d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More carefully handle various cases in sysctl_drop(), such as unlocking

Browse Source 
the inpcb when there's an inpcb without associated timewait state, and
not unlocking when the inpcb has been freed.  This avoids a kernel panic
when tcpdrop(8) is run on a socket in the TIMEWAIT state.

MFC after:	3 days
Reported by:	Rako <rako29 at gmail dot com>
This commit is contained in:
Robert Watson 2007-11-24 18:43:59 +00:00
parent 3b6efc61a3
commit 2b19cb1b87
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netinet/tcp_subr.c
View File

@ -2049,12 +2049,16 @@ sysctl_drop(SYSCTL_HANDLER_ARGS)
tw = intotw(inp);
if (tw != NULL)
tcp_twclose(tw, 0);
else
INP_UNLOCK(inp);
} else if (!(inp->inp_vflag & INP_DROPPED) &&
!(inp->inp_socket->so_options & SO_ACCEPTCONN)) {
tp = intotcpcb(inp);
tcp_drop(tp, ECONNABORTED);
}
INP_UNLOCK(inp);
tp = tcp_drop(tp, ECONNABORTED);
if (tp != NULL)
INP_UNLOCK(inp);
} else
INP_UNLOCK(inp);
} else
error = ESRCH;
INP_INFO_WUNLOCK(&tcbinfo);