cvs commit: src/sys/kern uipc_mbuf.c

Sam Leffler sam at errno.com
Thu Feb 24 00:48:58 GMT 2005


Sam Leffler wrote:
> sam         2005-02-24 00:40:33 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/kern             uipc_mbuf.c 
>   Log:
>   change m_adj to reclaim unused mbufs instead of zero'ing m_len
>   when trim'ing space off the back of a chain; this is indirect
>   solution to a potential null ptr deref

Beware of this change as it has potential to introduce subtle problems 
if callers are assuming the old behaviour.  I checked uses of m_adj but 
didn't see any where the caller assumed trailing mbufs would be left. 
I'd argue that anyone that needs this behaviour should be changed.

One might also question whether reclaming the mbufs immediately is 
worthwhile. Since the vast majority of uses of m_adj are to strip data 
from the front and not trim the back this change will mostly be a noop. 
  The main use of tail trimming is for CRC's on rx packets where no mbuf 
will be reclaimed and places like ipsec.  I also came across some uses 
in netgraph that might notice this change.  But typically tail trims are 
for very small amounts and it's unlikely an mbuf will be made 
reclaimable as a result of the trim.

If this change is considered good there's a clone of m_adj in the nfs 
code that could be changed the same way.

	Sam


More information about the cvs-all mailing list