tcpdump mailing list archives
Re: Losing BPF's
From: maneeshs <maneeshs () niksun com>
Date: Mon, 19 Feb 2007 18:16:14 -0500
There seems to be a race condition in the above code, the check for the descriptor being free and the call to D_GET to mark the descriptor as being used is not atomic. So two closely spaced calls to bpfopen could cause bpf to use the same device twice ?If so, then that open routine: int bpfopen(dev_t dev, int flag, int mode, struct proc *p) { struct bpf_d *d; /* create on demand */ if ((d = bpfilter_create(minor(dev))) == NULL) return (ENXIO); /** Each minor can be opened by only one process. If the requested* minor is in use, return EBUSY. */ if (!D_ISFREE(d)) return (EBUSY); /* Mark "free" and do most initialization. */ d->bd_bufsize = bpf_bufsize; d->bd_sig = SIGIO; D_GET(d); return (0); } would fail with EBUSY if the device is already open.
regards maneesh - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Losing BPF's Jon Steel (Feb 16)
- Re: Losing BPF's Guy Harris (Feb 19)
- Re: Losing BPF's Guy Harris (Feb 19)
- Re: Losing BPF's Jon Steel (Feb 19)
- Re: Losing BPF's Guy Harris (Feb 19)
- Re: Losing BPF's maneeshs (Feb 20)
- Re: Losing BPF's Guy Harris (Feb 20)
- Re: Losing BPF's Guy Harris (Feb 19)
- <Possible follow-ups>
- Losing BPF's Jon Steel (Feb 16)