From b8ab6593964db089369158b25ad833c0d007844a Mon Sep 17 00:00:00 2001 From: Gleb Smirnoff Date: Wed, 27 Jun 2018 22:01:59 +0000 Subject: [PATCH] Check the inp_flags under inp lock. Looks like the race was hidden before, the conversion of tcbinfo to CK_LIST have uncovered it. --- sys/netinet/tcp_subr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 8313641ffd28..31ed18496fd0 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2019,9 +2019,11 @@ tcp_drain(void) */ INP_INFO_WLOCK(&V_tcbinfo); CK_LIST_FOREACH(inpb, V_tcbinfo.ipi_listhead, inp_list) { - if (inpb->inp_flags & INP_TIMEWAIT) - continue; INP_WLOCK(inpb); + if (inpb->inp_flags & INP_TIMEWAIT) { + INP_WUNLOCK(inpb); + continue; + } if ((tcpb = intotcpcb(inpb)) != NULL) { tcp_reass_flush(tcpb); tcp_clean_sackreport(tcpb);