| #
338985 |
|
27-Sep-2018 |
gordon |
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
fields during a syscall, but don't restore those fields if the operation
fails. This can leave the inp structure in an inconsistent state and cause
various problems.
Restore the inp_vflag and inp_inc.inc_flags fields when the underlying
operation fails and the inp could be in an inconsistent state.
This is a direct commit to the branch as the code is different enough in
the other branches to make it difficult to resolve a merge.
Submitted by: jtl@
Reported by: Jakub Jirasek, Secunia Research at Flexera
Reviewed by: jhb@
Approved by: so
Security: FreeBSD-EN-18:11.listen
Security: CVE-2018-6925
|
| #
309108 |
|
24-Nov-2016 |
jch |
MFC r286227, r286443:
r286227:
Decompose TCP INP_INFO lock to increase short-lived TCP connections scalability:
- The existing TCP INP_INFO lock continues to protect the global inpcb list
stability during full list traversal (e.g. tcp_pcblist()).
- A new INP_LIST lock protects inpcb list actual modifications (inp allocation
and free) and inpcb global counters.
It allows to use TCP INP_INFO_RLOCK lock in critical paths (e.g. tcp_input())
and INP_INFO_WLOCK only in occasional operations that walk all connections.
PR: 183659
Differential Revision: https://reviews.freebsd.org/D2599
Reviewed by: jhb, adrian
Tested by: adrian, nitroboost-gmail.com
Sponsored by: Verisign, Inc.
r286443:
Fix a kernel assertion issue introduced with r286227:
Avoid too strict INP_INFO_RLOCK_ASSERT checks due to
tcp_notify() being called from in6_pcbnotify().
Reported by: Larry Rosenman <ler@lerctr.org>
Submitted by: markj, jch
|
| #
307906 |
|
25-Oct-2016 |
jch |
MFC r307551:
Fix a double-free when an inp transitions to INP_TIMEWAIT state
after having been dropped.
This change enforces in_pcbdrop() logic in tcp_input():
"in_pcbdrop() is used by TCP to mark an inpcb as unused and avoid future packet
delivery or event notification when a socket remains open but TCP has closed."
PR: 203175
Reported by: Palle Girgensohn, Slawa Olhovchenkov
Tested by: Slawa Olhovchenkov
Reviewed by: Slawa Olhovchenkov
Approved by: gnn, Slawa Olhovchenkov
Differential Revision: https://reviews.freebsd.org/D8211
Sponsored by: Verisign, inc
|
| #
303365 |
|
27-Jul-2016 |
jch |
MFC r273014:
A connection in TIME_WAIT state before calling close() actually did not
received any RST packet. Do not set error to ECONNRESET in this case.
Differential Revision: https://reviews.freebsd.org/D879
Reviewed by: rpaulo, adrian
Approved by: jhb (mentor)
Sponsored by: Verisign, Inc.
|
| #
302995 |
|
18-Jul-2016 |
jch |
MFC r261242:
Decrease lock contention within the TCP accept case by removing
the INP_INFO lock from tcp_usr_accept. As the PR/patch states
this was following the advice already in the code.
See the PR below for a full discussion of this change and its
measured effects.
PR: 183659
Submitted by: Julien Charbon
Reviewed by: jhb
|
| #
292823 |
|
28-Dec-2015 |
pkelsey |
MFC r292706:
Implementation of server-side TCP Fast Open (TFO) [RFC7413].
TFO is disabled by default in the kernel build. See the top comment
in sys/netinet/tcp_fastopen.c for implementation particulars.
Differential Revision: https://reviews.freebsd.org/D4350
Sponsored by: Verisign, Inc.
|
| #
288509 |
|
02-Oct-2015 |
hiren |
MFC r287830
Remove unnecessary tcp state transition call.
|
| #
282968 |
|
15-May-2015 |
jch |
MFC r279821:
In TCP, connect() can return incorrect error code EINVAL
instead of EADDRINUSE or ECONNREFUSED
PR: 196035
Differential Revision: https://reviews.freebsd.org/D1982
Reported by: Mark Nunberg <mnunberg@haskalah.org>
Submitted by: Harrison Grundy <harrison.grundy@astrodoggroup.com>
Reviewed by: adrian, jch, glebius, gnn
Approved by: jhb
|
| #
275402 |
|
02-Dec-2014 |
jch |
MFC r264321, r264342, r264351, r264356, r273850, r274629:
Currently, the TCP slow timer can starve TCP input processing while it
walks the list of connections in TIME_WAIT closing expired connections
due to contention on the global TCP pcbinfo lock.
To remediate, introduce a new global lock to protect the list of
connections in TIME_WAIT. Only acquire the TCP pcbinfo lock when
closing an expired connection. This limits the window of time when
TCP input processing is stopped to the amount of time needed to close
a single connection.
Approved by: jhb (mentor)
|
| #
261017 |
|
22-Jan-2014 |
glebius |
Merge r257846:
Make TCP_KEEP* socket options readable. At least PostgreSQL wants
to read the values.
|
| #
288509 |
|
02-Oct-2015 |
hiren |
MFC r287830
Remove unnecessary tcp state transition call.
|
| #
282968 |
|
15-May-2015 |
jch |
MFC r279821:
In TCP, connect() can return incorrect error code EINVAL
instead of EADDRINUSE or ECONNREFUSED
PR: 196035
Differential Revision: https://reviews.freebsd.org/D1982
Reported by: Mark Nunberg <mnunberg@haskalah.org>
Submitted by: Harrison Grundy <harrison.grundy@astrodoggroup.com>
Reviewed by: adrian, jch, glebius, gnn
Approved by: jhb
|
| #
275402 |
|
02-Dec-2014 |
jch |
MFC r264321, r264342, r264351, r264356, r273850, r274629:
Currently, the TCP slow timer can starve TCP input processing while it
walks the list of connections in TIME_WAIT closing expired connections
due to contention on the global TCP pcbinfo lock.
To remediate, introduce a new global lock to protect the list of
connections in TIME_WAIT. Only acquire the TCP pcbinfo lock when
closing an expired connection. This limits the window of time when
TCP input processing is stopped to the amount of time needed to close
a single connection.
Approved by: jhb (mentor)
|
| #
261017 |
|
22-Jan-2014 |
glebius |
Merge r257846:
Make TCP_KEEP* socket options readable. At least PostgreSQL wants
to read the values.
|