Page MenuHomeFreeBSD
Differential D24333

sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
ClosedPublic
Actions

Authored by markj on Apr 7 2020, 9:53 PM.
Tags
None
Referenced Files
F154005541: D24333.id.diff
Sat, Apr 25, 9:56 AM
Unknown Object (File)
Tue, Apr 21, 9:31 AM
Unknown Object (File)
Tue, Apr 21, 2:33 AM
Unknown Object (File)
Mon, Apr 20, 8:23 AM
Unknown Object (File)
Sat, Apr 18, 11:44 AM
Unknown Object (File)
Fri, Apr 17, 10:00 PM
Unknown Object (File)
Mon, Apr 13, 10:40 AM
Unknown Object (File)
Mon, Apr 6, 12:37 PM
View All Files
Subscribers
imp

Details

Reviewers
glebius
Commits
rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
Summary

If LOCAL_CREDS is set on a unix socket and we use sendfile, sendfile
will call uipc_send(PRUS_NOTREADY), which prepends a control message to
M_NOTREADY mbufs. uipc_send() then calls sbappendcontrol() instead of
sbappend(), and sbappendcontrol() was clearing M_NOTREADY, leading to
nasty results.

Test Plan

Ran a simple test case that previously triggers this bug and causes a kernel
panic due to an mbuf double free.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 7 2020, 9:53 PM
Harbormaster completed remote builds in B30349: Diff 70321.Apr 7 2020, 9:53 PM
markj edited the test plan for this revision. (Show Details)Apr 7 2020, 9:56 PM
markj added a reviewer: glebius.
This revision was not accepted when it landed; it landed in state Needs Review.Apr 10 2020, 8:42 PM
Closed by commit rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs. (authored by markj). · Explain Why
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS359779: sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs..
Herald added a subscriber: imp. · View Herald TranscriptApr 10 2020, 8:42 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
9 lines
2 lines
sys/
4 lines

Diff 70416

View Options

head/sys/kern/uipc_sockbuf.c

Loading...
View Options

head/sys/kern/uipc_usrreq.c

Loading...
View Options

head/sys/sys/sockbuf.h

Loading...