d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kern: soclose: don't sleep on SO_LINGER w/ timeout=0

Browse Source 
This is a valid scenario that's handled in the various protocol layers where
it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it
indicates we should immediately drop the connection, it makes little sense
to sleep on it.

This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this
could result in the thread hanging until a signal interrupts it if the
protocol does not mark the socket as disconnected for whatever reason.

Reported by:	syzbot+e625d92c1dd74e402c81@syzkaller.appspotmail.com
Reviewed by:	glebius, markj
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27407
This commit is contained in:
kevans 2020-12-04 04:39:48 +00:00
parent 7bb279d52a
commit ccc7c37f7f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/kern/uipc_socket.c
View File

@ -1192,7 +1192,8 @@ soclose(struct socket *so)
goto drop;
}
}
if (so->so_options & SO_LINGER) {
if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) {
if ((so->so_state & SS_ISDISCONNECTING) &&
(so->so_state & SS_NBIO))
goto drop;