Date: Mon, 23 Feb 2015 16:41:22 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r279206 - head/sys/kern Message-ID: <20150223144122.GP74514@kib.kiev.ua> In-Reply-To: <201502231341.t1NDfaPh029088@svn.freebsd.org> References: <201502231341.t1NDfaPh029088@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 23, 2015 at 01:41:36PM +0000, Andrey V. Elsukov wrote: > Author: ae > Date: Mon Feb 23 13:41:35 2015 > New Revision: 279206 > URL: https://svnweb.freebsd.org/changeset/base/279206 > > Log: > In some cases soreceive_dgram() can return no data, but has control > message. This can happen when application is sending packets too big > for the path MTU and recvmsg() will return zero (indicating no data) > but there will be a cmsghdr with cmsg_type set to IPV6_PATHMTU. > Remove KASSERT() which does NULL pointer dereference in such case. > Also call m_freem() only when m isn't NULL. > > PR: 197882 > MFC after: 1 week > Sponsored by: Yandex LLC > > Modified: > head/sys/kern/uipc_socket.c > > Modified: head/sys/kern/uipc_socket.c > ============================================================================== > --- head/sys/kern/uipc_socket.c Mon Feb 23 12:54:46 2015 (r279205) > +++ head/sys/kern/uipc_socket.c Mon Feb 23 13:41:35 2015 (r279206) > @@ -2255,7 +2255,8 @@ soreceive_dgram(struct socket *so, struc > * Process one or more MT_CONTROL mbufs present before any data mbufs > * in the first mbuf chain on the socket buffer. We call into the > * protocol to perform externalization (or freeing if controlp == > - * NULL). > + * NULL). In some cases there can be only MT_CONTROL mbufs without > + * MT_DATA mbufs. > */ > if (m->m_type == MT_CONTROL) { > struct mbuf *cm = NULL, *cmn; > @@ -2285,8 +2286,6 @@ soreceive_dgram(struct socket *so, struc > cm = cmn; > } > } > - KASSERT(m->m_type == MT_DATA, ("soreceive_dgram: !data")); > - Should this be changed to m == NULL || m->m_type == MT_DATA ? > while (m != NULL && uio->uio_resid > 0) { > len = uio->uio_resid; > if (len > m->m_len) > @@ -2303,9 +2302,10 @@ soreceive_dgram(struct socket *so, struc > m->m_len -= len; > } > } > - if (m != NULL) > + if (m != NULL) { > flags |= MSG_TRUNC; > - m_freem(m); > + m_freem(m); > + } > if (flagsp != NULL) > *flagsp |= flags; > return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150223144122.GP74514>