netmap: Fix integer overflow in nmreq_copyin
An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.
Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085
(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
(cherry picked from commit 95602165e33a3045a27245cc1e61e67bf4feeed1)
Approved by: so
Security: FreeBSD-SA-22:04.netmap