Date: Fri, 27 Apr 2018 11:00:12 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r333056 - stable/11/sys/net Message-ID: <201804271100.w3RB0Cdk025417@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Apr 27 11:00:12 2018 New Revision: 333056 URL: https://svnweb.freebsd.org/changeset/base/333056 Log: MFC r332812: Add dead_bpf_if structure, that should be used as fake bpf_if during ifnet detach. Since destroying interface is not atomic operation and due to the lack of synhronization during destroy, it is possible, that in the time between bpfdetach() and if_free() some queued on destroying interface mbuf will be used by ether_input_internal() and bpf_peers_present() can dereference NULL bpf_if pointer. To protect from this, assign pointer to empty bpf_if_ext structure instead of NULL pointer after bpfdetach(). MFC r332949 (by markj): Use dead_bpf_if instead of bp_null. This fixes a -Wunused error when DEV_BPF and NETGRAPH_BPF are not defined. Also remove a stray semicolon added in r332812. Modified: stable/11/sys/net/bpf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/bpf.c ============================================================================== --- stable/11/sys/net/bpf.c Fri Apr 27 09:25:27 2018 (r333055) +++ stable/11/sys/net/bpf.c Fri Apr 27 11:00:12 2018 (r333056) @@ -96,6 +96,10 @@ __FBSDID("$FreeBSD$"); MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); +static struct bpf_if_ext dead_bpf_if = { + .bif_dlist = LIST_HEAD_INITIALIZER() +}; + struct bpf_if { #define bif_next bif_ext.bif_next #define bif_dlist bif_ext.bif_dlist @@ -2638,7 +2642,7 @@ bpfdetach(struct ifnet *ifp) */ BPFIF_WLOCK(bp); bp->bif_flags |= BPFIF_FLAG_DYING; - *bp->bif_bpf = NULL; + *bp->bif_bpf = (struct bpf_if *)&dead_bpf_if; BPFIF_WUNLOCK(bp); CTR4(KTR_NET, "%s: sheduling free for encap %d (%p) for if %p", @@ -2957,13 +2961,13 @@ bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL); #else /* !DEV_BPF && !NETGRAPH_BPF */ + /* * NOP stubs to allow bpf-using drivers to load and function. * * A 'better' implementation would allow the core bpf functionality * to be loaded at runtime. */ -static struct bpf_if bp_null; void bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) @@ -2991,7 +2995,7 @@ void bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) { - *driverp = &bp_null; + *driverp = (struct bpf_if *)&dead_bpf_if; } void
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804271100.w3RB0Cdk025417>