aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sys/kern/uipc_socket.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 67f8a53c81bf..d67194e74273 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1565,8 +1565,9 @@ restart:
m = so->so_rcv.sb_mb;
goto dontblock;
}
- if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
- (so->so_proto->pr_flags & PR_CONNREQUIRED)) {
+ if ((so->so_state & (SS_ISCONNECTING | SS_ISCONNECTED |
+ SS_ISDISCONNECTING | SS_ISDISCONNECTED)) == 0 &&
+ (so->so_proto->pr_flags & PR_CONNREQUIRED) != 0) {
SOCKBUF_UNLOCK(&so->so_rcv);
error = ENOTCONN;
goto release;
@@ -3516,8 +3517,17 @@ soisdisconnected(struct socket *so)
* SOCKBUF_LOCK(&so->so_rcv) are the same.
*/
SOCKBUF_LOCK(&so->so_rcv);
- so->so_state &= ~(SS_ISCONNECTING|SS_ISCONNECTED|SS_ISDISCONNECTING);
+
+ /*
+ * There is at least one reader of so_state that does not
+ * acquire socket lock, namely soreceive_generic(). Ensure
+ * that it never sees all flags that track connection status
+ * cleared, by ordering the update with a barrier semantic of
+ * our release thread fence.
+ */
so->so_state |= SS_ISDISCONNECTED;
+ atomic_thread_fence_rel();
+ so->so_state &= ~(SS_ISCONNECTING|SS_ISCONNECTED|SS_ISDISCONNECTING);
socantrcvmore_locked(so);
SOCKBUF_LOCK(&so->so_snd);
sbdrop_locked(&so->so_snd, sbused(&so->so_snd));