Date: Tue, 12 Aug 2008 11:12:58 -0400 From: John Baldwin <jhb@freebsd.org> To: Ed Schouten <ed@80386.nl> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org, Bruce Evans <brde@optusnet.com.au> Subject: Re: cvs commit: src/sys/dev/io iodev.c Message-ID: <200808121112.59596.jhb@freebsd.org> In-Reply-To: <20080812141521.GX99951@hoeg.nl> References: <200808081343.m78DhwYE068477@repoman.freebsd.org> <20080812231130.D760@besplex.bde.org> <20080812141521.GX99951@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 12 August 2008 10:15:21 am Ed Schouten wrote: > Hello all, > > * Bruce Evans <brde@optusnet.com.au> wrote: > > I checked that bpf panics (even under UP) due to the obvious bugs in > > its d_close(): > > > > # Generate lots of network activity using something like: > > sysctl net.inet.icmp.icmplim=0; ping -fq localhost & > > > > # Race to panic eventually: > > while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0 > > > > Most or all device drivers have obvious bugs in their d_close(); bpf > > is just a bit easier to understand and more likely to cause a panic > > than most device drivers, since it is simple and frees resources. A > > panic is very likely when si_drv1 is freed, and si_drv1 is only locked > > accidentally. > > I remember I once warned people about this on the lists. It seems the > cdevpriv API is protected against this, so the following patch turns BPF > into a single device node, which can handle revoke() calls properly. > > I wrote this patch a month ago, but eventually I didn't commit this. I > think I should, though. > > http://80386.nl/files/bpf-cdevpriv.diff This is definitely a good idea and should be done. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808121112.59596.jhb>