDU48EJuIRZTWKIpi/SXLSq8qhGevt5rk8K2mozk= =QuOG -----END PGP SIGNATURE----- --IROhIHgoWGxkvqmSgFJR7OwaQNC1KfHCf--