From f449396167e2de3dd281b2134d0c9a7ba76a275d Mon Sep 17 00:00:00 2001
From: silby <silby@FreeBSD.org>
Date: Fri, 2 May 2003 03:43:40 +0000
Subject: Add the M_FREELIST flag, which is used to detect whenever a double
 free of a mbuf occurs and cause an immediate panic, rather than allowing free
 list corruption to occur.

This code is trapped under INVARIANTS, so it should not cause any
change in default performance.

Reviewed by:	a bunch of people on -net
MFC after:	1 week
---
 sys/kern/subr_mbuf.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'sys/kern/subr_mbuf.c')

diff --git a/sys/kern/subr_mbuf.c b/sys/kern/subr_mbuf.c
index 5d593e6..5d624f6 100644
--- a/sys/kern/subr_mbuf.c
+++ b/sys/kern/subr_mbuf.c
@@ -1380,6 +1380,11 @@ m_free(struct mbuf *mb)
 	int cchnum;
 	short persist = 0;
 
+#ifdef INVARIANTS
+	if (mb->m_flags & M_FREELIST)
+		panic("m_free detected a mbuf double-free");
+	mb->m_flags |= M_FREELIST;
+#endif
 	if ((mb->m_flags & M_PKTHDR) != 0)
 		m_tag_delete_chain(mb, NULL);
 	nb = mb->m_next;
@@ -1422,6 +1427,11 @@ m_freem(struct mbuf *mb)
 	short persist;
 
 	while (mb != NULL) {
+#ifdef INVARIANTS
+		if (mb->m_flags & M_FREELIST)
+			panic("m_freem detected a mbuf double-free");
+		mb->m_flags |= M_FREELIST;
+#endif
 		if ((mb->m_flags & M_PKTHDR) != 0)
 			m_tag_delete_chain(mb, NULL);
 		persist = 0;
-- 
cgit v1.1