CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2012/07/07 12:48:19
Modified files:
sys/kern : uipc_socket.c
Log message:
Fix two races in socket splicing. When somove() gets called from
sosplice() to move the data already there, it might sleep in
m_copym().
Another process must not unsplice during that sleep, so also lock
the receive buffer when sosplice is called with fd -1.
The same sleep can allow network interrupts to modify the socket
buffer. So use sbsync() to write back modifications within the
loop instead of fixing the socket buffer after the loop.
OK claudio@
