From 798caa2ee5b5ede4eba0ac13c2ad70d79acedcb8 Mon Sep 17 00:00:00 2001 From: Patrick Kelsey Date: Mon, 26 Feb 2018 02:43:26 +0000 Subject: [PATCH] Fix harmless locking bug in tfp_fastopen_check_cookie(). The keylist lock was not being acquired early enough. The only side effect of this bug is that the effective add time of a new key could be slightly later than it would have been otherwise, as seen by a TFO client. Reviewed by: tuexen MFC after: 1 month Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D14046 --- sys/netinet/tcp_fastopen.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/sys/netinet/tcp_fastopen.c b/sys/netinet/tcp_fastopen.c index 561f127c0765..d0bed094ec12 100644 --- a/sys/netinet/tcp_fastopen.c +++ b/sys/netinet/tcp_fastopen.c @@ -313,6 +313,7 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie, { struct rm_priotracker tracker; unsigned int i, key_index; + int rv; uint64_t cur_cookie; if (V_tcp_fastopen_acceptany) { @@ -320,21 +321,22 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie, return (1); } + TCP_FASTOPEN_KEYS_RLOCK(&tracker); if (len != TCP_FASTOPEN_COOKIE_LEN) { if (V_tcp_fastopen_numkeys > 0) { *latest_cookie = tcp_fastopen_make_cookie( V_tcp_fastopen_keys.key[V_tcp_fastopen_keys.newest], inc); - return (0); - } - return (-1); + rv = 0; + } else + rv = -1; + goto out; } /* * Check against each available key, from newest to oldest. */ - TCP_FASTOPEN_KEYS_RLOCK(&tracker); key_index = V_tcp_fastopen_keys.newest; for (i = 0; i < V_tcp_fastopen_numkeys; i++) { cur_cookie = @@ -343,17 +345,19 @@ tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie, if (i == 0) *latest_cookie = cur_cookie; if (memcmp(cookie, &cur_cookie, TCP_FASTOPEN_COOKIE_LEN) == 0) { - TCP_FASTOPEN_KEYS_RUNLOCK(&tracker); - return (1); + rv = 1; + goto out; } if (key_index == 0) key_index = TCP_FASTOPEN_MAX_KEYS - 1; else key_index--; } - TCP_FASTOPEN_KEYS_RUNLOCK(&tracker); + rv = 0; - return (0); +out: + TCP_FASTOPEN_KEYS_RUNLOCK(&tracker); + return (rv); } static int