Date: Thu, 16 Oct 2025 09:18:47 -0400 From: Mark Johnston <markj@freebsd.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 4548b9f3a816 - main - unix/stream: plug a corner case when control externalization failed Message-ID: <aPDwt2uFEAt6519l@nuc> In-Reply-To: <202510152047.59FKlL5b081751@gitrepo.freebsd.org> References: <202510152047.59FKlL5b081751@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 15, 2025 at 08:47:21PM +0000, Gleb Smirnoff wrote: > The branch main has been updated by glebius: > > URL: https://cgit.FreeBSD.org/src/commit/?id=4548b9f3a8167a340a5086ed51a76d932c9ab3cc > > commit 4548b9f3a8167a340a5086ed51a76d932c9ab3cc > Author: Gleb Smirnoff <glebius@FreeBSD.org> > AuthorDate: 2025-10-15 20:01:25 +0000 > Commit: Gleb Smirnoff <glebius@FreeBSD.org> > CommitDate: 2025-10-15 20:47:11 +0000 > > unix/stream: plug a corner case when control externalization failed > > while peer has closed its end. > > Reported by: syzbot+ffcc3612ea266e36604e@syzkaller.appspotmail.com Shouldn't this be MFCed? Could you please be sure to add Fixes tags to such commits? It becomes much easier to find missing MFCs with that metadata available. A few of us have discussed using git notes to encode such info after the fact, but this is not available yet. > --- > sys/kern/uipc_usrreq.c | 20 ++++++++++++-------- > 1 file changed, 12 insertions(+), 8 deletions(-) > > diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c > index c5fc1e84ce3f..90489e99491a 100644 > --- a/sys/kern/uipc_usrreq.c > +++ b/sys/kern/uipc_usrreq.c > @@ -1559,15 +1559,19 @@ restart: > mc_init_m(&cmc, control); > > SOCK_RECVBUF_LOCK(so); > - MPASS(!(sb->sb_state & SBS_CANTRCVMORE)); > - > - if (__predict_false(cmc.mc_len + sb->sb_ccc + > - sb->sb_ctl > sb->sb_hiwat)) { > + if (__predict_false( > + (sb->sb_state & SBS_CANTRCVMORE) || > + cmc.mc_len + sb->sb_ccc + sb->sb_ctl > > + sb->sb_hiwat)) { > /* > - * Too bad, while unp_externalize() was > - * failing, the other side had filled > - * the buffer and we can't prepend data > - * back. Losing data! > + * While the lock was dropped and we > + * were failing in unp_externalize(), > + * the peer could has a) disconnected, > + * b) filled the buffer so that we > + * can't prepend data back. > + * These are two edge conditions that > + * we just can't handle, so lose the > + * data and return the error. > */ > SOCK_RECVBUF_UNLOCK(so); > SOCK_IO_RECV_UNLOCK(so);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aPDwt2uFEAt6519l>