From: Alexander Bluhm <bluhm@openbsd.org>
Subject: somove send buffer
To: tech@openbsd.org
Date: Sun, 14 Jul 2024 10:12:48 +0200

Hi,

When I looked through somove() which buffer has to be locked, I
found that the wrong socket is used in one place.

Variable so is the source socket and sosp is the drain.

If we have a large mbuf in the source socket buffer that does not
fit into the drain buffer, we split the mbuf.  But if the drain
buffer still has some data in it, stop moving data and try again
later.  This skips a potentially expensive mbuf operation.

As this is a performance optimization for a special corner case,
noone noticed the bug.

ok?

bluhm

Index: kern/uipc_socket.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/uipc_socket.c,v
diff -u -p -r1.337 uipc_socket.c
--- kern/uipc_socket.c	12 Jul 2024 17:20:18 -0000	1.337
+++ kern/uipc_socket.c	13 Jul 2024 15:08:25 -0000
@@ -1690,7 +1690,7 @@ somove(struct socket *so, int wait)
 			 * Move only a partial mbuf at maximum splice length or
 			 * if the drain buffer is too small for this large mbuf.
 			 */
-			if (!maxreached && so->so_snd.sb_datacc > 0) {
+			if (!maxreached && sosp->so_snd.sb_datacc > 0) {
 				len -= size;
 				break;
 			}