Diffusion FreeBSD src repository 992b18a9ec9f

so_splice: Synchronize so_unsplice() with so_splice()
992b18a9ec9f
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

so_splice: Synchronize so_unsplice() with so_splice()

so_unsplice() assumed that if SB_SPLICED is set in the receive buffer of
the first socket, then the splice is fully initialized. However, that's
not true, and it's possible for so_unsplice() to race ahead of
so_splice().

Modify so_unsplice() to simply bail if the splice state is embryonic.

Reported by: syzkaller
Reviewed by: gallatin
Fixes: a1da7dc1cdad ("socket: Implement SO_SPLICE")
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49814

Details

Provenance

Authored on Apr 15 2025, 12:55 AM

Reviewer

rGa1da7dc1cdad: socket: Implement SO_SPLICE

Differential Revision

D49814: so_splice: Synchronize so_unsplice() with so_splice()

Parents

rGdd9e59beebbb: symlink.2: document EOPNOTSUPP

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG992b18a9ec9f: so_splice: Synchronize so_unsplice() with so_splice() (authored by markj).Apr 15 2025, 12:55 AM

markj added an edge: D49814: so_splice: Synchronize so_unsplice() with so_splice().Apr 15 2025, 12:58 AM

markj mentioned this in rGc0c5d01e5374: so_splice: Synchronize so_unsplice() with so_splice().Apr 29 2025, 12:48 AM

Changes (1)

Path

Size

sys/

kern/

rG992b18a9ec9f

sys/kern/uipc_socket.c

Loading...