bpf: Fix BIOCPROMISC locking

BPF might put an interface in promiscuous mode when handling the BIOCSDLT ioctl. When this happens, a flag is set in the BPF descriptor so that the old interface can be restored when the BPF descriptor is destroyed. The BIOCPROMISC ioctl can also be used to put a BPF descriptor's interface into promiscuous mode, but there was nothing synchronizing the flag. Fix this by modifying the ioctl handler to acquire the global BPF mutex, which is used to synchronize ifpromisc() calls elsewhere in BPF. Reviewed by: kp, melifaro MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36045
2022-08-05 16:25:05 -04:00 · 2022-08-05 16:25:05 -04:00 · 220818ac03
commit 220818ac03
parent e9552d8b45
1 changed files with 3 additions and 3 deletions
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@ -1515,18 +1515,18 @@ bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
 	 * Put interface into promiscuous mode.
 	 */
 	case BIOCPROMISC:
+		BPF_LOCK();
 		if (d->bd_bif == NULL) {
 			/*
 			 * No interface attached yet.
 			 */
 			error = EINVAL;
-			break;
-		}
-		if (d->bd_promisc == 0) {
+		} else if (d->bd_promisc == 0) {
 			error = ifpromisc(d->bd_bif->bif_ifp, 1);
 			if (error == 0)
 				d->bd_promisc = 1;
 		}
+		BPF_UNLOCK();
 		break;

 	/*