svn commit: r323552 - head/sys/kern
Gleb Smirnoff
glebius at FreeBSD.org
Wed Sep 13 16:47:24 UTC 2017
Author: glebius
Date: Wed Sep 13 16:47:23 2017
New Revision: 323552
URL: https://svnweb.freebsd.org/changeset/base/323552
Log:
Fix two issues with not ready data in sockets (read: sendfile)
in UNIX sockets.
o Check that socket is still connected in uipc_ready(). If not
we are responsible to free mbufs.
o In uipc_send() if socket appears to be disconnected, but we
are sending data with pending I/Os, don't free mbufs.
Reported by: Kevin Bowling <kbowling llnw.com>
Tested by: Kevin Bowling <kbowling llnw.com>
PR: 222259
Reported by: Mark Martinec <Mark.Martinec ijs.si>
MFC after: 3 days
Modified:
head/sys/kern/uipc_usrreq.c
Modified: head/sys/kern/uipc_usrreq.c
==============================================================================
--- head/sys/kern/uipc_usrreq.c Wed Sep 13 16:43:31 2017 (r323551)
+++ head/sys/kern/uipc_usrreq.c Wed Sep 13 16:47:23 2017 (r323552)
@@ -1056,7 +1056,11 @@ uipc_send(struct socket *so, int flags, struct mbuf *m
release:
if (control != NULL)
m_freem(control);
- if (m != NULL)
+ /*
+ * In case of PRUS_NOTREADY, uipc_ready() is responsible
+ * for freeing memory.
+ */
+ if (m != NULL && (flags & PRUS_NOTREADY) == 0)
m_freem(m);
return (error);
}
@@ -1071,7 +1075,12 @@ uipc_ready(struct socket *so, struct mbuf *m, int coun
unp = sotounpcb(so);
UNP_LINK_RLOCK();
- unp2 = unp->unp_conn;
+ if ((unp2 = unp->unp_conn) == NULL) {
+ UNP_LINK_RUNLOCK();
+ for (int i = 0; i < count; i++)
+ m = m_free(m);
+ return (ECONNRESET);
+ }
UNP_PCB_LOCK(unp2);
so2 = unp2->unp_socket;
More information about the svn-src-head
mailing list