diff options
author | melifaro <melifaro@FreeBSD.org> | 2012-05-21 22:17:29 +0000 |
---|---|---|
committer | melifaro <melifaro@FreeBSD.org> | 2012-05-21 22:17:29 +0000 |
commit | 34ec5c86502577f86de209389836d93646d78b9b (patch) | |
tree | 90fdcda4302fb38114d697df37798071b681dc3e /sys/kern | |
parent | 1c776bfa6e8c09481f7796562d3b3f95d7f76aa8 (diff) | |
download | FreeBSD-src-34ec5c86502577f86de209389836d93646d78b9b.zip FreeBSD-src-34ec5c86502577f86de209389836d93646d78b9b.tar.gz |
Fix old panic when BPF consumer attaches to destroying interface.
'flags' field is added to the end of bpf_if structure. Currently the only
flag is BPFIF_FLAG_DYING which is set on bpf detach and checked by bpf_attachd()
Problem can be easily triggered on SMP stable/[89] by the following command (sort of):
'while true; do ifconfig vlan222 create vlan 222 vlandev em0 up ; tcpdump -pi vlan222 & ; ifconfig vlan222 destroy ; done'
Fix possible use-after-free when BPF detaches itself from interface, freeing bpf_bif memory,
while interface is still UP and there can be routes via this interface.
Freeing is now delayed till ifnet_departure_event is received via eventhandler(9) api.
Convert bpfd rwlock back to mutex due lack of performance gain (currently checking if packet
matches filter is done without holding bpfd lock and we have to acquire write lock if packet matches)
Approved by: kib(mentor)
MFC in: 4 weeks
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/subr_witness.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/kern/subr_witness.c b/sys/kern/subr_witness.c index 52045b6..f14be50 100644 --- a/sys/kern/subr_witness.c +++ b/sys/kern/subr_witness.c @@ -564,7 +564,7 @@ static struct witness_order_list_entry order_lists[] = { */ { "bpf global lock", &lock_class_mtx_sleep }, { "bpf interface lock", &lock_class_rw }, - { "bpf cdev lock", &lock_class_rw }, + { "bpf cdev lock", &lock_class_mtx_sleep }, { NULL, NULL }, /* * NFS server |