From 7985fd7e76c8695f89c1ed0aa5d0de0bbb045618 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Mon, 4 May 2020 22:02:49 +0000
Subject: [PATCH] Enter the net epoch before calling the output routine in TCP
 BBR. This was only triggered when setting the IPPROTO_TCP level socket option
 TCP_DELACK. This issue was found by runnning an instance of SYZKALLER.
 Reviewed by:		rrs Sponsored by:		Netflix, Inc.
 Differential Revision:	https://reviews.freebsd.org/D24690

---
 sys/netinet/tcp_stacks/bbr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 2767a52a6929..7830bee42ff4 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -14418,6 +14418,7 @@ static int
 bbr_set_sockopt(struct socket *so, struct sockopt *sopt,
 		struct inpcb *inp, struct tcpcb *tp, struct tcp_bbr *bbr)
 {
+	struct epoch_tracker et;
 	int32_t error = 0, optval;
 
 	switch (sopt->sopt_name) {
@@ -14710,7 +14711,9 @@ bbr_set_sockopt(struct socket *so, struct sockopt *sopt,
 			if (tp->t_flags & TF_DELACK) {
 				tp->t_flags &= ~TF_DELACK;
 				tp->t_flags |= TF_ACKNOW;
+				NET_EPOCH_ENTER(et);
 				bbr_output(tp);
+				NET_EPOCH_EXIT(et);
 			}
 		} else
 			error = EINVAL;