diff options
author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2007-03-04 23:36:35 +0000 |
---|---|---|
committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2007-03-04 23:36:35 +0000 |
commit | fa3fb12070575efa53301c48931a2f5b3abc9271 (patch) | |
tree | 94c231f5cb080c19597ee6f168f4e979d3a09888 | |
parent | a382cfbd0d0878926dd5eb700cc22d4ba7b6d80f (diff) |
Make sure a bpf device can only be opened once.
Previously the descriptor was locked only after
an interface is set, leading to a race condition.
Reported by Jon Steel < jon.steel at esentire com >
tested by otto@, looks correct deraadt@
-rw-r--r-- | sys/net/bpf.c | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index cfd2035c790..4c18bec6b24 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.63 2006/07/18 11:52:12 dlg Exp $ */ +/* $OpenBSD: bpf.c,v 1.64 2007/03/04 23:36:34 canacar Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -289,16 +289,6 @@ bpf_detachd(struct bpf_d *d) d->bd_bif = 0; } - -/* - * Mark a descriptor free by making it point to itself. - * This is probably cheaper than marking with a constant since - * the address should be in a register anyway. - */ -#define D_ISFREE(d) ((d) == (d)->bd_next) -#define D_MARKFREE(d) ((d)->bd_next = (d)) -#define D_MARKUSED(d) ((d)->bd_next = 0) - /* * Reference count access to descriptor buffers */ @@ -328,12 +318,6 @@ bpfopen(dev_t dev, int flag, int mode, struct proc *p) /* create on demand */ if ((d = bpfilter_create(minor(dev))) == NULL) - return (ENXIO); - /* - * Each minor can be opened by only one process. If the requested - * minor is in use, return EBUSY. - */ - if (!D_ISFREE(d)) return (EBUSY); /* Mark "free" and do most initialization. */ @@ -1397,7 +1381,7 @@ bpfattach(caddr_t *driverp, struct ifnet *ifp, u_int dlt, u_int hdrlen) bp->bif_next = bpf_iflist; bpf_iflist = bp; - *bp->bif_driverp = 0; + *bp->bif_driverp = NULL; /* * Compute the length of the bpf header. This is not necessarily @@ -1500,11 +1484,10 @@ bpfilter_create(int unit) struct bpf_d *bd; if ((bd = bpfilter_lookup(unit)) != NULL) - return (bd); + return (NULL); if ((bd = malloc(sizeof(*bd), M_DEVBUF, M_NOWAIT)) != NULL) { bzero(bd, sizeof(*bd)); bd->bd_unit = unit; - D_MARKFREE(bd); LIST_INSERT_HEAD(&bpf_d_list, bd, bd_list); } return (bd); |