cvs commit: src/sys/net bpf.c bpfdesc.h
Christian S.J. Peron
csjp at FreeBSD.org
Mon Jul 25 01:23:22 GMT 2005
On Mon, Jul 25, 2005 at 12:24:44AM +0100, Robert Watson wrote:
>
> Looks like you hold bpf_mtx over calls to SYSCTL_OUT(), which may sleep if
> it is required to write to a user memory page that is not in memory.
> This can result in a lot of nasty things, including deadlock, odd lock
> orders (especially if the page fault results in a signal being delivered
> to a process), etc. In general, monitoring code of this sort needs to
> store its output into a temporary kernel buffer and then copy that out, or
> it needs to drop mutexes and accept race conditions. Generally the former
> is easier to program, and the latter uses less kernel memory.
>
> Also, because the bpf_mtx isn't held between the first and second tests of
> bpf_bpfd_cnt, a race can occur resulting in a panic when the kassert
> fails, if the count is elevated before the call to hold the mutex, and not
> once the mutex is released by the other thread. Does the kassert actually
> add value here? In the unusual event of a race, you do a slightly more
> expensive list walk, but only in rare cases. With the incorrect
> KASSERT(), you panic instead.
>
> Robert N M Watson
Robert, good catch, I will fix this up ASAP.
--
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
More information about the cvs-src
mailing list