[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 20 Jul 2023 14:23:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272616

--- Comment #10 from Mark Johnston <markj@FreeBSD.org> ---
(In reply to Konstantin Belousov from comment #9)
Well, there is no real guarantee, but if you only need to access the IP header,
then mb_unmapped_to_ext() is overkill.  In practice, protocol headers generated
by the kernel will live in mapped mbufs that are separate from unmapped data. 
To be safer, we could introduce a mbuf function which guarantees that the first
N bytes of the chain are mapped.

m_makespace() needs a bit of work but fundamentally I don't see any problems
with IPSec+unmapped mbufs.  Really the bug here is that m_unshare() operates on
the entire mbuf chain instead of stopping once we've gotten far enough to
inject an IPSec header.

-- 
You are receiving this mail because:
You are the assignee for the bug.