Do not pass bogus page to mbufs.

This is a bug in r359473. Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
2020-04-10 01:28:47 +00:00 · 2020-04-10 01:28:47 +00:00 · f709eee61a
commit f709eee61a
parent 71f2642988
1 changed files with 6 additions and 2 deletions
--- a/sys/kern/kern_sendfile.c
+++ b/sys/kern/kern_sendfile.c
@ -649,6 +649,7 @@ vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
 	struct file *sock_fp;
 	struct vnode *vp;
 	struct vm_object *obj;
+	vm_page_t pga;
 	struct socket *so;
 #ifdef KERN_TLS
 	struct ktls_session *tls;
@ -948,6 +949,9 @@ vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
 				softerr = EBUSY;
 				break;
 			}
+			pga = pa[i];
+			if (pga == bogus_page)
+				pga = vm_page_relookup(obj, sfio->pindex0 + i);

 			if (use_ext_pgs) {
 				off_t xfs;
@ -997,7 +1001,7 @@ vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
 					ext_pgs->nrdy++;
 				}

-				ext_pgs->pa[ext_pgs_idx] = VM_PAGE_TO_PHYS(pa[i]);
+				ext_pgs->pa[ext_pgs_idx] = VM_PAGE_TO_PHYS(pga);
 				ext_pgs->npgs++;
 				xfs = xfsize(i, npages, off, space);
 				ext_pgs->last_pg_len = xfs;
@ -1016,7 +1020,7 @@ vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
 			 * threads might exhaust the buffers and then
 			 * deadlock.
 			 */
-			sf = sf_buf_alloc(pa[i],
+			sf = sf_buf_alloc(pga,
 			    m != NULL ? SFB_NOWAIT : SFB_CATCH);
 			if (sf == NULL) {
 				SFSTAT_INC(sf_allocfail);