The branch main has been updated by imp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f13da24715a75ce0fdac31062866877d980aa908
commit f13da24715a75ce0fdac31062866877d980aa908
Author: Florian Florensa <flor...@florensa.me>
AuthorDate: 2018-02-16 09:53:22 +0000
Commit: Warner Losh <i...@freebsd.org>
CommitDate: 2021-06-23 16:39:18 +0000
net/bpf: Fix writing of buffer bigger than PAGESIZE
When allocating the mbuf we used m_get2 which fails
if len is superior to MJUMPAGESIZE, if its the case,
use m_getjcl instead.
Reviewed by: kp@
PR: 205164
Pull Request: https://github.com/freebsd/freebsd-src/pull/131
---
sys/net/bpf.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 605e7aa39fdb..ec05dd6d337b 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -641,7 +641,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet
*ifp, struct mbuf **mp,
if (len < hlen || len - hlen > ifp->if_mtu)
return (EMSGSIZE);
- m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
+ /* Allocate a mbuf for our write, since m_get2 fails if len >= to
MJUMPAGESIZE, use m_getjcl for bigger buffers */
+ if (len < MJUMPAGESIZE)
+ m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
+ else if (len <= MJUM9BYTES)
+ m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM9BYTES);
+ else if (len <= MJUM16BYTES)
+ m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM16BYTES);
+ else
+ m = NULL;
if (m == NULL)
return (EIO);
m->m_pkthdr.len = m->m_len = len;
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
