Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 07 Mar 2008 01:22:46 +0200
From:      Alexander Motin <mav@FreeBSD.org>
To:        freebsd-hackers@freebsd.org
Subject:   soclose() & so->so_upcall() = race?
Message-ID:  <47D07CC6.5060007@FreeBSD.org>
next in thread | raw e-mail | index | archive | help 
Hi.

As I can see so_upcall() callback is called with SOCKBUF_MTX unlocked. 
It means that SB_UPCALL flag can be removed during call and socket can 
be closed and deallocated with soclose() while callback is running. Am I 
right or I have missed something? How in that situation socket pointer 
protected from being used after free?

-- 
Alexander Motin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D07CC6.5060007>