From owner-cvs-all@FreeBSD.ORG Tue Aug 12 15:15:47 2008 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A2DB1065683; Tue, 12 Aug 2008 15:15:47 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 0816D8FC2C; Tue, 12 Aug 2008 15:15:46 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [IPv6:::1]) (authenticated bits=0) by server.baldwin.cx (8.14.2/8.14.2) with ESMTP id m7CFFIbH079614; Tue, 12 Aug 2008 11:15:35 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: Ed Schouten Date: Tue, 12 Aug 2008 11:12:58 -0400 User-Agent: KMail/1.9.7 References: <200808081343.m78DhwYE068477@repoman.freebsd.org> <20080812231130.D760@besplex.bde.org> <20080812141521.GX99951@hoeg.nl> In-Reply-To: <20080812141521.GX99951@hoeg.nl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808121112.59596.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [IPv6:::1]); Tue, 12 Aug 2008 11:15:35 -0400 (EDT) X-Virus-Scanned: ClamAV 0.93.1/8018/Tue Aug 12 04:36:31 2008 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org, Bruce Evans Subject: Re: cvs commit: src/sys/dev/io iodev.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2008 15:15:47 -0000 On Tuesday 12 August 2008 10:15:21 am Ed Schouten wrote: > Hello all, > > * Bruce Evans wrote: > > I checked that bpf panics (even under UP) due to the obvious bugs in > > its d_close(): > > > > # Generate lots of network activity using something like: > > sysctl net.inet.icmp.icmplim=0; ping -fq localhost & > > > > # Race to panic eventually: > > while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0 > > > > Most or all device drivers have obvious bugs in their d_close(); bpf > > is just a bit easier to understand and more likely to cause a panic > > than most device drivers, since it is simple and frees resources. A > > panic is very likely when si_drv1 is freed, and si_drv1 is only locked > > accidentally. > > I remember I once warned people about this on the lists. It seems the > cdevpriv API is protected against this, so the following patch turns BPF > into a single device node, which can handle revoke() calls properly. > > I wrote this patch a month ago, but eventually I didn't commit this. I > think I should, though. > > http://80386.nl/files/bpf-cdevpriv.diff This is definitely a good idea and should be done. -- John Baldwin