Module Name: src Committed By: martin Date: Thu May 3 15:02:30 UTC 2018
Modified Files: src/sys/kern [netbsd-6-0]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1547): sys/kern/uipc_mbuf.c: revision 1.211 (via patch) Modify m_defrag, so that it never frees the first mbuf of the chain. While here use the given 'flags' argument, and not M_DONTWAIT. We have a problem with several drivers: they poll an mbuf chain from their queues and call m_defrag on them, but m_defrag could update the mbuf pointer, so the mbuf in the queue is no longer valid. It is not easy to fix each driver, because doing pop+push will reorder the queue, and we don't really want that to happen. This problem was independently spotted by me, Kengo, Masanobu, and other people too it seems (perhaps PR/53218). Now m_defrag leaves the first mbuf in place, and compresses the chain only starting from the second mbuf in the chain. It is important not to compress the first mbuf with hacks, because the storage of this first mbuf may be shared with other mbufs. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.145.6.1 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.145 src/sys/kern/uipc_mbuf.c:1.145.6.1 --- src/sys/kern/uipc_mbuf.c:1.145 Fri Feb 10 17:35:47 2012 +++ src/sys/kern/uipc_mbuf.c Thu May 3 15:02:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.145.6.1 2018/05/03 15:02:30 martin Exp $ */ /*- * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.6.1 2018/05/03 15:02:30 martin Exp $"); #include "opt_mbuftrace.h" #include "opt_nmbclusters.h" @@ -1252,30 +1252,35 @@ m_makewritable(struct mbuf **mp, int off } /* - * Copy the mbuf chain to a new mbuf chain that is as short as possible. - * Return the new mbuf chain on success, NULL on failure. On success, - * free the old mbuf chain. + * Compress the mbuf chain. Return the new mbuf chain on success, NULL on + * failure. The first mbuf is preserved, and on success the pointer returned + * is the same as the one passed. */ struct mbuf * m_defrag(struct mbuf *mold, int flags) { struct mbuf *m0, *mn, *n; - size_t sz = mold->m_pkthdr.len; + int sz; #ifdef DIAGNOSTIC if ((mold->m_flags & M_PKTHDR) == 0) panic("m_defrag: not a mbuf chain header"); #endif - MGETHDR(m0, flags, MT_DATA); + if (mold->m_next == NULL) + return mold; + + m0 = m_get(flags, MT_DATA); if (m0 == NULL) return NULL; - M_COPY_PKTHDR(m0, mold); mn = m0; + sz = mold->m_pkthdr.len - mold->m_len; + KASSERT(sz >= 0); + do { - if (sz > MHLEN) { - MCLGET(mn, M_DONTWAIT); + if (sz > MLEN) { + MCLGET(mn, flags); if ((mn->m_flags & M_EXT) == 0) { m_freem(m0); return NULL; @@ -1291,7 +1296,7 @@ m_defrag(struct mbuf *mold, int flags) if (sz > 0) { /* need more mbufs */ - MGET(n, M_NOWAIT, MT_DATA); + n = m_get(flags, MT_DATA); if (n == NULL) { m_freem(m0); return NULL; @@ -1302,9 +1307,10 @@ m_defrag(struct mbuf *mold, int flags) } } while (sz > 0); - m_freem(mold); + m_freem(mold->m_next); + mold->m_next = m0; - return m0; + return mold; } int