From owner-svn-src-head@FreeBSD.ORG  Tue May 29 12:52:31 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 26EDC1065670;
	Tue, 29 May 2012 12:52:31 +0000 (UTC)
	(envelope-from melifaro@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 117738FC12;
	Tue, 29 May 2012 12:52:31 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q4TCqUYu078279;
	Tue, 29 May 2012 12:52:30 GMT
	(envelope-from melifaro@svn.freebsd.org)
Received: (from melifaro@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q4TCqUOg078277;
	Tue, 29 May 2012 12:52:30 GMT
	(envelope-from melifaro@svn.freebsd.org)
Message-Id: <201205291252.q4TCqUOg078277@svn.freebsd.org>
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Tue, 29 May 2012 12:52:30 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r236231 - head/sys/net
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 12:52:31 -0000

Author: melifaro
Date: Tue May 29 12:52:30 2012
New Revision: 236231
URL: http://svn.freebsd.org/changeset/base/236231

Log:
  Fix BPF_JITTER code broken by r235746.
  
  Pointed by:       jkim
  Reviewed by:      jkim (except locking changes)
  Approved by:      (mentor)
  MFC after:        2 weeks

Modified:
  head/sys/net/bpf.c

Modified: head/sys/net/bpf.c
==============================================================================
--- head/sys/net/bpf.c	Tue May 29 12:33:09 2012	(r236230)
+++ head/sys/net/bpf.c	Tue May 29 12:52:30 2012	(r236231)
@@ -1711,7 +1711,7 @@ bpf_setf(struct bpf_d *d, struct bpf_pro
 	struct bpf_insn *fcode, *old;
 	u_int wfilter, flen, size;
 #ifdef BPF_JITTER
-	bpf_jit_filter *ofunc, *jfunc;
+	bpf_jit_filter *jfunc, *ofunc;
 #endif
 	int need_upgrade;
 #ifdef COMPAT_FREEBSD32
@@ -1737,13 +1737,20 @@ bpf_setf(struct bpf_d *d, struct bpf_pro
 
 	need_upgrade = 0;
 	size = flen * sizeof(*fp->bf_insns);
-	if (size > 0)
+	if (size > 0) {
+		/* We're setting up new filter. Copy and check actual data */
 		fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
-	else
+		if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) != 0 ||
+		    bpf_validate(fcode, (int)flen) == 0) {
+			free(fcode, M_BPF);
+			return (EINVAL);
+		}
+		/* Filter is copied inside fcode and is perfectly valid */
+	} else
 		fcode = NULL; /* Make compiler happy */
 
 #ifdef BPF_JITTER
-	if (fp->bf_insns != NULL)
+	if (fcode != NULL)
 		jfunc = bpf_jitter(fcode, flen);
 	else
 		jfunc = NULL; /* Make compiler happy */
@@ -1764,7 +1771,7 @@ bpf_setf(struct bpf_d *d, struct bpf_pro
 		ofunc = d->bd_bfilter;
 #endif
 	}
-	if (fp->bf_insns == NULL) {
+	if (fcode == NULL) {
 		/* 
 		 * Protect filter removal by interface lock.
 		 * Additionally, we are protected by global lock here.
@@ -1795,55 +1802,50 @@ bpf_setf(struct bpf_d *d, struct bpf_pro
 		return (0);
 	}
 
-	if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
-	    bpf_validate(fcode, (int)flen)) {
-		/* 
-		 * Protect filter change by interface lock
-		 * Additionally, we are protected by global lock here.
-		 */
-		if (d->bd_bif != NULL)
-			BPFIF_WLOCK(d->bd_bif);
-		BPFD_LOCK(d);
-		if (wfilter)
-			d->bd_wfilter = fcode;
-		else {
-			d->bd_rfilter = fcode;
+	/* 
+	 * Set up new filter.
+	 * Protect filter change by interface lock
+	 * Additionally, we are protected by global lock here.
+	 */
+	if (d->bd_bif != NULL)
+		BPFIF_WLOCK(d->bd_bif);
+	BPFD_LOCK(d);
+	if (wfilter)
+		d->bd_wfilter = fcode;
+	else {
+		d->bd_rfilter = fcode;
 #ifdef BPF_JITTER
-			d->bd_bfilter = jfunc;
+		d->bd_bfilter = jfunc;
 #endif
-			if (cmd == BIOCSETF)
-				reset_d(d);
+		if (cmd == BIOCSETF)
+			reset_d(d);
 
-			/*
-			 * Do not require upgrade by first BIOCSETF
-			 * (used to set snaplen) by pcap_open_live()
-			 */
-			if ((d->bd_writer != 0) && (--d->bd_writer == 0))
-				need_upgrade = 1;
-			CTR4(KTR_NET, "%s: filter function set by pid %d, "
-			    "bd_writer counter %d, need_upgrade %d",
-			    __func__, d->bd_pid, d->bd_writer, need_upgrade);
-		}
-		BPFD_UNLOCK(d);
-		if (d->bd_bif != NULL)
-			BPFIF_WUNLOCK(d->bd_bif);
-		if (old != NULL)
-			free((caddr_t)old, M_BPF);
+		/*
+		 * Do not require upgrade by first BIOCSETF
+		 * (used to set snaplen) by pcap_open_live()
+		 */
+		if ((d->bd_writer != 0) && (--d->bd_writer == 0))
+			need_upgrade = 1;
+		CTR4(KTR_NET, "%s: filter function set by pid %d, "
+		    "bd_writer counter %d, need_upgrade %d",
+		    __func__, d->bd_pid, d->bd_writer, need_upgrade);
+	}
+	BPFD_UNLOCK(d);
+	if (d->bd_bif != NULL)
+		BPFIF_WUNLOCK(d->bd_bif);
+	if (old != NULL)
+		free((caddr_t)old, M_BPF);
 #ifdef BPF_JITTER
-		if (ofunc != NULL)
-			bpf_destroy_jit_filter(ofunc);
+	if (ofunc != NULL)
+		bpf_destroy_jit_filter(ofunc);
 #endif
 
-		/* Move d to active readers list */
-		if (need_upgrade != 0)
-			bpf_upgraded(d);
+	/* Move d to active readers list */
+	if (need_upgrade != 0)
+		bpf_upgraded(d);
 
-		BPF_UNLOCK();
-		return (0);
-	}
-	free((caddr_t)fcode, M_BPF);
 	BPF_UNLOCK();
-	return (EINVAL);
+	return (0);
 }
 
 /*