summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcus Glocker <mglocker@cvs.openbsd.org>2008-01-25 16:14:57 +0000
committerMarcus Glocker <mglocker@cvs.openbsd.org>2008-01-25 16:14:57 +0000
commit6d40b38168998b6a0a2816cd356b013bfc49c3c9 (patch)
tree60e9b8f6d89837488d503aef01598208a3d02f39
parent67d4f969e64dbd9ebc84fb67f07bfaee7f1bbf4c (diff)
Prevent USB network devices to generate a page fault trap when detached
while UP and holding an open bpf handler by checking bpfilter_lookup() for returning NULL in bpfpoll(). Added an XXX comment which reminds us to recheck why this race condition happens in conjunction with the USB stack. Commented by miod@ and thib@ (would prefer to directly fix race condition, if this is possible at all). lot of help and OK claudio@
-rw-r--r--sys/net/bpf.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 658dd6a7d5a..14337d29932 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bpf.c,v 1.67 2007/09/15 16:43:51 henning Exp $ */
+/* $OpenBSD: bpf.c,v 1.68 2008/01/25 16:14:56 mglocker Exp $ */
/* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */
/*
@@ -1016,6 +1016,15 @@ bpfpoll(dev_t dev, int events, struct proc *p)
* An imitation of the FIONREAD ioctl code.
*/
d = bpfilter_lookup(minor(dev));
+ /*
+ * XXX The USB stack manages it to trigger some race condition
+ * which causes bpfilter_lookup to return NULL when a USB device
+ * gets detached while it is up and has an open bpf handler (e.g.
+ * dhclient). We still should recheck if we can fix the root
+ * cause of this issue.
+ */
+ if (d == NULL)
+ return (POLLERR);
s = splnet();
if (d->bd_hlen == 0 && (!d->bd_immediate || d->bd_slen == 0)) {
revents = 0; /* no data waiting */