Page MenuHomeFreeBSD
Differential D26301

[unix(4) cleanup 8/8] Fix a double connect race.
AbandonedPublic
Actions

Authored by markj on Sep 2 2020, 5:01 PM.
Tags
None
Referenced Files
F141228400: D26301.id76547.diff
Fri, Jan 2, 5:11 PM
Unknown Object (File)
Thu, Dec 11, 8:53 PM
Unknown Object (File)
Nov 10 2025, 11:36 PM
Unknown Object (File)
Nov 9 2025, 10:52 AM
Unknown Object (File)
Nov 9 2025, 4:14 AM
Unknown Object (File)
Nov 6 2025, 2:47 AM
Unknown Object (File)
Nov 3 2025, 4:15 AM
Unknown Object (File)
Oct 25 2025, 4:01 PM
View All 72 Files
Subscribers
emaste

Details

Reviewers
None
Summary

dgram sockets may be connected multiple times. If connect() is called
on a connected dgram socket, soconnectat() calls sodisconnect() before
creating the new connection. However, this is not synchronized, so two
concurrent connect() calls can race with each other, and uipc_connect()
does not handle it. Add an explicit check for unp_conn != NULL in
unp_connectat().

Reported by: syzkaller

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 33333
Build 30644: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
20 lines

Diff 76547

View Options

sys/kern/uipc_usrreq.c

Loading...