diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2022-04-16 17:42:27 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2022-04-16 17:42:27 +0000 |
| commit | 3dc57df91e65acf9abfbb437110845f380a8b312 (patch) | |
| tree | bf0e40890c8621c12d04bd7fb4531bb9831d4c63 /sys/netinet | |
| parent | af333da5063c61472e461f683c5e4331da49323c (diff) | |
| download | src-3dc57df91e65acf9abfbb437110845f380a8b312.tar.gz src-3dc57df91e65acf9abfbb437110845f380a8b312.zip | |
sctp: don't wakeup 1-to-1 listening sockets for data or notifications
Reported by: syzbot+ec9279d306a4ff0215f8@syzkaller.appspotmail.com
Reported by: syzbot+31d54f6d486333493dd4@syzkaller.appspotmail.com
MFC after: 3 days
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/sctp_usrreq.c | 10 | ||||
| -rw-r--r-- | sys/netinet/sctputil.c | 5 |
2 files changed, 8 insertions, 7 deletions
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 87fef518b9e8..65341796d197 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -5076,9 +5076,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } else { sctp_feature_off(inp, SCTP_PCB_FLAGS_STREAM_RESETEVNT); } - SCTP_INP_WUNLOCK(inp); - SCTP_INP_RLOCK(inp); LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { SCTP_TCB_LOCK(stcb); if (events->sctp_association_event) { @@ -5138,10 +5136,10 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, * style sockets. */ if (events->sctp_sender_dry_event) { - if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || - (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { + if (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) != 0) && + !SCTP_IS_LISTENING(inp)) { stcb = LIST_FIRST(&inp->sctp_asoc_list); - if (stcb) { + if (stcb != NULL) { SCTP_TCB_LOCK(stcb); if (TAILQ_EMPTY(&stcb->asoc.send_queue) && TAILQ_EMPTY(&stcb->asoc.sent_queue) && @@ -5152,7 +5150,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } } } - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); break; } case SCTP_ADAPTATION_LAYER: diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 7b82a2ce6d86..6c62a083458f 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -4836,7 +4836,10 @@ sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, SCTP_UNUSED ) { - if ((inp != NULL) && (inp->sctp_socket != NULL)) { + if ((inp != NULL) && + (inp->sctp_socket != NULL) && + (((stcb->sctp_ep->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) == 0) || + !SCTP_IS_LISTENING(inp))) { sctp_sorwakeup(inp, inp->sctp_socket); } } |