The branch main has been updated by rrs:
URL:
https://cgit.FreeBSD.org/src/commit/?id=37229fed38c68b26a497f4fb189d4b8e35346232
commit 37229fed38c68b26a497f4fb189d4b8e35346232
Author: Randall Stewart <r...@freebsd.org>
AuthorDate: 2023-04-17 17:52:00 +0000
Commit: Randall Stewart <r...@freebsd.org>
CommitDate: 2023-04-17 17:52:00 +0000
tcp: Blackbox logging and tcp accounting together can cause a crash.
If you currently turn BB logging on and in combination have TCP Accounting
on we can get a
crash where we have no NULL check and we run out of memory. Also lets make
sure we
don't do a divide by 0 in calculating any BB ratios.
Reviewed by: tuexen
Sponsored by: Netflix Inc
Differential Revision:https://reviews.freebsd.org/D39622
---
sys/netinet/tcp_log_buf.c | 38 ++++++++++++++++++++++----------------
1 file changed, 22 insertions(+), 16 deletions(-)
diff --git a/sys/netinet/tcp_log_buf.c b/sys/netinet/tcp_log_buf.c
index 5a16c7593cfc..c533f8329fbe 100644
--- a/sys/netinet/tcp_log_buf.c
+++ b/sys/netinet/tcp_log_buf.c
@@ -554,7 +554,10 @@ tcp_log_apply_ratio(struct tcpcb *tp, int ratio)
INP_WUNLOCK(inp);
return (EOPNOTSUPP);
}
- ratio_hash_thresh = max(1, UINT32_MAX / ratio);
+ if (ratio)
+ ratio_hash_thresh = max(1, UINT32_MAX / ratio);
+ else
+ ratio_hash_thresh = 0;
TCPID_BUCKET_REF(tlb);
INP_WUNLOCK(inp);
TCPID_BUCKET_LOCK(tlb);
@@ -1438,30 +1441,33 @@ tcp_log_tcpcbfini(struct tcpcb *tp)
memset(&log, 0, sizeof(log));
if (tp->t_flags2 & TF2_TCP_ACCOUNTING) {
- for (i = 0; i<TCP_NUM_CNT_COUNTERS; i++) {
+ for (i = 0; i < TCP_NUM_CNT_COUNTERS; i++) {
log.u_raw.u64_flex[i] = tp->tcp_cnt_counters[i];
}
lgb = tcp_log_event(tp, NULL,
- NULL,
- NULL,
- TCP_LOG_ACCOUNTING, 0,
- 0, &log, false, NULL, NULL, 0,
&tv);
- lgb->tlb_flex1 = TCP_NUM_CNT_COUNTERS;
- lgb->tlb_flex2 = 1;
+ NULL,
+ NULL,
+ TCP_LOG_ACCOUNTING, 0,
+ 0, &log, false, NULL, NULL, 0, &tv);
+ if (lgb != NULL) {
+ lgb->tlb_flex1 = TCP_NUM_CNT_COUNTERS;
+ lgb->tlb_flex2 = 1;
+ } else
+ goto skip_out;
for (i = 0; i<TCP_NUM_CNT_COUNTERS; i++) {
log.u_raw.u64_flex[i] = tp->tcp_proc_time[i];
}
lgb = tcp_log_event(tp, NULL,
- NULL,
- NULL,
- TCP_LOG_ACCOUNTING, 0,
- 0, &log, false, NULL, NULL, 0,
&tv);
- if (tptoinpcb(tp)->inp_flags2 & INP_MBUF_ACKCMP)
+ NULL,
+ NULL,
+ TCP_LOG_ACCOUNTING, 0,
+ 0, &log, false, NULL, NULL, 0, &tv);
+ if (lgb != NULL) {
lgb->tlb_flex1 = TCP_NUM_CNT_COUNTERS;
- else
- lgb->tlb_flex1 = TCP_NUM_PROC_COUNTERS;
- lgb->tlb_flex2 = 2;
+ lgb->tlb_flex2 = 2;
+ }
}
+skip_out:
log.u_bbr.timeStamp = tcp_get_usecs(&tv);
log.u_bbr.cur_del_rate = tp->t_end_info;
TCP_LOG_EVENTP(tp, NULL,
