tuxillo's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 71f479b) | patch
socket: Fix soabort() race if crfree() blocks in soinherit().
authorSepherosa Ziehau <sephe@dragonflybsd.org>
Thu, 13 Aug 2015 01:30:23 +0000 (09:30 +0800)
committerSepherosa Ziehau <sephe@dragonflybsd.org>
Thu, 13 Aug 2015 01:30:23 +0000 (09:30 +0800)
commit838d26827a791d405195ac3e780eae1eb7d3dc0e
tree7722473f54f89d1cd7e6e6d17b91befc2628af82tree | snapshot
parent71f479bd32005d7dc0c95e58602781a9b9e1a7a2commit | diff
socket: Fix soabort() race if crfree() blocks in soinherit().

In soinherit(), if the accepted socket was on the temp list
and crfree() blocked, the owner netisr's soabort() would cause
use-after-free.

After this commit, we move one accepted socket each time, so
that the potential blocking crfree() will not cause trouble
for us.  And we no longer allow inheritting incomplete queue,
which could be dropped by definition.

Pointed-out-by: dillon@
sys/kern/uipc_socket.c diff | blob | blame | history
WIP repository