CVS commit: src/sys/kern

Sat, 25 Apr 2020 04:03:44 -0700 

Module Name:    src
Committed By:   jdolecek
Date:           Sat Apr 25 11:03:04 UTC 2020

Modified Files:
        src/sys/kern: uipc_mbuf.c

Log Message:
in m_defrag() must copy data elsewhere before adding cluster, the
data part of mbuf gets reused and hence overwritten by extbuf


To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 src/sys/kern/uipc_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/uipc_mbuf.c
diff -u src/sys/kern/uipc_mbuf.c:1.239 src/sys/kern/uipc_mbuf.c:1.240
--- src/sys/kern/uipc_mbuf.c:1.239	Fri Apr 24 22:50:55 2020
+++ src/sys/kern/uipc_mbuf.c	Sat Apr 25 11:03:04 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_mbuf.c,v 1.239 2020/04/24 22:50:55 jdolecek Exp $	*/
+/*	$NetBSD: uipc_mbuf.c,v 1.240 2020/04/25 11:03:04 jdolecek Exp $	*/
 
 /*
  * Copyright (c) 1999, 2001, 2018 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.239 2020/04/24 22:50:55 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.240 2020/04/25 11:03:04 jdolecek Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mbuftrace.h"
@@ -1677,7 +1677,7 @@ m_defrag(struct mbuf *m, int how)
 		return m;
 
 	/* Defrag to single mbuf if at all possible */
-	if ((m->m_flags & M_EXT) == 0) {
+	if ((m->m_flags & M_EXT) == 0 && m->m_pkthdr.len <= MCLBYTES) {
 		if (m->m_pkthdr.len <= MHLEN) {
 			if (M_TRAILINGSPACE(m) < (m->m_pkthdr.len - m->m_len)) {
 				KASSERT(M_LEADINGSPACE(m) >=
@@ -1685,29 +1685,29 @@ m_defrag(struct mbuf *m, int how)
 				memmove(m->m_pktdat, m->m_data, m->m_len);
 				m->m_data = m->m_pktdat;
 			}
-
-			KASSERT(M_TRAILINGSPACE(m) >=
-			    (m->m_pkthdr.len - m->m_len));
-			if (__predict_false(!m_ensure_contig(&m,
-			    m->m_pkthdr.len))) {
-				panic("m_ensure_contig(%d) failed\n",
-				    m->m_pkthdr.len);
-			}
-			return m;
-		} else if (m->m_pkthdr.len <= MCLBYTES) {
-			void *odata = m->m_data;
+		} else {
+			/* Must copy data before adding cluster */
+			m0 = m_get(how, MT_DATA);
+			if (m0 == NULL)
+				return NULL;
+			KASSERT(m->m_len <= MHLEN);
+			m_copydata(m, 0, m->m_len, mtod(m0, void *));
 
 			MCLGET(m, how);
-			if ((m->m_flags & M_EXT) == 0)
+			if ((m->m_flags & M_EXT) == 0) {
+				m_free(m0);
 				return NULL;
-			memcpy(m->m_data, odata, m->m_len);
-			if (m_pulldown(m, m->m_len, m->m_pkthdr.len - m->m_len,
-			    NULL) == NULL) {
-				panic("m_pulldown(%d, %d) failed\n",
-				    m->m_len, m->m_pkthdr.len - m->m_len);
 			}
-			return m;
+			memcpy(m->m_data, mtod(m0, void *), m->m_len);
+			m_free(m0);
 		}
+		KASSERT(M_TRAILINGSPACE(m) >= (m->m_pkthdr.len - m->m_len));
+		m_copydata(m->m_next, 0, m->m_pkthdr.len - m->m_len,
+			    mtod(m, char *) + m->m_len);
+		m->m_len = m->m_pkthdr.len;
+		m_freem(m->m_next);
+		m->m_next = NULL;
+		return m;
 	}
 
 	m0 = m_get(how, MT_DATA);

Reply via email to