[Bug 256610] Kernel panic with ngtee

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 21 Jun 2021 16:01:40 UTC

--- Comment #4 from John Baldwin <jhb@FreeBSD.org> ---
I'm curious how this is using unmapped mbufs?  Does ngtee use sendfile(2) under
the hood?  While we could patch m_dup(), I don't know we want to enforce the
policy that the dup is always unmapped?  That said, I think fixing m_dup is
probably a single line change to replace the 'bcopy' with 'm_copydata' as is
done in m_defrag():

diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c
index b9e716b411be..1a2098c7c536 100644
--- a/sys/kern/uipc_mbuf.c
+++ b/sys/kern/uipc_mbuf.c
@@ -719,7 +719,7 @@ m_dup(const struct mbuf *m, int how)
                while (n->m_len < nsize && m != NULL) {
                        int chunk = min(nsize - n->m_len, m->m_len - moff);

-                       bcopy(m->m_data + moff, n->m_data + n->m_len, chunk);
+                       m_copydata(m, moff, chunk, n->m_data + n->m_len);
                        moff += chunk;
                        n->m_len += chunk;
                        remain -= chunk;

You are receiving this mail because:
You are the assignee for the bug.