From 4a58382d425db89491200cff85d7f35c88d4cc53 Mon Sep 17 00:00:00 2001 From: jsg Date: Mon, 26 Jul 2021 11:06:36 +0000 Subject: [PATCH] fix an mbuf leak with m_len 0 mbufs from niklas@ via mikeb@ --- sys/dev/pv/if_xnf.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/sys/dev/pv/if_xnf.c b/sys/dev/pv/if_xnf.c index 51078dd0d7e..f5860a14ad0 100644 --- a/sys/dev/pv/if_xnf.c +++ b/sys/dev/pv/if_xnf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_xnf.c,v 1.65 2020/12/12 11:48:53 jan Exp $ */ +/* $OpenBSD: if_xnf.c,v 1.66 2021/07/26 11:06:36 jsg Exp $ */ /* * Copyright (c) 2015, 2016 Mike Belopuhov @@ -572,7 +572,7 @@ xnf_encap(struct xnf_softc *sc, struct mbuf *m_head, uint32_t *prod) struct xnf_tx_ring *txr = sc->sc_tx_ring; struct xnf_tx_buf *txb = NULL; union xnf_tx_desc *txd = NULL; - struct mbuf *m; + struct mbuf *m, **next; uint32_t oprod = *prod; uint16_t id; int i, flags, n, used = 0; @@ -583,7 +583,16 @@ xnf_encap(struct xnf_softc *sc, struct mbuf *m_head, uint32_t *prod) flags = (sc->sc_domid << 16) | BUS_DMA_WRITE | BUS_DMA_NOWAIT; - for (m = m_head; m != NULL && m->m_len > 0; m = m->m_next) { + next = &m_head->m_next; + for (m = m_head; m != NULL; m = *next) { + /* Unlink and free zero length nodes. */ + if (m->m_len == 0) { + *next = m->m_next; + m_free(m); + continue; + } + next = &m->m_next; + i = *prod & (XNF_TX_DESC - 1); txd = &txr->txr_desc[i]; -- 2.20.1