From: Alexander Bluhm <bluhm@openbsd.org>
Subject: send socket buffer mutex in tcp_mss_update()
To: tech@openbsd.org, Vitaliy Makkoveev <mvs@openbsd.org>
Date: Tue, 24 Dec 2024 14:43:37 +0100

Hi,

I found this fix in my larger TCP output unlocking diff.  Vitaliy,
you address the same issue in your larger socket buffer mutex diff.
I think it is better release the mutex before calling tcp_mss().
There may be another route lookup, and I want to keep that without
needless mutex.

ok?

bluhm

Index: netinet/tcp_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
diff -u -p -r1.411 tcp_input.c
--- netinet/tcp_input.c	24 Dec 2024 12:22:17 -0000	1.411
+++ netinet/tcp_input.c	24 Dec 2024 13:21:43 -0000
@@ -2991,12 +2991,13 @@ tcp_mss_update(struct tcpcb *tp)
 	mss = tp->t_maxseg;
 
 	rt = in_pcbrtentry(tp->t_inpcb);
-
 	if (rt == NULL)
 		return;
 
+	mtx_enter(&so->so_snd.sb_mtx);
 	bufsize = so->so_snd.sb_hiwat;
 	if (bufsize < mss) {
+		mtx_leave(&so->so_snd.sb_mtx);
 		mss = bufsize;
 		/* Update t_maxseg and t_maxopd */
 		tcp_mss(tp, mss);
@@ -3005,6 +3006,7 @@ tcp_mss_update(struct tcpcb *tp)
 		if (bufsize > sb_max)
 			bufsize = sb_max;
 		(void)sbreserve(so, &so->so_snd, bufsize);
+		mtx_leave(&so->so_snd.sb_mtx);
 	}
 
 	mtx_enter(&so->so_rcv.sb_mtx);