From 04b2362b0f7f3cad647d6adfac62447e69310d98 Mon Sep 17 00:00:00 2001 From: alc Date: Wed, 22 Dec 2004 20:28:46 +0000 Subject: [PATCH] Add send buffer locking to uipc_send(). Without this locking a race can occur between a reader and a writer that results in a panic upon close, e.g., "panic: sbflush_locked: cc 4 || mb 0xffffff0052afa400 || mbcnt 0" Reviewed by: rwatson@ MFC after: 2 weeks --- sys/kern/uipc_usrreq.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index be4bcb276be..31b622d5a9e 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -452,7 +452,9 @@ uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, } } + SOCKBUF_LOCK(&so->so_snd); if (so->so_snd.sb_state & SBS_CANTSENDMORE) { + SOCKBUF_UNLOCK(&so->so_snd); error = EPIPE; break; } @@ -478,6 +480,7 @@ uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, (so2->so_rcv.sb_cc - unp->unp_conn->unp_cc); (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat, newhiwat, RLIM_INFINITY); + SOCKBUF_UNLOCK(&so->so_snd); unp->unp_conn->unp_cc = so2->so_rcv.sb_cc; sorwakeup_locked(so2); m = NULL; -- 2.45.2