There is no way SS_NOFDREF is set on a raw socket in raw_usrreq for
PRU_DISCONNECT or PRU_ABORT.
So raw_disconnect() and sofree() return immediately so remove the dead
code.
Also the following call to soisdisconnected() would be a
use after free.
This removes the last calls to raw_disconnect() so tedu it.
OK?
diff --git sys/net/raw_cb.c sys/net/raw_cb.c
index 107ccc37964..f2396c704dd 100644
--- sys/net/raw_cb.c
+++ sys/net/raw_cb.c
@@ -104,13 +104,3 @@ raw_do_detach(struct rawcb *rp)
sofree(so);
free((caddr_t)(rp), M_PCB, 0);
}
-
-/*
- * Disconnect and possibly release resources.
- */
-void
-raw_disconnect(struct rawcb *rp)
-{
- if (rp->rcb_socket->so_state & SS_NOFDREF)
- raw_do_detach(rp);
-}
diff --git sys/net/raw_cb.h sys/net/raw_cb.h
index aba508b1c96..f284b56044f 100644
--- sys/net/raw_cb.h
+++ sys/net/raw_cb.h
@@ -58,7 +58,6 @@ struct rawcb {
int raw_attach(struct socket *, int);
int raw_detach(struct socket *);
void raw_do_detach(struct rawcb *);
-void raw_disconnect(struct rawcb *);
void raw_init(void);
int raw_usrreq(struct socket *,
int, struct mbuf *, struct mbuf *, struct mbuf *, struct proc *);
diff --git sys/net/raw_usrreq.c sys/net/raw_usrreq.c
index 5f1d1c43479..462fcbbc221 100644
--- sys/net/raw_usrreq.c
+++ sys/net/raw_usrreq.c
@@ -78,7 +78,6 @@ raw_usrreq(struct socket *so, int req, struct mbuf *m, struct
mbuf *nam,
error = ENOTCONN;
break;
}
- raw_disconnect(rp);
soisdisconnected(so);
break;
@@ -111,8 +110,6 @@ raw_usrreq(struct socket *so, int req, struct mbuf *m,
struct mbuf *nam,
break;
case PRU_ABORT:
- raw_disconnect(rp);
- sofree(so);
soisdisconnected(so);
break;
--
I'm not entirely sure you are real.
