CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2024/04/12 06:25:58
Modified files:
sys/netinet : raw_ip.c
Log message:
Fix race between rip_input() and soisdisconnected().
Setting SS_CANTRCVMORE is protected by mutex of receive socket
buffer. The raw inpcb loop in rip_input() does a lockless access.
Protect it with READ_ONCE(), although it is not perfect. Check the
socket buffer state again when the mutex is held. Drop and count
the packet that is processed between the checks.
Currently soisdisconnected() is called with exclusive net lock.
The new code also works without net lock.
OK mvs@
