Date: Tue, 12 Jul 2022 16:43:46 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 265154] tcp: syncache_expand() potential race Message-ID: <bug-265154-7501-W3XLLC8Dl0@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-265154-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-265154-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265154 Gleb Smirnoff <glebius@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|net@FreeBSD.org |glebius@FreeBSD.org Status|New |Open --- Comment #4 from Gleb Smirnoff <glebius@FreeBSD.org> --- There are two more problems around this place. 1) There is a problem I recently introduced. If syncache_socket() fails to = do PCB insertion, it will call soabort(). This soabort() will release last reference (that belongs to listen queue) and will go with sofree() of a soc= ket that is still on listening queue. Note that all other non-TCP consumers of sonewconn() do not have this problem, as they just set so_error instead of = call to soabort(). 2) The 6f3caa6d8159 very likely needs to be reverted. With modern synchronization in the network stack (epoch + SMR) it is very likely not an optimization. I think all 3 problems can be nailed with a single patch, that will introdu= ce pr_newconn() to be executed instead of pr_attach() for sonewconn(). It will have slightly different semantic than pr_attach(). I'm going to work on that in August, as today I'm leaving for a vacation. I think all listed problems aren't critical and can be left as as for a few weeks. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265154-7501-W3XLLC8Dl0>