Page MenuHomeFreeBSD
Differential D24333

sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
ClosedPublic
Actions

Authored by markj on Apr 7 2020, 9:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 10, 12:49 AM
Unknown Object (File)
Mon, Sep 9, 10:21 AM
Unknown Object (File)
Mon, Sep 9, 5:30 AM
Unknown Object (File)
Fri, Sep 6, 5:23 AM
Unknown Object (File)
Fri, Aug 23, 6:00 PM
Unknown Object (File)
Sun, Aug 18, 2:23 AM
Unknown Object (File)
Wed, Aug 14, 4:39 PM
Unknown Object (File)
Aug 5 2024, 12:35 PM
View All 44 Files
Subscribers
imp

Details

Reviewers
glebius
Commits
rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
Summary

If LOCAL_CREDS is set on a unix socket and we use sendfile, sendfile
will call uipc_send(PRUS_NOTREADY), which prepends a control message to
M_NOTREADY mbufs. uipc_send() then calls sbappendcontrol() instead of
sbappend(), and sbappendcontrol() was clearing M_NOTREADY, leading to
nasty results.

Test Plan

Ran a simple test case that previously triggers this bug and causes a kernel
panic due to an mbuf double free.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 7 2020, 9:53 PM
Harbormaster completed remote builds in B30349: Diff 70321.Apr 7 2020, 9:53 PM
markj edited the test plan for this revision. (Show Details)Apr 7 2020, 9:56 PM
markj added a reviewer: glebius.
This revision was not accepted when it landed; it landed in state Needs Review.Apr 10 2020, 8:42 PM
Closed by commit rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs. (authored by markj). · Explain Why
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs..
Herald added a subscriber: imp. · View Herald TranscriptApr 10 2020, 8:42 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
9 lines
2 lines
sys/
4 lines

Diff 70416

View Options

head/sys/kern/uipc_sockbuf.c

Loading...
View Options

head/sys/kern/uipc_usrreq.c

Loading...
View Options

head/sys/sys/sockbuf.h

Loading...