diff options
| author | Florian Florensa <florian@florensa.me> | 2018-02-16 09:53:22 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 2021-06-23 16:39:18 +0000 |
| commit | f13da24715a75ce0fdac31062866877d980aa908 (patch) | |
| tree | ee67c752b4650b778535792ec247d1548ae328b0 | |
| parent | a75819461ec7c7d8468498362f9104637ff7c9e9 (diff) | |
| download | src-f13da24715a75ce0fdac31062866877d980aa908.tar.gz src-f13da24715a75ce0fdac31062866877d980aa908.zip | |
net/bpf: Fix writing of buffer bigger than PAGESIZE
When allocating the mbuf we used m_get2 which fails
if len is superior to MJUMPAGESIZE, if its the case,
use m_getjcl instead.
Reviewed by: kp@
PR: 205164
Pull Request: https://github.com/freebsd/freebsd-src/pull/131
| -rw-r--r-- | sys/net/bpf.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 605e7aa39fdb..ec05dd6d337b 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -641,7 +641,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp, if (len < hlen || len - hlen > ifp->if_mtu) return (EMSGSIZE); - m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR); + /* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */ + if (len < MJUMPAGESIZE) + m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR); + else if (len <= MJUM9BYTES) + m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM9BYTES); + else if (len <= MJUM16BYTES) + m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM16BYTES); + else + m = NULL; if (m == NULL) return (EIO); m->m_pkthdr.len = m->m_len = len; |