mbuf_dup/mbuf_freem with mbufs containing aux data
mbuf_dup/mbuf_freem with mbufs containing aux data
- Subject: mbuf_dup/mbuf_freem with mbufs containing aux data
- From: "Bhavesh Davda" <email@hidden>
- Date: Mon, 29 Jan 2007 17:45:48 -0800
I noticed when my interface filter output method gets called for IPV6
packets (in particular ICMP6 echo replies), that the mbuf contains an
aux data pointer in its m_pkthdr.
Browsing the xnu-792.13.8 code, it looks like when you mbuf_dup() an
mbuf, the pkthdr of the new mbuf is a copy of the pkthdr of the source
mbuf, which means that the new mbuf's pkthdr's aux field points to the
same piece of data as the original mbuf.
Then when mbuf_freem() is called, it unconditionally frees this aux
data if there was any on the mbuf chain that you're freeing.
Without reference counting the aux field, this is really bad. "freeing
free mbufs" panics ensue from this.
What's my workaround?
Thanks!
--
Bhavesh P. Davda
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden