diff options
author | Grigoriy Orlov <gluk@cvs.openbsd.org> | 2001-04-22 19:44:35 +0000 |
---|---|---|
committer | Grigoriy Orlov <gluk@cvs.openbsd.org> | 2001-04-22 19:44:35 +0000 |
commit | 1692fa75790f396f9ae7bb4438a14c0cfb2efc16 (patch) | |
tree | a47e680754d14ed915eac130997ac89f289b1dc6 /sys/netinet/ip_fil.c | |
parent | f3d334455d3f53ac45adbc71e0fd5bc267b92a50 (diff) |
Fix spl handling in ipfilter ioctl interface. Work by aaron@ and me.
Problem was reported by DK <obsd@snti.com> as kernel panic loading ipa -
"WARNING: SPL NOT LOWERED ON SYSCALL EXIT".
deraadt@ ok.
Diffstat (limited to 'sys/netinet/ip_fil.c')
-rw-r--r-- | sys/netinet/ip_fil.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index 9bbe50a0efd..ad0fc260add 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil.c,v 1.42 2001/03/07 05:43:17 aaron Exp $ */ +/* $OpenBSD: ip_fil.c,v 1.43 2001/04/22 19:44:34 gluk Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -273,6 +273,7 @@ int iplattach() # ifdef USE_INET6 goto pfil_error; # else + SPL_X(s); appr_unload(); ip_natunload(); fr_stateunload(); @@ -289,6 +290,7 @@ int iplattach() pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); pfil_error: + SPL_X(s); appr_unload(); ip_natunload(); fr_stateunload(); @@ -400,16 +402,20 @@ int ipldetach() # if __NetBSD_Version__ >= 104200000 error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); - if (error) + if (error) { + SPL_X(s); return error; + } # else pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT); # endif # ifdef USE_INET6 error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT, &inetsw[ip_protox[IPPROTO_IPV6]].pr_pfh); - if (error) + if (error) { + SPL_X(s); return error; + } # endif # endif @@ -512,9 +518,10 @@ int mode; return error; } if (unit == IPL_LOGAUTH) { - if (!fr_running) - return EIO; - error = fr_auth_ioctl(data, cmd, NULL, NULL); + if (fr_running) + error = fr_auth_ioctl(data, cmd, NULL, NULL); + else + error = EIO; SPL_X(s); return error; } @@ -588,7 +595,7 @@ int mode; fr_getstat(&fio); error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); if (error) - return EFAULT; + error = EFAULT; break; } case SIOCFRZST : @@ -631,7 +638,7 @@ int mode; error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data, sizeof(ipfrstat_t)); if (error) - return EFAULT; + error = EFAULT; break; case SIOCAUTHW : case SIOCAUTHR : |