[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Jul 2023 19:01:57 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272616

--- Comment #15 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=bc310a95c58a3c570ed7e5103371453881e36ba1

commit bc310a95c58a3c570ed7e5103371453881e36ba1
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-07-20 12:08:24 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-07-21 18:51:13 +0000

    ip output: ensure that mbufs are mapped if ipsec is enabled

    Ipsec needs access to packet headers to determine if a policy is
    applicable. It seems that typically IP headers are mapped, but the code
    is arguably needs to check this before blindly accessing them. Then,
    operations like m_unshare() and m_makespace() are not yet ready for
    unmapped mbufs.

    Ensure that the packet is mapped before calling into IPSEC_OUTPUT().

    PR:     272616
    Reviewed by:    jhb, markj
    Sponsored by:   NVidia networking
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D41112

 sys/netinet/ip_output.c   | 6 ++++++
 sys/netinet6/ip6_output.c | 6 ++++++
 2 files changed, 12 insertions(+)

-- 
You are receiving this mail because:
You are the assignee for the bug.