git: f13da24715a7 - main - net/bpf: Fix writing of buffer bigger than PAGESIZE

[Warner Losh]

The branch main has been updated by imp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f13da24715a75ce0fdac31062866877d980aa908

commit f13da24715a75ce0fdac31062866877d980aa908
Author:     Florian Florensa <florian at florensa.me>
AuthorDate: 2018-02-16 09:53:22 +0000
Commit:     Warner Losh <imp at FreeBSD.org>
CommitDate: 2021-06-23 16:39:18 +0000

    net/bpf: Fix writing of buffer bigger than PAGESIZE
    
    When allocating the mbuf we used m_get2 which fails
    if len is superior to MJUMPAGESIZE, if its the case,
    use m_getjcl instead.
    
    Reviewed by:    kp@
    PR:             205164
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/131
---
 sys/net/bpf.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 605e7aa39fdb..ec05dd6d337b 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -641,7 +641,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
 	if (len < hlen || len - hlen > ifp->if_mtu)
 		return (EMSGSIZE);
 
-	m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
+	/* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */
+	if (len < MJUMPAGESIZE)
+		m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
+	else if (len <= MJUM9BYTES)
+		m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM9BYTES);
+	else if (len <= MJUM16BYTES)
+		m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR, MJUM16BYTES);
+	else
+		m = NULL;
 	if (m == NULL)
 		return (EIO);
 	m->m_pkthdr.len = m->m_len = len;