Bug 234241
| Summary: | [ieee80211_crypto_decap] mbuf leak | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Alexandre martins <alexandre.martins> |
| Component: | wireless | Assignee: | Andriy Voskoboinyk <avos> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | alexandre.martins, avos |
| Priority: | --- | Flags: | avos:
mfc-stable12+
avos: mfc-stable11+ avos: mfc-stable10+ |
| Version: | CURRENT | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Alexandre martins
2018-12-21 09:53:35 UTC
Anyone ? Hi, that's actually a 'dead' code - most drivers I've seen are using contiguous memory in Rx path, so an assertion would be more appropriate here. Anyway, thanks for the report; I will take a look on this in the near time. Thank you A commit references this bug: Author: avos Date: Sat Jan 19 16:04:26 UTC 2019 New revision: 343190 URL: https://svnweb.freebsd.org/changeset/base/343190 Log: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 MFC after: 1 week Changes: head/sys/net80211/ieee80211_crypto.c A commit references this bug: Author: avos Date: Sat Jan 26 12:28:47 UTC 2019 New revision: 343463 URL: https://svnweb.freebsd.org/changeset/base/343463 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/12/ stable/12/sys/net80211/ieee80211_crypto.c A commit references this bug: Author: avos Date: Sat Jan 26 12:35:06 UTC 2019 New revision: 343464 URL: https://svnweb.freebsd.org/changeset/base/343464 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/11/ stable/11/sys/net80211/ieee80211_crypto.c A commit references this bug: Author: avos Date: Sat Jan 26 12:41:16 UTC 2019 New revision: 343465 URL: https://svnweb.freebsd.org/changeset/base/343465 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/10/ stable/10/sys/net80211/ieee80211_crypto.c |
