summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2023-12-19 21:34:23 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2023-12-19 21:34:23 +0000
commit066983495b9bc4f225e0c05fa18808988cb42c09 (patch)
treedea8e0f245554f1dba62d8717bdffd35922b37c5
parent585525fa10a9d5fdcdd30f22fb5f2a48140cb88f (diff)
Release inpcb mutex while calling sbwait().
As sbwait() may sleep, holding any mutex is not allowed. Call pru_unlock() before sbwait() in soreceive(). Bug spotted by sashan@; OK sashan@ mvs@
-rw-r--r--sys/kern/uipc_socket.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 61d1ab7e6b3..5005fef0932 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_socket.c,v 1.311 2023/12/19 01:11:21 bluhm Exp $ */
+/* $OpenBSD: uipc_socket.c,v 1.312 2023/12/19 21:34:22 bluhm Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@@ -1139,13 +1139,14 @@ dontblock:
break;
SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 2");
SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 2");
+ pru_unlock(so);
error = sbwait(so, &so->so_rcv);
if (error) {
sbunlock(so, &so->so_rcv);
- pru_unlock(so);
sounlock_shared(so);
return (0);
}
+ pru_lock(so);
if ((m = so->so_rcv.sb_mb) != NULL)
nextrecord = m->m_nextpkt;
}