svn commit: r319685 - head/sys/kern

Gleb Smirnoff glebius at FreeBSD.org
Thu Jun 8 06:16:48 UTC 2017


Author: glebius
Date: Thu Jun  8 06:16:47 2017
New Revision: 319685
URL: https://svnweb.freebsd.org/changeset/base/319685

Log:
  Fix a degenerate case when soisdisconnected() would call soisconnected().
  
  This happens when closing a socket with upcall, and trace is: soclose()->
  ... protocol ... -> soisdisconnected() -> socantrcvmore_locked() ->
  sowakeup() -> soisconnected().
  
  Right now this case is innocent for two reasons.  First, soisconnected()
  doesn't clear SS_ISDISCONNECTED flag.  Second, the mutex to lock the
  socket is the socket receive buffer mutex, and sodisconnected() first
  disables the receive buffer. But in future code, the mutex to lock
  socket is different to buffer mutex, and we would get undesired mutex
  recursion.
  
  The fix is to check SS_ISDISCONNECTED flag before calling upcall.

Modified:
  head/sys/kern/uipc_sockbuf.c

Modified: head/sys/kern/uipc_sockbuf.c
==============================================================================
--- head/sys/kern/uipc_sockbuf.c	Thu Jun  8 06:13:53 2017	(r319684)
+++ head/sys/kern/uipc_sockbuf.c	Thu Jun  8 06:16:47 2017	(r319685)
@@ -322,7 +322,7 @@ sowakeup(struct socket *so, struct sockbuf *sb)
 		wakeup(&sb->sb_acc);
 	}
 	KNOTE_LOCKED(&sb->sb_sel.si_note, 0);
-	if (sb->sb_upcall != NULL) {
+	if (sb->sb_upcall != NULL && !(so->so_state & SS_ISDISCONNECTED)) {
 		ret = sb->sb_upcall(so, sb->sb_upcallarg, M_NOWAIT);
 		if (ret == SU_ISCONNECTED) {
 			KASSERT(sb == &so->so_rcv,


More information about the svn-src-head mailing list