cvs commit: src/sys/dev/io iodev.c

Ed Schouten ed at
Tue Aug 12 14:15:23 UTC 2008

Hello all,

* Bruce Evans <brde at> wrote:
> I checked that bpf panics (even under UP) due to the obvious bugs in
> its d_close():
>     # Generate lots of network activity using something like:
>     sysctl net.inet.icmp.icmplim=0; ping -fq localhost &
>     # Race to panic eventually:
>     while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0
> Most or all device drivers have obvious bugs in their d_close(); bpf
> is just a bit easier to understand and more likely to cause a panic
> than most device drivers, since it is simple and frees resources.  A
> panic is very likely when si_drv1 is freed, and si_drv1 is only locked
> accidentally.

I remember I once warned people about this on the lists. It seems the
cdevpriv API is protected against this, so the following patch turns BPF
into a single device node, which can handle revoke() calls properly.

I wrote this patch a month ago, but eventually I didn't commit this. I
think I should, though.

 Ed Schouten <ed at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url :

More information about the cvs-all mailing list