svn commit: r279517 - stable/9/sys/kern

Andrey V. Elsukov ae at FreeBSD.org
Mon Mar 2 08:00:01 UTC 2015 

Author: ae
Date: Mon Mar  2 08:00:00 2015
New Revision: 279517
URL: https://svnweb.freebsd.org/changeset/base/279517

Log:
  MFC r279206:
    In some cases soreceive_dgram() can return no data, but has control
    message. This can happen when application is sending packets too big
    for the path MTU and recvmsg() will return zero (indicating no data)
    but there will be a cmsghdr with cmsg_type set to IPV6_PATHMTU.
    Remove KASSERT() which does NULL pointer dereference in such case.
    Also call m_freem() only when m isn't NULL.
  
  MFC r279209:
    soreceive_generic() still has similar KASSERT(), therefore instead of
    remove KASSERT(), change it to check mbuf isn't NULL.
  
  PR:		197882
  Sponsored by:	Yandex LLC

Modified:
  stable/9/sys/kern/uipc_socket.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/kern/uipc_socket.c
==============================================================================
--- stable/9/sys/kern/uipc_socket.c	Mon Mar  2 07:51:14 2015	(r279516)
+++ stable/9/sys/kern/uipc_socket.c	Mon Mar  2 08:00:00 2015	(r279517)
@@ -2311,7 +2311,8 @@ soreceive_dgram(struct socket *so, struc
 	 * Process one or more MT_CONTROL mbufs present before any data mbufs
 	 * in the first mbuf chain on the socket buffer.  We call into the
 	 * protocol to perform externalization (or freeing if controlp ==
-	 * NULL).
+	 * NULL). In some cases there can be only MT_CONTROL mbufs without
+	 * MT_DATA mbufs.
 	 */
 	if (m->m_type == MT_CONTROL) {
 		struct mbuf *cm = NULL, *cmn;
@@ -2341,8 +2342,8 @@ soreceive_dgram(struct socket *so, struc
 			cm = cmn;
 		}
 	}
-	KASSERT(m->m_type == MT_DATA, ("soreceive_dgram: !data"));
-
+	KASSERT(m == NULL || m->m_type == MT_DATA,
+	    ("soreceive_dgram: !data"));
 	while (m != NULL && uio->uio_resid > 0) {
 		len = uio->uio_resid;
 		if (len > m->m_len)
@@ -2359,9 +2360,10 @@ soreceive_dgram(struct socket *so, struc
 			m->m_len -= len;
 		}
 	}
-	if (m != NULL)
+	if (m != NULL) {
 		flags |= MSG_TRUNC;
-	m_freem(m);
+		m_freem(m);
+	}
 	if (flagsp != NULL)
 		*flagsp |= flags;
 	return (0);

More information about the svn-src-stable-9 mailing list