Page MenuHomeFreeBSD

sbappendcontrol() needs to avoid clearing M_NOTREADY on data mbufs.
ClosedPublic

Authored by markj on Apr 7 2020, 9:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 9, 6:38 AM
Unknown Object (File)
Oct 7 2024, 5:19 PM
Unknown Object (File)
Oct 1 2024, 7:22 PM
Unknown Object (File)
Sep 29 2024, 7:32 PM
Unknown Object (File)
Sep 21 2024, 11:13 AM
Unknown Object (File)
Sep 18 2024, 6:35 AM
Unknown Object (File)
Sep 17 2024, 9:31 PM
Unknown Object (File)
Sep 10 2024, 12:49 AM
Subscribers

Details

Summary

If LOCAL_CREDS is set on a unix socket and we use sendfile, sendfile
will call uipc_send(PRUS_NOTREADY), which prepends a control message to
M_NOTREADY mbufs. uipc_send() then calls sbappendcontrol() instead of
sbappend(), and sbappendcontrol() was clearing M_NOTREADY, leading to
nasty results.

Test Plan

Ran a simple test case that previously triggers this bug and causes a kernel
panic due to an mbuf double free.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj added a reviewer: glebius.
This revision was not accepted when it landed; it landed in state Needs Review.Apr 10 2020, 8:42 PM
This revision was automatically updated to reflect the committed changes.