Date: Wed, 3 Jul 2013 03:36:36 +0000 (UTC) From: Lawrence Stewart <lstewart@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r252532 - stable/9/sys/kern Message-ID: <201307030336.r633aaqt003512@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lstewart Date: Wed Jul 3 03:36:36 2013 New Revision: 252532 URL: http://svnweb.freebsd.org/changeset/base/252532 Log: When a previous call to sbsndptr() leaves sb->sb_sndptroff at the start of an mbuf that was fully consumed by the previous call, the mbuf ptr returned by the current call ends up being the previous mbuf in the sb chain to the one that contains the data we want. This does not cause any observable issues because the mbuf copy routines happily walk the mbuf chain to get to the data at the moff offset, which in this case means they effectively skip over the mbuf returned by sbsndptr(). We can't adjust sb->sb_sndptr during the previous call for this case because the next mbuf in the chain may not exist yet. We therefore need to detect the condition and make the adjustment during the current call. Fix by detecting the special case of moff being at the start of the next mbuf in the chain and adjust the required accounting variables accordingly. Reviewed by: andre Modified: stable/9/sys/kern/uipc_sockbuf.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/kern/uipc_sockbuf.c ============================================================================== --- stable/9/sys/kern/uipc_sockbuf.c Wed Jul 3 02:14:12 2013 (r252531) +++ stable/9/sys/kern/uipc_sockbuf.c Wed Jul 3 03:36:36 2013 (r252532) @@ -939,6 +939,13 @@ sbsndptr(struct sockbuf *sb, u_int off, /* Return closest mbuf in chain for current offset. */ *moff = off - sb->sb_sndptroff; m = ret = sb->sb_sndptr ? sb->sb_sndptr : sb->sb_mb; + if (*moff == m->m_len) { + *moff = 0; + sb->sb_sndptroff += m->m_len; + m = ret = m->m_next; + KASSERT(ret->m_len > 0, + ("mbuf %p in sockbuf %p chain has no valid data", ret, sb)); + } /* Advance by len to be as close as possible for the next transmit. */ for (off = off - sb->sb_sndptroff + len - 1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307030336.r633aaqt003512>