net: Fix double-free snoop bug
authorBarret Rhoden <brho@cs.berkeley.edu>
Wed, 1 Feb 2017 21:26:14 +0000 (16:26 -0500)
committerBarret Rhoden <brho@cs.berkeley.edu>
Wed, 1 Feb 2017 21:26:14 +0000 (16:26 -0500)
When the snoopy queue overflows, qpass() returns failure.  We had been
freeing the block in that case.  However, qpass() is actually the one
that frees the block.  All we should do is take note of its failure.

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
kern/src/net/ipifc.c

index 6ae9bad..2ab62be 100644 (file)
@@ -1524,10 +1524,8 @@ void ipifc_trace_block(struct Ipifc *ifc, struct block *bp)
                ifc->tracedrop++;
                return;
        }
-       if (qpass(ifc->conv->sq, newb) < 0) {
+       if (qpass(ifc->conv->sq, newb) < 0)
                ifc->tracedrop++;
-               freeb(newb);
-       }
 }
 
 /*