[Bug 200323] BPF userland misuse can crash the system
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jun 13 19:39:59 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200323
--- Comment #1 from Ermal Luçi <eri at pfsense.org> ---
This patch fixes the issue and the issue seems to a locked LLE which does not
allow BPF to sleep when it needs to.
+diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
+index baa9c26..f31576d 100644
+--- a/sys/netinet/if_ether.c
++++ b/sys/netinet/if_ether.c
+@@ -353,6 +353,10 @@ retry:
+ if ((la->la_flags & LLE_VALID) &&
+ ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) {
+ bcopy(&la->ll_addr, desten, ifp->if_addrlen);
++ if (flags & LLE_EXCLUSIVE)
++ LLE_WUNLOCK(la);
++ else
++ LLE_RUNLOCK(la);
+ /*
+ * If entry has an expiry time and it is approaching,
+ * see if we need to send an ARP request within this
+@@ -365,8 +369,7 @@ retry:
+ }
+
+ *lle = la;
+- error = 0;
+- goto done;
++ return (0);
+ }
+
+ if (la->la_flags & LLE_STATIC) { /* should not happen! */
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list