cvs commit: src/sys/dev/io iodev.c
Ed Schouten
ed at 80386.nl
Tue Aug 12 14:15:23 UTC 2008
Hello all,
* Bruce Evans <brde at optusnet.com.au> wrote:
> I checked that bpf panics (even under UP) due to the obvious bugs in
> its d_close():
>
> # Generate lots of network activity using something like:
> sysctl net.inet.icmp.icmplim=0; ping -fq localhost &
>
> # Race to panic eventually:
> while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0
>
> Most or all device drivers have obvious bugs in their d_close(); bpf
> is just a bit easier to understand and more likely to cause a panic
> than most device drivers, since it is simple and frees resources. A
> panic is very likely when si_drv1 is freed, and si_drv1 is only locked
> accidentally.
I remember I once warned people about this on the lists. It seems the
cdevpriv API is protected against this, so the following patch turns BPF
into a single device node, which can handle revoke() calls properly.
I wrote this patch a month ago, but eventually I didn't commit this. I
think I should, though.
http://80386.nl/files/bpf-cdevpriv.diff
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20080812/eef9ef39/attachment.pgp
More information about the cvs-all
mailing list