The branch main has been updated by tuexen:
URL:
https://cgit.FreeBSD.org/src/commit/?id=5d0c76c7302bad0cd0a9f83a30e11d70141adf37
commit 5d0c76c7302bad0cd0a9f83a30e11d70141adf37
Author: Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2022-03-29 14:33:53 +0000
Commit: Michael Tuexen <tue...@freebsd.org>
CommitDate: 2022-03-29 14:33:53 +0000
sctp: don't lock an already locked stcb.
Reported by: syzbot+e8dca84da3b4b82f4...@syzkaller.appspotmail.com
MFC after: 3 days
---
sys/netinet/sctp_output.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index 2bc6ec9628cc..698025477c69 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -13376,22 +13376,25 @@ skip_preblock:
}
SOCKBUF_UNLOCK(&so->so_snd);
- SCTP_TCB_LOCK(stcb);
- hold_tcblock = true;
- stcb->block_entry = NULL;
- if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
- (asoc->state & SCTP_STATE_WAS_ABORTED)) {
- if (asoc->state & SCTP_STATE_WAS_ABORTED) {
- /*
- * XXX: Could also be ECONNABORTED,
- * not enough info.
- */
- error = ECONNRESET;
- } else {
- error = ENOTCONN;
+ if (!hold_tcblock) {
+ SCTP_TCB_LOCK(stcb);
+ hold_tcblock = true;
+ if ((asoc->state &
SCTP_STATE_ABOUT_TO_BE_FREED) ||
+ (asoc->state & SCTP_STATE_WAS_ABORTED)) {
+ if (asoc->state &
SCTP_STATE_WAS_ABORTED) {
+ /*
+ * XXX: Could also be
+ * ECONNABORTED, not enough
+ * info.
+ */
+ error = ECONNRESET;
+ } else {
+ error = ENOTCONN;
+ }
+ goto out;
}
- goto out;
}
+ stcb->block_entry = NULL;
if (SCTP_BASE_SYSCTL(sctp_logging_level) &
SCTP_BLK_LOGGING_ENABLE) {
sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
asoc, asoc->total_output_queue_size);
