The branch stable/13 has been updated by thj: URL: https://cgit.FreeBSD.org/src/commit/?id=dc2e12abb22a303aed88c6dd042d652cab8a2bad
commit dc2e12abb22a303aed88c6dd042d652cab8a2bad Author: Claudio Jeker <[email protected]> AuthorDate: 2022-06-23 14:50:47 +0000 Commit: Tom Jones <[email protected]> CommitDate: 2022-07-20 15:24:49 +0000 Unlock inp when handling TCP_MD5SIG socket options Unlock the inp when hanlding TCP_MD5SIG socket options. tcp_ipsec_pcbctl handles locking the inp when the option is being modified. This was found by Claudio Jeker while working on the OpenBGPd port. On 14 we get a panic when trying to call getsockopt, on 13.1 the process locks up using 100% CPU. Reviewed by: rscheff (transport), tuexen MFC after: 3 days Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D35532 (cherry picked from commit 97453e5e7258158042795740f2736cfca972269d) --- sys/netinet/tcp_usrreq.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index d48a09533f5f..4f40fe4d7730 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1968,13 +1968,13 @@ tcp_default_ctloutput(struct socket *so, struct sockopt *sopt, struct inpcb *inp switch (sopt->sopt_name) { #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE) case TCP_MD5SIG: - if (!TCPMD5_ENABLED()) { - INP_WUNLOCK(inp); + INP_WUNLOCK(inp); + if (!TCPMD5_ENABLED()) return (ENOPROTOOPT); - } error = TCPMD5_PCBCTL(inp, sopt); if (error) return (error); + INP_WLOCK_RECHECK(inp); goto unlock_and_done; #endif /* IPSEC */ @@ -2381,10 +2381,9 @@ unlock_and_done: switch (sopt->sopt_name) { #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE) case TCP_MD5SIG: - if (!TCPMD5_ENABLED()) { - INP_WUNLOCK(inp); + INP_WUNLOCK(inp); + if (!TCPMD5_ENABLED()) return (ENOPROTOOPT); - } error = TCPMD5_PCBCTL(inp, sopt); break; #endif
