From owner-freebsd-bluetooth@FreeBSD.ORG Sun Apr 19 23:05:56 2009 Return-Path: Delivered-To: freebsd-bluetooth@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44852106564A for ; Sun, 19 Apr 2009 23:05:56 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by mx1.freebsd.org (Postfix) with ESMTP id 00B118FC13 for ; Sun, 19 Apr 2009 23:05:55 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: by yx-out-2324.google.com with SMTP id 31so508432yxl.13 for ; Sun, 19 Apr 2009 16:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=C3AyIhSs5h0ly4QDs3rA2oWPXm3lbuUbxT2+z03snuo=; b=bvep7VrrWywo8IY3PX4rIualtvuw5xJ7L9TDM8RCDaD14jN+Rwbtrz7ZTiA/D9s5py aAfKpRdW+l2OobPZVgXlK9hs5oRVNoptXyl+H+RegiBDPlWVxhXLXDMfsq6dD/TQb/yx NnBEV/8g2f0Kgu7QKKoz+7mi954+dCfnYx/IU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=j8la9aD6L+hEh9wtb+5cY02nHuh7JtVg7RZ0p4xsN9bokMRrVA4f6u8Id3UsvlHn9P /Jt1X7kLu5QTv0pOcq0E5cKEq33lasJ6Bb6t2PAFVTpYHJJaQmLmHjlTE2zctVRLUzE4 8DxkkV8cHpK9+nYhvseq/N2wfr5PqrlK/5dsA= MIME-Version: 1.0 Received: by 10.90.120.14 with SMTP id s14mr5656926agc.69.1240182355260; Sun, 19 Apr 2009 16:05:55 -0700 (PDT) Date: Sun, 19 Apr 2009 16:05:55 -0700 Message-ID: From: Maksim Yevmenkin To: "freebsd-bluetooth@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: sb_mbtail is not set in sbappendrecord_locked() X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Apr 2009 23:05:57 -0000 hello, i'm fairly certain that sbappendrecord_locked() has bug in it. the bug is triggered by the kernel SOCKBUF_DEBUG option. the easiest way to trigger the bug is to 1) compile kernel with the SOCKBUF_DEBUG option enabled; 2) call sbappendrecord_locked() and try to append mbuf chain with exactly one mbuf (i.e. m0->m_next is NULL) to an empty sockbuf; there is a kern/126742 pr that basically shows the problem and stack traces. initial investigation was done by "pluknet" < pluknet -at- gmail -dot- com >, who confirmed the bug. see http://lists.freebsd.org/pipermail/freebsd-net/2008-August/019345.html for more details. i'm proposing the following patch. please review. == > svn diff Index: uipc_sockbuf.c =================================================================== --- uipc_sockbuf.c (revision 191012) +++ uipc_sockbuf.c (working copy) @@ -577,10 +577,6 @@ if (m0 == 0) return; - m = sb->sb_mb; - if (m) - while (m->m_nextpkt) - m = m->m_nextpkt; /* * Put the first mbuf on the queue. Note this permits zero length * records. @@ -588,17 +584,17 @@ sballoc(sb, m0); SBLASTRECORDCHK(sb); SBLINKRECORD(sb, m0); - if (m) - m->m_nextpkt = m0; - else - sb->sb_mb = m0; + sb->sb_mbtail = m0; m = m0->m_next; m0->m_next = 0; - if (m && (m0->m_flags & M_EOR)) { - m0->m_flags &= ~M_EOR; - m->m_flags |= M_EOR; + if (m != NULL) { + if (m0->m_flags & M_EOR) { + m0->m_flags &= ~M_EOR; + m->m_flags |= M_EOR; + } + + sbcompress(sb, m, m0); } - sbcompress(sb, m, m0); } /* == thanks, max