git: f02d9edfb5d6 - main - ktls: Mark mbufs containing outbound encrypted TLS records read-only

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Thu, 31 Oct 2024 20:33:19 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=f02d9edfb5d695734b8866c81d2da0c7700c8779

commit f02d9edfb5d695734b8866c81d2da0c7700c8779
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2024-10-31 20:32:32 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2024-10-31 20:32:32 +0000

    ktls: Mark mbufs containing outbound encrypted TLS records read-only
    
    Reviewed by:    gallatin, kp
    Differential Revision:  https://reviews.freebsd.org/D46784
---
 sys/kern/uipc_ktls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 1e4a933d4e4f..bf2ff37e3c3a 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -3072,6 +3072,7 @@ ktls_encrypt(struct ktls_wq *wq, struct mbuf *top)
 
 		if ((m->m_epg_flags & EPG_FLAG_ANON) == 0)
 			ktls_finish_nonanon(m, &state);
+		m->m_flags |= M_RDONLY;
 
 		npages += m->m_epg_nrdy;
 
@@ -3110,6 +3111,7 @@ ktls_encrypt_cb(struct ktls_ocf_encrypt_state *state, int error)
 
 	if ((m->m_epg_flags & EPG_FLAG_ANON) == 0)
 		ktls_finish_nonanon(m, state);
+	m->m_flags |= M_RDONLY;
 
 	so = state->so;
 	free(state, M_KTLS);