diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-03-07 22:17:44 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-03-07 22:17:44 +0000 |
| commit | f18c279752d888c46c564f2adf466f19b9d17ed9 (patch) | |
| tree | 29f0f4ddda046b080ffa4feaddd71b8c0ec0f50b /sys/security | |
| parent | 6181b4b9e43a479d6787c1b583ba9597746b38a8 (diff) | |
| download | FreeBSD-src-f18c279752d888c46c564f2adf466f19b9d17ed9.zip FreeBSD-src-f18c279752d888c46c564f2adf466f19b9d17ed9.tar.gz | |
When resetting a BPF descriptor, properly check that zero-copy buffers
are not currently owned by userspace before clearing or rotating them.
Otherwise we may not play by the rules of the shared memory protocol,
potentially corrupting packet data or causing userspace applications
that are playing by the rules to spin due to being notified that a
buffer is complete but the shared memory header not reflecting that.
This behavior was seen with pflogd by a number of reporters; note that
this fix is not sufficient to get pflogd properly working with
zero-copy BPF, due to pflogd opening the BPF device before forking,
leading to the shared memory buffer not being propery inherited in the
privilege-separated child. We're still deciding how to fix that
problem.
This change exposes buffer-model specific strategy information in
reset_d(), which will be fixed at a later date once we've decided how
best to improve the BPF buffer abstraction.
Reviewed by: csjp
Reported by: keramida
Diffstat (limited to 'sys/security')
0 files changed, 0 insertions, 0 deletions
