svn commit: r306337 - head/sys/kern
lohith bellad
lohithbsd at gmail.com
Tue Sep 27 07:13:58 UTC 2016
Hi Bruce and Hiren,
This is regarding the following commit, which led to kernel panic!!!
https://svnweb.freebsd.org/base?view=revision&revision=306337
Discussion thread regarding the kernel panic,
https://lists.freebsd.org/pipermail/svn-src-head/2016-September/092110.html
Thanks a lot for the input and sorry for the trouble created.
Modified diff:
Since its not possible to check and free the control mbuf correclty in
sendit() routine.
We can clear the control mbuf in kern_sendit() routine after checking
correctly.
Here is the diff,
Index: sys/kern/uipc_syscalls.c
===================================================================
--- sys/kern/uipc_syscalls.c (revision 305955)
+++ sys/kern/uipc_syscalls.c (working copy)
@@ -809,6 +809,9 @@
}
if (error == 0)
td->td_retval[0] = len - auio.uio_resid;
+
+ /* call to sosend would have cleared control */
+ control = NULL;
#ifdef KTRACE
if (ktruio != NULL) {
ktruio->uio_resid = td->td_retval[0];
@@ -816,6 +819,8 @@
}
#endif
bad:
+ if (control != NULL)
+ m_freem(control);
fdrop(fp, td);
return (error);
}
Since, we know for sure sosend() routine will consume the control mbuf
if its present else it will clear the mbuf. So, making control = NULL,
after the call to sosend() will prevent double freeing of control mbuf.
If there are any errors before call to sosend() in kern_sendit(), for
example EBADF (Bad File Descriptor) then we will fall to "bad:" and if
control != NULL, we will clear the mbuf. This way mbuf leak for EBADF
is also prevented.
If this looks good. Can we commit this.
Cheers,
Lohith
More information about the svn-src-head
mailing list