From 9a06a82455487991e6a71e5ce8e96c5bf3b8df3c Mon Sep 17 00:00:00 2001 From: Gleb Smirnoff <glebius@FreeBSD.org> Date: Tue, 9 Nov 2021 21:22:54 -0800 Subject: [PATCH] tcp_timers: check for (INP_TIMEWAIT | INP_DROPPED) only once All timers keep inpcb locked through their execution. We need to check these flags only once. Checking for INP_TIMEWAIT earlier is is also safer, since such inpcbs point into tcptw rather than tcpcb, and any dereferences of inp_ppcb as tcpcb are erroneous. Reviewed by: rrs, hselasky Differential revision: https://reviews.freebsd.org/D32967 --- sys/netinet/tcp_timer.c | 41 ++++------------------------------------- 1 file changed, 4 insertions(+), 37 deletions(-) diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c index 139e32172531..feea3765821c 100644 --- a/sys/netinet/tcp_timer.c +++ b/sys/netinet/tcp_timer.c @@ -328,7 +328,7 @@ tcp_timer_2msl(void *xtp) return; } callout_deactivate(&tp->t_timers->tt_2msl); - if ((inp->inp_flags & INP_DROPPED) != 0) { + if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { INP_WUNLOCK(inp); CURVNET_RESTORE(); return; @@ -341,26 +341,14 @@ tcp_timer_2msl(void *xtp) * too long delete connection control block. Otherwise, check * again in a bit. * - * If in TIME_WAIT state just ignore as this timeout is handled in - * tcp_tw_2msl_scan(). - * * If fastrecycle of FIN_WAIT_2, in FIN_WAIT_2 and receiver has closed, * there's no point in hanging onto FIN_WAIT_2 socket. Just close it. * Ignore fact that there were recent incoming segments. */ - if ((inp->inp_flags & INP_TIMEWAIT) != 0) { - INP_WUNLOCK(inp); - CURVNET_RESTORE(); - return; - } if (tcp_fast_finwait2_recycle && tp->t_state == TCPS_FIN_WAIT_2 && tp->t_inpcb && tp->t_inpcb->inp_socket && (tp->t_inpcb->inp_socket->so_rcv.sb_state & SBS_CANTRCVMORE)) { TCPSTAT_INC(tcps_finwait2_drops); - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_close(tp); NET_EPOCH_EXIT(et); @@ -371,10 +359,6 @@ tcp_timer_2msl(void *xtp) callout_reset(&tp->t_timers->tt_2msl, TP_KEEPINTVL(tp), tcp_timer_2msl, tp); } else { - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_close(tp); NET_EPOCH_EXIT(et); @@ -419,7 +403,7 @@ tcp_timer_keep(void *xtp) return; } callout_deactivate(&tp->t_timers->tt_keep); - if ((inp->inp_flags & INP_DROPPED) != 0) { + if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { INP_WUNLOCK(inp); CURVNET_RESTORE(); return; @@ -498,10 +482,6 @@ tcp_timer_keep(void *xtp) dropit: TCPSTAT_INC(tcps_keepdrops); - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_drop(tp, ETIMEDOUT); @@ -513,7 +493,6 @@ dropit: TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO); NET_EPOCH_EXIT(et); tcp_inpinfo_lock_del(inp, tp); - out: CURVNET_RESTORE(); } @@ -539,7 +518,7 @@ tcp_timer_persist(void *xtp) return; } callout_deactivate(&tp->t_timers->tt_persist); - if ((inp->inp_flags & INP_DROPPED) != 0) { + if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { INP_WUNLOCK(inp); CURVNET_RESTORE(); return; @@ -562,10 +541,6 @@ tcp_timer_persist(void *xtp) (ticks - tp->t_rcvtime >= tcp_maxpersistidle || ticks - tp->t_rcvtime >= TCP_REXMTVAL(tp) * tcp_totbackoff)) { TCPSTAT_INC(tcps_persistdrop); - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_drop(tp, ETIMEDOUT); NET_EPOCH_EXIT(et); @@ -579,10 +554,6 @@ tcp_timer_persist(void *xtp) if (tp->t_state > TCPS_CLOSE_WAIT && (ticks - tp->t_rcvtime) >= TCPTV_PERSMAX) { TCPSTAT_INC(tcps_persistdrop); - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_drop(tp, ETIMEDOUT); NET_EPOCH_EXIT(et); @@ -630,7 +601,7 @@ tcp_timer_rexmt(void * xtp) return; } callout_deactivate(&tp->t_timers->tt_rexmt); - if ((inp->inp_flags & INP_DROPPED) != 0) { + if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { INP_WUNLOCK(inp); CURVNET_RESTORE(); return; @@ -651,10 +622,6 @@ tcp_timer_rexmt(void * xtp) if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) { tp->t_rxtshift = TCP_MAXRXTSHIFT; TCPSTAT_INC(tcps_timeoutdrop); - if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { - tcp_inpinfo_lock_del(inp, tp); - goto out; - } NET_EPOCH_ENTER(et); tp = tcp_drop(tp, ETIMEDOUT); NET_EPOCH_EXIT(et);