d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net/bpf: Fix writing of buffer bigger than PAGESIZE

Browse Source 
When allocating the mbuf we used m_get2 which fails
if len is superior to MJUMPAGESIZE, if its the case,
use m_getjcl instead.

Reviewed by:	kp@
PR:		205164
Pull Request:	https://github.com/freebsd/freebsd-src/pull/131
This commit is contained in:
Florian Florensa 2018-02-16 10:53:22 +01:00 committed by Warner Losh
parent a75819461e
commit f13da24715
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/net/bpf.c
View File

@ -641,7 +641,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
if (len < hlen || len - hlen > ifp->if_mtu)
return (EMSGSIZE);
m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
/* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */
if (len < MJUMPAGESIZE)
m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
else if (len <= MJUM9BYTES)
m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM9BYTES);
else if (len <= MJUM16BYTES)
m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM16BYTES);
else
m = NULL;
if (m == NULL)
return (EIO);
m->m_pkthdr.len = m->m_len = len;