Author: markj
Date: Fri Mar 20 20:09:00 2020
New Revision: 359184
URL: https://svnweb.freebsd.org/changeset/base/359184
Log:
Lock the socket in soo_stat().
Otherwise nothing synchronizes with a concurrent conversion of the
socket to a listening socket.
Only the PF_LOCAL protocols implement pru_sense, and it is safe to hold
the socket lock there, so do so for now.
Reported by: syzbot+4801f1b79ea40953c...@syzkaller.appspotmail.com
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/kern/sys_socket.c
Modified: head/sys/kern/sys_socket.c
==============================================================================
--- head/sys/kern/sys_socket.c Fri Mar 20 20:02:53 2020 (r359183)
+++ head/sys/kern/sys_socket.c Fri Mar 20 20:09:00 2020 (r359184)
@@ -287,9 +287,7 @@ soo_stat(struct file *fp, struct stat *ub, struct ucre
struct thread *td)
{
struct socket *so = fp->f_data;
-#ifdef MAC
int error;
-#endif
bzero((caddr_t)ub, sizeof (*ub));
ub->st_mode = S_IFSOCK;
@@ -298,6 +296,7 @@ soo_stat(struct file *fp, struct stat *ub, struct ucre
if (error)
return (error);
#endif
+ SOCK_LOCK(so);
if (!SOLISTENING(so)) {
struct sockbuf *sb;
@@ -320,7 +319,9 @@ soo_stat(struct file *fp, struct stat *ub, struct ucre
}
ub->st_uid = so->so_cred->cr_uid;
ub->st_gid = so->so_cred->cr_gid;
- return (*so->so_proto->pr_usrreqs->pru_sense)(so, ub);
+ error = so->so_proto->pr_usrreqs->pru_sense(so, ub);
+ SOCK_UNLOCK(so);
+ return (error);
}
/*
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
