Differential D31975

socket: Remove NOFREE from the socket zone
ClosedPublic
Actions

Authored by markj on Sep 15 2021, 7:58 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Dec 30, 5:08 AM

	Unknown Object (File)
	Sun, Dec 28, 8:04 PM

	Unknown Object (File)
	Tue, Dec 23, 7:54 AM

	Unknown Object (File)
	Dec 3 2025, 4:18 AM

	Unknown Object (File)
	Nov 19 2025, 7:14 AM

	Unknown Object (File)
	Nov 6 2025, 11:08 PM

	Unknown Object (File)
	Nov 6 2025, 8:42 PM

	Unknown Object (File)
	Nov 6 2025, 5:21 AM

Subscribers

Details

Reviewers

None

Group Reviewers

Commits

rG883761f0a81a: socket: Remove NOFREE from the socket zone

Summary

This flag was added during the transition away from the legacy zone
allocator, commit c897b81311792ccf6a93feff2a405e2ae53f664e. The old
zone allocator effectively provided _NOFREE semantics, but I believe
they are not required for sockets. In particular, we use reference
counting to keep sockets live.

The one case which is kind of weird is sonewconn(), which returns a
pointer to a socket with reference count 0. This socket is still
effectively owned by the listening socket. Protocols must therefore be
careful to synchronize sonewconn() calls with their pru_close
implementations, since for listening sockets soclose() will abort the
child sockets. For example, TCP holds the listening socket's PCB read
locked across the sonewconn() call, which blocks tcp_usr_close().

Eliminating _NOFREE has several benefits: it enables use-after-free
detection (e.g., by KASAN) and lets the system reclaim memory from the
socket zone under memory pressure.

No functional change intended.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 41535
Build 38424: arc lint + arc unit

Event Timeline

markj created this revision.Sep 15 2021, 7:58 PM

Herald added a subscriber: imp. · View Herald TranscriptSep 15 2021, 7:58 PM

markj requested review of this revision.Sep 15 2021, 7:58 PM

Harbormaster completed remote builds in B41535: Diff 95228.Sep 15 2021, 7:58 PM

markj added a parent revision: D31974: socket: Add assertions around naked refcount decrements.Sep 15 2021, 7:58 PM

markj added a child revision: D31976: socket: Handle shutdown(2) with AIO jobs in flight.

markj added a reviewer: network.Sep 15 2021, 8:01 PM

This revision was not accepted when it landed; it landed in state Needs Review.Sep 17 2021, 7:13 PM

Closed by commit rG883761f0a81a: socket: Remove NOFREE from the socket zone (authored by markj). · Explain Why

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG883761f0a81a: socket: Remove NOFREE from the socket zone.

Revision Contents
Changeset List

Path

Size

sys/

kern/

2 lines

Diff 95228

sys/kern/uipc_socket.c

Loading...