Date: Tue, 12 May 2026 20:06:09 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a6c4fe2d1a38 - main - if_vxlan: Update *m0 after a pullup Message-ID: <6a038831.217ee.3920506b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=a6c4fe2d1a38885914b1c3e85508b965ccdb7874 commit a6c4fe2d1a38885914b1c3e85508b965ccdb7874 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2026-05-12 17:50:15 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2026-05-12 20:05:19 +0000 if_vxlan: Update *m0 after a pullup vxlan_input()'s caller is supposed to free *m0 if it is non-NULL after the function returns. vxlan_input() failed to update *m0 after the pullup however, so if it hits an error case after the pullup, we'll free the mbuf twice. Currently this can happen only if the interface is brought down or due to a packet loop. Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai Reviewed by: pouria, zlei MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56944 --- sys/net/if_vxlan.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index 3d51c3c421ff..da219217480f 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -2876,8 +2876,7 @@ vxlan_input(struct vxlan_socket *vso, uint32_t vni, struct mbuf **m0, ifp = sc->vxl_ifp; if (m->m_len < ETHER_HDR_LEN && - (m = m_pullup(m, ETHER_HDR_LEN)) == NULL) { - *m0 = NULL; + (m = *m0 = m_pullup(m, ETHER_HDR_LEN)) == NULL) { error = ENOBUFS; goto out; }home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a038831.217ee.3920506b>