Re: Bug report: soabort() will free *so twice:

Tue, 23 Oct 2018 08:22:45 -0700 

Hello Jack/All,

Nice catch, as soon as I can I'll check that

I guess we can do a recursive grep for sofree to check where sofree() is
been called
Let's keep in touch


Kind Regards,
Geraldo Netto

Em ter, 23 de out de 2018 06:32, jack wang <885...@gmail.com> escreveu:

> I found a bug: soabort() will free *so twice:
>
> soabort() (in bsd/sys/kern/uipc_socket.cc)
>    -> pru_abort() (in tcp_usr_abort in bsd/sys/netinet/tcp_usrreq.cc)
>        ->tcp_drop() (in tcp_usr_abort in bsd/sys/netinet/tcp_subr.cc)
>            ->tcp_close() (in tcp_usr_abort in bsd/sys/netinet/tcp_subr.cc)
>                ->sofree(so) //free so here for the first time
>    ->sofree(so); //free so here for the second time
>
>
> I am not familiar with the code here. I don't know how to fix it. Can
> someone help me?
>
> source code:
> void
> soabort(struct socket *so)
> {
>        uipc_d("soabort() so=%" PRIx64, (uint64_t)so);
>
>         /*
>         * In as much as is possible, assert that no references to this
>         * socket are held.  This is not quite the same as asserting that
> the
>         * current thread is responsible for arranging for no references,
> but
>         * is as close as we can get for now.
>         */
>        KASSERT(so->so_count == 0, ("soabort: so_count"));
>        KASSERT((so->so_state & SS_PROTOREF) == 0, ("soabort: SS_PROTOREF"
> ));
>        KASSERT(so->so_state & SS_NOFDREF, ("soabort: !SS_NOFDREF"));
>        KASSERT((so->so_state & SQ_COMP) == 0, ("soabort: SQ_COMP"));
>        KASSERT((so->so_state & SQ_INCOMP) == 0, ("soabort: SQ_INCOMP"));
>        VNET_SO_ASSERT(so);
>
>         if (so->so_proto->pr_usrreqs->pru_abort != NULL)
>                (*so->so_proto->pr_usrreqs->pru_abort)(so);  /*free so*/
>
>         ACCEPT_LOCK();
>        SOCK_LOCK(so);
>        sofree(so); /*free so*/
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "OSv Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to osv-dev+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups "OSv 
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to osv-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to