From ead8ac8972e77b9df22d07e75c7bbecd74deceb1 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Fri, 18 Feb 2022 00:19:08 +0200
Subject: Kernel: Lock socket Mutex when servicing IPv4Socket ioctls

This prevents a kernel panic found in CI when m_receive_queue's size is
queried and found to be non-zero, then a different thread clears the
queue, and finally the first thread continues into the if block and
calls the queue's first() method, which then fails an assertion that
the queue's size is non-zero.
---
 Kernel/Net/IPv4Socket.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Kernel/Net')

diff --git a/Kernel/Net/IPv4Socket.cpp b/Kernel/Net/IPv4Socket.cpp
index 9d7342659a..4204ae8f6c 100644
--- a/Kernel/Net/IPv4Socket.cpp
+++ b/Kernel/Net/IPv4Socket.cpp
@@ -609,6 +609,8 @@ ErrorOr<void> IPv4Socket::ioctl(OpenFileDescription&, unsigned request, Userspac
 {
     TRY(Process::current().require_promise(Pledge::inet));
 
+    MutexLocker locker(mutex());
+
     auto ioctl_route = [request, arg]() -> ErrorOr<void> {
         auto user_route = static_ptr_cast<rtentry*>(arg);
         rtentry route;
-- 
cgit v1.2.3