From d89d5c74d0be7910649d3708557c85d59e864c53 Mon Sep 17 00:00:00 2001
From: mpi <mpi@openbsd.org>
Date: Tue, 2 Jan 2018 12:54:07 +0000
Subject: [PATCH] Do not memset() the whole structure in sorflush() to keep
 `sb_flagsintr' untouched.

ok bluhm@, visa@
---
 sys/kern/uipc_socket.c | 10 +++-------
 sys/sys/socketvar.h    | 12 ++++++++----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 64c0c65ca93..494b057624c 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_socket.c,v 1.212 2017/12/19 09:29:37 mpi Exp $	*/
+/*	$OpenBSD: uipc_socket.c,v 1.213 2018/01/02 12:54:07 mpi Exp $	*/
 /*	$NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $	*/
 
 /*
@@ -1052,12 +1052,8 @@ sorflush(struct socket *so)
 	sbunlock(so, sb);
 	aso.so_proto = pr;
 	aso.so_rcv = *sb;
-	memset(sb, 0, sizeof (*sb));
-	/* XXX - the memset stomps all over so_rcv */
-	if (aso.so_rcv.sb_flagsintr & SB_KNOTE) {
-		sb->sb_sel.si_note = aso.so_rcv.sb_sel.si_note;
-		sb->sb_flagsintr = SB_KNOTE;
-	}
+	memset(&sb->sb_startzero, 0,
+	     (caddr_t)&sb->sb_endzero - (caddr_t)&sb->sb_startzero);
 	if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose)
 		(*pr->pr_domain->dom_dispose)(aso.so_rcv.sb_mb);
 	sbrelease(&aso, &aso.so_rcv);
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index a54fcdcc231..00c344ffc66 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: socketvar.h,v 1.80 2017/12/18 10:07:55 mpi Exp $	*/
+/*	$OpenBSD: socketvar.h,v 1.81 2018/01/02 12:54:07 mpi Exp $	*/
 /*	$NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $	*/
 
 /*-
@@ -98,6 +98,8 @@ struct socket {
  * Variables for socket buffering.
  */
 	struct	sockbuf {
+/* The following fields are all zeroed on flush. */
+#define	sb_startzero	sb_cc
 		u_long	sb_cc;		/* actual chars in buffer */
 		u_long	sb_datacc;	/* data only chars in buffer */
 		u_long	sb_hiwat;	/* max actual char count */
@@ -109,10 +111,12 @@ struct socket {
 		struct mbuf *sb_mbtail;	/* the last mbuf in the chain */
 		struct mbuf *sb_lastrecord;/* first mbuf of last record in
 					      socket buffer */
-		struct	selinfo sb_sel;	/* process selecting read/write */
-		int	sb_flagsintr;	/* flags, changed during interrupt */
-		short	sb_flags;	/* flags, see below */
 		u_short	sb_timeo;	/* timeout for read/write */
+		short	sb_flags;	/* flags, see below */
+/* End area that is zeroed on flush. */
+#define	sb_endzero	sb_flags
+		int	sb_flagsintr;	/* flags, changed atomically */
+		struct	selinfo sb_sel;	/* process selecting read/write */
 	} so_rcv, so_snd;
 #define	SB_MAX		(2*1024*1024)	/* default for max chars in sockbuf */
 #define	SB_LOCK		0x01		/* lock on data queue */
-- 
2.20.1