Re: svn commit: r279206 - head/sys/kern

Mon, 23 Feb 2015 06:43:56 -0800 

On Mon, Feb 23, 2015 at 01:41:36PM +0000, Andrey V. Elsukov wrote:
> Author: ae
> Date: Mon Feb 23 13:41:35 2015
> New Revision: 279206
> URL: https://svnweb.freebsd.org/changeset/base/279206
> 
> Log:
>   In some cases soreceive_dgram() can return no data, but has control
>   message. This can happen when application is sending packets too big
>   for the path MTU and recvmsg() will return zero (indicating no data)
>   but there will be a cmsghdr with cmsg_type set to IPV6_PATHMTU.
>   Remove KASSERT() which does NULL pointer dereference in such case.
>   Also call m_freem() only when m isn't NULL.
>   
>   PR:         197882
>   MFC after:  1 week
>   Sponsored by:       Yandex LLC
> 
> Modified:
>   head/sys/kern/uipc_socket.c
> 
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c       Mon Feb 23 12:54:46 2015        
> (r279205)
> +++ head/sys/kern/uipc_socket.c       Mon Feb 23 13:41:35 2015        
> (r279206)
> @@ -2255,7 +2255,8 @@ soreceive_dgram(struct socket *so, struc
>        * Process one or more MT_CONTROL mbufs present before any data mbufs
>        * in the first mbuf chain on the socket buffer.  We call into the
>        * protocol to perform externalization (or freeing if controlp ==
> -      * NULL).
> +      * NULL). In some cases there can be only MT_CONTROL mbufs without
> +      * MT_DATA mbufs.
>        */
>       if (m->m_type == MT_CONTROL) {
>               struct mbuf *cm = NULL, *cmn;
> @@ -2285,8 +2286,6 @@ soreceive_dgram(struct socket *so, struc
>                       cm = cmn;
>               }
>       }
> -     KASSERT(m->m_type == MT_DATA, ("soreceive_dgram: !data"));
> -
Should this be changed to m == NULL || m->m_type == MT_DATA ?

>       while (m != NULL && uio->uio_resid > 0) {
>               len = uio->uio_resid;
>               if (len > m->m_len)
> @@ -2303,9 +2302,10 @@ soreceive_dgram(struct socket *so, struc
>                       m->m_len -= len;
>               }
>       }
> -     if (m != NULL)
> +     if (m != NULL) {
>               flags |= MSG_TRUNC;
> -     m_freem(m);
> +             m_freem(m);
> +     }
>       if (flagsp != NULL)
>               *flagsp |= flags;
>       return (0);
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to