On 2016-10-09, Christian Weisgerber <[email protected]> wrote:
> Found by bisection. The culprit is this commit:
>
> ------------------------------------------------------------------------
> CVSROOT: /cvs
> Module name: src
> Changes by: [email protected] 2016/09/13 13:56:55
>
> Modified files:
> sys/kern : uipc_mbuf.c
> sys/netinet : ip_ah.c ip_esp.c ip_ipcomp.c ipsec_output.c
> sys/sys : mbuf.h
> share/man/man9 : mbuf.9
>
> Log message:
> avoid extensive mbuf allocation for IPsec by replacing m_inject(4)
> with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
> ------------------------------------------------------------------------
I don't see anything wrong in there. Maybe the problem is elsewhere
and that change just triggers it.
Meanwhile, here's a less invasive "backout" that neuters m_makespace()
so it produces the same mbuf chains as m_inject() did. This makes
the bug disappear.
Index: uipc_mbuf.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_mbuf.c,v
retrieving revision 1.228
diff -u -p -r1.228 uipc_mbuf.c
--- uipc_mbuf.c 13 Sep 2016 19:56:55 -0000 1.228
+++ uipc_mbuf.c 10 Oct 2016 20:54:40 -0000
@@ -1062,13 +1062,16 @@ m_makespace(struct mbuf *m0, int skip, i
* the contents of m as needed.
*/
remain = m->m_len - skip; /* data to move */
+#if 0
if (skip < remain && hlen <= M_LEADINGSPACE(m)) {
if (skip)
memmove(m->m_data-hlen, m->m_data, skip);
m->m_data -= hlen;
m->m_len += hlen;
(*off) = skip;
- } else if (hlen > M_TRAILINGSPACE(m)) {
+ } else if (hlen > M_TRAILINGSPACE(m))
+#endif
+ {
struct mbuf *n0, *n, **np;
int todo, len, done, alloc;
@@ -1102,6 +1105,7 @@ m_makespace(struct mbuf *m0, int skip, i
todo -= len;
}
+#if 0
if (hlen <= M_TRAILINGSPACE(m) + remain) {
m->m_len = skip + hlen;
*off = skip;
@@ -1109,8 +1113,9 @@ m_makespace(struct mbuf *m0, int skip, i
*np = m->m_next;
m->m_next = n0;
}
- }
- else {
+ } else
+#endif
+ {
n = m_get(M_DONTWAIT, m->m_type);
if (n == NULL) {
m_freem(n0);
@@ -1131,7 +1136,9 @@ m_makespace(struct mbuf *m0, int skip, i
m = n; /* header is at front ... */
*off = 0; /* ... of new mbuf */
}
- } else {
+ }
+#if 0
+ else {
/*
* Copy the remainder to the back of the mbuf
* so there's space to write the new header.
@@ -1142,6 +1149,7 @@ m_makespace(struct mbuf *m0, int skip, i
m->m_len += hlen;
*off = skip;
}
+#endif
m0->m_pkthdr.len += hlen; /* adjust packet length */
return m;
}
--
Christian "naddy" Weisgerber [email protected]
