From nobody@FreeBSD.org Thu Jan 25 00:42:54 2001 Return-Path: Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7A79637B401 for ; Thu, 25 Jan 2001 00:42:53 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0P8gru84784; Thu, 25 Jan 2001 00:42:53 -0800 (PST) (envelope-from nobody) Message-Id: <200101250842.f0P8gru84784@freefall.freebsd.org> Date: Thu, 25 Jan 2001 00:42:53 -0800 (PST) From: brandt@fokus.gmd.de To: freebsd-gnats-submit@FreeBSD.org Subject: if netgraph seriously runs out of queue entries it crashes the kernel X-Send-Pr-Version: www-1.0 >Number: 24628 >Category: kern >Synopsis: if netgraph seriously runs out of queue entries it crashes the kernel >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 25 00:50:01 PST 2001 >Closed-Date: Fri Jul 13 01:36:57 PDT 2001 >Last-Modified: Fri Jul 13 01:37:28 PDT 2001 >Originator: Harti Brandt >Release: CURRENT >Organization: GMD Fokus >Environment: FreeBSD beagle.fokus.gmd.de 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Wed Jan 24 10:15:13 CET 2001 hbb@beagle.fokus.gmd.de:/opt/obj/usr/src/sys/BEAGLE i386 >Description: The function ng_getqblk() in ng_base.c allocates queue entries. If it fails to allocate one, it drops out of a loop in that function and, just before returning to the caller, tries to clear the NCGF_FREE flag on the entry it is about to return. If the allocation has failed, this will access a NULL pointer. >How-To-Repeat: Use up all available kernel memory and try to send netgraph messages. >Fix: Replace: item->el_flags &= ~NGQF_FREE; By: if(item) item->el_flags &= ~NGQF_FREE; at the end of ng_getqblk(). >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: alfred State-Changed-When: Fri Jul 13 01:36:57 PDT 2001 State-Changed-Why: Fixed in revision 1.54 of src/sys/netgraph/ng_base.c http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24628 >Unformatted: