From owner-dev-commits-src-branches@freebsd.org Wed Apr 28 14:09:49 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 76C9A5F4BF0; Wed, 28 Apr 2021 14:09:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FVgW12rwXz4jYl; Wed, 28 Apr 2021 14:09:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5526A737F; Wed, 28 Apr 2021 14:09:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13SE9nUw025262; Wed, 28 Apr 2021 14:09:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13SE9noN025261; Wed, 28 Apr 2021 14:09:49 GMT (envelope-from git) Date: Wed, 28 Apr 2021 14:09:49 GMT Message-Id: <202104281409.13SE9noN025261@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 2b826286c3b9 - stable/13 - Add required checks for unmapped mbufs in ipdivert and ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2b826286c3b951df0bb3b4250eecbb7adc5c860b Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2021 14:09:49 -0000 The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=2b826286c3b951df0bb3b4250eecbb7adc5c860b commit 2b826286c3b951df0bb3b4250eecbb7adc5c860b Author: Mark Johnston AuthorDate: 2021-04-21 19:38:01 +0000 Commit: Mark Johnston CommitDate: 2021-04-28 14:00:13 +0000 Add required checks for unmapped mbufs in ipdivert and ipfw Also add an M_ASSERTMAPPED() macro to verify that all mbufs in the chain are mapped. Use it in ipfw_nat, which operates on a chain returned by m_megapullup(). PR: 255164 Reviewed by: ae, gallatin Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29838 (cherry picked from commit 652908599b6fa7285ee60cb567b97e70b648ac29) --- sys/netinet/ip_divert.c | 6 ++++++ sys/netpfil/ipfw/ip_fw_nat.c | 1 + sys/netpfil/ipfw/nat64/nat64_translate.c | 10 ++++++++++ sys/sys/mbuf.h | 11 +++++++++++ 4 files changed, 28 insertions(+) diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 70d3fbd1f230..c3f9c43b8f70 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -212,11 +212,17 @@ divert_packet(struct mbuf *m, bool incoming) /* Delayed checksums are currently not compatible with divert. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { + m = mb_unmapped_to_ext(m); + if (m == NULL) + return; in_delayed_cksum(m); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } #if defined(SCTP) || defined(SCTP_SUPPORT) if (m->m_pkthdr.csum_flags & CSUM_SCTP) { + m = mb_unmapped_to_ext(m); + if (m == NULL) + return; sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2)); m->m_pkthdr.csum_flags &= ~CSUM_SCTP; } diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c index bcda3cff011c..d7b31c29d4ec 100644 --- a/sys/netpfil/ipfw/ip_fw_nat.c +++ b/sys/netpfil/ipfw/ip_fw_nat.c @@ -307,6 +307,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) args->m = NULL; return (IP_FW_DENY); } + M_ASSERTMAPPED(mcl); ip = mtod(mcl, struct ip *); /* diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c index 4ed3bfa765f6..29666a7d3a9a 100644 --- a/sys/netpfil/ipfw/nat64/nat64_translate.c +++ b/sys/netpfil/ipfw/nat64/nat64_translate.c @@ -1296,6 +1296,11 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *saddr, /* Handle delayed checksums if needed. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { + m = mb_unmapped_to_ext(m); + if (m == NULL) { + NAT64STAT_INC(&cfg->stats, nomem); + return (NAT64RETURN); + } in_delayed_cksum(m); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } @@ -1673,6 +1678,11 @@ nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, uint16_t aport, /* Handle delayed checksums if needed. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { + m = mb_unmapped_to_ext(m); + if (m == NULL) { + NAT64STAT_INC(&cfg->stats, nomem); + return (NAT64RETURN); + } in6_delayed_cksum(m, plen, hlen); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; } diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index 0a249b6e2c6a..9c18ebd4943d 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -1110,6 +1110,17 @@ m_extrefcnt(struct mbuf *m) KASSERT((((struct mbuf *)m)->m_flags & 0) == 0, \ ("%s: attempted use of a free mbuf!", __func__)) +/* Check whether any mbuf in the chain is unmapped. */ +#ifdef INVARIANTS +#define M_ASSERTMAPPED(m) do { \ + for (struct mbuf *__m = (m); __m != NULL; __m = __m->m_next) \ + KASSERT((__m->m_flags & M_EXTPG) == 0, \ + ("%s: chain %p contains an unmapped mbuf", __func__, (m)));\ +} while (0) +#else +#define M_ASSERTMAPPED(m) +#endif + /* * Return the address of the start of the buffer associated with an mbuf, * handling external storage, packet-header mbufs, and regular data mbufs.