Page MenuHomeFreeBSD
Differential D45725

bpf: Fix potential race conditions
ClosedPublic
Actions

Authored by zlei on Jun 25 2024, 7:47 AM.
Tags
None
Referenced Files
F132588766: D45725.id140206.diff
Sat, Oct 18, 5:24 AM
Unknown Object (File)
Mon, Oct 13, 4:31 AM
Unknown Object (File)
Wed, Oct 1, 12:25 AM
Unknown Object (File)
Sat, Sep 20, 5:36 AM
Unknown Object (File)
Sep 18 2025, 12:09 PM
Unknown Object (File)
Sep 17 2025, 8:33 PM
Unknown Object (File)
Sep 15 2025, 11:11 PM
Unknown Object (File)
Aug 27 2025, 1:30 PM
View All 46 Files
Subscribers
ae
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
Commits
rG19142d2a9600: bpf: Fix potential race conditions
rG56c93859038f: bpf: Fix potential race conditions
rG7def047a1ae9: bpf: Fix potential race conditions
Summary

The global lock (BPF_LOCK) does not (and should not) guarantee the
liveness of ifp, so it is potential that bpf_setif() would reference
dead_bpf_if or freed bpf_if.

As the progress of attach is not atomic, there is also a small window
that userland could have inconsistant view of available data link types
of the interface (via BIOCGDLTLIST ioctl).

Fix them by checking our side, aka bpf_iflist, rather than the interface's
side to ensure that the requested interface is attached to bpf.

This have side effect of reverting a bpf interface attach operation
(BIOCSETIF ioctl) from O(1) to O(N) (where N is the number of bpf
interfaces). Well since normally we have sane amount of interfaces and
the attach operation is not frequent, this O(N) is affordable.

Fixes: 16d878cc99ef Fix the following bpf(4) race condition ...
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
net/
14 lines

Diff 150398

View Options

sys/net/bpf.c

Loading...