tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Losing BPF's

From: maneeshs <maneeshs () niksun com>
Date: Mon, 19 Feb 2007 18:16:14 -0500


If so, then that open routine:

int
bpfopen(dev_t dev, int flag, int mode, struct proc *p)
{
        struct bpf_d *d;

        /* create on demand */
        if ((d = bpfilter_create(minor(dev))) == NULL)
                return (ENXIO);
        /*
* Each minor can be opened by only one process. If the requested 
         * minor is in use, return EBUSY.
         */
        if (!D_ISFREE(d))
                return (EBUSY);

        /* Mark "free" and do most initialization. */
        d->bd_bufsize = bpf_bufsize;
        d->bd_sig = SIGIO;

        D_GET(d);

        return (0);
}

would fail with EBUSY if the device is already open.
There seems to be a race condition in the above code, the check for the descriptor being free and the call to D_GET to mark the descriptor as being used is not atomic. So two closely spaced calls to bpfopen could cause bpf to use the same device twice ? 


regards
maneesh

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: