On Thu, Dec 3, 2020 at 10:40 PM Kyle Evans wrote:
>
> Author: kevans
> Date: Fri Dec 4 04:39:48 2020
> New Revision: 368326
> URL: https://svnweb.freebsd.org/changeset/base/368326
>
> Log:
> kern: soclose: don't sleep on SO_LINGER w/ timeout=0
>
> This is a valid scenario that's handled in the various protocol layers where
> it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it
> indicates we should immediately drop the connection, it makes little sense
> to sleep on it.
>
> This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this
> could result in the thread hanging until a signal interrupts it if the
> protocol does not mark the socket as disconnected for whatever reason.
>
> Reported by: syzbot+e625d92c1dd74e402...@syzkaller.appspotmail.com
> Reviewed by: glebius, markj
> MFC after:1 week
> Differential Revision:https://reviews.freebsd.org/D27407
>
It occurred to me as I was glancing over the diff one more time
pre-commit that this panic must have been in SCTP, because TCP will
always soisdisconnected() the socket in this case while SCTP will not.
This is arguably a bug in SCTP that should also be fixed, but I
consider the below to still be a valid and better behavior than
wedging a userland process due to a minor oversight like this when the
behavior of so_linger == 0 is pretty well understood.
> Modified:
> head/sys/kern/uipc_socket.c
>
> Modified: head/sys/kern/uipc_socket.c
> ==
> --- head/sys/kern/uipc_socket.c Fri Dec 4 02:37:33 2020(r368325)
> +++ head/sys/kern/uipc_socket.c Fri Dec 4 04:39:48 2020(r368326)
> @@ -1192,7 +1192,8 @@ soclose(struct socket *so)
> goto drop;
> }
> }
> - if (so->so_options & SO_LINGER) {
> +
> + if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) {
> if ((so->so_state & SS_ISDISCONNECTING) &&
> (so->so_state & SS_NBIO))
> goto drop;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
