HomeFreeBSD
Diffusion FreeBSD src repository f6379f7fdec0

socket: Fix a race between kevent(2) and listen(2)
f6379f7fdec0
Actions

Description

socket: Fix a race between kevent(2) and listen(2)

When locking the knote list for a socket, we check whether the socket is
a listening socket in order to select the appropriate mutex; a listening
socket uses the socket lock, while data sockets use socket buffer
mutexes.

If SOLISTENING(so) is false and the knote lock routine locks a socket
buffer, then it must re-check whether the socket is a listening socket
since solisten_proto() could have changed the socket's identity while we
were blocked on the socket buffer lock.

Reported by: syzkaller
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35492

Details

Provenance
markjAuthored on Jun 16 2022, 2:10 PM
Reviewer
glebius
Differential Revision
D35492: socket: Fix a race between kevent(2) and listen(2)
Parents
rGc262d5e87712: debugnet: Fix an error handling bug in the DDB command tokenizer
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
kern/
sys/

rGf6379f7fdec0

View Options

sys/kern/uipc_socket.c

Loading...
View Options

sys/sys/socketvar.h

Loading...