Page MenuHomeFreeBSD
Differential D24333

sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
ClosedPublic
Actions

Authored by markj on Apr 7 2020, 9:53 PM.
Tags
None
Referenced Files
F135878897: D24333.id70321.diff
Thu, Nov 13, 7:23 PM
F135878665: D24333.id.diff
Thu, Nov 13, 7:19 PM
F135852651: D24333.id70321.diff
Thu, Nov 13, 1:14 PM
Unknown Object (File)
Fri, Nov 7, 4:20 PM
Unknown Object (File)
Thu, Oct 23, 11:03 AM
Unknown Object (File)
Thu, Oct 23, 2:28 AM
Unknown Object (File)
Thu, Oct 23, 2:28 AM
Unknown Object (File)
Thu, Oct 23, 2:28 AM
View All 94 Files
Subscribers
imp

Details

Reviewers
glebius
Commits
rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
Summary

If LOCAL_CREDS is set on a unix socket and we use sendfile, sendfile
will call uipc_send(PRUS_NOTREADY), which prepends a control message to
M_NOTREADY mbufs. uipc_send() then calls sbappendcontrol() instead of
sbappend(), and sbappendcontrol() was clearing M_NOTREADY, leading to
nasty results.

Test Plan

Ran a simple test case that previously triggers this bug and causes a kernel
panic due to an mbuf double free.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 7 2020, 9:53 PM
Harbormaster completed remote builds in B30349: Diff 70321.Apr 7 2020, 9:53 PM
markj edited the test plan for this revision. (Show Details)Apr 7 2020, 9:56 PM
markj added a reviewer: glebius.
This revision was not accepted when it landed; it landed in state Needs Review.Apr 10 2020, 8:42 PM
Closed by commit rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs. (authored by markj). · Explain Why
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs..
Herald added a subscriber: imp. · View Herald TranscriptApr 10 2020, 8:42 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
9 lines
2 lines
sys/
4 lines

Diff 70416

View Options

head/sys/kern/uipc_sockbuf.c

Loading...
View Options

head/sys/kern/uipc_usrreq.c

Loading...
View Options

head/sys/sys/sockbuf.h

Loading...