kern/123095 kern/131602 sendfile
Andriy Gapon
avg at icyb.net.ua
Thu Jul 8 07:51:26 UTC 2010
Not an expert by any measure but the following looks suspicious:
m_copy/m_copym calls mb_dupcl for M_EXT case and M_RDONLY is _not_ checked nor
preserved in that case.
So we may get a writable M_EXT mbuf pointing to sf_buf wrapping a page of a file.
But I am not sure if/how mbufs are re-used and if we can end up actually writing
something to the resulting mbuf.
--
Andriy Gapon
More information about the freebsd-net
mailing list