CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2022/02/15 19:22:39
Modified files:
sys/net : if_tun.c
Log message:
prevent (re)opening of tun/tap interfaces that are being destroyed.
if an open tun (or tap) device is destroyed via the clone destroy
ioctl (eg, like what ifconfig destroy does), there is a window while
the open device is being revoked on the vfs side that a third thread
can come and open it again. this in turn triggers a kassert in the
ifconfig destroy path where it expects the
device to be closed.
fix this by having tun_dev_open check for the TUN_DEAD flag that
the destroy function sets. this still relies on the kernel lock for
serialisation.
Reported-by: syzbot+5df2ad232f5f8b671...@syzkaller.appspotmail.com
ok visa@
