CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2025/04/15 06:14:06
Modified files:
sys/kern : uipc_socket.c
Log message:
Release `sb_mtx' mutex(9) while doing sleeping m_copym(..., M_WAIT) in
soreceive() and somove(). It is possible in both places. We copy only
`len' bytes from the single mbuf(9) pointed by `m'. The `len' is always
less than m->m_len. The m->m_len could only grow while `sb_mtx' is
unlocked, but concurrent thread will not override our chunk of
m->m_data. There is no difference with the lockless uiomove(mtod(m)).
Reported-by: syzbot+6cac839a17bc8be49...@syzkaller.appspotmail.com
ok bluhm
