The branch main has been updated by tuexen:
URL:
https://cgit.FreeBSD.org/src/commit/?id=121ecca0d82b4a5ccee1a8bb01e50b026a22bb3f
commit 121ecca0d82b4a5ccee1a8bb01e50b026a22bb3f
Author: Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2022-06-27 17:04:45 +0000
Commit: Michael Tuexen <tue...@freebsd.org>
CommitDate: 2022-06-27 17:04:45 +0000
sctp: add KASSERTs to ensure correct handling of listeners
This was suggested by markj@.
MFC after: 3 days
---
sys/netinet/sctp_usrreq.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 90c019ef2afd..285fbcfbf512 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -454,13 +454,10 @@ sctp_abort(struct socket *so)
sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
SCTP_CALLED_AFTER_CMPSET_OFCLOSE);
SOCK_LOCK(so);
+ KASSERT(!SOLISTENING(so),
+ ("sctp_abort: called on listening socket %p", so));
SCTP_SB_CLEAR(so->so_snd);
- /*
- * same for the rcv ones, they are only here for the
- * accounting/select.
- */
SCTP_SB_CLEAR(so->so_rcv);
-
/* Now null out the reference, we are completely detached. */
so->so_pcb = NULL;
SOCK_UNLOCK(so);
@@ -842,14 +839,22 @@ sctp_flush(struct socket *so, int how)
inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_CANT_READ;
SCTP_INP_READ_UNLOCK(inp);
SCTP_INP_WUNLOCK(inp);
+ SOCK_LOCK(so);
+ KASSERT(!SOLISTENING(so),
+ ("sctp_flush: called on listening socket %p", so));
SCTP_SB_CLEAR(so->so_rcv);
+ SOCK_UNLOCK(so);
}
if ((how == PRU_FLUSH_WR) || (how == PRU_FLUSH_RDWR)) {
/*
* First make sure the sb will be happy, we don't use these
* except maybe the count
*/
+ SOCK_LOCK(so);
+ KASSERT(!SOLISTENING(so),
+ ("sctp_flush: called on listening socket %p", so));
SCTP_SB_CLEAR(so->so_snd);
+ SOCK_UNLOCK(so);
}
return (0);
}
