d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16d878cc99
freebsd-nq/sys
History
Christian S.J. Peron 16d878cc99 Fix the following bpf(4) race condition which can result in a panic: 
(1) bpf peer attaches to interface netif0
	(2) Packet is received by netif0
	(3) ifp->if_bpf pointer is checked and handed off to bpf
	(4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
	    initialized to NULL.
	(5) ifp->if_bpf is dereferenced by bpf machinery
	(6) Kaboom

This race condition likely explains the various different kernel panics
reported around sending SIGINT to tcpdump or dhclient processes. But really
this race can result in kernel panics anywhere you have frequent bpf attach
and detach operations with high packet per second load.

Summary of changes:

- Remove the bpf interface's "driverp" member
- When we attach bpf interfaces, we now set the ifp->if_bpf member to the
  bpf interface structure. Once this is done, ifp->if_bpf should never be
  NULL. [1]
- Introduce bpf_peers_present function, an inline operation which will do
  a lockless read bpf peer list associated with the interface. It should
  be noted that the bpf code will pickup the bpf_interface lock before adding
  or removing bpf peers. This should serialize the access to the bpf descriptor
  list, removing the race.
- Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
  can use it. This also removes the struct bpf_if; hack that was there.
- Adjust all consumers of the raw if_bpf structure to use bpf_peers_present

Now what happens is:

	(1) Packet is received by netif0
	(2) Check to see if bpf descriptor list is empty
	(3) Pickup the bpf interface lock
	(4) Hand packet off to process

From the attach/detach side:

	(1) Pickup the bpf interface lock
	(2) Add/remove from bpf descriptor list

Now that we are storing the bpf interface structure with the ifnet, there is
is no need to walk the bpf interface list to locate the correct bpf interface.
We now simply look up the interface, and initialize the pointer. This has a
nice side effect of changing a bpf interface attach operation from O(N) (where
N is the number of bpf interfaces), to O(1).

[1] From now on, we can no longer check ifp->if_bpf to tell us whether or
    not we have any bpf peers that might be interested in receiving packets.

In collaboration with:	sam@
MFC after:	1 month
2006-06-02 19:59:33 +00:00
..
amd64 After much discussion with mjacob and scottl, change bus_dmamem_alloc so 2006-06-01 04:49:29 +00:00
arm Don't #error if no CPU is defined but we're not compiling the kernel. 2006-06-02 09:39:06 +00:00
boot Increment the disk block offset after writing, not before. This 2006-05-31 09:05:49 +00:00
bsm Update src/sys/bsm for OpenBSM 1.0 alpha 5 changes: 2006-03-04 16:54:21 +00:00
cam Handle some of the inquiry flags that have come into 2006-05-30 22:44:00 +00:00
coda Since DELAY() was moved, most <machine/clock.h> #includes have been 2006-05-16 14:37:58 +00:00
compat As far as I can tell, the correct CPU family for amd64 (which Linux calls 2006-06-02 13:01:25 +00:00
conf To avoid problems, invalidate the data cache and disable the MMU once 2006-05-30 21:13:47 +00:00
contrib Since DELAY() was moved, most <machine/clock.h> #includes have been 2006-05-16 14:37:58 +00:00
crypto padlock(4) doesn't support explicitly provided keys yet. 2006-04-20 06:31:44 +00:00
ddb Use __LP64__ rather than the PTR64 hack. 2006-05-11 21:59:55 +00:00
dev Fix the following bpf(4) race condition which can result in a panic: 2006-06-02 19:59:33 +00:00
doc Add a disclaimer regarding public/internal functions to every subsystem for 2006-05-28 15:25:18 +00:00
fs mount_msdosfs.c: 2006-06-01 02:25:00 +00:00
gdb Convert to new console api 2006-05-26 13:54:27 +00:00
geom Remove the trailing half of a sentence which was clearly superceded 2006-05-24 11:02:32 +00:00
gnu Include "xfs_macros.h" to fix tinderbox build breakage. 2006-06-01 20:51:59 +00:00
i4b Since DELAY() was moved, most <machine/clock.h> #includes have been 2006-05-16 14:37:58 +00:00
i386 After much discussion with mjacob and scottl, change bus_dmamem_alloc so 2006-06-01 04:49:29 +00:00
ia64 EISA bus ia64 systems don't exist in reality. I'm told they may exist in 2006-06-02 04:46:26 +00:00
isa Remove various bits of conditional Alpha code and fixup a few comments. 2006-05-12 05:04:46 +00:00
isofs/cd9660 Remove calls to vfs_export() for exporting a filesystem for NFS mounting 2006-05-26 00:32:21 +00:00
kern Make lio ident more consistant with aio ident. 2006-06-02 17:45:48 +00:00
libkern First pass at removing Alpha kernel support. 2006-05-11 22:25:28 +00:00
modules Dike out WARNS from kernel module makefiles. Kernels and modules 2006-05-30 09:38:54 +00:00
net Fix the following bpf(4) race condition which can result in a panic: 2006-06-02 19:59:33 +00:00
net80211 Fix the following bpf(4) race condition which can result in a panic: 2006-06-02 19:59:33 +00:00
netatalk White space consistency with kasserts. Minor style tweaks. 2006-04-01 16:54:37 +00:00
netatm Chance protocol switch method pru_detach() so that it returns void 2006-04-01 15:42:02 +00:00
netgraph Replace the array initialization using the gcc-specific format 2006-06-02 09:08:51 +00:00
netinet Fix the following bpf(4) race condition which can result in a panic: 2006-06-02 19:59:33 +00:00
netinet6 Avoid spurious release of an rtentry. 2006-05-23 00:32:22 +00:00
netipsec Prevent disappearing SAD entries by implementing MPsafe refcounting. 2006-05-20 15:35:36 +00:00
netipx Make this compile without INVARIANTS. 2006-04-11 23:15:47 +00:00
netkey In raw and raw-derived socket types, maintain and enforce invariant that 2006-04-01 15:55:44 +00:00
netnatm style(9) treatment following fixups. 2006-04-23 16:33:56 +00:00
netncp In ncp_sysctl_connstat(), the SLIST_FOREACH() logic to check 'error' 2006-01-14 11:40:32 +00:00
netsmb Retire NETSMBCRYPTO as a kernel option and make its functionality 2006-03-05 22:52:17 +00:00
nfs
nfs4client While reviewing NFS client for another PR, noticed this omission in the 2006-05-24 15:56:36 +00:00
nfsclient Kris Kennaway found that for '/' NFS mounts, the MPSAFE mount flag was 2006-05-30 20:32:44 +00:00
nfsserver Bump up the NFS server dupreq cache limit to 2K (from 64). With a small 2006-04-25 00:21:56 +00:00
opencrypto Remove (now unused) crp_mac field. 2006-05-22 16:27:27 +00:00
pc98 typo. 2006-05-27 04:40:41 +00:00
pccard I don't believe these are used at all, and can be safely removed 2006-01-15 06:49:28 +00:00
pci Move SiS 760 to where it belongs. 2006-05-30 18:41:26 +00:00
posix4 Don't allow non-root user to set a scheduler policy, otherwise this could 2006-05-21 00:40:38 +00:00
powerpc Since DELAY() was moved, most <machine/clock.h> #includes have been 2006-05-16 14:37:58 +00:00
rpc Fix up some cut-n-paste damage and some out-of-date comments. 2006-01-20 15:20:41 +00:00
security Check to see if the rootdir is the same as the current working directory. 2006-06-01 15:38:30 +00:00
sparc64 MFalpha/amd64/arm/ia64 2006-05-29 06:12:01 +00:00
sys o Correct URL to ELF header documantation. 2006-05-31 13:47:32 +00:00
tools - Add two checks for syntax errors 2006-05-30 21:13:28 +00:00
ufs o Rearrange and remove incorrect comments. 2006-05-31 15:55:52 +00:00
vm Fix minidumps to include pages allocated via pmap_map on amd64. 2006-05-31 22:55:23 +00:00
Makefile o Add net80211/ to cscope dir list. 2006-05-29 19:29:41 +00:00