The branch main has been updated by jtl: URL: https://cgit.FreeBSD.org/src/commit/?id=ad38f6a0b466bf05a0d40ce1daa8c7bce0936271
commit ad38f6a0b466bf05a0d40ce1daa8c7bce0936271 Author: Jonathan T. Looney <[email protected]> AuthorDate: 2025-10-02 17:26:03 +0000 Commit: Jonathan T. Looney <[email protected]> CommitDate: 2025-10-02 20:07:50 +0000 tcp: close two minor races with debug messages The syncache entry is locked by the hash bucket lock. After running SCH_UNLOCK(), we have no guarantee that the syncache entry still exists. Resolve the race by moving SCH_UNLOCK() after the log() call which reads variables from the syncache entry. Reviewed by: rrs, tuexen, Nick Banks Sponsored by: Netflix MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52868 --- sys/netinet/tcp_syncache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 7f842512858d..def6bc886617 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1201,7 +1201,6 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, */ if (sc->sc_flags & SCF_TIMESTAMP && to->to_flags & TOF_TS && TSTMP_LT(to->to_tsval, sc->sc_tsreflect)) { - SCH_UNLOCK(sch); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { log(LOG_DEBUG, "%s; %s: SEG.TSval %u < TS.Recent %u, " @@ -1209,6 +1208,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, to->to_tsval, sc->sc_tsreflect); free(s, M_TCPLOG); } + SCH_UNLOCK(sch); return (-1); /* Do not send RST */ } @@ -1280,11 +1280,11 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, * SEG.ACK must match our initial send sequence number + 1. */ if (th->th_ack != sc->sc_iss + 1) { - SCH_UNLOCK(sch); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, " "segment rejected\n", s, __func__, th->th_ack, sc->sc_iss + 1); + SCH_UNLOCK(sch); goto failed; }
