[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec
Date: Thu, 20 Jul 2023 14:23:18 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272616 --- Comment #10 from Mark Johnston <markj@FreeBSD.org> --- (In reply to Konstantin Belousov from comment #9) Well, there is no real guarantee, but if you only need to access the IP header, then mb_unmapped_to_ext() is overkill. In practice, protocol headers generated by the kernel will live in mapped mbufs that are separate from unmapped data. To be safer, we could introduce a mbuf function which guarantees that the first N bytes of the chain are mapped. m_makespace() needs a bit of work but fundamentally I don't see any problems with IPSec+unmapped mbufs. Really the bug here is that m_unshare() operates on the entire mbuf chain instead of stopping once we've gotten far enough to inject an IPSec header. -- You are receiving this mail because: You are the assignee for the bug.