CVSROOT: /cvs Module name: src Changes by: d...@cvs.openbsd.org 2022/02/15 19:22:39
Modified files: sys/net : if_tun.c Log message: prevent (re)opening of tun/tap interfaces that are being destroyed. if an open tun (or tap) device is destroyed via the clone destroy ioctl (eg, like what ifconfig destroy does), there is a window while the open device is being revoked on the vfs side that a third thread can come and open it again. this in turn triggers a kassert in the ifconfig destroy path where it expects the device to be closed. fix this by having tun_dev_open check for the TUN_DEAD flag that the destroy function sets. this still relies on the kernel lock for serialisation. Reported-by: syzbot+5df2ad232f5f8b671...@syzkaller.appspotmail.com ok visa@