Date: Mon, 13 May 2019 20:17:55 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r347549 - head/sys/net Message-ID: <201905132017.x4DKHtvn003354@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Mon May 13 20:17:55 2019 New Revision: 347549 URL: https://svnweb.freebsd.org/changeset/base/347549 Log: Avoid possible recursion on BPF_LOCK() in bpfwrite(). Release BPF_LOCK() before invoking if_output() and if_input(). Also enter epoch section before releasing lock, this should prevent access to ifnet that may be freed on interface detach. Reported by: markj Modified: head/sys/net/bpf.c Modified: head/sys/net/bpf.c ============================================================================== --- head/sys/net/bpf.c Mon May 13 19:48:57 2019 (r347548) +++ head/sys/net/bpf.c Mon May 13 20:17:55 2019 (r347549) @@ -1257,6 +1257,9 @@ bpfwrite(struct cdev *dev, struct uio *uio, int ioflag ro.ro_flags = RT_HAS_HEADER; } + /* Avoid possible recursion on BPFD_LOCK(). */ + NET_EPOCH_ENTER(et); + BPFD_UNLOCK(d); error = (*ifp->if_output)(ifp, m, &dst, &ro); if (error) counter_u64_add(d->bd_wdcount, 1); @@ -1267,8 +1270,8 @@ bpfwrite(struct cdev *dev, struct uio *uio, int ioflag else m_freem(mc); } + NET_EPOCH_EXIT(et); CURVNET_RESTORE(); - BPFD_UNLOCK(d); bpfd_rele(d); return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905132017.x4DKHtvn003354>