netipsec: Fix handling of unmapped mbufs
AbandonedPublic
Actions

Authored by markj on Jan 14 2021, 4:36 PM.

Details

Reviewers

jhb
gallatin

Summary

sendfile over an encrypted ESP tunnel triggers a panic because we fail
to map packet data before trying to compute a checksum. Add the same
mb_unmapped_to_ext() call that we have in other places.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 36203
Build 33092: arc lint + arc unit

Event Timeline

markj created this revision.Jan 14 2021, 4:36 PM

Herald added subscribers: melifaro, ae, imp. · View Herald TranscriptJan 14 2021, 4:36 PM

Harbormaster completed remote builds in B36203: Diff 82271.Jan 14 2021, 4:36 PM

markj requested review of this revision.Jan 14 2021, 4:36 PM

markj added a child revision: D28161: ktls: Improve handling of the bind_threads tunable a bit.

markj added reviewers: jhb, gallatin.Jan 14 2021, 4:37 PM

Thank you for catching this.

This revision is now accepted and ready to land.Jan 14 2021, 6:13 PM

ae mentioned this in D28187: Convert unmapped mbufs before computing checksums in IPsec..Jan 16 2021, 11:28 AM

I think the patch in D28187 is better. You need to release reference to SP when error occurs before ipsec4_process_packet().

In D28160#630053, @ae wrote:

I think the patch in D28187 is better. You need to release reference to SP when error occurs before ipsec4_process_packet().

Oops, thanks. :(

Revision Contents
Changeset List

Path

Size

sys/

netipsec/

ipsec_output.c

14 lines

Diff 82271

View Options

sys/netipsec/ipsec_output.c

netipsec: Fix handling of unmapped mbufsAbandonedPublicActions