Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 09 May 2022 00:19:26 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 263824] genet(4): Driver interface may overwrite memory in a consecutive memory copy operations when parsing TX packet
Message-ID:  <bug-263824-7501-LHRI55HKas@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-263824-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-263824-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263824

--- Comment #4 from Jiahao LI <jiahali@blackberry.com> ---
(In reply to Mike Karels from comment #3)
Hi,

Happy to hear that the problem can be fixed. I cannot reproduce the problem=
 in
the current release of the Freebsd image but I never try to change any
parameter in "sysctl". This problem happens in my own development environme=
nt.

My development environment is not entirely based on the Freebsd, but Freebs=
d is
running within our development environment and the version of Freebsd is not
based on the current release.=20

hw.genet.tx_hdr_min does not exist in the Freebsd running in my development
environment.=20

I can provide further details to help reproduce this issue. Let's say we wa=
nt
to send a large packet, e.x. "ping -s 2048 ....", and the packet is going to
fragmented at the network layer, IP layer.

For the first fragmented packet, the network header, ICMP  header and a por=
tion
of payload are stored in one mbuf, and "M_EXT" macro is set at that mbuf ba=
sed
on the rule in the code. Therefore, the mbuf is not writeable. The link-lay=
er
header and statusblock will be prepended to a new mbuf inserted before the =
mbuf
carrying the "network header + ICMP header + payload".

For reproducing the problem, it might not be necessary to send a large pack=
et,
but just make the mbuf not writable.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263824-7501-LHRI55HKas>