HomeFreeBSD
Diffusion FreeBSD src repository 141fe2dceeae

aio: Interlock with listen(2)
141fe2dceeae
Actions

Description

aio: Interlock with listen(2)

soo_aio_queue() did not handle the possibility that the provided socket
is a listening socket. Up until recently, to fix this one would have to
acquire the socket lock first and check, since the socket buffer locks
were destroyed by listen(2).

Now that the socket buffer locks belong to the socket, simply check
SOLISTENING(so) after acquiring them, and make listen(2) return an error
if any AIO jobs are enqueued on the socket.

Add a couple of simple regression test cases.

Note that this fixes things only for the default AIO implementation;
cxgbe(4)'s TCP offload has a separate pru_aio_queue implementation which
requires its own solution.

Reported by: syzbot+c8aa122fa2c6a4e2a28b@syzkaller.appspotmail.com
Reported by: syzbot+39af117d43d4f0faf512@syzkaller.appspotmail.com
Reported by: syzbot+60cceb9569145a0b993b@syzkaller.appspotmail.com
Reported by: syzbot+2d522c5db87710277ca5@syzkaller.appspotmail.com
Reviewed by: tuexen, gallatin, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31901

Details

Provenance
markjAuthored on Sep 10 2021, 9:21 PM
Reviewer
tuexen
Differential Revision
D31901: aio: Interlock with listen(2)
Parents
rG74a68313b503: socket: Add macros to lock socket buffers using socket references
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
sys/
kern/
tests/
sys/
aio/

rG141fe2dceeae

View Options

sys/kern/sys_socket.c

Loading...
View Options

sys/kern/uipc_socket.c

Loading...
View Options

tests/sys/aio/aio_test.c

Loading...