From 490a0f77de77321859eeeecc807f9cc7bb41dbcc Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Wed, 27 Apr 2022 16:07:31 +0200 Subject: [PATCH] sctp: improve locking While there, do some cleanup. Reported by: syzbot+f475e054c454310bc26d@syzkaller.appspotmail.com MFC after: 3 day --- sys/netinet/sctputil.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index cff19a48a3c..8451ed5e200 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -4870,8 +4870,9 @@ sctp_add_to_readq(struct sctp_inpcb *inp, #endif return; } - if (inp_read_lock_held == 0) + if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) { SCTP_INP_READ_LOCK(inp); + } if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { if (!control->on_strm_q) { sctp_free_remote_addr(control->whoFrom); @@ -4881,8 +4882,9 @@ sctp_add_to_readq(struct sctp_inpcb *inp, } sctp_free_a_readq(stcb, control); } - if (inp_read_lock_held == 0) + if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) { SCTP_INP_READ_UNLOCK(inp); + } return; } if (!(control->spec_flags & M_NOTIFICATION)) { @@ -4894,7 +4896,7 @@ sctp_add_to_readq(struct sctp_inpcb *inp, m = control->data; control->held_length = 0; control->length = 0; - while (m) { + while (m != NULL) { if (SCTP_BUF_LEN(m) == 0) { /* Skip mbufs with NO length */ if (prev == NULL) { @@ -4938,11 +4940,12 @@ sctp_add_to_readq(struct sctp_inpcb *inp, } TAILQ_INSERT_TAIL(&inp->read_queue, control, next); control->on_read_q = 1; - if (inp_read_lock_held == 0) - SCTP_INP_READ_UNLOCK(inp); - if (inp && inp->sctp_socket) { + if ((inp != NULL) && (inp->sctp_socket != NULL)) { sctp_wakeup_the_read_socket(inp, stcb, so_locked); } + if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) { + SCTP_INP_READ_UNLOCK(inp); + } } /*************HOLD THIS COMMENT FOR PATCH FILE OF -- 2.45.2