X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..ca66cea69e6e866fd781ae2260d9474bdd48f2ca:/bsd/netinet/tcp_input.c

diff --git a/bsd/netinet/tcp_input.c b/bsd/netinet/tcp_input.c
index 39a5fc252..59dd0cb78 100644
--- a/bsd/netinet/tcp_input.c
+++ b/bsd/netinet/tcp_input.c
@@ -1794,7 +1794,6 @@ findpcb:
 				tp->ecn_flags &= ~TE_SENDIPECT;
 			}
 			
-			soisconnected(so);
 #if CONFIG_MACF_NET && CONFIG_MACF_SOCKET
 			/* XXXMAC: recursive lock: SOCK_LOCK(so); */
 			mac_socketpeer_label_associate_mbuf(m, so);
@@ -1835,6 +1834,10 @@ findpcb:
 				tp->t_state = TCPS_ESTABLISHED;
 				tp->t_timer[TCPT_KEEP] = TCP_KEEPIDLE(tp);
 			}
+			/* soisconnected may lead to socket_unlock in case of upcalls,
+			 * make sure this is done when everything is setup.
+			 */
+			soisconnected(so);
 		} else {
 		/*
 		 *  Received initial SYN in SYN-SENT[*] state => simul-
@@ -2223,7 +2226,6 @@ trimthenstep6:
 	case TCPS_SYN_RECEIVED:
 
 		tcpstat.tcps_connects++;
-		soisconnected(so);
 
 		/* Do window scaling? */
 		if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) ==
@@ -2252,8 +2254,14 @@ trimthenstep6:
 			(void) tcp_reass(tp, (struct tcphdr *)0, &tlen,
 			    (struct mbuf *)0);
 		tp->snd_wl1 = th->th_seq - 1;
+
 		/* FALLTHROUGH */
 
+		/* soisconnected may lead to socket_unlock in case of upcalls,
+		 * make sure this is done when everything is setup.
+		 */
+		soisconnected(so);
+
 	/*
 	 * In ESTABLISHED state: drop duplicate ACKs; ACK out of range
 	 * ACKs.  If the ack is in the range
@@ -2577,7 +2585,6 @@ process_ACK:
 			tp->snd_wnd -= acked;
 			ourfinisacked = 0;
 		}
-		sowwakeup(so);
 		/* detect una wraparound */
 		if ((tcp_do_newreno || tp->sack_enable) &&
 		    !IN_FASTRECOVERY(tp) &&
@@ -2595,6 +2602,12 @@ process_ACK:
 		}
 		if (SEQ_LT(tp->snd_nxt, tp->snd_una))
 			tp->snd_nxt = tp->snd_una;
+			
+		/*
+		 * sowwakeup must happen after snd_una, et al. are updated so that
+		 * the sequence numbers are in sync with so_snd
+		 */
+		sowwakeup(so);
 
 		switch (tp->t_state) {
 
@@ -2613,9 +2626,9 @@ process_ACK:
 				 * we'll hang forever.
 				 */
 				if (so->so_state & SS_CANTRCVMORE) {
-					soisdisconnected(so);
 					tp->t_timer[TCPT_2MSL] = tcp_maxidle;
 					add_to_time_wait(tp);
+					soisdisconnected(so);
 				}
 				tp->t_state = TCPS_FIN_WAIT_2;
 				goto drop;
@@ -3538,6 +3551,9 @@ tcp_mss(tp, offer)
 		tp->snd_ssthresh = max(2 * mss, rt->rt_rmx.rmx_ssthresh);
 		tcpstat.tcps_usedssthresh++;
 	}
+	else
+		tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT;
+
 	lck_mtx_unlock(rt_mtx);
 }