On Thu, 15 Apr 2004, Pavel Gulchouck wrote: > I have systematic kernel panic when use pppd, debug shows it's in > m_freem() called from ppp_inproc(). In the source code I've see that in > the "input queue full" case there is "goto bad", when m is already > freed by IF_HANDOFF() or netisr_queue(), and after this goto system > crashes by second m_freem(m). System works correctly after fixing this > bug. Checking condition "if (m)" after label "bad:" in the line 1594 of > net/pf_ppp.c is senseless because of m is never changed its value in the > ppp_inptoc() function. > > Here's the patch. > Another way is to simple add "m = NULL" before "goto bad" > in the line 1582. I went with this more simple approach because (a) I'm not all that familiar with the ppp implementation, and (b) we might as well avoid multiple labels in the return case (due to C lacking exceptions). Currently, this fix doesn't fit the charter for the RELENG_5_2 branch, which is focussed on security-only fixes. However, there's an on-going discussion of broadening the scope of the current security branches to release-engineering branches. If this happens, I'll merge it to that branch also (feel free to remind me if I forget :-). Thanks! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Senior Research Scientist, McAfee Research > > RELENG_5_2 has this bug too. > > --- net/if_ppp.c.orig Wed Jan 21 20:05:38 2004 > +++ net/if_ppp.c Thu Apr 15 14:57:16 2004 > _at__at_ -1580,5 +1580,5 _at__at_ > if_printf(ifp, "input queue full\n"); > ifp->if_iqdrops++; > - goto bad; > + goto bad2; > } > ifp->if_ipackets++; > _at__at_ -1592,6 +1592,6 _at__at_ > > bad: > - if (m) > - m_freem(m); > + m_freem(m); > + bad2: > sc->sc_if.if_ierrors++; > sc->sc_stats.ppp_ierrors++; > > -- > Lucky carrier, > Pavel. > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >Received on Thu Apr 15 2004 - 10:13:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC