From nobody Tue Jun 17 11:27:59 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bM4Nv4twXz5yCDg;
	Tue, 17 Jun 2025 11:27:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bM4Nv3Sgyz3HXG;
	Tue, 17 Jun 2025 11:27:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750159679;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2B+eFSeJ013LeBqU2V7u1I0bgChNlFTXkJKj/AXwzjw=;
	b=sbaecocyirKUB54xFs3jAcRieDkfs4p4dTvX5ltJLhsnIVaW+SL1BQOmd1ey28KPLmoXA9
	EFaQZITh1Gm3v4BDQgxLKeQrkI65EzfScf+lQXpJAiJA0HN9+yFdHHJccZQyARt0Yem/hi
	SODommjDITvrHAwoRJ6vstxn+z80QAsSrstZOFJG1/28gM2S+YvgxVNQujazzqqzUpoPT7
	sKSHQtf0+qaRpFbslSsUX5l0jjtXX1vDmJ3XKU0dEa2ljH+WLV2HcUGOkUUop7toJT01c2
	DLZm2xFIH3heroOj4EEW15L89MEYoyzpWlRF1wg0UUUhqu2Any2slhU7p+mBzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750159679;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2B+eFSeJ013LeBqU2V7u1I0bgChNlFTXkJKj/AXwzjw=;
	b=ZJBDVS0t3qprC0GllgbozYEcYKDSVBR/sIWljEESbuHF0Y8oRW1t9HHgjHCMEHOje1Swa5
	h3cfoUxqMXKl7exKvvtE2xyDauakYbtgGrcRUT/eHgm8m3l33pQs1PZz3fZnVFu7WcvBZP
	PJlrOSnFSCmBh7nKElULirg+J1a/wuKGUau75Gy09bSmx6tDtUE4/Bl5AoeE43lvjWpOAR
	nYCrRDuNeLpuNTyE+ZTEmay7F4kbshj/a2jMCD0/drFRRO201JU8gDCEa93lTg4Taxzg3k
	3qV19sjyabiL+7RPLIbu+gdbfYCEYdwPOpW/E6qJWY4SyM7MSsbERZwPTJncVA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750159679; a=rsa-sha256; cv=none;
	b=EWiSWUxu6a/179PmvGi0l8iXqsqtDUoPIsuYuiSbg+1ePCy5v6oDvrtFOike1qHn98BCQ7
	EN9vRQQSX7yCPFN3elH7LQMRJCJ5d+5hOL6tav6lQ5rcTaax2O1ESEgCTnq/sSlB/Uoi+6
	7HtiMGp9RTe//kivPj22ZYTaW05AouqFuZt5A+r/+oQD9fMkooia5R5crXRXCi69alANZp
	xlouvTwZj89XEsFO4Sff/Z3m0KVXd7bG0Y4Ae6qNYAsMwUajjls0U0pDurhlQe2h0xXeEg
	MqcwASTAFFM+OphY5/O3Hq/Ovy5p2x4Y9vLidkDFaXD4HHBNyKiARG0q+AtdVQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bM4Nv2bqPzhnB;
	Tue, 17 Jun 2025 11:27:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55HBRxfv032363;
	Tue, 17 Jun 2025 11:27:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55HBRxcV032360;
	Tue, 17 Jun 2025 11:27:59 GMT
	(envelope-from git)
Date: Tue, 17 Jun 2025 11:27:59 GMT
Message-Id: <202506171127.55HBRxcV032360@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: ba3d547967c8 - main - tcp: Fix the SO_REUSEPORT_LB
  check
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ba3d547967c8759d0b974bdac0bda394a3e84312
Auto-Submitted: auto-generated

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=ba3d547967c8759d0b974bdac0bda394a3e84312

commit ba3d547967c8759d0b974bdac0bda394a3e84312
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-06-17 11:22:26 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-06-17 11:22:26 +0000

    tcp: Fix the SO_REUSEPORT_LB check
    
    This needs to happen in tcp_connect() rather than tcp_usr_connect(), as
    the latter is reachable by implied connect() via sendto().
    
    Reviewed by:    glebius
    Reported by:    syzbot+eecc86e6952fd9ba9f11@syzkaller.appspotmail.com
    Fixes:          c7f803c71dae ("inpcb: fix a panic with SO_REUSEPORT_LB + connect(2) misuse")
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D50893
---
 sys/netinet/tcp_usrreq.c                 |  8 ++++++--
 tests/sys/netinet/so_reuseport_lb_test.c | 10 ++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index cd273803dacf..3ea561e63503 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -523,7 +523,7 @@ tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
 	}
 	if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
 		goto out;
-	if (SOLISTENING(so) || so->so_options & SO_REUSEPORT_LB) {
+	if (SOLISTENING(so)) {
 		error = EOPNOTSUPP;
 		goto out;
 	}
@@ -590,7 +590,7 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
 		error = EAFNOSUPPORT;
 		goto out;
 	}
-	if (SOLISTENING(so) || so->so_options & SO_REUSEPORT_LB) {
+	if (SOLISTENING(so)) {
 		error = EOPNOTSUPP;
 		goto out;
 	}
@@ -1478,6 +1478,8 @@ tcp_connect(struct tcpcb *tp, struct sockaddr_in *sin, struct thread *td)
 	    (SS_ISCONNECTING | SS_ISCONNECTED | SS_ISDISCONNECTING |
 	    SS_ISDISCONNECTED)) != 0))
 		return (EISCONN);
+	if (__predict_false((so->so_options & SO_REUSEPORT_LB) != 0))
+		return (EOPNOTSUPP);
 
 	INP_HASH_WLOCK(&V_tcbinfo);
 	error = in_pcbconnect(inp, sin, td->td_ucred);
@@ -1520,6 +1522,8 @@ tcp6_connect(struct tcpcb *tp, struct sockaddr_in6 *sin6, struct thread *td)
 	if (__predict_false((so->so_state &
 	    (SS_ISCONNECTING | SS_ISCONNECTED)) != 0))
 		return (EISCONN);
+	if (__predict_false((so->so_options & SO_REUSEPORT_LB) != 0))
+		return (EOPNOTSUPP);
 
 	INP_HASH_WLOCK(&V_tcbinfo);
 	error = in6_pcbconnect(inp, sin6, td->td_ucred, true);
diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c
index a1b5a3f94f61..fa9d6e425884 100644
--- a/tests/sys/netinet/so_reuseport_lb_test.c
+++ b/tests/sys/netinet/so_reuseport_lb_test.c
@@ -505,6 +505,11 @@ ATF_TC_BODY(connect_not_bound, tc)
 	ATF_REQUIRE_MSG(rv == -1 && errno == EOPNOTSUPP,
 	    "Expected EOPNOTSUPP on connect(2) not met. Got %d, errno %d",
 	    rv, errno);
+	rv = sendto(s, "test", 4, 0, (struct sockaddr *)&sin,
+	    sizeof(sin));
+	ATF_REQUIRE_MSG(rv == -1 && errno == EOPNOTSUPP,
+	    "Expected EOPNOTSUPP on sendto(2) not met. Got %d, errno %d",
+	    rv, errno);
 
 	close(p);
 	close(s);
@@ -536,6 +541,11 @@ ATF_TC_BODY(connect_bound, tc)
 	ATF_REQUIRE_MSG(rv == -1 && errno == EOPNOTSUPP,
 	    "Expected EOPNOTSUPP on connect(2) not met. Got %d, errno %d",
 	    rv, errno);
+	rv = sendto(s, "test", 4, 0, (struct sockaddr *)&sin,
+	    sizeof(sin));
+	ATF_REQUIRE_MSG(rv == -1 && errno == EOPNOTSUPP,
+	    "Expected EOPNOTSUPP on sendto(2) not met. Got %d, errno %d",
+	    rv, errno);
 
 	close(p);
 	close(s);