Module Name: src
Committed By: ozaki-r
Date: Tue Mar 28 08:47:19 UTC 2017
Modified Files:
src/sys/arch/arm/gemini: gemini_gmac.c
src/sys/net: if.c if_loop.c if_spppsubr.c
src/sys/netisdn: i4b_capi_msgs.c i4b_ipr.c i4b_isppp.c
Log Message:
Avoid touching a mbuf after enqueuing it
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/arm/gemini/gemini_gmac.c
cvs rdiff -u -r1.388 -r1.389 src/sys/net/if.c
cvs rdiff -u -r1.93 -r1.94 src/sys/net/if_loop.c
cvs rdiff -u -r1.168 -r1.169 src/sys/net/if_spppsubr.c
cvs rdiff -u -r1.8 -r1.9 src/sys/netisdn/i4b_capi_msgs.c
cvs rdiff -u -r1.41 -r1.42 src/sys/netisdn/i4b_ipr.c
cvs rdiff -u -r1.30 -r1.31 src/sys/netisdn/i4b_isppp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/arm/gemini/gemini_gmac.c
diff -u src/sys/arch/arm/gemini/gemini_gmac.c:1.11 src/sys/arch/arm/gemini/gemini_gmac.c:1.12
--- src/sys/arch/arm/gemini/gemini_gmac.c:1.11 Thu Dec 15 09:28:02 2016
+++ src/sys/arch/arm/gemini/gemini_gmac.c Tue Mar 28 08:47:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: gemini_gmac.c,v 1.11 2016/12/15 09:28:02 ozaki-r Exp $ */
+/* $NetBSD: gemini_gmac.c,v 1.12 2017/03/28 08:47:19 ozaki-r Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
@@ -49,7 +49,7 @@
#include <sys/gpio.h>
-__KERNEL_RCSID(0, "$NetBSD: gemini_gmac.c,v 1.11 2016/12/15 09:28:02 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: gemini_gmac.c,v 1.12 2017/03/28 08:47:19 ozaki-r Exp $");
#define SWFREEQ_DESCS 256 /* one page worth */
#define HWFREEQ_DESCS 256 /* one page worth */
@@ -728,8 +728,8 @@ gmac_rxproduce(gmac_hwqueue_t *hwq, size
d->d_bufaddr = htole32(map->dm_segs->ds_addr);
for (m0 = hwq->hwq_ifq.ifq_head; m0 != NULL; m0 = m0->m_nextpkt)
KASSERT(m0 != m);
- IF_ENQUEUE(&hwq->hwq_ifq, m);
m->m_len = d - hwq->hwq_base;
+ IF_ENQUEUE(&hwq->hwq_ifq, m);
aprint_debug(
"gmac_rxproduce(%p): m=%p %zu@%p=%#x/%#x/%#x/%#x\n", hwq,
m, d - hwq->hwq_base, d, d->d_desc0, d->d_desc1,
Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.388 src/sys/net/if.c:1.389
--- src/sys/net/if.c:1.388 Fri Mar 24 11:15:25 2017
+++ src/sys/net/if.c Tue Mar 28 08:47:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if.c,v 1.388 2017/03/24 11:15:25 ozaki-r Exp $ */
+/* $NetBSD: if.c,v 1.389 2017/03/28 08:47:19 ozaki-r Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.388 2017/03/24 11:15:25 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.389 2017/03/28 08:47:19 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -3209,6 +3209,8 @@ static int
if_transmit(struct ifnet *ifp, struct mbuf *m)
{
int s, error;
+ size_t pktlen = m->m_pkthdr.len;
+ bool mcast = (m->m_flags & M_MCAST) != 0;
s = splnet();
@@ -3218,8 +3220,8 @@ if_transmit(struct ifnet *ifp, struct mb
goto out;
}
- ifp->if_obytes += m->m_pkthdr.len;
- if (m->m_flags & M_MCAST)
+ ifp->if_obytes += pktlen;
+ if (mcast)
ifp->if_omcasts++;
if ((ifp->if_flags & IFF_OACTIVE) == 0)
Index: src/sys/net/if_loop.c
diff -u src/sys/net/if_loop.c:1.93 src/sys/net/if_loop.c:1.94
--- src/sys/net/if_loop.c:1.93 Tue Nov 22 02:06:00 2016
+++ src/sys/net/if_loop.c Tue Mar 28 08:47:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_loop.c,v 1.93 2016/11/22 02:06:00 ozaki-r Exp $ */
+/* $NetBSD: if_loop.c,v 1.94 2017/03/28 08:47:19 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -65,7 +65,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.93 2016/11/22 02:06:00 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.94 2017/03/28 08:47:19 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -361,10 +361,10 @@ looutput(struct ifnet *ifp, struct mbuf
error = ENOBUFS;
goto out;
}
- IF_ENQUEUE(ifq, m);
- schednetisr(isr);
ifp->if_ipackets++;
ifp->if_ibytes += m->m_pkthdr.len;
+ IF_ENQUEUE(ifq, m);
+ schednetisr(isr);
splx(s);
out:
KERNEL_UNLOCK_ONE(NULL);
Index: src/sys/net/if_spppsubr.c
diff -u src/sys/net/if_spppsubr.c:1.168 src/sys/net/if_spppsubr.c:1.169
--- src/sys/net/if_spppsubr.c:1.168 Tue Mar 28 07:32:16 2017
+++ src/sys/net/if_spppsubr.c Tue Mar 28 08:47:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_spppsubr.c,v 1.168 2017/03/28 07:32:16 ozaki-r Exp $ */
+/* $NetBSD: if_spppsubr.c,v 1.169 2017/03/28 08:47:19 ozaki-r Exp $ */
/*
* Synchronous PPP/Cisco link level subroutines.
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.168 2017/03/28 07:32:16 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.169 2017/03/28 08:47:19 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -716,6 +716,7 @@ sppp_output(struct ifnet *ifp, struct mb
#endif
int s, error = 0;
uint16_t protocol;
+ size_t pktlen;
s = splnet();
@@ -902,11 +903,11 @@ sppp_output(struct ifnet *ifp, struct mb
h->protocol = protocol;
}
-
+ pktlen = m->m_pkthdr.len;
#ifdef SPPPSUBR_MPSAFE
error = if_transmit_lock(ifp, m);
if (error == 0)
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+ ifp->if_obytes += pktlen + sp->pp_framebytes;
#else /* !SPPPSUBR_MPSAFE */
error = ifq_enqueue2(ifp, ifq, m);
@@ -921,7 +922,7 @@ sppp_output(struct ifnet *ifp, struct mb
if_start_lock(ifp);
sppp_lock_enter(sp);
}
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+ ifp->if_obytes += pktlen + sp->pp_framebytes;
}
#endif /* !SPPPSUBR_MPSAFE */
sppp_lock_exit(sp);
@@ -1382,14 +1383,16 @@ sppp_cisco_send(struct sppp *sp, int typ
m_freem(m);
++ifp->if_oerrors;
return;
- } else
- IF_ENQUEUE(&sp->pp_cpq, m);
+ }
+
+ ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+ IF_ENQUEUE(&sp->pp_cpq, m);
+
if (! (ifp->if_flags & IFF_OACTIVE)) {
sppp_lock_exit(sp);
if_start_lock(ifp);
sppp_lock_enter(sp);
}
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
/*
@@ -1452,16 +1455,16 @@ sppp_cp_send(struct sppp *sp, u_short pr
m_freem(m);
++ifp->if_oerrors;
return;
- } else
- IF_ENQUEUE(&sp->pp_cpq, m);
+ }
+
+ ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+ IF_ENQUEUE(&sp->pp_cpq, m);
if (! (ifp->if_flags & IFF_OACTIVE)) {
sppp_lock_exit(sp);
if_start_lock(ifp);
sppp_lock_enter(sp);
}
-
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
/*
@@ -5073,14 +5076,16 @@ sppp_auth_send(const struct cp *cp, stru
m_freem(m);
++ifp->if_oerrors;
return;
- } else
- IF_ENQUEUE(&sp->pp_cpq, m);
+ }
+
+ ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+ IF_ENQUEUE(&sp->pp_cpq, m);
+
if (! (ifp->if_flags & IFF_OACTIVE)) {
sppp_lock_exit(sp);
if_start_lock(ifp);
sppp_lock_enter(sp);
}
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
/*
Index: src/sys/netisdn/i4b_capi_msgs.c
diff -u src/sys/netisdn/i4b_capi_msgs.c:1.8 src/sys/netisdn/i4b_capi_msgs.c:1.9
--- src/sys/netisdn/i4b_capi_msgs.c:1.8 Thu Mar 20 20:43:35 2014
+++ src/sys/netisdn/i4b_capi_msgs.c Tue Mar 28 08:47:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: i4b_capi_msgs.c,v 1.8 2014/03/20 20:43:35 christos Exp $ */
+/* $NetBSD: i4b_capi_msgs.c,v 1.9 2017/03/28 08:47:19 ozaki-r Exp $ */
/*
* Copyright (c) 2001-2003 Cubical Solutions Ltd. All rights reserved.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: i4b_capi_msgs.c,v 1.8 2014/03/20 20:43:35 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i4b_capi_msgs.c,v 1.9 2017/03/28 08:47:19 ozaki-r Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -801,8 +801,8 @@ void capi_data_b3_ind(capi_softc_t *sc,
/* Telephony drivers use rx_queue */
if (!IF_QFULL(&sc->sc_bchan[bch].rx_queue)) {
- IF_ENQUEUE(&sc->sc_bchan[bch].rx_queue, m_in->m_next);
sc->sc_bchan[bch].rxcount += m_in->m_next->m_len;
+ IF_ENQUEUE(&sc->sc_bchan[bch].rx_queue, m_in->m_next);
m_in->m_next = NULL; /* driver frees */
}
Index: src/sys/netisdn/i4b_ipr.c
diff -u src/sys/netisdn/i4b_ipr.c:1.41 src/sys/netisdn/i4b_ipr.c:1.42
--- src/sys/netisdn/i4b_ipr.c:1.41 Tue Jan 24 09:05:28 2017
+++ src/sys/netisdn/i4b_ipr.c Tue Mar 28 08:47:19 2017
@@ -27,7 +27,7 @@
* i4b_ipr.c - isdn4bsd IP over raw HDLC ISDN network driver
* ---------------------------------------------------------
*
- * $Id: i4b_ipr.c,v 1.41 2017/01/24 09:05:28 ozaki-r Exp $
+ * $Id: i4b_ipr.c,v 1.42 2017/03/28 08:47:19 ozaki-r Exp $
*
* $FreeBSD$
*
@@ -59,7 +59,7 @@
*---------------------------------------------------------------------------*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: i4b_ipr.c,v 1.41 2017/01/24 09:05:28 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i4b_ipr.c,v 1.42 2017/03/28 08:47:19 ozaki-r Exp $");
#include "irip.h"
#include "opt_irip.h"
@@ -1152,11 +1152,9 @@ ipr_tx_queue_empty(void *softc)
}
else
{
- IF_ENQUEUE(sc->sc_ilt->tx_queue, m);
-
sc->sc_if.if_obytes += m->m_pkthdr.len;
-
sc->sc_if.if_opackets++;
+ IF_ENQUEUE(sc->sc_ilt->tx_queue, m);
}
}
Index: src/sys/netisdn/i4b_isppp.c
diff -u src/sys/netisdn/i4b_isppp.c:1.30 src/sys/netisdn/i4b_isppp.c:1.31
--- src/sys/netisdn/i4b_isppp.c:1.30 Thu Dec 15 09:28:06 2016
+++ src/sys/netisdn/i4b_isppp.c Tue Mar 28 08:47:19 2017
@@ -34,7 +34,7 @@
* the "cx" driver for Cronyx's HDLC-in-hardware device). This driver
* is only the glue between sppp and i4b.
*
- * $Id: i4b_isppp.c,v 1.30 2016/12/15 09:28:06 ozaki-r Exp $
+ * $Id: i4b_isppp.c,v 1.31 2017/03/28 08:47:19 ozaki-r Exp $
*
* $FreeBSD$
*
@@ -43,7 +43,7 @@
*---------------------------------------------------------------------------*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: i4b_isppp.c,v 1.30 2016/12/15 09:28:06 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i4b_isppp.c,v 1.31 2017/03/28 08:47:19 ozaki-r Exp $");
#ifndef __NetBSD__
#define USE_ISPPP
@@ -424,12 +424,12 @@ i4bisppp_start(struct ifnet *ifp)
}
else
{
- IF_ENQUEUE(sc->sc_ilt->tx_queue, m);
#if 0
sc->sc_sp.pp_if.if_obytes += m->m_pkthdr.len;
#endif
sc->sc_outb += m->m_pkthdr.len;
sc->sc_sp.pp_if.if_opackets++;
+ IF_ENQUEUE(sc->sc_ilt->tx_queue, m);
}
}
sc->sc_ilt->bchannel_driver->bch_tx_start(sc->sc_ilt->l1token,
