svn commit: r279206 - head/sys/kern
Konstantin Belousov
kostikbel at gmail.com
Mon Feb 23 14:41:29 UTC 2015
On Mon, Feb 23, 2015 at 01:41:36PM +0000, Andrey V. Elsukov wrote:
> Author: ae
> Date: Mon Feb 23 13:41:35 2015
> New Revision: 279206
> URL: https://svnweb.freebsd.org/changeset/base/279206
>
> Log:
> In some cases soreceive_dgram() can return no data, but has control
> message. This can happen when application is sending packets too big
> for the path MTU and recvmsg() will return zero (indicating no data)
> but there will be a cmsghdr with cmsg_type set to IPV6_PATHMTU.
> Remove KASSERT() which does NULL pointer dereference in such case.
> Also call m_freem() only when m isn't NULL.
>
> PR: 197882
> MFC after: 1 week
> Sponsored by: Yandex LLC
>
> Modified:
> head/sys/kern/uipc_socket.c
>
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c Mon Feb 23 12:54:46 2015 (r279205)
> +++ head/sys/kern/uipc_socket.c Mon Feb 23 13:41:35 2015 (r279206)
> @@ -2255,7 +2255,8 @@ soreceive_dgram(struct socket *so, struc
> * Process one or more MT_CONTROL mbufs present before any data mbufs
> * in the first mbuf chain on the socket buffer. We call into the
> * protocol to perform externalization (or freeing if controlp ==
> - * NULL).
> + * NULL). In some cases there can be only MT_CONTROL mbufs without
> + * MT_DATA mbufs.
> */
> if (m->m_type == MT_CONTROL) {
> struct mbuf *cm = NULL, *cmn;
> @@ -2285,8 +2286,6 @@ soreceive_dgram(struct socket *so, struc
> cm = cmn;
> }
> }
> - KASSERT(m->m_type == MT_DATA, ("soreceive_dgram: !data"));
> -
Should this be changed to m == NULL || m->m_type == MT_DATA ?
> while (m != NULL && uio->uio_resid > 0) {
> len = uio->uio_resid;
> if (len > m->m_len)
> @@ -2303,9 +2302,10 @@ soreceive_dgram(struct socket *so, struc
> m->m_len -= len;
> }
> }
> - if (m != NULL)
> + if (m != NULL) {
> flags |= MSG_TRUNC;
> - m_freem(m);
> + m_freem(m);
> + }
> if (flagsp != NULL)
> *flagsp |= flags;
> return (0);
More information about the svn-src-all
mailing list