diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-07-03 17:02:23 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-07-03 19:32:33 +0000 |
| commit | d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68 (patch) | |
| tree | 1a9cf11db4cf5c14f596045675c81c05992d1e1e | |
| parent | 3f21d3e0babacabb9a32e0e9a8ab290025d5577c (diff) | |
| download | src-d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68.tar.gz src-d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68.zip | |
altq codel: do not insert the same mtag twice
If we're called on an mbuf that's passed through codel before it may
already contain the MTAG_CODEL tag. The code accounts for this and does
not allocate a new mtag. However, it inserts the mtag unconditionally.
That is, it inserts the existing mtag a second time.
When the mbuf later gets freed we iterate over the list of mtags to fee
them one by one, and we'll end up freeing an mtag that's already been
freed.
Only insert the mtag if we've allocated a new one. If we found one
there's no need to insert it again.
See also: https://redmine.pfsense.org/issues/14497
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/net/altq/altq_codel.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/altq/altq_codel.c b/sys/net/altq/altq_codel.c index be16a5aef3e5..5006920ca68d 100644 --- a/sys/net/altq/altq_codel.c +++ b/sys/net/altq/altq_codel.c @@ -289,16 +289,18 @@ codel_addq(struct codel *c, class_queue_t *q, struct mbuf *m) if (qlen(q) < qlimit(q)) { mtag = m_tag_locate(m, MTAG_CODEL, 0, NULL); - if (mtag == NULL) + if (mtag == NULL) { mtag = m_tag_alloc(MTAG_CODEL, 0, sizeof(uint64_t), M_NOWAIT); + if (mtag != NULL) + m_tag_prepend(m, mtag); + } if (mtag == NULL) { m_freem(m); return (-1); } enqueue_time = (uint64_t *)(mtag + 1); *enqueue_time = read_machclk(); - m_tag_prepend(m, mtag); _addq(q, m); return (0); } |