diff options
author | Marcus Glocker <mglocker@cvs.openbsd.org> | 2008-01-25 16:14:57 +0000 |
---|---|---|
committer | Marcus Glocker <mglocker@cvs.openbsd.org> | 2008-01-25 16:14:57 +0000 |
commit | 6d40b38168998b6a0a2816cd356b013bfc49c3c9 (patch) | |
tree | 60e9b8f6d89837488d503aef01598208a3d02f39 | |
parent | 67d4f969e64dbd9ebc84fb67f07bfaee7f1bbf4c (diff) |
Prevent USB network devices to generate a page fault trap when detached
while UP and holding an open bpf handler by checking bpfilter_lookup()
for returning NULL in bpfpoll(). Added an XXX comment which reminds us
to recheck why this race condition happens in conjunction with the USB
stack.
Commented by miod@ and thib@ (would prefer to directly fix race condition,
if this is possible at all).
lot of help and OK claudio@
-rw-r--r-- | sys/net/bpf.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 658dd6a7d5a..14337d29932 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.67 2007/09/15 16:43:51 henning Exp $ */ +/* $OpenBSD: bpf.c,v 1.68 2008/01/25 16:14:56 mglocker Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1016,6 +1016,15 @@ bpfpoll(dev_t dev, int events, struct proc *p) * An imitation of the FIONREAD ioctl code. */ d = bpfilter_lookup(minor(dev)); + /* + * XXX The USB stack manages it to trigger some race condition + * which causes bpfilter_lookup to return NULL when a USB device + * gets detached while it is up and has an open bpf handler (e.g. + * dhclient). We still should recheck if we can fix the root + * cause of this issue. + */ + if (d == NULL) + return (POLLERR); s = splnet(); if (d->bd_hlen == 0 && (!d->bd_immediate || d->bd_slen == 0)) { revents = 0; /* no data waiting */ |