`sc_dead' is used to prevent pppac_ioctl() be called on dying pppac(4)
interface. But now if_detach() makes dying `ifp' inaccessible and waits
for references which are in-use. This logic is not required anymore.
Also I moved if_detach() before klist_invalidate() to prevent the case
while pppac_qstart() bump `sc_rsel'.
Index: sys/net/if_pppx.c
===================================================================
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.108
diff -u -p -r1.108 if_pppx.c
--- sys/net/if_pppx.c 1 Feb 2021 07:46:55 -0000 1.108
+++ sys/net/if_pppx.c 9 Feb 2021 09:05:23 -0000
@@ -930,7 +930,6 @@ RBT_GENERATE(pppx_ifs, pppx_if, pxi_entr
struct pppac_softc {
struct ifnet sc_if;
- unsigned int sc_dead; /* [N] */
dev_t sc_dev; /* [I] */
LIST_ENTRY(pppac_softc)
sc_entry; /* [K] */
@@ -1305,17 +1304,16 @@ pppacclose(dev_t dev, int flags, int mod
int s;
NET_LOCK();
- sc->sc_dead = 1;
CLR(ifp->if_flags, IFF_RUNNING);
NET_UNLOCK();
+ if_detach(ifp);
+
s = splhigh();
klist_invalidate(&sc->sc_rsel.si_note);
klist_invalidate(&sc->sc_wsel.si_note);
splx(s);
- if_detach(ifp);
-
pool_put(&pipex_session_pool, sc->sc_multicast_session);
NET_LOCK();
pipex_destroy_all_sessions(sc);
@@ -1330,12 +1328,8 @@ pppacclose(dev_t dev, int flags, int mod
static int
pppac_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
{
- struct pppac_softc *sc = ifp->if_softc;
/* struct ifreq *ifr = (struct ifreq *)data; */
int error = 0;
-
- if (sc->sc_dead)
- return (ENXIO);
switch (cmd) {
case SIOCSIFADDR:
