diff options
| author | Florian Florensa <florian@florensa.me> | 2023-09-17 14:16:07 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 2023-09-17 14:17:51 +0000 |
| commit | 7965d4d9e326373b4669e451d3bd2a7d840c4b5b (patch) | |
| tree | 12771110498eed978f5987077292772c6615841f | |
| parent | dbd445bbd3d7d5c50914bac20d6595ed344e4c5e (diff) | |
| download | src-7965d4d9e326373b4669e451d3bd2a7d840c4b5b.tar.gz src-7965d4d9e326373b4669e451d3bd2a7d840c4b5b.zip | |
net/bpf: Fix writing of buffer bigger than PAGESIZE
When allocating the mbuf we used m_get2 which fails
if len is superior to MJUMPAGESIZE, if its the case,
use m_getjcl instead.
Reviewed by: kp@
PR: 205164
Pull Request: https://github.com/freebsd/freebsd-src/pull/131
(cherry picked from commit f13da24715a75ce0fdac31062866877d980aa908)
| -rw-r--r-- | sys/net/bpf.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 6656b4aca980..20c26892ce7a 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -641,7 +641,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp, if (len < hlen || len - hlen > ifp->if_mtu) return (EMSGSIZE); - m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR); + /* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */ + if (len < MJUMPAGESIZE) + m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR); + else if (len <= MJUM9BYTES) + m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM9BYTES); + else if (len <= MJUM16BYTES) + m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM16BYTES); + else + m = NULL; if (m == NULL) return (EIO); m->m_pkthdr.len = m->m_len = len; |