From owner-cvs-all@FreeBSD.ORG Tue Aug 12 14:15:23 2008 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 433D31065670; Tue, 12 Aug 2008 14:15:23 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:610:652::211]) by mx1.freebsd.org (Postfix) with ESMTP id 0BB6C8FC19; Tue, 12 Aug 2008 14:15:22 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id 8535A1CC63; Tue, 12 Aug 2008 16:15:21 +0200 (CEST) Date: Tue, 12 Aug 2008 16:15:21 +0200 From: Ed Schouten To: Bruce Evans Message-ID: <20080812141521.GX99951@hoeg.nl> References: <200808081343.m78DhwYE068477@repoman.freebsd.org> <200808081226.32089.jhb@freebsd.org> <20080809130929.P77335@delplex.bde.org> <200808091555.25020.jhb@freebsd.org> <20080812014937.E21092@besplex.bde.org> <20080812231130.D760@besplex.bde.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+jMesTDEFHiw5APJ" Content-Disposition: inline In-Reply-To: <20080812231130.D760@besplex.bde.org> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, John Baldwin Subject: Re: cvs commit: src/sys/dev/io iodev.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2008 14:15:23 -0000 --+jMesTDEFHiw5APJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello all, * Bruce Evans wrote: > I checked that bpf panics (even under UP) due to the obvious bugs in > its d_close(): > > # Generate lots of network activity using something like: > sysctl net.inet.icmp.icmplim=3D0; ping -fq localhost & > > # Race to panic eventually: > while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0 > > Most or all device drivers have obvious bugs in their d_close(); bpf > is just a bit easier to understand and more likely to cause a panic > than most device drivers, since it is simple and frees resources. A > panic is very likely when si_drv1 is freed, and si_drv1 is only locked > accidentally. I remember I once warned people about this on the lists. It seems the cdevpriv API is protected against this, so the following patch turns BPF into a single device node, which can handle revoke() calls properly. I wrote this patch a month ago, but eventually I didn't commit this. I think I should, though. http://80386.nl/files/bpf-cdevpriv.diff --=20 Ed Schouten WWW: http://80386.nl/ --+jMesTDEFHiw5APJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkihmvkACgkQ52SDGA2eCwWu2ACfckbk96dVdjzuZNczNyaZu24J EqMAn1nGCe9ffbEb+MGjHo83TTzgTwYZ =CeAw -----END PGP SIGNATURE----- --+jMesTDEFHiw5APJ--