Hello all, * Bruce Evans <[EMAIL PROTECTED]> wrote: > I checked that bpf panics (even under UP) due to the obvious bugs in > its d_close(): > > # Generate lots of network activity using something like: > sysctl net.inet.icmp.icmplim=0; ping -fq localhost & > > # Race to panic eventually: > while :; do tcpdump -i lo0 & sleep 0.001; revoke /dev/bpf0 > > Most or all device drivers have obvious bugs in their d_close(); bpf > is just a bit easier to understand and more likely to cause a panic > than most device drivers, since it is simple and frees resources. A > panic is very likely when si_drv1 is freed, and si_drv1 is only locked > accidentally.
I remember I once warned people about this on the lists. It seems the
cdevpriv API is protected against this, so the following patch turns BPF
into a single device node, which can handle revoke() calls properly.
I wrote this patch a month ago, but eventually I didn't commit this. I
think I should, though.
http://80386.nl/files/bpf-cdevpriv.diff
--
Ed Schouten <[EMAIL PROTECTED]>
WWW: http://80386.nl/
pgpbZKrWjI8iU.pgp
Description: PGP signature
