diff options
author | csjp <csjp@FreeBSD.org> | 2008-07-05 20:11:28 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2008-07-05 20:11:28 +0000 |
commit | 4f71d026f8087303d3275d6eb52644273d89fa85 (patch) | |
tree | 74143742684e31feda258eda605fa03ea431ec16 /sys/net/bpf_zerocopy.c | |
parent | f53bcee721b132e008c9544f7d685a087fbe6f06 (diff) | |
download | FreeBSD-src-4f71d026f8087303d3275d6eb52644273d89fa85.zip FreeBSD-src-4f71d026f8087303d3275d6eb52644273d89fa85.tar.gz |
Make sure we are clearing the ZBUF_FLAG_IMMUTABLE any time a free buffer
is reclaimed by the kernel. This fixes a bug resulted in the kernel
over writing packet data while user-space was still processing it when
zerocopy is enabled. (Or a panic if invariants was enabled).
Discussed with: rwatson
Diffstat (limited to 'sys/net/bpf_zerocopy.c')
-rw-r--r-- | sys/net/bpf_zerocopy.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/net/bpf_zerocopy.c b/sys/net/bpf_zerocopy.c index 9ca2ba7..de4d49a 100644 --- a/sys/net/bpf_zerocopy.c +++ b/sys/net/bpf_zerocopy.c @@ -410,6 +410,24 @@ bpf_zerocopy_bufheld(struct bpf_d *d) } /* + * Notification from the BPF framework that the free buffer has been been + * re-assigned. This happens when the user ackknowledges the buffer. + */ +void +bpf_zerocopy_buf_reclaimed(struct bpf_d *d) +{ + struct zbuf *zb; + + KASSERT(d->bd_bufmode == BPF_BUFMODE_ZBUF, + ("bpf_zerocopy_reclaim_buf: not in zbuf mode")); + + KASSERT(d->bd_fbuf != NULL, + ("bpf_zerocopy_buf_reclaimed: NULL free buff")); + zb = (struct zbuf *)d->bd_fbuf; + zb->zb_flags &= ~ZBUF_FLAG_IMMUTABLE; +} + +/* * Query from the BPF framework regarding whether the buffer currently in the * held position can be moved to the free position, which can be indicated by * the user process making their generation number equal to the kernel |