Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern fix KASSERT() for MHLEN case in m_defrag() - networ...



details:   https://anonhg.NetBSD.org/src/rev/f8c7f55b3794
branches:  trunk
changeset: 1009864:f8c7f55b3794
user:      jdolecek <jdolecek%NetBSD.org@localhost>
date:      Tue May 05 20:36:48 2020 +0000

description:
fix KASSERT() for MHLEN case in m_defrag() - network stack usually does
m_adj(ETHER_ALIGN) so check that the mbuf chain data fits
M_LEADINGSPACE() + M_TRAILINGSPACE()

diffstat:

 sys/kern/uipc_mbuf.c |  19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r a0f8b3831058 -r f8c7f55b3794 sys/kern/uipc_mbuf.c
--- a/sys/kern/uipc_mbuf.c      Tue May 05 19:26:47 2020 +0000
+++ b/sys/kern/uipc_mbuf.c      Tue May 05 20:36:48 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_mbuf.c,v 1.240 2020/04/25 11:03:04 jdolecek Exp $ */
+/*     $NetBSD: uipc_mbuf.c,v 1.241 2020/05/05 20:36:48 jdolecek Exp $ */
 
 /*
  * Copyright (c) 1999, 2001, 2018 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.240 2020/04/25 11:03:04 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.241 2020/05/05 20:36:48 jdolecek Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mbuftrace.h"
@@ -1680,10 +1680,21 @@
        if ((m->m_flags & M_EXT) == 0 && m->m_pkthdr.len <= MCLBYTES) {
                if (m->m_pkthdr.len <= MHLEN) {
                        if (M_TRAILINGSPACE(m) < (m->m_pkthdr.len - m->m_len)) {
-                               KASSERT(M_LEADINGSPACE(m) >=
-                                   (m->m_pkthdr.len - m->m_len));
+                               KASSERTMSG(M_LEADINGSPACE(m) +
+                                   M_TRAILINGSPACE(m) >=
+                                   (m->m_pkthdr.len - m->m_len),
+                                   "too small leading %d trailing %d ro? %d"
+                                   " pkthdr.len %d mlen %d",
+                                   (int)M_LEADINGSPACE(m),
+                                   (int)M_TRAILINGSPACE(m),
+                                   M_READONLY(m),
+                                   m->m_pkthdr.len, m->m_len);
+
                                memmove(m->m_pktdat, m->m_data, m->m_len);
                                m->m_data = m->m_pktdat;
+
+                               KASSERT(M_TRAILINGSPACE(m) >=
+                                   (m->m_pkthdr.len - m->m_len));
                        }
                } else {
                        /* Must copy data before adding cluster */



Home | Main Index | Thread Index | Old Index