git: tcp: Fix the dangling socket reference in the async sending message

Sepherosa Ziehau sephe at crater.dragonflybsd.org
Tue Nov 15 17:51:53 PST 2011


commit 939c81e437fba5db85fb9d7fd41b12da3f5e3752
Author: Sepherosa Ziehau <sephe at dragonflybsd.org>
Date:   Wed Nov 16 09:38:27 2011 +0800

    tcp: Fix the dangling socket reference in the async sending message
    
    It is possible that tcp input path or tcp timers to drop the socket
    reference and put the socket into disconnected state, when there
    are still asynchronized sending messages pending on the netisr
    message port.  If the user space program choose to close the tcp
    socket under this situation, then the socket will be directly
    freed on the syscall path since the socket has already been
    disconnected, so the pending asynchronized sending messages on the
    netisr message port will reference freed socket, thus cause
    panic later on.
    
    Fix the problem by explicit "sync" the netisr, which could have
    pending asynchronized sending messages, before freeing the socket
    on the soclose path.

Summary of changes:
 sys/kern/uipc_socket.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/939c81e437fba5db85fb9d7fd41b12da3f5e3752


-- 
DragonFly BSD source repository





More information about the Commits mailing list