Date: Thu, 25 Dec 2008 02:14:25 +0000 (UTC) From: Kip Macy <kmacy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186483 - head/sys/net Message-ID: <200812250214.mBP2EPgP000612@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kmacy Date: Thu Dec 25 02:14:25 2008 New Revision: 186483 URL: http://svn.freebsd.org/changeset/base/186483 Log: - Close a race during which the open flag could be cleared but the tun_softc would still be referenced by adding a separate TUN_CLOSED flag that is set after tunclose is done referencing it. - drop the tun_mtx after the flag check to avoid holding it across if_detach which can recurse in to if_tun.c Modified: head/sys/net/if_tun.c Modified: head/sys/net/if_tun.c ============================================================================== --- head/sys/net/if_tun.c Thu Dec 25 01:59:44 2008 (r186482) +++ head/sys/net/if_tun.c Thu Dec 25 02:14:25 2008 (r186483) @@ -79,6 +79,7 @@ struct tun_softc { #define TUN_RWAIT 0x0040 #define TUN_ASYNC 0x0080 #define TUN_IFHEAD 0x0100 +#define TUN_CLOSED 0x0200 #define TUN_READY (TUN_OPEN | TUN_INITED) @@ -256,9 +257,11 @@ tun_destroy(struct tun_softc *tp) /* Unlocked read. */ mtx_lock(&tp->tun_mtx); - if ((tp->tun_flags & TUN_OPEN) != 0) + if ((tp->tun_flags & (TUN_OPEN|TUN_CLOSED)) != TUN_CLOSED) cv_wait_unlock(&tp->tun_cv, &tp->tun_mtx); - + else + mtx_unlock(&tp->tun_mtx); + CURVNET_SET(TUN2IFP(tp)->if_vnet); dev = tp->tun_dev; bpfdetach(TUN2IFP(tp)); @@ -497,6 +500,7 @@ tunclose(struct cdev *dev, int foo, int KNOTE_UNLOCKED(&tp->tun_rsel.si_note, 0); TUNDEBUG (ifp, "closed\n"); + tp->tun_flags |= TUN_CLOSED; cv_broadcast(&tp->tun_cv); mtx_unlock(&tp->tun_mtx); return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812250214.mBP2EPgP000612>