The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=4548b9f3a8167a340a5086ed51a76d932c9ab3cc
commit 4548b9f3a8167a340a5086ed51a76d932c9ab3cc Author: Gleb Smirnoff <[email protected]> AuthorDate: 2025-10-15 20:01:25 +0000 Commit: Gleb Smirnoff <[email protected]> CommitDate: 2025-10-15 20:47:11 +0000 unix/stream: plug a corner case when control externalization failed while peer has closed its end. Reported by: [email protected] --- sys/kern/uipc_usrreq.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index c5fc1e84ce3f..90489e99491a 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1559,15 +1559,19 @@ restart: mc_init_m(&cmc, control); SOCK_RECVBUF_LOCK(so); - MPASS(!(sb->sb_state & SBS_CANTRCVMORE)); - - if (__predict_false(cmc.mc_len + sb->sb_ccc + - sb->sb_ctl > sb->sb_hiwat)) { + if (__predict_false( + (sb->sb_state & SBS_CANTRCVMORE) || + cmc.mc_len + sb->sb_ccc + sb->sb_ctl > + sb->sb_hiwat)) { /* - * Too bad, while unp_externalize() was - * failing, the other side had filled - * the buffer and we can't prepend data - * back. Losing data! + * While the lock was dropped and we + * were failing in unp_externalize(), + * the peer could has a) disconnected, + * b) filled the buffer so that we + * can't prepend data back. + * These are two edge conditions that + * we just can't handle, so lose the + * data and return the error. */ SOCK_RECVBUF_UNLOCK(so); SOCK_IO_RECV_UNLOCK(so);
