untrusted comment: signature from openbsd 6.1 base secret key
RWQEQa33SgQSEjYjXn46hCSef4gnL7ZdXsro9TyScj+5d0azVJ1/bPQ8aR6tGWGCtIPsQN9r8P1Zw3bsXN13fyGXxLWnFf0LnAg=

OpenBSD 6.1 errata 024, August 3, 2017:

A race condition in sosplice() may result in a kernel memory leak.

Apply by doing:
   signify -Vep /etc/signify/openbsd-61-base.pub -x 024_sosplice.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install a new kernel:
   KK=`sysctl -n kern.osversion | cut -d# -f1`
   cd /usr/src/sys/arch/`machine`/compile/$KK
   make obj
   make config
   make
   make install

Index: sys/kern/uipc_socket.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
--- sys/kern/uipc_socket.c      20 Jul 2017 08:23:43 -0000      1.195
+++ sys/kern/uipc_socket.c      20 Jul 2017 09:49:45 -0000      1.196
@@ -1069,6 +1069,7 @@ sosplice(struct socket *so, int fd, off_
{
       struct file     *fp;
       struct socket   *sosp;
+       struct sosplice *sp;
       int              s, error = 0;

       if (sosplice_taskq == NULL)
@@ -1083,8 +1084,13 @@ sosplice(struct socket *so, int fd, off_
       if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
           (so->so_proto->pr_flags & PR_CONNREQUIRED))
               return (ENOTCONN);
-       if (so->so_sp == NULL)
-               so->so_sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+       if (so->so_sp == NULL) {
+               sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+               if (so->so_sp == NULL)
+                       so->so_sp = sp;
+               else
+                       pool_put(&sosplice_pool, sp);
+       }

       /* If no fd is given, unsplice by removing existing link. */
       if (fd < 0) {
@@ -1110,8 +1116,13 @@ sosplice(struct socket *so, int fd, off_
       if ((error = getsock(curproc, fd, &fp)) != 0)
               return (error);
       sosp = fp->f_data;
-       if (sosp->so_sp == NULL)
-               sosp->so_sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+       if (sosp->so_sp == NULL) {
+               sp = pool_get(&sosplice_pool, PR_WAITOK | PR_ZERO);
+               if (sosp->so_sp == NULL)
+                       sosp->so_sp = sp;
+               else
+                       pool_put(&sosplice_pool, sp);
+       }

       /* Lock both receive and send buffer. */
       if ((error = sblock(&so->so_rcv,

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.