Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix locking: it is fine if the lock is already key_so_mtx, this can happen 

in socketpair. In that case don't take it.

Ok ozaki-r@

Reported-by: syzbot+901e2e5edaaaed21c069@syzkaller.appspotmail.com
This commit is contained in:
maxv 2019-02-26 06:52:34 +00:00
parent 47c94a5c39
commit 516d295318
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/netipsec/keysock.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: keysock.c,v 1.68 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $ */
/* $FreeBSD: keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.68 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $");
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
@ -383,10 +383,12 @@ key_attach(struct socket *so, int proto)
s = splsoftnet();
KASSERT(so->so_lock == NULL);
mutex_obj_hold(key_so_mtx);
so->so_lock = key_so_mtx;
solock(so);
if (so->so_lock != key_so_mtx) {
KASSERT(so->so_lock == NULL);
mutex_obj_hold(key_so_mtx);
so->so_lock = key_so_mtx;
solock(so);
}
error = raw_attach(so, proto, &key_rawcb);
if (error) {