Handle INP_FREED when looking up an inpcb
When hash table lookups are not serialized with in_pcbfree it will be possible for callers to find an inpcb that has been marked free. We need to check for this and return NULL.
This commit is contained in:
parent
35f7c93cc8
commit
483305b99c
@ -2209,7 +2209,14 @@ in_pcblookup_group(struct inpcbinfo *pcbinfo, struct inpcbgroup *pcbgroup,
|
||||
locked = INP_TRY_RLOCK(inp);
|
||||
else
|
||||
panic("%s: locking bug", __func__);
|
||||
if (!locked)
|
||||
if (__predict_false(locked && (inp->inp_flags2 & INP_FREED))) {
|
||||
if (lookupflags & INPLOOKUP_WLOCKPCB)
|
||||
INP_WUNLOCK(inp);
|
||||
else
|
||||
INP_RUNLOCK(inp);
|
||||
INP_HASH_RUNLOCK(pcbinfo);
|
||||
return (NULL);
|
||||
} else if (!locked)
|
||||
in_pcbref(inp);
|
||||
INP_GROUP_UNLOCK(pcbgroup);
|
||||
if (!locked) {
|
||||
|
Loading…
Reference in New Issue
Block a user