Module Name: src
Committed By: ozaki-r
Date: Mon Nov 27 02:50:27 UTC 2023
Modified Files:
src/sys/kern: uipc_mbuf.c
Log Message:
mbuf: avoid assertion failure when splitting mbuf cluster
>From OpenBSD:
commit 7b4d35e0a60ba1dd4daf4b1c2932020a22463a89
Author: bluhm <bl...@openbsd.org>
Date: Fri Oct 20 16:25:15 2023 +0000
Avoid assertion failure when splitting mbuf cluster.
m_split() calls m_align() to initialize the data pointer of newly
allocated mbuf. If the new mbuf will be converted to a cluster,
this is not necessary. If additionally the new mbuf is larger than
MLEN, this can lead to a panic.
Only call m_align() when a valid m_data is needed. This is the
case if we do not refecence the existing cluster, but memcpy() the
data into the new mbuf.
Reported-by: syzbot+0e6817f5877926f0e...@syzkaller.appspotmail.com
OK claudio@ deraadt@
The issue is harmless if DIAGNOSTIC is not enabled.
XXX pullup-10
XXX pullup-9
To generate a diff of this commit:
cvs rdiff -u -r1.251 -r1.252 src/sys/kern/uipc_mbuf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
