CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2025/02/05 03:15:10
Modified files:
sys/netinet : in_pcb.c
Log message:
Fix race in inpcb mutex to socket lock conversion.
Testing parallel TCP input revealed a race in in_pcbsolock_ref().
The mutex inp_sofree_mtx is used to reliably get the socket from
the incpb and refcount it. Then the socket lock is used to prevent
further calls to in_pcbdetach() or sofree(). But between releasing
the inpcb mutex and acquiring the socket lock, the inpcb could
detach. So when holding the socket lock reassure that the inpcb
is still associated by the socket. Otherwise locking the socket
belonging to the inpcb has failed.
OK mvs@
