The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=d29b95ecc0d049406d27a6c11939d40a46658733
commit d29b95ecc0d049406d27a6c11939d40a46658733 Author: Gleb Smirnoff <[email protected]> AuthorDate: 2023-08-14 19:56:07 +0000 Commit: Gleb Smirnoff <[email protected]> CommitDate: 2023-08-14 19:56:08 +0000 sockets: on accept(2) don't copy all of so_options to new socket As uncovered by e3ba0d6adde3 we are copying lots of irrelevant options from the listener to an accepted socket, even those that aren't relevant to a non-listener, e.g. SO_REUSE*, SO_ACCEPTFILTER. Stop doing that and provide a fixed opt-in list for options to be inherited. Ideally we shall not inherit anything at all. For compatibility inherit a set of options that are meaningful for a non-listening socket of a protocol that can listen(2). Differential Revision: https://reviews.freebsd.org/D41412 Fixes: e3ba0d6adde3c694f46a30b3b67eba43a7099395 --- sys/kern/uipc_socket.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index eaff57d50d78..f111ec9d0780 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -750,7 +750,19 @@ solisten_clone(struct socket *head) } so->so_listen = head; so->so_type = head->so_type; - so->so_options = head->so_options & ~SO_ACCEPTCONN; + /* + * POSIX is ambiguous on what options an accept(2)ed socket should + * inherit from the listener. Words "create a new socket" may be + * interpreted as not inheriting anything. Best programming practice + * for application developers is to not rely on such inheritance. + * FreeBSD had historically inherited all so_options excluding + * SO_ACCEPTCONN, which virtually means all SOL_SOCKET level options, + * including those completely irrelevant to a new born socket. For + * compatibility with older versions we will inherit a list of + * meaningful options. + */ + so->so_options = head->so_options & (SO_KEEPALIVE | SO_DONTROUTE | + SO_LINGER | SO_OOBINLINE | SO_NOSIGPIPE); so->so_linger = head->so_linger; so->so_state = head->so_state; so->so_fibnum = head->so_fibnum;
