svn commit: r191366 - head/sys/kern
Maksim Yevmenkin
emax at FreeBSD.org
Tue Apr 21 19:14:14 UTC 2009
Author: emax
Date: Tue Apr 21 19:14:13 2009
New Revision: 191366
URL: http://svn.freebsd.org/changeset/base/191366
Log:
Fix sbappendrecord_locked().
The main problem is that sbappendrecord_locked() relies on sbcompress()
to set sb_mbtail. This will not happen if sbappendrecord_locked() is
called with mbuf chain made of exactly one mbuf (i.e. m0->m_next == NULL).
In this case sbcompress() will be called with m == NULL and will do
nothing. I'm not entirely sure if m == NULL is a valid argument for
sbcompress(), and, it rather pointless to call it like that, but keep
calling it so it can do SBLASTMBUFCHK().
The problem is triggered by the SOCKBUF_DEBUG kernel option that
enables SBLASTRECORDCHK() and SBLASTMBUFCHK() checks.
PR: kern/126742
Investigated by: pluknet < pluknet -at- gmail -dot- com >
No response from: freebsd-current@, freebsd-bluetooth@
MFC after: 3 days
Modified:
head/sys/kern/uipc_sockbuf.c
Modified: head/sys/kern/uipc_sockbuf.c
==============================================================================
--- head/sys/kern/uipc_sockbuf.c Tue Apr 21 19:06:47 2009 (r191365)
+++ head/sys/kern/uipc_sockbuf.c Tue Apr 21 19:14:13 2009 (r191366)
@@ -577,10 +577,6 @@ sbappendrecord_locked(struct sockbuf *sb
if (m0 == 0)
return;
- m = sb->sb_mb;
- if (m)
- while (m->m_nextpkt)
- m = m->m_nextpkt;
/*
* Put the first mbuf on the queue. Note this permits zero length
* records.
@@ -588,16 +584,14 @@ sbappendrecord_locked(struct sockbuf *sb
sballoc(sb, m0);
SBLASTRECORDCHK(sb);
SBLINKRECORD(sb, m0);
- if (m)
- m->m_nextpkt = m0;
- else
- sb->sb_mb = m0;
+ sb->sb_mbtail = m0;
m = m0->m_next;
m0->m_next = 0;
if (m && (m0->m_flags & M_EOR)) {
m0->m_flags &= ~M_EOR;
m->m_flags |= M_EOR;
}
+ /* always call sbcompress() so it can do SBLASTMBUFCHK() */
sbcompress(sb, m, m0);
}
More information about the svn-src-head
mailing list