git: b2cc25c8fb0c - stable/14 - socket: Fix handling of listening sockets in sotoxsocket()

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 20 Aug 2024 14:05:30 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b2cc25c8fb0c0ff71682c28665d11f65bca2cc91

commit b2cc25c8fb0c0ff71682c28665d11f65bca2cc91
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-07-09 20:28:12 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-08-20 13:22:56 +0000

    socket: Fix handling of listening sockets in sotoxsocket()
    
    A lock needs to be held to ensure that the socket does not become a
    listening socket while sotoxsocket() is loading fields from the socket
    buffers, as the memory backing the socket buffers is repurposed when
    transitioning to a listening socket.
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
    
    (cherry picked from commit fc4365853f1c4b572d9fd643ea336508d9a6a0f7)
---
 sys/kern/uipc_socket.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 479184a87a5e..7801054315ef 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -4264,6 +4264,7 @@ sotoxsocket(struct socket *so, struct xsocket *xso)
 	xso->so_error = so->so_error;
 	xso->so_uid = so->so_cred->cr_uid;
 	xso->so_pgid = so->so_sigio ? so->so_sigio->sio_pgid : 0;
+	SOCK_LOCK(so);
 	if (SOLISTENING(so)) {
 		xso->so_qlen = so->sol_qlen;
 		xso->so_incqlen = so->sol_incqlen;
@@ -4276,6 +4277,7 @@ sotoxsocket(struct socket *so, struct xsocket *xso)
 		sbtoxsockbuf(&so->so_snd, &xso->so_snd);
 		sbtoxsockbuf(&so->so_rcv, &xso->so_rcv);
 	}
+	SOCK_UNLOCK(so);
 }
 
 struct sockbuf *