Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Feb 2015 13:41:36 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r279206 - head/sys/kern
Message-ID:  <201502231341.t1NDfaPh029088@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Mon Feb 23 13:41:35 2015
New Revision: 279206
URL: https://svnweb.freebsd.org/changeset/base/279206

Log:
  In some cases soreceive_dgram() can return no data, but has control
  message. This can happen when application is sending packets too big
  for the path MTU and recvmsg() will return zero (indicating no data)
  but there will be a cmsghdr with cmsg_type set to IPV6_PATHMTU.
  Remove KASSERT() which does NULL pointer dereference in such case.
  Also call m_freem() only when m isn't NULL.
  
  PR:		197882
  MFC after:	1 week
  Sponsored by:	Yandex LLC

Modified:
  head/sys/kern/uipc_socket.c

Modified: head/sys/kern/uipc_socket.c
==============================================================================
--- head/sys/kern/uipc_socket.c	Mon Feb 23 12:54:46 2015	(r279205)
+++ head/sys/kern/uipc_socket.c	Mon Feb 23 13:41:35 2015	(r279206)
@@ -2255,7 +2255,8 @@ soreceive_dgram(struct socket *so, struc
 	 * Process one or more MT_CONTROL mbufs present before any data mbufs
 	 * in the first mbuf chain on the socket buffer.  We call into the
 	 * protocol to perform externalization (or freeing if controlp ==
-	 * NULL).
+	 * NULL). In some cases there can be only MT_CONTROL mbufs without
+	 * MT_DATA mbufs.
 	 */
 	if (m->m_type == MT_CONTROL) {
 		struct mbuf *cm = NULL, *cmn;
@@ -2285,8 +2286,6 @@ soreceive_dgram(struct socket *so, struc
 			cm = cmn;
 		}
 	}
-	KASSERT(m->m_type == MT_DATA, ("soreceive_dgram: !data"));
-
 	while (m != NULL && uio->uio_resid > 0) {
 		len = uio->uio_resid;
 		if (len > m->m_len)
@@ -2303,9 +2302,10 @@ soreceive_dgram(struct socket *so, struc
 			m->m_len -= len;
 		}
 	}
-	if (m != NULL)
+	if (m != NULL) {
 		flags |= MSG_TRUNC;
-	m_freem(m);
+		m_freem(m);
+	}
 	if (flagsp != NULL)
 		*flagsp |= flags;
 	return (0);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502231341.t1NDfaPh029088>