From 15b1ff36092f77e72af4a2a0ea1ac76d6c89542f Mon Sep 17 00:00:00 2001 From: lstewart Date: Tue, 10 Jan 2012 00:48:29 +0000 Subject: Consumers of bpfdetach() expect it to remove all bpf_if structs from the bpf_iflist list which reference the specified ifnet. The existing implementation only removes the first matching bpf_if found in the list, effectively leaking list entries if an ifnet has been bpfattach()ed multiple times with different DLTs. Fix the leak by performing the detach logic in a loop, stopping when all bpf_if structs referencing the specified ifnet have been detached and removed from the bpf_iflist list. Whilst here, also: - Remove the unnecessary "bp->bif_ifp == NULL" check, as a bpf_if should never exist in the list with a NULL ifnet pointer. - Except when INVARIANTS is in the kernel config, silently ignore the case where no bpf_if referencing the specified ifnet is found, as it is harmless and does not require user attention. Reviewed by: csjp MFC after: 1 week --- sys/net/bpf.c | 53 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 22 deletions(-) diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 3dd2f93..80f5636 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -2253,33 +2253,42 @@ bpfdetach(struct ifnet *ifp) { struct bpf_if *bp; struct bpf_d *d; +#ifdef INVARIANTS + int ndetached; - /* Locate BPF interface information */ - mtx_lock(&bpf_mtx); - LIST_FOREACH(bp, &bpf_iflist, bif_next) { - if (ifp == bp->bif_ifp) - break; - } + ndetached = 0; +#endif - /* Interface wasn't attached */ - if ((bp == NULL) || (bp->bif_ifp == NULL)) { + /* Find all bpf_if struct's which reference ifp and detach them. */ + do { + mtx_lock(&bpf_mtx); + LIST_FOREACH(bp, &bpf_iflist, bif_next) { + if (ifp == bp->bif_ifp) + break; + } + if (bp != NULL) + LIST_REMOVE(bp, bif_next); mtx_unlock(&bpf_mtx); - printf("bpfdetach: %s was not attached\n", ifp->if_xname); - return; - } - - LIST_REMOVE(bp, bif_next); - mtx_unlock(&bpf_mtx); - while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { - bpf_detachd(d); - BPFD_LOCK(d); - bpf_wakeup(d); - BPFD_UNLOCK(d); - } + if (bp != NULL) { +#ifdef INVARIANTS + ndetached++; +#endif + while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { + bpf_detachd(d); + BPFD_LOCK(d); + bpf_wakeup(d); + BPFD_UNLOCK(d); + } + mtx_destroy(&bp->bif_mtx); + free(bp, M_BPF); + } + } while (bp != NULL); - mtx_destroy(&bp->bif_mtx); - free(bp, M_BPF); +#ifdef INVARIANTS + if (ndetached == 0) + printf("bpfdetach: %s was not attached\n", ifp->if_xname); +#endif } /* -- cgit v1.1