From owner-svn-src-all@FreeBSD.ORG  Tue Apr 21 19:14:13 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D873A106566B;
	Tue, 21 Apr 2009 19:14:13 +0000 (UTC)
	(envelope-from emax@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C69008FC13;
	Tue, 21 Apr 2009 19:14:13 +0000 (UTC)
	(envelope-from emax@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3LJEDvK019390;
	Tue, 21 Apr 2009 19:14:13 GMT (envelope-from emax@svn.freebsd.org)
Received: (from emax@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3LJEDTx019389;
	Tue, 21 Apr 2009 19:14:13 GMT (envelope-from emax@svn.freebsd.org)
Message-Id: <200904211914.n3LJEDTx019389@svn.freebsd.org>
From: Maksim Yevmenkin <emax@FreeBSD.org>
Date: Tue, 21 Apr 2009 19:14:13 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r191366 - head/sys/kern
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2009 19:14:14 -0000

Author: emax
Date: Tue Apr 21 19:14:13 2009
New Revision: 191366
URL: http://svn.freebsd.org/changeset/base/191366

Log:
  Fix sbappendrecord_locked().
  
  The main problem is that sbappendrecord_locked() relies on sbcompress()
  to set sb_mbtail. This will not happen if sbappendrecord_locked() is
  called with mbuf chain made of exactly one mbuf (i.e. m0->m_next == NULL).
  In this case sbcompress() will be called with m == NULL and will do
  nothing. I'm not entirely sure if m == NULL is a valid argument for
  sbcompress(), and, it rather pointless to call it like that, but keep
  calling it so it can do SBLASTMBUFCHK().
  
  The problem is triggered by the SOCKBUF_DEBUG kernel option that
  enables SBLASTRECORDCHK() and SBLASTMBUFCHK() checks.
  
  PR:			kern/126742
  Investigated by:	pluknet < pluknet -at- gmail -dot- com >
  No response from:	freebsd-current@, freebsd-bluetooth@
  MFC after:		3 days

Modified:
  head/sys/kern/uipc_sockbuf.c

Modified: head/sys/kern/uipc_sockbuf.c
==============================================================================
--- head/sys/kern/uipc_sockbuf.c	Tue Apr 21 19:06:47 2009	(r191365)
+++ head/sys/kern/uipc_sockbuf.c	Tue Apr 21 19:14:13 2009	(r191366)
@@ -577,10 +577,6 @@ sbappendrecord_locked(struct sockbuf *sb
 
 	if (m0 == 0)
 		return;
-	m = sb->sb_mb;
-	if (m)
-		while (m->m_nextpkt)
-			m = m->m_nextpkt;
 	/*
 	 * Put the first mbuf on the queue.  Note this permits zero length
 	 * records.
@@ -588,16 +584,14 @@ sbappendrecord_locked(struct sockbuf *sb
 	sballoc(sb, m0);
 	SBLASTRECORDCHK(sb);
 	SBLINKRECORD(sb, m0);
-	if (m)
-		m->m_nextpkt = m0;
-	else
-		sb->sb_mb = m0;
+	sb->sb_mbtail = m0;
 	m = m0->m_next;
 	m0->m_next = 0;
 	if (m && (m0->m_flags & M_EOR)) {
 		m0->m_flags &= ~M_EOR;
 		m->m_flags |= M_EOR;
 	}
+	/* always call sbcompress() so it can do SBLASTMBUFCHK() */
 	sbcompress(sb, m, m0);
 }