git: fc4365853f1c - main - socket: Fix handling of listening sockets in sotoxsocket()

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 12 Aug 2024 23:05:32 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=fc4365853f1c4b572d9fd643ea336508d9a6a0f7

commit fc4365853f1c4b572d9fd643ea336508d9a6a0f7
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-07-09 20:28:12 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-08-12 22:53:26 +0000

    socket: Fix handling of listening sockets in sotoxsocket()
    
    A lock needs to be held to ensure that the socket does not become a
    listening socket while sotoxsocket() is loading fields from the socket
    buffers, as the memory backing the socket buffers is repurposed when
    transitioning to a listening socket.
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
---
 sys/kern/uipc_socket.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 0350a5eb4d87..9a44c1d557f0 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -4277,6 +4277,7 @@ sotoxsocket(struct socket *so, struct xsocket *xso)
 	xso->so_error = so->so_error;
 	xso->so_uid = so->so_cred->cr_uid;
 	xso->so_pgid = so->so_sigio ? so->so_sigio->sio_pgid : 0;
+	SOCK_LOCK(so);
 	if (SOLISTENING(so)) {
 		xso->so_qlen = so->sol_qlen;
 		xso->so_incqlen = so->sol_incqlen;
@@ -4289,6 +4290,7 @@ sotoxsocket(struct socket *so, struct xsocket *xso)
 		sbtoxsockbuf(&so->so_snd, &xso->so_snd);
 		sbtoxsockbuf(&so->so_rcv, &xso->so_rcv);
 	}
+	SOCK_UNLOCK(so);
 }
 
 int