Date: Wed, 8 Jun 2022 08:50:28 +0200 From: Hans Petter Selasky <hps@selasky.org> To: David Wolfskill <david@catwhisker.org>, Oleg Lelchuk <oleglelchuk@gmail.com>, freebsd-current@freebsd.org Subject: Re: A kernel crash after compiling a fresh kernel Message-ID: <576eb80a-cfe8-651c-686b-1be2e82ec9c7@selasky.org> In-Reply-To: <YqASGx83Iv9QT27u@albert.catwhisker.org> References: <CA%2BGqWgsTOu5qY-5yKdp_zJ2ThYxf1ucr%2BAqxOg_21AMhD%2BDbLg@mail.gmail.com> <YqASGx83Iv9QT27u@albert.catwhisker.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Hi,
Does this patch fix your issue?
--HPS
[-- Attachment #2 --]
commit cc7a224fa956372cc5c5b4d29aa6906d79bd9f26
Author: Hans Petter Selasky <hselasky@FreeBSD.org>
Date: Wed Jun 8 08:49:55 2022 +0200
tcp: Skip sackhole KASSERTS() on NULL
Inadvertedly introduced NULL pointer dereference during
sackhole sanity check in D35387.
No functional change intended.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35423
Sponsored by: NVIDIA Networking
diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c
index 273d56c510e2..4ecc0e045118 100644
--- a/sys/netinet/tcp_sack.c
+++ b/sys/netinet/tcp_sack.c
@@ -963,9 +963,10 @@ tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt)
while ((hole = TAILQ_NEXT(hole, scblink)) != NULL) {
if (SEQ_LT(hole->rxmit, hole->end)) {
tp->sackhint.nexthole = hole;
- break;
+ goto out;
}
}
+ return (hole);
out:
KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__));
KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__));
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?576eb80a-cfe8-651c-686b-1be2e82ec9c7>