CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Michael Tuexen <tuexen@FreeBSD.org>
	Sun, 12 Jan 2020 17:52:32 +0000 (17:52 +0000)
committer	Michael Tuexen <tuexen@FreeBSD.org>
	Sun, 12 Jan 2020 17:52:32 +0000 (17:52 +0000)
commit	fe1274ee395845ade2fc2551afbae1784237daa7
tree	082d4116e87fc1556a5d500d361e0000b8e29e8a	tree \| snapshot
parent	c6feea3b8997133f5cc9f10fbcf104729a46b9f0	commit \| diff

Fix race when accepting TCP connections.

When expanding a SYN-cache entry to a socket/inp a two step approach was
taken:
1) The local address was filled in, then the inp was added to the hash
table.
2) The remote address was filled in and the inp was relocated in the
hash table.
Before the epoch changes, a write lock was held when this happens and
the code looking up entries was holding a corresponding read lock.
Since the read lock is gone away after the introduction of the
epochs, the half populated inp was found during lookup.
This resulted in processing TCP segments in the context of the wrong
TCP connection.
This patch changes the above procedure in a way that the inp is fully
populated before inserted into the hash table.

Thanks to Paul <devgs@ukr.net> for reporting the issue on the net@
mailing list and for testing the patch!

Reviewed by: rrs@
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D22971

sys/netinet/in_pcb.c		diff \| blob \| history
sys/netinet/in_pcb.h		diff \| blob \| history
sys/netinet/tcp_syncache.c		diff \| blob \| history
sys/netinet6/in6_pcb.c		diff \| blob \| history
sys/netinet6/in6_pcb.h		diff \| blob \| history