Hi, On 05/05/15 18:15, Julien Charbon wrote: > I was asked if it is possible to MFC r281599 in FreeBSD 10: > > --- > Fix an old and well-documented use-after-free race condition in > TCP timers: > - Add a reference from tcpcb to its inpcb > - Defer tcpcb deletion until TCP timers have finished > --- > https://svnweb.freebsd.org/base?view=revision&revision=281599 > > First, I thought it was no possible as it touches struct > tcp_timer/struct tcpcb_mem. Second, John pointed me that these two > structures are used only internally. The only side effect I was able to > find is the increase of struct tcpcb_mem size: > > - stable/10: struct tcpcb_mem size is 1024 bytes > - stable/10 + tcp timer change: struct tcpcb_mem size is 1032 bytes > - currently in head: struct tcpcb_mem size is 1048 bytes > > If you have extra concerns on MFC-ing this change please scream. > Without nice yelps I plan to "MFC after: 1 month" (around May 16th).
Following the lack of screamed concerns, here the MFC-ing result in stable/10 of the old and well-documented use-after-free TCP timer race condition fix: https://svnweb.freebsd.org/base?view=revision&revision=282964 Thanks again John for your inputs about the feasibility of this MFC. -- Julien
signature.asc
Description: OpenPGP digital signature
