mirror of
https://review.haiku-os.org/haiku
synced 2025-02-07 06:16:11 +01:00
6cd0211057
This fixes a SEGFAULT in the tcp add-on reported in issue #15952. See that issue for some analysis. The short version is that, when closing a session over the loopback interface, there is a special branch which skips the TIME_WAIT state and instead just releases the socket while handling a RST/ACK segment. If the timing is right this can lead to the reference counts becoming imbalanced, leading to the code in tcp_receive_data segfaulting when it tries to release the reference it acquired from EndpointManager::FindConnection. I can't find any other systems which skip the TIME_WAIT state with loopback sessions, and I'm not entirely certain that it's a totally safe thing to do anyway. This patch instead just treats local sessions the same way it does a remote session and uses the TIME_WAIT state. Any workload which creates and discards lots of ephemeral sockets can just use SO_REUSEADDR to handle this situation like any other system. To add a final bit of safety, the only place where a net_socket can be used after calling gSocketModule->release_socket(net_socket*) is in tcp_receive_data(). release_socket() returns true if the reference count falls to zero, deleting the socket. There was an unused segment action flag DELETE_ENDPOINT that I renamed to DELETED_ENDPOINT, which is used by tcp_receive_data to know whether its safe to release its reference to the socket after calling TCPEndpoint::SegmentReceived(). Change-Id: I2652fb225c3c8419234cfd627f74ff2de8402003 Reviewed-on: https://review.haiku-os.org/c/haiku/+/2793 Reviewed-by: Axel Dörfler <axeld@pinc-software.de> Reviewed-by: waddlesplash <waddlesplash@gmail.com> (cherry picked from commit 51dd385e3ea8651afd345d724193365cc47dacf2) Reviewed-on: https://review.haiku-os.org/c/haiku/+/2799