From owner-svn-src-stable@FreeBSD.ORG Mon May 4 20:48:07 2009 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C420D106564A; Mon, 4 May 2009 20:48:07 +0000 (UTC) (envelope-from emax@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B18308FC0C; Mon, 4 May 2009 20:48:07 +0000 (UTC) (envelope-from emax@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n44Km7vd056704; Mon, 4 May 2009 20:48:07 GMT (envelope-from emax@svn.freebsd.org) Received: (from emax@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n44Km7tA056703; Mon, 4 May 2009 20:48:07 GMT (envelope-from emax@svn.freebsd.org) Message-Id: <200905042048.n44Km7tA056703@svn.freebsd.org> From: Maksim Yevmenkin Date: Mon, 4 May 2009 20:48:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r191796 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb kern X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 May 2009 20:48:08 -0000 Author: emax Date: Mon May 4 20:48:07 2009 New Revision: 191796 URL: http://svn.freebsd.org/changeset/base/191796 Log: MFC r191366 Fix sbappendrecord_locked(). The main problem is that sbappendrecord_locked() relies on sbcompress() to set sb_mbtail. This will not happen if sbappendrecord_locked() is called with mbuf chain made of exactly one mbuf (i.e. m0->m_next == NULL). In this case sbcompress() will be called with m == NULL and will do nothing. I'm not entirely sure if m == NULL is a valid argument for sbcompress(), and, it rather pointless to call it like that, but keep calling it so it can do SBLASTMBUFCHK(). PR: kern/126742 Investigated by: pluknet < pluknet -at- gmail -dot- com > No response from: freebsd-current@, freebsd-bluetooth@ Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/ath/ath_hal/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/kern/uipc_sockbuf.c Modified: stable/7/sys/kern/uipc_sockbuf.c ============================================================================== --- stable/7/sys/kern/uipc_sockbuf.c Mon May 4 20:35:59 2009 (r191795) +++ stable/7/sys/kern/uipc_sockbuf.c Mon May 4 20:48:07 2009 (r191796) @@ -576,10 +576,6 @@ sbappendrecord_locked(struct sockbuf *sb if (m0 == 0) return; - m = sb->sb_mb; - if (m) - while (m->m_nextpkt) - m = m->m_nextpkt; /* * Put the first mbuf on the queue. Note this permits zero length * records. @@ -587,16 +583,14 @@ sbappendrecord_locked(struct sockbuf *sb sballoc(sb, m0); SBLASTRECORDCHK(sb); SBLINKRECORD(sb, m0); - if (m) - m->m_nextpkt = m0; - else - sb->sb_mb = m0; + sb->sb_mbtail = m0; m = m0->m_next; m0->m_next = 0; if (m && (m0->m_flags & M_EOR)) { m0->m_flags &= ~M_EOR; m->m_flags |= M_EOR; } + /* always call sbcompress() so it can do SBLASTMBUFCHK() */ sbcompress(sb, m, m0); }