soclose() & so->so_upcall() = race?
mav at FreeBSD.org
Thu Mar 6 23:22:54 UTC 2008
As I can see so_upcall() callback is called with SOCKBUF_MTX unlocked.
It means that SB_UPCALL flag can be removed during call and socket can
be closed and deallocated with soclose() while callback is running. Am I
right or I have missed something? How in that situation socket pointer
protected from being used after free?
More information about the freebsd-hackers