The branch main has been updated by glebius:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0809d26de24defdc4a2ae161357566c02dc163d1
commit 0809d26de24defdc4a2ae161357566c02dc163d1
Author: Gleb Smirnoff <gleb...@freebsd.org>
AuthorDate: 2025-06-17 15:50:23 +0000
Commit: Gleb Smirnoff <gleb...@freebsd.org>
CommitDate: 2025-06-17 15:50:23 +0000
tcp: unlock before syncookie_expand()
The function doesn't need a lock on sch. It uses the pointer as value for
the SipHash calculation.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D50898
---
sys/netinet/tcp_syncache.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index f7dfed78b0eb..24ef871c953a 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1112,14 +1112,13 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt
*to, struct tcphdr *th,
s, __func__);
goto failed;
}
+ if (locked)
+ SCH_UNLOCK(sch);
bzero(&scs, sizeof(scs));
if (syncookie_expand(inc, sch, &scs, th, to, *lsop, port)) {
sc = &scs;
TCPSTAT_INC(tcps_sc_recvcookie);
- }
- if (locked)
- SCH_UNLOCK(sch);
- if (sc == NULL) {
+ } else {
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: Segment failed "
"SYNCOOKIE authentication, segment rejected
"
