From owner-freebsd-net@FreeBSD.ORG  Mon Jun 15 16:33:14 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 10B20F52
 for <freebsd-net@hub.freebsd.org>; Mon, 15 Jun 2015 16:33:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EE9A4BD8
 for <freebsd-net@FreeBSD.org>; Mon, 15 Jun 2015 16:33:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t5FGXDpV009745
 for <freebsd-net@FreeBSD.org>; Mon, 15 Jun 2015 16:33:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 200323] BPF userland misuse can crash the system
Date: Mon, 15 Jun 2015 16:33:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: needs-qa, patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: franco@opnsense.org
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-200323-2472-aaCW1zSubH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-200323-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-200323-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2015 16:33:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200323

--- Comment #9 from Franco Fichtner <franco@opnsense.org> ---
The previous code in place before the "bad" revision in 2008 accessed la, made
its changes and called arprequest() after releasing the lock, like the other
code block still does.  You can maybe set a temporary variable inside the
locked area that calls arprequest() and afterwards trigger the function based
on the value of the temporary variable?

-- 
You are receiving this mail because:
You are the assignee for the bug.