Greetings, The function ieee80211_crypto_decap is leaking the mbuf in the case where m_pullup if called. Can i change the function signature from ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen, struct ieee80211_key **key) To ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf **m, int hdrlen, struct ieee80211_key **key) to allow the mbuf to be re-assigned properly ? Best regards Alexandre
Anyone ?
Hi, that's actually a 'dead' code - most drivers I've seen are using contiguous memory in Rx path, so an assertion would be more appropriate here. Anyway, thanks for the report; I will take a look on this in the near time.
Thank you
A commit references this bug: Author: avos Date: Sat Jan 19 16:04:26 UTC 2019 New revision: 343190 URL: https://svnweb.freebsd.org/changeset/base/343190 Log: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 MFC after: 1 week Changes: head/sys/net80211/ieee80211_crypto.c
A commit references this bug: Author: avos Date: Sat Jan 26 12:28:47 UTC 2019 New revision: 343463 URL: https://svnweb.freebsd.org/changeset/base/343463 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/12/ stable/12/sys/net80211/ieee80211_crypto.c
A commit references this bug: Author: avos Date: Sat Jan 26 12:35:06 UTC 2019 New revision: 343464 URL: https://svnweb.freebsd.org/changeset/base/343464 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/11/ stable/11/sys/net80211/ieee80211_crypto.c
A commit references this bug: Author: avos Date: Sat Jan 26 12:41:16 UTC 2019 New revision: 343465 URL: https://svnweb.freebsd.org/changeset/base/343465 Log: MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 Changes: _U stable/10/ stable/10/sys/net80211/ieee80211_crypto.c