2c4f67981e
(1) bpf peer attaches to interface netif0 (2) Packet is received by netif0 (3) ifp->if_bpf pointer is checked and handed off to bpf (4) bpf peer detaches from netif0 resulting in ifp->if_bpf being initialized to NULL. (5) ifp->if_bpf is dereferenced by bpf machinery (6) Kaboom This race condition likely explains the various different kernel panics reported around sending SIGINT to tcpdump or dhclient processes. But really this race can result in kernel panics anywhere you have frequent bpf attach and detach operations with high packet per second load. Summary of changes: - Remove the bpf interface's "driverp" member - When we attach bpf interfaces, we now set the ifp->if_bpf member to the bpf interface structure. Once this is done, ifp->if_bpf should never be NULL. [1] - Introduce bpf_peers_present function, an inline operation which will do a lockless read bpf peer list associated with the interface. It should be noted that the bpf code will pickup the bpf_interface lock before adding or removing bpf peers. This should serialize the access to the bpf descriptor list, removing the race. - Expose the bpf_if structure in bpf.h so that the bpf_peers_present function can use it. This also removes the struct bpf_if; hack that was there. - Adjust all consumers of the raw if_bpf structure to use bpf_peers_present Now what happens is: (1) Packet is received by netif0 (2) Check to see if bpf descriptor list is empty (3) Pickup the bpf interface lock (4) Hand packet off to process From the attach/detach side: (1) Pickup the bpf interface lock (2) Add/remove from bpf descriptor list Now that we are storing the bpf interface structure with the ifnet, there is is no need to walk the bpf interface list to locate the correct bpf interface. We now simply look up the interface, and initialize the pointer. This has a nice side effect of changing a bpf interface attach operation from O(N) (where N is the number of bpf interfaces), to O(1). [1] From now on, we can no longer check ifp->if_bpf to tell us whether or not we have any bpf peers that might be interested in receiving packets. In collaboration with: sam@ MFC after: 1 month |
||
---|---|---|
.. | ||
_ieee80211.h | ||
ieee80211_acl.c | ||
ieee80211_crypto_ccmp.c | ||
ieee80211_crypto_none.c | ||
ieee80211_crypto_tkip.c | ||
ieee80211_crypto_wep.c | ||
ieee80211_crypto.c | ||
ieee80211_crypto.h | ||
ieee80211_freebsd.c | ||
ieee80211_freebsd.h | ||
ieee80211_input.c | ||
ieee80211_ioctl.c | ||
ieee80211_ioctl.h | ||
ieee80211_node.c | ||
ieee80211_node.h | ||
ieee80211_output.c | ||
ieee80211_proto.c | ||
ieee80211_proto.h | ||
ieee80211_radiotap.h | ||
ieee80211_var.h | ||
ieee80211_xauth.c | ||
ieee80211.c | ||
ieee80211.h |