diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2015-10-07 08:41:02 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2015-10-07 08:41:02 +0000 |
| commit | 734ded8a558469d8b1c5321b8ab96a395a808e6f (patch) | |
| tree | 470a8e294f7f8b996399932c05263367f9e0d18b /sys/net/bpf.c | |
| parent | c75ddf962c426441ac6e0c8771227ff7116912fd (diff) | |
Do not call bpf_catchpacket() if another CPU detached a file from the
corresponding interface.
bfp_tap() and _bpf_mtap() are mostly run without the KERNEL_LOCK. The
use of SRPs in these functions gives us the guarantees that manipulated
BPF descriptors are alive but not the associated interface desctiptor!
And indeed they can be cleared by another CPU running bpf_detachd().
Prevent a race reported by Hrvoje Popovski when closing tcpdump(8) with
an IPL_MPSAFE ix(4).
ok mikeb@, dlg@, deraadt@
Diffstat (limited to 'sys/net/bpf.c')
| -rw-r--r-- | sys/net/bpf.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index b9f2c817bb0..3bc37dd3bd2 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.129 2015/09/29 10:58:51 dlg Exp $ */ +/* $OpenBSD: bpf.c,v 1.130 2015/10/07 08:41:01 mpi Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1166,7 +1166,10 @@ bpf_tap(caddr_t arg, u_char *pkt, u_int pktlen, u_int direction) microtime(&tv); KERNEL_LOCK(); - bpf_catchpacket(d, pkt, pktlen, slen, bcopy, &tv); + if (d->bd_bif != NULL) { + bpf_catchpacket(d, pkt, pktlen, slen, + bcopy, &tv); + } KERNEL_UNLOCK(); if (d->bd_fildrop) @@ -1250,8 +1253,10 @@ _bpf_mtap(caddr_t arg, struct mbuf *m, u_int direction, microtime(&tv); KERNEL_LOCK(); - bpf_catchpacket(d, (u_char *)m, pktlen, slen, - cpfn, &tv); + if (d->bd_bif != NULL) { + bpf_catchpacket(d, (u_char *)m, pktlen, slen, + cpfn, &tv); + } KERNEL_UNLOCK(); if (d->bd_fildrop) |