In sonewconn(), set the new socket's state to show the protocol-provided

connection status before inserting the new socket into the listen socket's accept queue, or there might be a race in which another thread wakes up when the accept lock is released, and sees the socket before its state is set correctly. The wakeup still occurs after the accept lock is released. There have been no diagnoses of this bug in real-world systems (as yet). MFC after: 3 days
2005-02-17 12:53:45 +00:00 · 2005-02-17 12:53:45 +00:00 · 630d43c2be
commit 630d43c2be
parent cd4209c59e
2 changed files with 2 additions and 2 deletions
--- a/sys/kern/uipc_sockbuf.c
+++ b/sys/kern/uipc_sockbuf.c
@ -249,6 +249,7 @@ sonewconn(head, connstatus)
 		sodealloc(so);
 		return ((struct socket *)0);
 	}
+	so->so_state |= connstatus;
 	ACCEPT_LOCK();
 	if (connstatus) {
 		TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
@ -279,7 +280,6 @@ sonewconn(head, connstatus)
 	}
 	ACCEPT_UNLOCK();
 	if (connstatus) {
-		so->so_state |= connstatus;
 		sorwakeup(head);
 		wakeup_one(&head->so_timeo);
 	}
--- a/sys/kern/uipc_socket2.c
+++ b/sys/kern/uipc_socket2.c
@ -249,6 +249,7 @@ sonewconn(head, connstatus)
 		sodealloc(so);
 		return ((struct socket *)0);
 	}
+	so->so_state |= connstatus;
 	ACCEPT_LOCK();
 	if (connstatus) {
 		TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
@ -279,7 +280,6 @@ sonewconn(head, connstatus)
 	}
 	ACCEPT_UNLOCK();
 	if (connstatus) {
-		so->so_state |= connstatus;
 		sorwakeup(head);
 		wakeup_one(&head->so_timeo);
 	}