From owner-svn-src-stable-8@FreeBSD.ORG  Sun Oct 24 21:14:01 2010
Return-Path: <owner-svn-src-stable-8@FreeBSD.ORG>
Delivered-To: svn-src-stable-8@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E9A891065674;
	Sun, 24 Oct 2010 21:14:01 +0000 (UTC)
	(envelope-from yongari@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id D63908FC14;
	Sun, 24 Oct 2010 21:14:01 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o9OLE17V040209;
	Sun, 24 Oct 2010 21:14:01 GMT (envelope-from yongari@svn.freebsd.org)
Received: (from yongari@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o9OLE12x040200;
	Sun, 24 Oct 2010 21:14:01 GMT (envelope-from yongari@svn.freebsd.org)
Message-Id: <201010242114.o9OLE12x040200@svn.freebsd.org>
From: Pyun YongHyeon <yongari@FreeBSD.org>
Date: Sun, 24 Oct 2010 21:14:01 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r214295 - in stable/8/sys/dev: age alc ale bce bge fxp
	jme sge
X-BeenThere: svn-src-stable-8@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 8-stable src tree
	<svn-src-stable-8.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-8>
List-Post: <mailto:svn-src-stable-8@freebsd.org>
List-Help: <mailto:svn-src-stable-8-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Oct 2010 21:14:02 -0000

Author: yongari
Date: Sun Oct 24 21:14:01 2010
New Revision: 214295
URL: http://svn.freebsd.org/changeset/base/214295

Log:
  MFC r213844:
    Make sure to not use stale ip/tcp header pointers. The ip/tcp
    header parser uses m_pullup(9) to get access to mbuf chain.
    m_pullup(9) can allocate new mbuf chain and free old one if the
    space left in the mbuf chain is not enough to hold requested
    contiguous bytes. Previously drivers can use stale ip/tcp header
    pointer if m_pullup(9) returned new mbuf chain.
  
    Reported by:	Andrew Boyer (aboyer <> averesystems dot com)

Modified:
  stable/8/sys/dev/age/if_age.c
  stable/8/sys/dev/alc/if_alc.c
  stable/8/sys/dev/ale/if_ale.c
  stable/8/sys/dev/bce/if_bce.c
  stable/8/sys/dev/bge/if_bge.c
  stable/8/sys/dev/fxp/if_fxp.c
  stable/8/sys/dev/jme/if_jme.c
  stable/8/sys/dev/sge/if_sge.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/sys/dev/age/if_age.c
==============================================================================
--- stable/8/sys/dev/age/if_age.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/age/if_age.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -1565,6 +1565,7 @@ age_encap(struct age_softc *sc, struct m
 				*m_head = NULL;
 				return (ENOBUFS);
 			}
+			ip = (struct ip *)(mtod(m, char *) + ip_off);
 			tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 			/*
 			 * L1 requires IP/TCP header size and offset as

Modified: stable/8/sys/dev/alc/if_alc.c
==============================================================================
--- stable/8/sys/dev/alc/if_alc.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/alc/if_alc.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -2104,6 +2104,8 @@ alc_encap(struct alc_softc *sc, struct m
 			 * Reset IP checksum and recompute TCP pseudo
 			 * checksum as NDIS specification said.
 			 */
+			ip = (struct ip *)(mtod(m, char *) + ip_off);
+			tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 			ip->ip_sum = 0;
 			tcp->th_sum = in_pseudo(ip->ip_src.s_addr,
 			    ip->ip_dst.s_addr, htons(IPPROTO_TCP));

Modified: stable/8/sys/dev/ale/if_ale.c
==============================================================================
--- stable/8/sys/dev/ale/if_ale.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/ale/if_ale.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -1677,6 +1677,7 @@ ale_encap(struct ale_softc *sc, struct m
 				*m_head = NULL;
 				return (ENOBUFS);
 			}
+			ip = (struct ip *)(mtod(m, char *) + ip_off);
 			tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 			m = m_pullup(m, poff + (tcp->th_off << 2));
 			if (m == NULL) {

Modified: stable/8/sys/dev/bce/if_bce.c
==============================================================================
--- stable/8/sys/dev/bce/if_bce.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/bce/if_bce.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -6733,6 +6733,7 @@ bce_tso_setup(struct bce_softc *sc, stru
 		}
 
 		/* Get the TCP header length in bytes (min 20) */
+		ip = (struct ip *)(m->m_data + sizeof(struct ether_header));
 		th = (struct tcphdr *)((caddr_t)ip + ip_hlen);
 		tcp_hlen = (th->th_off << 2);
 
@@ -6745,6 +6746,7 @@ bce_tso_setup(struct bce_softc *sc, stru
 		}
 
 		/* IP header length and checksum will be calc'd by hardware */
+		ip = (struct ip *)(m->m_data + sizeof(struct ether_header));
 		ip_len = ip->ip_len;
 		ip->ip_len = 0;
 		ip->ip_sum = 0;

Modified: stable/8/sys/dev/bge/if_bge.c
==============================================================================
--- stable/8/sys/dev/bge/if_bge.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/bge/if_bge.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -3839,9 +3839,11 @@ bge_setup_tso(struct bge_softc *sc, stru
 	 * checksum. These checksum computed by upper stack should be 0.
 	 */
 	*mss = m->m_pkthdr.tso_segsz;
+	ip = (struct ip *)(mtod(m, char *) + sizeof(struct ether_header));
 	ip->ip_sum = 0;
 	ip->ip_len = htons(*mss + (ip->ip_hl << 2) + (tcp->th_off << 2));
 	/* Clear pseudo checksum computed by TCP stack. */
+	tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 	tcp->th_sum = 0;
 	/*
 	 * Broadcom controllers uses different descriptor format for

Modified: stable/8/sys/dev/fxp/if_fxp.c
==============================================================================
--- stable/8/sys/dev/fxp/if_fxp.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/fxp/if_fxp.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -1454,6 +1454,8 @@ fxp_encap(struct fxp_softc *sc, struct m
 		 * Since 82550/82551 doesn't modify IP length and pseudo
 		 * checksum in the first frame driver should compute it.
 		 */
+		ip = (struct ip *)(mtod(m, char *) + ip_off);
+		tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 		ip->ip_sum = 0;
 		ip->ip_len = htons(m->m_pkthdr.tso_segsz + (ip->ip_hl << 2) +
 		    (tcp->th_off << 2));

Modified: stable/8/sys/dev/jme/if_jme.c
==============================================================================
--- stable/8/sys/dev/jme/if_jme.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/jme/if_jme.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -1665,11 +1665,12 @@ jme_encap(struct jme_softc *sc, struct m
 			*m_head = NULL;
 			return (ENOBUFS);
 		}
-		tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 		/*
 		 * Reset IP checksum and recompute TCP pseudo
 		 * checksum that NDIS specification requires.
 		 */
+		ip = (struct ip *)(mtod(m, char *) + ip_off);
+		tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 		ip->ip_sum = 0;
 		if (poff + (tcp->th_off << 2) == m->m_pkthdr.len) {
 			tcp->th_sum = in_pseudo(ip->ip_src.s_addr,

Modified: stable/8/sys/dev/sge/if_sge.c
==============================================================================
--- stable/8/sys/dev/sge/if_sge.c	Sun Oct 24 21:09:31 2010	(r214294)
+++ stable/8/sys/dev/sge/if_sge.c	Sun Oct 24 21:14:01 2010	(r214295)
@@ -1457,7 +1457,9 @@ sge_encap(struct sge_softc *sc, struct m
 		 * Reset IP checksum and recompute TCP pseudo
 		 * checksum that NDIS specification requires.
 		 */
+		ip = (struct ip *)(mtod(m, char *) + ip_off);
 		ip->ip_sum = 0;
+		tcp = (struct tcphdr *)(mtod(m, char *) + poff);
 		tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
 		    htons(IPPROTO_TCP));
 		*m_head = m;