[src/trunk]: src/sys/kern Detect use-after-frees on mbufs with external stora...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a8aad6c7027f
branches:  trunk
changeset: 828786:a8aad6c7027f
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Jan 01 12:22:59 2018 +0000

description:
Detect use-after-frees on mbufs with external storage, too. This is done
even when the refcount is > 1.

Again, this code is enabled by default, because it is fast and quite
useful.

diffstat:

 sys/kern/uipc_mbuf.c |  9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diffs (37 lines):

diff -r 52dabb1759a9 -r a8aad6c7027f sys/kern/uipc_mbuf.c
--- a/sys/kern/uipc_mbuf.c      Mon Jan 01 12:09:56 2018 +0000
+++ b/sys/kern/uipc_mbuf.c      Mon Jan 01 12:22:59 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_mbuf.c,v 1.175 2018/01/01 12:09:56 maxv Exp $     */
+/*     $NetBSD: uipc_mbuf.c,v 1.176 2018/01/01 12:22:59 maxv Exp $     */
 
 /*-
  * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.175 2018/01/01 12:09:56 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.176 2018/01/01 12:22:59 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mbuftrace.h"
@@ -1687,6 +1687,10 @@
        KASSERT((m->m_flags & M_EXT_CLUSTER) ==
            (m->m_ext_ref->m_flags & M_EXT_CLUSTER));
 
+       if (__predict_false(m->m_type == MT_FREE)) {
+               panic("mbuf %p already freed", m);
+       }
+
        if (__predict_true(m->m_ext.ext_refcnt == 1)) {
                refcnt = m->m_ext.ext_refcnt = 0;
        } else {
@@ -1727,6 +1731,7 @@
        }
        if (dofree) {
                m->m_type = MT_FREE;
+               m->m_data = NULL;
                pool_cache_put(mb_cache, m);
        }
 }