fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl()

IPSEC_PCBCTL() functions, which include tcp_ipsec_pcbctl(), ipsec4_pcbctl(), and ipsec6_pcbctl(), should all have matching locking semantics. ipsec4_pcbctl() and ipsec6_pcbctl() expect the inp to be unlocked on entry and exit and appear to be correctly implemented as such. But tcp_ipsec_pcbctl() had other semantics. This patch fixes the semantics for tcp_ipsec_pcbctl(). Submitted by: Jason Eggleston <jason@eggnet.com> MFH: 2 weeks Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D14623
2018-07-04 17:10:07 +00:00 · 2018-07-04 17:10:07 +00:00 · 968ac175e4
commit 968ac175e4
parent 6cad1a5d14
1 changed files with 9 additions and 7 deletions
--- a/sys/netipsec/xform_tcp.c
+++ b/sys/netipsec/xform_tcp.c
@ -80,23 +80,24 @@ tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
 	struct tcpcb *tp;
 	int error, optval;

-	INP_WLOCK_ASSERT(inp);
 	if (sopt->sopt_name != TCP_MD5SIG) {
-		INP_WUNLOCK(inp);
 		return (ENOPROTOOPT);
 	}

-	tp = intotcpcb(inp);
 	if (sopt->sopt_dir == SOPT_GET) {
+		INP_RLOCK(inp);
+		if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
+			INP_RUNLOCK(inp);
+			return (ECONNRESET);
+		}
+		tp = intotcpcb(inp);
 		optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
-		INP_WUNLOCK(inp);
+		INP_RUNLOCK(inp);

 		/* On success return with released INP_WLOCK */
 		return (sooptcopyout(sopt, &optval, sizeof(optval)));
 	}

-	INP_WUNLOCK(inp);
-
 	error = sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval));
 	if (error != 0)
 		return (error);
@ -107,12 +108,13 @@ tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
 		INP_WUNLOCK(inp);
 		return (ECONNRESET);
 	}
+	tp = intotcpcb(inp);
 	if (optval > 0)
 		tp->t_flags |= TF_SIGNATURE;
 	else
 		tp->t_flags &= ~TF_SIGNATURE;

-	/* On success return with acquired INP_WLOCK */
+	INP_WUNLOCK(inp);
 	return (error);
 }