git: d0b0424fa0ca - main - altq codel: do not insert the same mtag twice

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 03 Jul 2023 19:32:51 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68

commit d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-07-03 17:02:23 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-07-03 19:32:33 +0000

    altq codel: do not insert the same mtag twice
    
    If we're called on an mbuf that's passed through codel before it may
    already contain the MTAG_CODEL tag. The code accounts for this and does
    not allocate a new mtag. However, it inserts the mtag unconditionally.
    That is, it inserts the existing mtag a second time.
    
    When the mbuf later gets freed we iterate over the list of mtags to fee
    them one by one, and we'll end up freeing an mtag that's already been
    freed.
    
    Only insert the mtag if we've allocated a new one. If we found one
    there's no need to insert it again.
    
    See also:       https://redmine.pfsense.org/issues/14497
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/altq/altq_codel.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/net/altq/altq_codel.c b/sys/net/altq/altq_codel.c
index be16a5aef3e5..5006920ca68d 100644
--- a/sys/net/altq/altq_codel.c
+++ b/sys/net/altq/altq_codel.c
@@ -289,16 +289,18 @@ codel_addq(struct codel *c, class_queue_t *q, struct mbuf *m)
 
 	if (qlen(q) < qlimit(q)) {
 		mtag = m_tag_locate(m, MTAG_CODEL, 0, NULL);
-		if (mtag == NULL)
+		if (mtag == NULL) {
 			mtag = m_tag_alloc(MTAG_CODEL, 0, sizeof(uint64_t),
 			    M_NOWAIT);
+			if (mtag != NULL)
+				m_tag_prepend(m, mtag);
+		}
 		if (mtag == NULL) {
 			m_freem(m);
 			return (-1);
 		}
 		enqueue_time = (uint64_t *)(mtag + 1);
 		*enqueue_time = read_machclk();
-		m_tag_prepend(m, mtag);
 		_addq(q, m);
 		return (0);
 	}