[Bug 220358] panic in tcp_lro_flush_all
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jul 4 18:23:54 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358
--- Comment #22 from commit-hook at freebsd.org ---
A commit references this bug:
Author: hselasky
Date: Tue Jul 4 18:23:18 UTC 2017
New revision: 320652
URL: https://svnweb.freebsd.org/changeset/base/320652
Log:
After r319722 two fields were left uninitialized when transforming a
socket structure into a listening socket. This resulted in an invalid
instruction fault for all 32-bit platforms.
When INVARIANTS is set the union where the two uninitialized fields
reside gets properly zeroed. This patch ensures the two uninitialized
fields are zeroed when INVARIANTS is undefined.
For 64-bit platforms this issue was not visible because so->sol_upcall
which is uninitialized overlaps with so->so_rcv.sb_state which is
already zero during soalloc();
For 32-bit platforms this issue was visible and resulted in an invalid
instruction fault, because so->sol_upcall overlaps with
so->so_rcv.sb_sel which is always initialized to a valid data pointer
during soalloc().
Verifying the offset locations mentioned above are identical is left
as an exercise to the reader.
PR: 220452
PR: 220358
Reviewed by: ae (network), gallatin
Differential Revision: https://reviews.freebsd.org/D11475
Sponsored by: Mellanox Technologies
Changes:
head/sys/kern/uipc_socket.c
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list