On Thu, Jan 13, 2022 at 09:12:32AM +0100, Christian Ehrhardt wrote: > True, updated patch (v3) below. > > regards Christian
Passed full regress run on i386. OK bluhm@ > commit 2265c7db45a9127bcf236de6432d6dd323414bd5 > Author: Christian Ehrhardt <ehrha...@genua.de> > Date: Tue Jan 11 10:31:46 2022 +0100 > > m_pullup: Properly handle read-only clusters > > If the first mbuf of a chain in m_pullup is a cluster, check if > the cluster is read-only (shared or an external buffer). If so > don't touch it an create an new mbuf for the pullup data. > > diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c > index 5e4cb5ba88..21ae5059b0 100644 > --- a/sys/kern/uipc_mbuf.c > +++ b/sys/kern/uipc_mbuf.c > @@ -957,8 +957,6 @@ m_pullup(struct mbuf *m0, int len) > > head = M_DATABUF(m0); > if (m0->m_len == 0) { > - m0->m_data = head; > - > while (m->m_len == 0) { > m = m_free(m); > if (m == NULL) > @@ -972,10 +970,11 @@ m_pullup(struct mbuf *m0, int len) > tail = head + M_SIZE(m0); > head += adj; > > - if (len <= tail - head) { > - /* there's enough space in the first mbuf */ > - > - if (len > tail - mtod(m0, caddr_t)) { > + if (!M_READONLY(m0) && len <= tail - head) { > + /* we can copy everything into the first mbuf */ > + if (m0->m_len == 0) { > + m0->m_data = head; > + } else if (len > tail - mtod(m0, caddr_t)) { > /* need to memmove to make space at the end */ > memmove(head, mtod(m0, caddr_t), m0->m_len); > m0->m_data = head; > @@ -983,14 +982,18 @@ m_pullup(struct mbuf *m0, int len) > > len -= m0->m_len; > } else { > - /* the first mbuf is too small so make a new one */ > + /* the first mbuf is too small or read-only, make a new one */ > space = adj + len; > > if (space > MAXMCLBYTES) > goto bad; > > - m0->m_next = m; > - m = m0; > + if (m0->m_len == 0) { > + m_free(m0); > + } else { > + m0->m_next = m; > + m = m0; > + } > > MGET(m0, M_DONTWAIT, m->m_type); > if (m0 == NULL)