untrusted comment: signature from openbsd 6.0 base secret key
RWSho3oKSqgLQ5/xQlA/78kaKvliGgaP/wZNKjrLmS7oCyFrOzTM/o4I1P3WUiuOIfSy3jkK7u10csVSb2D0njWgr/s3fWM2tQU=

OpenBSD 6.0 errata 038, August 3, 2017:

A race condition in sosplice() may result in a kernel memory leak.

Apply by doing:
   signify -Vep /etc/signify/openbsd-60-base.pub -x 038_sosplice.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install a new kernel:
   cd /usr/src/sys/arch/`machine`/conf
   KK=`sysctl -n kern.osversion | cut -d# -f1`
   config $KK
   cd ../compile/$KK
   make
   make install

Index: sys/kern/uipc_socket.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
--- sys/kern/uipc_socket.c      13 Jun 2016 21:24:43 -0000      1.152
+++ sys/kern/uipc_socket.c      2 Aug 2017 16:29:08 -0000
@@ -1047,6 +1047,7 @@ sosplice(struct socket *so, int fd, off_
{
       struct file     *fp;
       struct socket   *sosp;
+       struct sosplice *sp;
       int              s, error = 0;

       if ((so->so_proto->pr_flags & PR_SPLICE) == 0)
@@ -1056,8 +1057,13 @@ sosplice(struct socket *so, int fd, off_
       if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
           (so->so_proto->pr_flags & PR_CONNREQUIRED))
               return (ENOTCONN);
-       if (so->so_sp == NULL)
-               so->so_sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+       if (so->so_sp == NULL) {
+               sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+               if (so->so_sp == NULL)
+                       so->so_sp = sp;
+               else
+                       pool_put(&sosplice_pool, sp);
+       }

       /* If no fd is given, unsplice by removing existing link. */
       if (fd < 0) {
@@ -1083,8 +1089,13 @@ sosplice(struct socket *so, int fd, off_
       if ((error = getsock(curproc, fd, &fp)) != 0)
               return (error);
       sosp = fp->f_data;
-       if (sosp->so_sp == NULL)
-               sosp->so_sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+       if (sosp->so_sp == NULL) {
+               sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+               if (sosp->so_sp == NULL)
+                       sosp->so_sp = sp;
+               else
+                       pool_put(&sosplice_pool, sp);
+       }

       /* Lock both receive and send buffer. */
       if ((error = sblock(&so->so_rcv,

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.